The highest tagged major version is
Documentation
¶
Index ¶
- Variables
- func GetApiServerArgs(securityEnhancement bool, enableAudit bool) map[string]string
- func GetControllermanagerArgs(version string, securityEnhancement bool) map[string]string
- func GetKubeProxyConfiguration(kubeConf *common.KubeConf) map[string]interface{}
- func GetKubeletCgroupDriver(runtime connector.Runtime, kubeConf *common.KubeConf) (string, error)
- func GetKubeletConfiguration(runtime connector.Runtime, kubeConf *common.KubeConf, criSock string, ...) map[string]interface{}
- func GetSchedulerArgs(securityEnhancement bool) map[string]string
- func UpdateFeatureGatesConfiguration(args map[string]string, kubeConf *common.KubeConf) map[string]string
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ref: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/ FeatureGatesDefaultConfiguration = map[string]bool{ "RotateKubeletServerCertificate": true, "TTLAfterFinished": true, "ExpandCSIVolumes": true, "CSIStorageCapacity": true, } FeatureGatesSecurityDefaultConfiguration = map[string]bool{ "RotateKubeletServerCertificate": true, "TTLAfterFinished": true, "ExpandCSIVolumes": true, "CSIStorageCapacity": true, "SeccompDefault": true, } ApiServerArgs = map[string]string{ "bind-address": "0.0.0.0", } ApiServerSecurityArgs = map[string]string{ "bind-address": "0.0.0.0", "authorization-mode": "Node,RBAC", "enable-admission-plugins": "AlwaysPullImages,ServiceAccount,NamespaceLifecycle,NodeRestriction,LimitRanger,ResourceQuota,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,PodNodeSelector,PodSecurity", "profiling": "false", "request-timeout": "120s", "service-account-lookup": "true", "tls-min-version": "VersionTLS12", "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", } ControllermanagerArgs = map[string]string{ "bind-address": "0.0.0.0", "cluster-signing-duration": "87600h", } ControllermanagerSecurityArgs = map[string]string{ "bind-address": "127.0.0.1", "cluster-signing-duration": "87600h", "profiling": "false", "terminated-pod-gc-threshold": "50", "use-service-account-credentials": "true", } SchedulerArgs = map[string]string{ "bind-address": "0.0.0.0", } SchedulerSecurityArgs = map[string]string{ "bind-address": "127.0.0.1", "profiling": "false", } )
View Source
var ( // KubeadmConfig defines the template of kubeadm configuration file. KubeadmConfig = template.Must(template.New("kubeadm-config.yaml").Funcs(funcMap).Parse( dedent.Dedent(` {{- if .IsInitCluster -}} --- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration etcd: {{- if .EtcdTypeIsKubeadm }} local: imageRepository: {{ .EtcdRepo }} imageTag: {{ .EtcdTag }} serverCertSANs: {{- range .ExternalEtcd.Endpoints }} - {{ . }} {{- end }} {{- else }} external: endpoints: {{- range .ExternalEtcd.Endpoints }} - {{ . }} {{- end }} {{- if .ExternalEtcd.CAFile }} caFile: {{ .ExternalEtcd.CAFile }} {{- end }} {{- if .ExternalEtcd.CertFile }} certFile: {{ .ExternalEtcd.CertFile }} {{- end }} {{- if .ExternalEtcd.KeyFile }} keyFile: {{ .ExternalEtcd.KeyFile }} {{- end }} {{- end }} dns: type: CoreDNS imageRepository: {{ .CorednsRepo }} imageTag: {{ .CorednsTag }} imageRepository: {{ .ImageRepo }} kubernetesVersion: {{ .Version }} certificatesDir: /etc/kubernetes/pki clusterName: {{ .ClusterName }} controlPlaneEndpoint: {{ .ControlPlaneEndpoint }} networking: dnsDomain: {{ .DNSDomain }} podSubnet: {{ .PodSubnet }} serviceSubnet: {{ .ServiceSubnet }} apiServer: extraArgs: {{ toYaml .ApiServerArgs | indent 4}} certSANs: {{- range .CertSANs }} - "{{ . }}" {{- end }} {{- if .EnableAudit }} extraVolumes: - name: k8s-audit hostPath: /etc/kubernetes/audit mountPath: /etc/kubernetes/audit pathType: DirectoryOrCreate {{- end }} controllerManager: extraArgs: node-cidr-mask-size: "{{ .NodeCidrMaskSize }}" {{ toYaml .ControllerManagerArgs | indent 4 }} extraVolumes: - name: host-time hostPath: /etc/localtime mountPath: /etc/localtime readOnly: true scheduler: extraArgs: {{ toYaml .SchedulerArgs | indent 4 }} --- apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration localAPIEndpoint: advertiseAddress: {{ .AdvertiseAddress }} bindPort: {{ .BindPort }} nodeRegistration: {{- if .CriSock }} criSocket: {{ .CriSock }} {{- end }} kubeletExtraArgs: cgroup-driver: {{ .CgroupDriver }} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration {{ toYaml .KubeProxyConfiguration }} --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration {{ toYaml .KubeletConfiguration }} {{- else -}} --- apiVersion: kubeadm.k8s.io/v1beta2 kind: JoinConfiguration discovery: bootstrapToken: apiServerEndpoint: {{ .ControlPlaneEndpoint }} token: "{{ .BootstrapToken }}" unsafeSkipCAVerification: true tlsBootstrapToken: "{{ .BootstrapToken }}" {{- if .IsControlPlane }} controlPlane: localAPIEndpoint: advertiseAddress: {{ .AdvertiseAddress }} bindPort: {{ .BindPort }} certificateKey: {{ .CertificateKey }} {{- end }} nodeRegistration: {{- if .CriSock }} criSocket: {{ .CriSock }} {{- end }} kubeletExtraArgs: cgroup-driver: {{ .CgroupDriver }} {{- end }} `))) )
Functions ¶
func GetApiServerArgs ¶
func GetKubeletCgroupDriver ¶
func GetKubeletConfiguration ¶
func GetSchedulerArgs ¶
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.