Puppet Class: profile::wmcs::kubeadm::control

Defined in:
modules/profile/manifests/wmcs/kubeadm/control.pp

Overview

Note: To bootstrap a cluster $kubernetes_version must match the version of packages in the $component

Parameters:

  • stacked_control_plane (Boolean) (defaults to: lookup('profile::wmcs::kubeadm::stacked', {default_value => false}))
  • etcd_hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::wmcs::kubeadm::etcd_nodes', {default_value => ['localhost']}))
  • apiserver (Stdlib::Fqdn) (defaults to: lookup('profile::wmcs::kubeadm::apiserver_fqdn', {default_value => 'k8s.example.com'}))
  • node_token (String) (defaults to: lookup('profile::wmcs::kubeadm::node_token', {default_value => 'example.token'}))
  • component (String) (defaults to: lookup('profile::wmcs::kubeadm::component', {default_value => 'thirdparty/kubeadm-k8s-1-16'}))
  • kubernetes_version (String) (defaults to: lookup('profile::wmcs::kubeadm::kubernetes_version', {default_value => '1.16.10'}))
  • calico_version (String) (defaults to: lookup('profile::wmcs::kubeadm::calico_version', {default_value => 'v3.14.0'}))
  • typha_enabled (Boolean) (defaults to: lookup('profile::wmcs::kubeadm::typha_enabled', {default_value => false}))
  • typha_replicas (Integer) (defaults to: lookup('profile::wmcs::kubeadm::typha_replicas', {default_value => 3}))
  • encryption_key (Optional[String]) (defaults to: lookup('profile::wmcs::kubeadm::encryption_key', {default_value => undef}))


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'modules/profile/manifests/wmcs/kubeadm/control.pp', line 3

class profile::wmcs::kubeadm::control (
    Boolean             $stacked_control_plane = lookup('profile::wmcs::kubeadm::stacked', {default_value => false}),
    Array[Stdlib::Fqdn] $etcd_hosts = lookup('profile::wmcs::kubeadm::etcd_nodes',     {default_value => ['localhost']}),
    Stdlib::Fqdn        $apiserver  = lookup('profile::wmcs::kubeadm::apiserver_fqdn', {default_value => 'k8s.example.com'}),
    String              $node_token = lookup('profile::wmcs::kubeadm::node_token',     {default_value => 'example.token'}),
    String              $component  = lookup('profile::wmcs::kubeadm::component',      {default_value => 'thirdparty/kubeadm-k8s-1-16'}),
    String              $kubernetes_version = lookup('profile::wmcs::kubeadm::kubernetes_version', {default_value => '1.16.10'}),
    String              $calico_version = lookup('profile::wmcs::kubeadm::calico_version', {default_value => 'v3.14.0'}),
    Boolean             $typha_enabled = lookup('profile::wmcs::kubeadm::typha_enabled', {default_value => false}),
    Integer             $typha_replicas = lookup('profile::wmcs::kubeadm::typha_replicas', {default_value => 3}),
    Optional[String]    $encryption_key = lookup('profile::wmcs::kubeadm::encryption_key', {default_value => undef}),
) {
    require profile::wmcs::kubeadm::preflight_checks

    # use puppet certs to contact etcd
    $k8s_etcd_cert_pub  = '/etc/kubernetes/pki/puppet_etcd_client.crt'
    $k8s_etcd_cert_priv = '/etc/kubernetes/pki/puppet_etcd_client.key'
    $k8s_etcd_cert_ca   = '/etc/kubernetes/pki/puppet_ca.pem'
    $puppet_cert_pub    = "/var/lib/puppet/ssl/certs/${::fqdn}.pem"
    $puppet_cert_priv   = "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem"
    $puppet_cert_ca     = '/var/lib/puppet/ssl/certs/ca.pem'

    file { '/etc/kubernetes/pki':
        ensure => directory,
        mode   => '0755',
        owner  => 'root',
        group  => 'root',
    }

    if ! $stacked_control_plane {
        file { $k8s_etcd_cert_pub:
            ensure    => present,
            source    => "file://${puppet_cert_pub}",
            show_diff => false,
            owner     => 'root',
            group     => 'root',
            mode      => '0444',
        }
        file { $k8s_etcd_cert_priv:
            ensure    => present,
            source    => "file://${puppet_cert_priv}",
            show_diff => false,
            owner     => 'root',
            group     => 'root',
            mode      => '0400',
        }
        file { $k8s_etcd_cert_ca:
            ensure => present,
            source => "file://${puppet_cert_ca}",
        }
    }

    file { '/srv/git':
        ensure => directory,
        mode   => '0755',
        owner  => 'root',
        group  => 'root',

    }

    git::clone { 'labs/tools/maintain-kubeusers':
        ensure    => present,
        directory => '/srv/git/maintain-kubeusers',
    }

    class { '::kubeadm::repo':
        component => $component,
    }
    class { '::kubeadm::core': }
    class { '::kubeadm::docker': }

    # TODO: eventually we may need overriding this CIDR
    $pod_subnet = '192.168.0.0/16'
    class { '::kubeadm::init_yaml':
        stacked            => $stacked_control_plane,
        etcd_hosts         => $etcd_hosts,
        apiserver          => $apiserver,
        pod_subnet         => $pod_subnet,
        node_token         => $node_token,
        k8s_etcd_cert_pub  => $k8s_etcd_cert_pub,
        k8s_etcd_cert_priv => $k8s_etcd_cert_priv,
        k8s_etcd_cert_ca   => $k8s_etcd_cert_ca,
        encryption_key     => $encryption_key,
        kubernetes_version => $kubernetes_version,
    }

    class { '::kubeadm::calico_yaml':
        pod_subnet     => $pod_subnet,
        calico_version => $calico_version,
        typha_enabled  => $typha_enabled,
        typha_replicas => $typha_replicas,
    }

    class { '::kubeadm::calico_workaround': }

    class { '::kubeadm::admin_scripts': }

    class { '::kubeadm::metrics_yaml': }
}