Puppet Class: k8s::apiserver

Defined in:
modules/k8s/manifests/apiserver.pp

Overview

Parameters:

  • etcd_servers (Any)
  • ssl_cert_path (Any) (defaults to: undef)
  • ssl_key_path (Any) (defaults to: undef)
  • kube_api_port (Any) (defaults to: undef)
  • kubelet_port (Any) (defaults to: undef)
  • service_cluster_ip_range (Any) (defaults to: '192.168.0.0/17')
  • service_node_port_range (Any) (defaults to: undef)
  • admission_controllers (Any) (defaults to: { 'NamespaceLifecycle' => '', 'LimitRanger' => '', 'ServiceAccount' => '', 'DefaultStorageClass' => '', 'ResourceQuota' => '', })
  • authz_mode (Any) (defaults to: 'abac')
  • storage_backend (Any) (defaults to: 'etcd2')
  • apiserver_count (Any) (defaults to: undef)
  • runtime_config (Any) (defaults to: undef)


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'modules/k8s/manifests/apiserver.pp', line 1

class k8s::apiserver(
    $etcd_servers,
    $ssl_cert_path=undef,
    $ssl_key_path=undef,
    $kube_api_port = undef,
    $kubelet_port = undef,
    $service_cluster_ip_range = '192.168.0.0/17',
    $service_node_port_range = undef,
    $admission_controllers = {
        'NamespaceLifecycle' => '',
        'LimitRanger' => '',
        'ServiceAccount' => '',
        'DefaultStorageClass' => '',
        'ResourceQuota' => '',
    },
    $authz_mode = 'abac',
    $storage_backend = 'etcd2',
    $apiserver_count = undef,
    $runtime_config = undef,
) {
    file { '/etc/kubernetes':
        ensure => directory,
        owner  => 'kube',
        group  => 'kube',
        mode   => '0700',
    }

    require_package('kubernetes-master')
    require_package('kubernetes-client')

    $admission_control = join(keys($admission_controllers), ',')
    $admission_control_params = lstrip(join(values($admission_controllers), ' '))

    $users = hiera('k8s_infrastructure_users')
    file { '/etc/kubernetes/infrastructure-users':
        content => template('k8s/infrastructure-users.csv.erb'),
        owner   => 'kube',
        group   => 'kube',
        mode    => '0400',
        notify  => Service['kube-apiserver'],
    }

    file { '/etc/default/kube-apiserver':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('k8s/kube-apiserver.default.erb'),
        notify  => Service['kube-apiserver'],
    }

    service { 'kube-apiserver':
        ensure => running,
        enable => true,
    }
}