Puppet Class: kubeadm::init_yaml

Defined in:
modules/kubeadm/manifests/init_yaml.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • apiserver (Stdlib::Fqdn)
  • pod_subnet (String)
  • stacked (Boolean) (defaults to: false)
  • k8s_etcd_cert_pub (Optional[Stdlib::Unixpath])
  • k8s_etcd_cert_priv (Optional[Stdlib::Unixpath])
  • k8s_etcd_cert_ca (Optional[Stdlib::Unixpath])
  • etcd_hosts (Optional[Array[Stdlib::Fqdn]])
  • kubernetes_version (String) (defaults to: '1.21.8')
  • node_token (String) (defaults to: undef)
  • encryption_key (Optional[String]) (defaults to: undef)
  • etcd_heartbeat_interval (Optional[Integer]) (defaults to: undef)
  • etcd_election_timeout (Optional[Integer]) (defaults to: undef)
  • etcd_snapshot_ct (Optional[Integer]) (defaults to: undef)
  • apiserver_cert_alternative_names (Array[Stdlib::Fqdn]) (defaults to: []) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'modules/kubeadm/manifests/init_yaml.pp', line 2

class kubeadm::init_yaml (
    Stdlib::Fqdn                  $apiserver,
    String                        $pod_subnet,
    Boolean                       $stacked = false,
    Optional[Stdlib::Unixpath]    $k8s_etcd_cert_pub,
    Optional[Stdlib::Unixpath]    $k8s_etcd_cert_priv,
    Optional[Stdlib::Unixpath]    $k8s_etcd_cert_ca,
    Optional[Array[Stdlib::Fqdn]] $etcd_hosts,
    String                        $kubernetes_version = '1.21.8',
    String                        $node_token = undef,
    Optional[String]              $encryption_key = undef,
    Optional[Integer]             $etcd_heartbeat_interval = undef,
    Optional[Integer]             $etcd_election_timeout = undef,
    Optional[Integer]             $etcd_snapshot_ct = undef,
    Array[Stdlib::Fqdn]           $apiserver_cert_alternative_names = [],
) {
    # because /etc/kubernetes
    require ::kubeadm::core

    file { '/etc/kubernetes/kubeadm-init.yaml':
        ensure  => present,
        content => template('kubeadm/init.yaml.erb'),
        owner   => 'root',
        group   => 'root',
        mode    => '0400',
        require => File['/etc/kubernetes'],
    }

    file { '/etc/kubernetes/psp':
        ensure  => directory,
        owner   => 'root',
        group   => 'root',
        require => File['/etc/kubernetes'],
    }

    file { '/etc/kubernetes/psp/base-pod-security-policies.yaml':
        ensure  => present,
        source  => 'puppet:///modules/kubeadm/psp/base-pod-security-policies.yaml',
        owner   => 'root',
        group   => 'root',
        mode    => '0400',
        require => File['/etc/kubernetes/psp'],
    }

    file { '/etc/kubernetes/admission':
        ensure  => directory,
        owner   => 'root',
        group   => 'root',
        require => File['/etc/kubernetes'],
    }

        file { '/etc/kubernetes/admission/admission.yaml':
        ensure  => present,
        source  => 'puppet:///modules/kubeadm/admission.yaml',
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        require => File['/etc/kubernetes/admission'],
    }

    file { '/etc/kubernetes/admission/eventconfig.yaml':
        ensure  => present,
        source  => 'puppet:///modules/kubeadm/eventconfig.yaml',
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        require => File['/etc/kubernetes/admission'],
    }

    # This should never be set in the public repo for hiera. Keep it in a
    # private repo on a standalone puppetmaster since it is a simple shared key.
    if $encryption_key {
        file { '/etc/kubernetes/admission/encryption-conf.yaml':
            ensure    => present,
            content   => template('kubeadm/encryption-conf.yaml.erb'),
            owner     => 'root',
            group     => 'root',
            mode      => '0400',
            require   => File['/etc/kubernetes/admission'],
            show_diff => false,
        }
    }
}