Yuvipanda has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/343787 )
Change subject: k8s: Make kubernetes master profile flexible enough for tools use ...................................................................... k8s: Make kubernetes master profile flexible enough for tools use Bug: T158452 Change-Id: I1a79db1eb794c39033d266e8dd3e836e9651322a --- M hieradata/role/common/kubernetes/master.yaml M modules/profile/manifests/kubernetes/master.pp 2 files changed, 30 insertions(+), 13 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/87/343787/1 diff --git a/hieradata/role/common/kubernetes/master.yaml b/hieradata/role/common/kubernetes/master.yaml index 2cb108a..ad3d19a 100644 --- a/hieradata/role/common/kubernetes/master.yaml +++ b/hieradata/role/common/kubernetes/master.yaml @@ -20,3 +20,9 @@ - LimitRanger - RegistryEnforcer - DefaultStorageClass +profile::kubernetes::master::expose_puppet_certs: true +profile::kubernetes::master::ssl_cert_path: /etc/kubernetes/ssl/cert.pem +profile::kubernetes::master::ssl_key_path: /etc/kubernetes/ssl/server.key +profile::kubernetes::master::authz_mode: '' +profile::kubernetes::master::host_automounts: [] +profile::kubernetes::master::host_path_prefixes_allowed: [] diff --git a/modules/profile/manifests/kubernetes/master.pp b/modules/profile/manifests/kubernetes/master.pp index d28e1de..adbaafe 100644 --- a/modules/profile/manifests/kubernetes/master.pp +++ b/modules/profile/manifests/kubernetes/master.pp @@ -5,23 +5,34 @@ $service_cluster_ip_range=hiera('profile::kubernetes::master::service_cluster_ip_range'), $apiserver_count=hiera('profile::kubernetes::master::apiserver_count'), $admission_controllers=hiera('profile::kubernetes::master::admission_controllers'), + $expose_puppet_certs=hiera('profile::kubernetes::master::use_puppet_certs'), + $ssl_cert_path=hiera('profile::kubernetes::master::ssl_cert_path'), + $ssl_key_path=hiera('profile::kubernetes::master::ssl_cert_path'), + $authz_mode=hiera('profile::kubernetes::master::authz_mode'), + $host_automounts=hiera('profile::kubernetes::master::host_automounts'), + $host_path_prefixes_allowed=hiera('profile::kubernetes::master::host_path_prefixes_allowed'), ){ - base::expose_puppet_certs { '/etc/kubernetes': - provide_private => true, - user => 'kubernetes', - group => 'kubernetes', + if $expose_puppet_certs { + base::expose_puppet_certs { '/etc/kubernetes': + provide_private => true, + user => 'kubernetes', + group => 'kubernetes', + } } + $etcd_servers = join($etcd_urls, ',') class { '::k8s::apiserver': - use_package => true, - etcd_servers => $etcd_servers, - docker_registry => $docker_registry, - ssl_cert_path => '/etc/kubernetes/ssl/cert.pem', - ssl_key_path => '/etc/kubernetes/ssl/server.key', - authz_mode => '', - service_cluster_ip_range => $service_cluster_ip_range, - apiserver_count => $apiserver_count, - admission_controllers => $admission_controllers, + use_package => true, + etcd_servers => $etcd_servers, + docker_registry => $docker_registry, + ssl_cert_path => $ssl_cert_path, + ssl_key_path => $ssl_key_path, + authz_mode => $authz_mode, + service_cluster_ip_range => $service_cluster_ip_range, + apiserver_count => $apiserver_count, + admission_controllers => $admission_controllers, + host_path_prefixes_allowed => $host_path_prefixes_allowed, + host_automounts => $host_automounts, } class { '::k8s::scheduler': use_package => true } -- To view, visit https://gerrit.wikimedia.org/r/343787 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1a79db1eb794c39033d266e8dd3e836e9651322a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits