Ben Vincent
deae960cc1
- import k8s role - add worker/controller roles - add worker/controller profiles
45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
---
|
|
hiera_include:
|
|
- profiles::k8s::controller
|
|
|
|
### K8S::Server
|
|
k8s::server::node_on_server: false
|
|
k8s::server::manage_kubeadm: true
|
|
k8s::server::etcd::generate_ca: true
|
|
#k8s::server::etcd::client_ca_cert: '/etc/pki/tls/vault/certificate.crt'
|
|
#k8s::server::etcd::client_ca_key: '/etc/pki/tls/vault/private.key'
|
|
|
|
### K8S::Server::Apiserver
|
|
# Choose an interface which is for cluster communications.
|
|
# The apiserver will expose a port on the controller
|
|
# and all the workers need to be able to reach it.
|
|
k8s::server::apiserver::advertise_address: "%{facts.networking.ip}"
|
|
|
|
### K8S::Server::Resources
|
|
k8s::server::resources::manage_flannel: false
|
|
|
|
consul::services:
|
|
k8s:
|
|
service_name: 'k8s'
|
|
tags:
|
|
- 'containers'
|
|
- 'k8s'
|
|
- 'kubernetes'
|
|
address: "%{facts.networking.ip}"
|
|
port: 6443
|
|
checks:
|
|
- id: 'k8s_tcp_check'
|
|
name: 'K8S TCP Check'
|
|
tcp: "%{facts.networking.fqdn}:6443"
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: k8s
|
|
disposition: write
|
|
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- k8s.service.consul
|
|
- k8s.query.consul
|