kubernetes: Sync Kube control plane manifests with kubeadm #3152
Conversation
TeddyAndrieux
added
topic:deployment
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
| @@ -0,0 +1,28 @@ | |||
| FROM centos:7 | |||
There was a problem hiding this comment.
Not directly related to this PR : could be cool to align all the centos 7 images we're using (for now we've 2 diffrerent images centos:7 and centos:7.6.1810)
There was a problem hiding this comment.
Agree, don't know which one we want to keep
There was a problem hiding this comment.
I don't really know either, I think we should just choose one and stick to it.
Add a simple Dockerfile and a Readme to have a container running kubeadm and to get the default control plane manifests deployed by kubeadm, so that it's easier to sync our Salt states with what deployed by kubeadm in every versions NOTE: It's still a manual check for the moment
In apiserver installed salt state split all arguments that come from kubeadm and the one added in MetalK8s context, so that in case of Kubernetes version upgrade it's easily to update the various apiserver arguments if needed Note: - Update livenessprobe use `/livez` instead of `/healthz` - Add readinessprobe on `/readyz`
In controller manager installed salt state, split all arguments that come from kubeadm and the one added in MetalK8s context, so that in case of Kubernetes version upgrade it's easily to update the various controller manager arguments if needed Note: - Arguments added: ``` - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf - --cluster-name=kubernetes - --port=0 - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt ``` - Use `--bind-address` instead of `--address` and update ports and livenessprobe accordingly
In scheduler installed salt state, split all arguments that come from kubeadm and the one added in MetalK8s context, so that in case of Kubernetes version upgrade it's easily to update the various scheduler arguments if needed. Note: - Arguments added: ``` - --authentication-kubeconfig=/etc/kubernetes/scheduler.conf - --authorization-kubeconfig=/etc/kubernetes/scheduler.conf - --port=0 ``` - Use `--bind-address` instead of `--address` and update ports and livenessprobe accordingly
In etcd installed salt state, split all arguments that come from kubeadm and the one added in MetalK8s context, so that in case of Kubernetes version upgrade it's easily to update the various etcd arguments if needed Note: - Nothing changed about arguments - Updated the livenessprobe to used httpGet instead of an etcdctl command
Kubernetes controller manager and scheduler manifest were updated to serve metrics on https, so update the kube-prometheus-stack manifest to reflect this change. kube-prometheus chart render command: ``` ./charts/render.py prometheus-operator \ charts/kube-prometheus-stack.yaml \ charts/kube-prometheus-stack/ \ --namespace metalk8s-monitoring \ --service-config grafana \ metalk8s-grafana-config \ metalk8s/addons/prometheus-operator/config/grafana.yaml \ metalk8s-monitoring \ --service-config prometheus \ metalk8s-prometheus-config \ metalk8s/addons/prometheus-operator/config/prometheus.yaml \ metalk8s-monitoring \ --service-config alertmanager \ metalk8s-alertmanager-config \ metalk8s/addons/prometheus-operator/config/alertmanager.yaml \ metalk8s-monitoring \ --service-config dex \ metalk8s-dex-config \ metalk8s/addons/dex/config/dex.yaml.j2 metalk8s-auth \ --drop-prometheus-rules charts/drop-prometheus-rules.yaml \ > salt/metalk8s/addons/prometheus-operator/deployed/chart.sls ```
Kubernetes controller manager and scheduler are now exposed on HTTPS so add this in the changelog
TeddyAndrieux
force-pushed
the
improvement/sync-kube-manifest-with-kubeadm
branch
from
d131961
to
3ce1023
Compare
History mismatchMerge commit #b608990e94fd4a5bd55957e150c9d3c40e2732fe on the integration branch It is likely due to a rebase of the branch Please use the |
|
/reset |
Reset completeI have successfully deleted this pull request's integration branches. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option |
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
|
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
|
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye teddyandrieux. |
Component:
'salt', 'kubernetes'
Context:
Sync control plane manifest with nowaday kubeadm
Summary: