Puppet Class: kubeadm::core
- Defined in:
- modules/kubeadm/manifests/core.pp
Overview
SPDX-License-Identifier: Apache-2.0 main kubeadm packages and setup
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'modules/kubeadm/manifests/core.pp', line 3
class kubeadm::core (
String[1] $pause_image,
Array[String] $extra_labels,
) {
require ::kubeadm::repo
include ::kubeadm::kubectl
$packages = [
'kubeadm',
'kubernetes-cni',
'cri-tools',
'ipset',
]
package { $packages:
ensure => 'present',
tag => 'kubeadm-k8s',
}
file { '/etc/kubernetes':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
sysctl::parameters { 'kubelet':
values => {
# Required by the protect-kernel-defaults option
'vm.overcommit_memory' => 1,
'kernel.panic' => 10,
'kernel.panic_on_oops' => 1,
},
priority => 90,
}
if $extra_labels != [] {
$extra_labels_joined = " --node-labels='${extra_labels.join(',')}'"
} else {
$extra_labels_joined = ''
}
file { '/etc/default/kubelet':
ensure => 'present',
mode => '0444',
notify => Service['kubelet'],
content => @("ARGS"/L),
KUBELET_EXTRA_ARGS="--read-only-port=0 --protect-kernel-defaults=true\
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE\
_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,\
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,\
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,\
TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 \
--pod-infra-container-image=${pause_image}\
${extra_labels_joined}\
"
|-ARGS
}
# If kubelet is failing, there's no notice offered by kubernetes directly
# the node can still show "ready" in some situations (?!?).
service { 'kubelet':
ensure => 'running'
}
}
|