Puppet Class: profile::wmcs::kubeadm::control
- Defined in:
- modules/profile/manifests/wmcs/kubeadm/control.pp
Overview
SPDX-License-Identifier: Apache-2.0 Note: To bootstrap a cluster $kubernetes_version must match the version of packages in the $component
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'modules/profile/manifests/wmcs/kubeadm/control.pp', line 4
class profile::wmcs::kubeadm::control (
Boolean $stacked_control_plane = lookup('profile::wmcs::kubeadm::stacked', {default_value => false}),
Array[Stdlib::Fqdn] $etcd_hosts = lookup('profile::wmcs::kubeadm::etcd_nodes', {default_value => ['localhost']}),
Stdlib::Fqdn $apiserver = lookup('profile::wmcs::kubeadm::apiserver_fqdn', {default_value => 'k8s.example.com'}),
String $node_token = lookup('profile::wmcs::kubeadm::node_token', {default_value => 'example.token'}),
String $kubernetes_version = lookup('profile::wmcs::kubeadm::kubernetes_version'),
Optional[String] $encryption_key = lookup('profile::wmcs::kubeadm::encryption_key', {default_value => undef}),
Optional[Integer] $etcd_heartbeat_interval = lookup('profile::wmcs::kubeadm::etcd_heartbeat_interval', {default_value => undef}),
Optional[Integer] $etcd_election_timeout = lookup('profile::wmcs::kubeadm::etcd_election_timeout', {default_value => undef}),
Optional[Integer] $etcd_snapshot_ct = lookup('profile::wmcs::kubeadm::etcd_snapshot_ct', {default_value => undef}),
Array[Stdlib::Fqdn] $apiserver_cert_alternative_names = lookup('profile::wmcs::kubeadm::control::apiserver_cert_alternative_names', {default_value => []}),
) {
require profile::wmcs::kubeadm::preflight_checks
# use puppet certs to contact etcd
$k8s_etcd_cert_pub = '/etc/kubernetes/pki/puppet_etcd_client.crt'
$k8s_etcd_cert_priv = '/etc/kubernetes/pki/puppet_etcd_client.key'
$k8s_etcd_cert_ca = '/etc/kubernetes/pki/puppet_ca.pem'
$puppet_cert_pub = $facts['puppet_config']['hostcert']
$puppet_cert_priv = $facts['puppet_config']['hostprivkey']
$puppet_cert_ca = profile::base::certificates::get_trusted_ca_path()
file { '/etc/kubernetes/pki':
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
if ! $stacked_control_plane {
file { $k8s_etcd_cert_pub:
ensure => present,
source => "file://${puppet_cert_pub}",
show_diff => false,
owner => 'root',
group => 'root',
mode => '0444',
}
file { $k8s_etcd_cert_priv:
ensure => present,
source => "file://${puppet_cert_priv}",
show_diff => false,
owner => 'root',
group => 'root',
mode => '0400',
}
file { $k8s_etcd_cert_ca:
ensure => present,
source => "file://${puppet_cert_ca}",
}
}
file { '/srv/git':
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
git::clone { 'labs/tools/maintain-kubeusers':
ensure => present,
directory => '/srv/git/maintain-kubeusers',
}
include ::profile::wmcs::kubeadm::core
contain ::profile::wmcs::kubeadm::core
class { '::kubeadm::helm': }
# TODO: eventually we may need overriding this CIDR
$pod_subnet = '192.168.0.0/16'
class { '::kubeadm::init_yaml':
stacked => $stacked_control_plane,
etcd_hosts => $etcd_hosts,
apiserver => $apiserver,
pod_subnet => $pod_subnet,
node_token => $node_token,
k8s_etcd_cert_pub => $k8s_etcd_cert_pub,
k8s_etcd_cert_priv => $k8s_etcd_cert_priv,
k8s_etcd_cert_ca => $k8s_etcd_cert_ca,
encryption_key => $encryption_key,
kubernetes_version => $kubernetes_version,
etcd_heartbeat_interval => $etcd_heartbeat_interval,
etcd_election_timeout => $etcd_election_timeout,
etcd_snapshot_ct => $etcd_snapshot_ct,
apiserver_cert_alternative_names => $apiserver_cert_alternative_names,
}
class { '::kubeadm::admin_scripts': }
class { '::kubeadm::metrics_yaml': }
class { '::kubeadm::cert_monitoring': }
}
|