allow to pass options to daemons - continue
Change-Id: Icbd3f1eddcf1a5ae1f0507d2be5da840c63df530
diff --git a/kubernetes/files/manifest/kube-apiserver.manifest b/kubernetes/files/manifest/kube-apiserver.manifest
index 344cfe7..b1962bb 100644
--- a/kubernetes/files/manifest/kube-apiserver.manifest
+++ b/kubernetes/files/manifest/kube-apiserver.manifest
@@ -30,6 +30,12 @@
--etcd-quorum-read=true
--v=2
--allow-privileged=True
+{%- if master.apiserver.node_port_range is defined %}
+ --service-node-port-range {{ master.apiserver.node_port_range }}
+{%- endif %}
+{%- for key, value in master.get('apiserver', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{% endfor %}
1>>/var/log/kube-apiserver.log 2>&1
imagePullPolicy: IfNotPresent
livenessProbe:
@@ -58,8 +64,8 @@
readOnly: true
- mountPath: /var/log/kube-apiserver.log
name: logfile
- - mountPath: /etc/kubernetes/ssl
- name: etcssl
+ - mountPath: /etc/kubernetes/
+ name: etckube
readOnly: true
- mountPath: /usr/share/ca-certificates
name: usrsharecacerts
@@ -74,8 +80,8 @@
path: /var/log/kube-apiserver.log
name: logfile
- hostPath:
- path: /etc/kubernetes/ssl
- name: etcssl
+ path: /etc/kubernetes/
+ name: etckube
- hostPath:
path: /usr/share/ca-certificates
name: usrsharecacerts
diff --git a/kubernetes/files/manifest/kube-controller-manager.manifest b/kubernetes/files/manifest/kube-controller-manager.manifest
index de1c3c8..4ed2475 100644
--- a/kubernetes/files/manifest/kube-controller-manager.manifest
+++ b/kubernetes/files/manifest/kube-controller-manager.manifest
@@ -16,12 +16,15 @@
command:
- /hyperkube
- controller-manager
- --master={{ master.apiserver.insecure_address }}:8080
+ --kubeconfig /etc/kubernetes/controller-manager.kubeconfig
--cluster-name=kubernetes
--service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key
--v=2
--root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
--leader-elect=true
+{%- for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{%- endfor %}
1>>/var/log/kube-controller-manager.log 2>&1
imagePullPolicy: IfNotPresent
livenessProbe:
@@ -43,8 +46,8 @@
readOnly: true
- mountPath: /var/log/kube-controller-manager.log
name: logfile
- - mountPath: /etc/kubernetes/ssl
- name: etcssl
+ - mountPath: /etc/kubernetes/
+ name: etckube
readOnly: true
- mountPath: /usr/share/ca-certificates
name: usrsharecacerts
@@ -57,8 +60,8 @@
path: /var/log/kube-controller-manager.log
name: logfile
- hostPath:
- path: /etc/kubernetes/ssl
- name: etcssl
+ path: /etc/kubernetes/
+ name: etckube
- hostPath:
path: /usr/share/ca-certificates
name: usrsharecacerts
diff --git a/kubernetes/files/manifest/kube-proxy.manifest.pool b/kubernetes/files/manifest/kube-proxy.manifest.pool
index 93d2353..b648d18 100644
--- a/kubernetes/files/manifest/kube-proxy.manifest.pool
+++ b/kubernetes/files/manifest/kube-proxy.manifest.pool
@@ -20,13 +20,18 @@
--v=2
--kubeconfig=/etc/kubernetes/proxy.kubeconfig
--master={%- if pool.apiserver.insecure.enabled %}http://{{ pool.apiserver.host }}:8080{%- else %}https://{{ pool.apiserver.host }}{%- endif %}
- {%- if pool.network.engine == 'calico' %} --proxy-mode=iptables{% endif %}
+{%- if pool.network.engine == 'calico' %}
+ --proxy-mode=iptables
+{%- endif %}
+{%- for key, value in pool.get('proxy', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{%- endfor %}
1>>/var/log/kube-proxy.log 2>&1
securityContext:
privileged: true
volumeMounts:
- - mountPath: /etc/kuberbetes/ssl
- name: ssl-certs-host
+ - mountPath: /etc/kubernetes/
+ name: etckube
readOnly: true
- mountPath: /var/log
name: varlog
@@ -39,8 +44,8 @@
readOnly: false
volumes:
- hostPath:
- path: /etc/kubernetes/ssl
- name: ssl-certs-host
+ path: /etc/kubernetes/
+ name: etckube
- hostPath:
path: /etc/kubernetes/proxy.kubeconfig
name: kubeconfig
diff --git a/kubernetes/files/manifest/kube-scheduler.manifest b/kubernetes/files/manifest/kube-scheduler.manifest
index b2814e2..1a08b9a 100644
--- a/kubernetes/files/manifest/kube-scheduler.manifest
+++ b/kubernetes/files/manifest/kube-scheduler.manifest
@@ -18,9 +18,12 @@
command:
- hyperkube
- scheduler
- --master={{ master.apiserver.insecure_address }}:8080
+ --kubeconfig /etc/kubernetes/scheduler.kubeconfig
--v=2
--leader-elect=true
+{%- for key, value in master.get('scheduler', {}).get('daemon_opts', {}).iteritems() %}
+ --{{ key }}={{ value }}
+{%- endfor %}
1>>/var/log/kube-scheduler.log 2>&1
livenessProbe:
httpGet:
@@ -36,7 +39,12 @@
volumeMounts:
- mountPath: /var/log/kube-scheduler.log
name: logfile
+ - mountPath: /etc/kubernetes/
+ name: etckube
volumes:
- hostPath:
path: /var/log/kube-scheduler.log
name: logfile
+ - hostPath:
+ path: /etc/kubernetes/
+ name: etckube
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 009eed1..f8463c3 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -76,7 +76,7 @@
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --insecure-bind-address={{ master.apiserver.insecure_address }} --etcd-servers={% for member in master.etcd.members %}http://{{ member.host }}:4001{% if not loop.last %},{% endif %}{% endfor %} --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --service-cluster-ip-range={{ master.service_addresses }} --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --basic-auth-file=/srv/kubernetes/basic_auth.csv --tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --secure-port={{ master.apiserver.get('secure_port', '443') }} --bind-address={{ master.apiserver.address }} --token-auth-file=/srv/kubernetes/known_tokens.csv --v=2 --allow-privileged=True --etcd-quorum-read=true {%- if master.apiserver.node_port_range is defined %} --service-node-port-range {{ master.apiserver.node_port_range }} {%- endif %}{% for key, value in master.get('apiserver', {}).get('daemon_opts', {}).iteriems() %} --{{ key }}="{{ value }}"{% endfor %}"
+ - contents: DAEMON_ARGS=" --insecure-bind-address={{ master.apiserver.insecure_address }} --etcd-servers={% for member in master.etcd.members %}http://{{ member.host }}:4001{% if not loop.last %},{% endif %}{% endfor %} --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --service-cluster-ip-range={{ master.service_addresses }} --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --basic-auth-file=/srv/kubernetes/basic_auth.csv --tls-cert-file=/etc/kubernetes/ssl/kubernetes-server.crt --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --secure-port={{ master.apiserver.get('secure_port', '443') }} --bind-address={{ master.apiserver.address }} --token-auth-file=/srv/kubernetes/known_tokens.csv --v=2 --allow-privileged=True --etcd-quorum-read=true {%- if master.apiserver.node_port_range is defined %} --service-node-port-range {{ master.apiserver.node_port_range }} {%- endif %}{% for key, value in master.get('apiserver', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{% endfor %}"
{% for component in ['scheduler', 'controller-manager'] %}
@@ -98,14 +98,14 @@
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --kubeconfig /etc/kubernetes/controller-manager.kubeconfig --cluster-name=kubernetes --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --v=2 --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --leader-elect=true{% for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}="{{ value }}"{% endfor %}"
+ - contents: DAEMON_ARGS=" --kubeconfig /etc/kubernetes/controller-manager.kubeconfig --cluster-name=kubernetes --service-account-private-key-file=/etc/kubernetes/ssl/kubernetes-server.key --v=2 --root-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt --leader-elect=true{% for key, value in master.get('controller_manager', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{% endfor %}"
/etc/default/kube-scheduler:
file.managed:
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --kubeconfig /etc/kubernetes/scheduler.kubeconfig --v=2 --leader-elect=true{% for key, value in master.get('scheduler', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}="{{ value }}"{% endfor %}"
+ - contents: DAEMON_ARGS=" --kubeconfig /etc/kubernetes/scheduler.kubeconfig --v=2 --leader-elect=true{% for key, value in master.get('scheduler', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{% endfor %}"
/etc/systemd/system/kube-apiserver.service:
file.managed:
diff --git a/kubernetes/pool/kube-proxy.sls b/kubernetes/pool/kube-proxy.sls
index c25e84e..a045c11 100644
--- a/kubernetes/pool/kube-proxy.sls
+++ b/kubernetes/pool/kube-proxy.sls
@@ -37,7 +37,7 @@
- user: root
- group: root
- mode: 644
- - contents: DAEMON_ARGS=" --logtostderr=true --v=2 --kubeconfig=/etc/kubernetes/proxy.kubeconfig {%- if pool.network.engine == 'calico' %} --proxy-mode=iptables{% endif %}"
+ - contents: DAEMON_ARGS=" --logtostderr=true --v=2 --kubeconfig=/etc/kubernetes/proxy.kubeconfig {%- if pool.network.engine == 'calico' %} --proxy-mode=iptables{% endif %}{%- for key, value in pool.get('proxy', {}).get('daemon_opts', {}).iteritems() %} --{{ key }}={{ value }}{%- endfor %}
pool_services:
service.running: