Alexandros Kosiaris has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/329351 )
Change subject: kubernetes apiserver: Allow specifying > 1 apiserver
......................................................................
kubernetes apiserver: Allow specifying > 1 apiserver
Allow specifying the apiserver-count parameter. Default to undef in
order to be backwards compatible with labs, ensuring we don't break it,
and specify it for production where we already got more than one master
Change-Id: I26376e5100bec1607e8b2f97fb706a6a9a99b741
---
M hieradata/role/common/kubernetes/master.yaml
M modules/k8s/manifests/apiserver.pp
M modules/k8s/templates/kube-apiserver.default.erb
M modules/profile/manifests/kubernetes/master.pp
4 files changed, 7 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/51/329351/1
diff --git a/hieradata/role/common/kubernetes/master.yaml
b/hieradata/role/common/kubernetes/master.yaml
index f07f818..8ec7608 100644
--- a/hieradata/role/common/kubernetes/master.yaml
+++ b/hieradata/role/common/kubernetes/master.yaml
@@ -13,3 +13,4 @@
- kubernetes1003.eqiad.wmnet
- kubernetes1004.eqiad.wmnet
profile::kubernetes::master::service_cluster_ip_range: 192.168.30.0/24
+profile::kubernetes::master::apiserver_count: 2
diff --git a/modules/k8s/manifests/apiserver.pp
b/modules/k8s/manifests/apiserver.pp
index 37679d3..8def3e0 100644
--- a/modules/k8s/manifests/apiserver.pp
+++ b/modules/k8s/manifests/apiserver.pp
@@ -21,6 +21,7 @@
$host_path_prefixes_allowed = [],
$use_package = false,
$authz_mode = 'abac',
+ $apiserver_count = undef,
) {
include k8s::users
diff --git a/modules/k8s/templates/kube-apiserver.default.erb
b/modules/k8s/templates/kube-apiserver.default.erb
index 2765ebd..da09d83 100644
--- a/modules/k8s/templates/kube-apiserver.default.erb
+++ b/modules/k8s/templates/kube-apiserver.default.erb
@@ -32,6 +32,9 @@
--authorization-mode=ABAC \
--authorization-policy-file=/etc/kubernetes/abac \
<%- end -%>
+<%- if @apiserver_count -%>
+--apiserver-count=<%= @apiserver_count %> \
+<%- end -%>
--tls-cert-file=<%= @real_ssl_cert_path %> \
--tls-private-key-file=<%= @real_ssl_key_path %> \
--enforced-docker-registry=<%= @docker_registry %> \
diff --git a/modules/profile/manifests/kubernetes/master.pp
b/modules/profile/manifests/kubernetes/master.pp
index a8e83cb..bfc5f56 100644
--- a/modules/profile/manifests/kubernetes/master.pp
+++ b/modules/profile/manifests/kubernetes/master.pp
@@ -3,6 +3,7 @@
$kubenodes=hiera('profile::kubernetes::master::kubenodes'),
$docker_registry=hiera('profile::kubernetes::master::docker_registry'),
$service_cluster_ip_range=hiera('profile::kubernetes::master::service_cluster_ip_range'),
+ $apiserver_count=hiera('profile::kubernetes::master::apiserver_count'),
){
base::expose_puppet_certs { '/etc/kubernetes':
provide_private => true,
@@ -19,6 +20,7 @@
ssl_certificate_name => '',
authz_mode => '',
service_cluster_ip_range => $service_cluster_ip_range,
+ apiserver_count => $apiserver_count,
}
class { '::k8s::scheduler': use_package => true }
--
To view, visit https://gerrit.wikimedia.org/r/329351
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I26376e5100bec1607e8b2f97fb706a6a9a99b741
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
