From c87097fc35b491cfddabb4e779bab1fe3e9d0396 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Tue, 10 Sep 2024 17:34:04 +0200 Subject: [PATCH] Document how to use kubeadm patches --- docs/ansible/vars.md | 7 ++++++ .../group_vars/k8s_cluster/k8s-cluster.yml | 24 +++++++++++++++---- .../kube-controller-manager+merge.yaml | 8 ------- .../sample/patches/kube-scheduler+merge.yaml | 8 ------- .../kubeadm_common/defaults/main.yml | 6 +++++ 5 files changed, 32 insertions(+), 21 deletions(-) delete mode 100644 inventory/sample/patches/kube-controller-manager+merge.yaml delete mode 100644 inventory/sample/patches/kube-scheduler+merge.yaml diff --git a/docs/ansible/vars.md b/docs/ansible/vars.md index b172f4ada27..f8d040e12ea 100644 --- a/docs/ansible/vars.md +++ b/docs/ansible/vars.md @@ -337,6 +337,13 @@ in the form of dicts of key-value pairs of configuration parameters that will be * *kube_kubeadm_controller_extra_args* * *kube_kubeadm_scheduler_extra_args* +### Kubeadm patches + +When extra flags are not sufficient and there is a need to further customize kubernetes components, +[kubeadm patches](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches) +can be used. +You should use the [`kubeadm_patches` variable](../../roles/kubernetes/kubeadm_common/defaults/main.yml) for that purpose. + ## App variables * *helm_version* - Only supports v3.x. Existing v2 installs (with Tiller) will not be modified and need to be removed manually. diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml index 522ddc58903..24f896818a7 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml @@ -366,11 +366,25 @@ auto_renew_certificates: false # First Monday of each month # auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00" -# kubeadm patches path -kubeadm_patches: - enabled: false - source_dir: "{{ inventory_dir }}/patches" - dest_dir: "{{ kube_config_dir }}/patches" +kubeadm_patches_dir: "{{ kube_config_dir }}/patches" +kubeadm_patches: [] +# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches +# Correspondance with this link +# patchtype = type +# target = target +# suffix -> managed automatically +# extension -> always "yaml" +# kubeadm_patches: +# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration +# type: strategic(default)|json|merge +# patch: +# metadata: +# annotations: +# example.com/test: "true" +# labels: +# example.com/prod_level: "{{ prod_level }}" +# - ... +# Patches are applied in the order they are specified. # Set to true to remove the role binding to anonymous users created by kubeadm remove_anonymous_access: false diff --git a/inventory/sample/patches/kube-controller-manager+merge.yaml b/inventory/sample/patches/kube-controller-manager+merge.yaml deleted file mode 100644 index 3f0fbbcd5e8..00000000000 --- a/inventory/sample/patches/kube-controller-manager+merge.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - name: kube-controller-manager - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '10257' diff --git a/inventory/sample/patches/kube-scheduler+merge.yaml b/inventory/sample/patches/kube-scheduler+merge.yaml deleted file mode 100644 index 00f457237cf..00000000000 --- a/inventory/sample/patches/kube-scheduler+merge.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Pod -metadata: - name: kube-scheduler - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '10259' diff --git a/roles/kubernetes/kubeadm_common/defaults/main.yml b/roles/kubernetes/kubeadm_common/defaults/main.yml index f7d70691a27..acbcdcf5fae 100644 --- a/roles/kubernetes/kubeadm_common/defaults/main.yml +++ b/roles/kubernetes/kubeadm_common/defaults/main.yml @@ -1,6 +1,12 @@ --- kubeadm_patches_dir: "{{ kube_config_dir }}/patches" kubeadm_patches: [] +# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches +# Correspondance with this link +# patchtype = type +# target = target +# suffix -> managed automatically +# extension -> always "yaml" # kubeadm_patches: # - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration # type: strategic(default)|json|merge