Puppet Class: kubeadm::core

Defined in:
modules/kubeadm/manifests/core.pp

Overview

main kubeadm packages and setup



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'modules/kubeadm/manifests/core.pp', line 2

class kubeadm::core (
) {
    require ::kubeadm::repo
    include ::kubeadm::kubectl

    $packages = [
        'kubeadm',
        'kubernetes-cni',
        'containerd.io',
        'cri-tools',
        'ipset',
    ]

    package { $packages:
        ensure => 'present',
        tag    => 'kubeadm-k8s',
    }

    file { '/etc/kubernetes/':
        ensure => 'directory',
    }

    sysctl::parameters { 'kubelet':
        values   => {
            # Required by the protect-kernel-defaults option
            'vm.overcommit_memory' => 1,
            'kernel.panic'         => 10,
            'kernel.panic_on_oops' => 1,
        },
        priority => 90,
    }

    file { '/etc/default/kubelet':
        ensure  => 'present',
        mode    => '0444',
        notify  => Service['kubelet'],
        content => @(ARGS/L),
        KUBELET_EXTRA_ARGS="--read-only-port=0 --protect-kernel-defaults=true\
         --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE\
        _RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,\
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,\
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,\
        TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 \
        --pod-infra-container-image=docker-registry.tools.wmflabs.org/pause:3.1\
        "
        |-ARGS
    }

    # If kubelet is failing, there's no notice offered by kubernetes directly
    # the node can still show "ready" in some situations (?!?).
    service { 'kubelet':
        ensure => 'running'
    }
}