wrap kube-* deamons configuration
I'm sorry for breaking this great joke but I'd like to make
configuration a little bit more human readable.
Change-Id: Ia299036abda220d8ec86330da83087c4fb9f76cc
diff --git a/kubernetes/files/kube-scheduler/scheduler.kubeconfig b/kubernetes/files/kube-scheduler/scheduler.kubeconfig
index 3e85d07..2500041 100644
--- a/kubernetes/files/kube-scheduler/scheduler.kubeconfig
+++ b/kubernetes/files/kube-scheduler/scheduler.kubeconfig
@@ -1,5 +1,4 @@
{%- from "kubernetes/map.jinja" import pool with context %}
-
apiVersion: v1
kind: Config
current-context: cluster.local
diff --git a/kubernetes/files/kubelet/default.master b/kubernetes/files/kubelet/default.master
index 183363e..159b902 100644
--- a/kubernetes/files/kubelet/default.master
+++ b/kubernetes/files/kubelet/default.master
@@ -1,4 +1,14 @@
{%- from "kubernetes/map.jinja" import master with context %}
# test_args has to be kept at the end, so they'll overwrite any prior configuration
-DAEMON_ARGS="--config=/etc/kubernetes/manifests --allow-privileged={{ master.kubelet.allow_privileged }} --cluster_dns={{ master.addons.dns.server }} --register-node=false --cluster_domain={{ master.addons.dns.domain }} --v=2{% for key, value in master.get('kubelet', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}="{{ value }}"{% endfor %}"
+DAEMON_ARGS="\
+--config=/etc/kubernetes/manifests \
+--allow-privileged={{ master.kubelet.allow_privileged }} \
+--cluster_dns={{ master.addons.dns.server }} \
+--register-node=false \
+--cluster_domain={{ master.addons.dns.domain }} \
+--v=2 \
+{%- for key, value in master.get('kubelet', {}).get('daemon_opts', {}).iteritems() %}
+--{{ key }}="{{ value }}" \
+{%- endfor %}
+"
diff --git a/kubernetes/files/kubelet/default.pool b/kubernetes/files/kubelet/default.pool
index a145901..584726c 100644
--- a/kubernetes/files/kubelet/default.pool
+++ b/kubernetes/files/kubelet/default.pool
@@ -1,4 +1,23 @@
{%- from "kubernetes/map.jinja" import pool with context %}
# test_args has to be kept at the end, so they'll overwrite any prior configuration
-DAEMON_ARGS="--require-kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --config=/etc/kubernetes/manifests --allow-privileged={{ pool.kubelet.allow_privileged }} --cluster_dns={{ pool.cluster_dns }} --cluster_domain={{ pool.cluster_domain }} --v=2 {% if pool.network.engine == 'opencontrail' %}--network-plugin={{ pool.network.engine }}{% endif %} {% if pool.network.engine == 'calico' %}--network-plugin=cni --network-plugin-dir=/etc/cni/net.d{% endif %} --file-check-frequency={{ pool.kubelet.frequency }}{% for key, value in pool.get('kubelet', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}="{{ value }}"{% endfor %}"
+DAEMON_ARGS="\
+--require-kubeconfig \
+--kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
+--config=/etc/kubernetes/manifests \
+--allow-privileged={{ pool.kubelet.allow_privileged }} \
+--cluster_dns={{ pool.cluster_dns }} \
+--cluster_domain={{ pool.cluster_domain }} \
+--v=2 \
+{%- if pool.network.engine == 'opencontrail' %}
+--network-plugin={{ pool.network.engine }} \
+{%- endif %}
+{%- if pool.network.engine == 'calico' %}
+--network-plugin=cni \
+--network-plugin-dir=/etc/cni/net.d \
+{%- endif %}
+--file-check-frequency={{ pool.kubelet.frequency }} \
+{%- for key, value in pool.get('kubelet', {}).get('daemon_opts', {}).iteritems() %}
+--{{ key }}="{{ value }}" \
+{% endfor %}
+"
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 51737a9..9795dbb 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -76,7 +76,37 @@
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --insecure-bind-address={{ master.apiserver.insecure_address }} --insecure-port={{ master.apiserver.get('insecure_port', '8080') }} --etcd-servers={% for member in master.etcd.members %}http{% if master.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:4001{% if not loop.last %},{% endif %}{% endfor %}{% if master.etcd.get('ssl', {}).get('enabled') %} --etcd-cafile /var/lib/etcd/ca.pem --etcd-certfile /var/lib/etcd/etcd-client.crt --etcd-keyfile /var/lib/etcd/etcd-client.key {% endif %}--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --service-cluster-ip-range={{ master.service_addresses }} --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --basic-auth-file=/srv/kubernetes/basic_auth.csv --tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --secure-port={{ master.apiserver.get('secure_port', '443') }} --bind-address={{ master.apiserver.address }} --token-auth-file=/srv/kubernetes/known_tokens.csv --v=2 --allow-privileged=True --etcd-quorum-read=true {%- if master.apiserver.node_port_range is defined %} --service-node-port-range {{ master.apiserver.node_port_range }} {%- endif %}{% for key, value in master.get('apiserver', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{% endfor %}"
+ - contents: >-
+ DAEMON_ARGS="
+ --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
+ --allow-privileged=True
+ --basic-auth-file=/srv/kubernetes/basic_auth.csv
+ --bind-address={{ master.apiserver.address }}
+ --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
+ --etcd-quorum-read=true
+ --insecure-bind-address={{ master.apiserver.insecure_address }}
+ --insecure-port={{ master.apiserver.get('insecure_port', '8080') }}
+ --secure-port={{ master.apiserver.get('secure_port', '443') }}
+ --service-cluster-ip-range={{ master.service_addresses }}
+ --tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt
+ --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
+ --token-auth-file=/srv/kubernetes/known_tokens.csv
+ --v=2
+ --etcd-servers=
+{%- for member in master.etcd.members -%}
+ http{% if master.etcd.get('ssl', {}).get('enabled') %}s{% endif %}://{{ member.host }}:{{ member.get('port', 4001) }}{% if not loop.last %},{% endif %}
+{%- endfor %}
+{%- if master.etcd.get('ssl', {}).get('enabled') %}
+ --etcd-cafile /var/lib/etcd/ca.pem
+ --etcd-certfile /var/lib/etcd/etcd-client.crt
+ --etcd-keyfile /var/lib/etcd/etcd-client.key
+{%- endif %}
+{%- if master.apiserver.node_port_range is defined %}
+ --service-node-port-range {{ master.apiserver.node_port_range }}
+{%- endif %}
+{%- for key, value in master.get('apiserver', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{%- endfor %}"
{% for component in ['scheduler', 'controller-manager'] %}
@@ -98,14 +128,31 @@
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --kubeconfig /etc/kubernetes/controller-manager.kubeconfig --cluster-name=kubernetes --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --v=2 --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --leader-elect=true{% for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{% endfor %}"
+ - contents: >-
+ DAEMON_ARGS="
+ --cluster-name=kubernetes
+ --kubeconfig /etc/kubernetes/controller-manager.kubeconfig
+ --leader-elect=true
+ --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
+ --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
+ --v=2
+{%- for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{% endfor %}"
/etc/default/kube-scheduler:
file.managed:
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --kubeconfig /etc/kubernetes/scheduler.kubeconfig --v=2 --leader-elect=true{% for key, value in master.get('scheduler', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{% endfor %}"
+ - contents: >-
+ DAEMON_ARGS="
+ --kubeconfig /etc/kubernetes/scheduler.kubeconfig
+ --leader-elect=true
+ --v=2
+{%- for key, value in master.get('scheduler', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{% endfor %}"
/etc/systemd/system/kube-apiserver.service:
file.managed: