Yuvipanda has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/343787 )
Change subject: k8s: Make kubernetes master profile flexible enough for tools
use
......................................................................
k8s: Make kubernetes master profile flexible enough for tools use
Bug: T158452
Change-Id: I1a79db1eb794c39033d266e8dd3e836e9651322a
---
M hieradata/role/common/kubernetes/master.yaml
M modules/profile/manifests/kubernetes/master.pp
2 files changed, 30 insertions(+), 13 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/87/343787/1
diff --git a/hieradata/role/common/kubernetes/master.yaml
b/hieradata/role/common/kubernetes/master.yaml
index 2cb108a..ad3d19a 100644
--- a/hieradata/role/common/kubernetes/master.yaml
+++ b/hieradata/role/common/kubernetes/master.yaml
@@ -20,3 +20,9 @@
- LimitRanger
- RegistryEnforcer
- DefaultStorageClass
+profile::kubernetes::master::expose_puppet_certs: true
+profile::kubernetes::master::ssl_cert_path: /etc/kubernetes/ssl/cert.pem
+profile::kubernetes::master::ssl_key_path: /etc/kubernetes/ssl/server.key
+profile::kubernetes::master::authz_mode: ''
+profile::kubernetes::master::host_automounts: []
+profile::kubernetes::master::host_path_prefixes_allowed: []
diff --git a/modules/profile/manifests/kubernetes/master.pp
b/modules/profile/manifests/kubernetes/master.pp
index d28e1de..adbaafe 100644
--- a/modules/profile/manifests/kubernetes/master.pp
+++ b/modules/profile/manifests/kubernetes/master.pp
@@ -5,23 +5,34 @@
$service_cluster_ip_range=hiera('profile::kubernetes::master::service_cluster_ip_range'),
$apiserver_count=hiera('profile::kubernetes::master::apiserver_count'),
$admission_controllers=hiera('profile::kubernetes::master::admission_controllers'),
+
$expose_puppet_certs=hiera('profile::kubernetes::master::use_puppet_certs'),
+ $ssl_cert_path=hiera('profile::kubernetes::master::ssl_cert_path'),
+ $ssl_key_path=hiera('profile::kubernetes::master::ssl_cert_path'),
+ $authz_mode=hiera('profile::kubernetes::master::authz_mode'),
+ $host_automounts=hiera('profile::kubernetes::master::host_automounts'),
+
$host_path_prefixes_allowed=hiera('profile::kubernetes::master::host_path_prefixes_allowed'),
){
- base::expose_puppet_certs { '/etc/kubernetes':
- provide_private => true,
- user => 'kubernetes',
- group => 'kubernetes',
+ if $expose_puppet_certs {
+ base::expose_puppet_certs { '/etc/kubernetes':
+ provide_private => true,
+ user => 'kubernetes',
+ group => 'kubernetes',
+ }
}
+
$etcd_servers = join($etcd_urls, ',')
class { '::k8s::apiserver':
- use_package => true,
- etcd_servers => $etcd_servers,
- docker_registry => $docker_registry,
- ssl_cert_path => '/etc/kubernetes/ssl/cert.pem',
- ssl_key_path => '/etc/kubernetes/ssl/server.key',
- authz_mode => '',
- service_cluster_ip_range => $service_cluster_ip_range,
- apiserver_count => $apiserver_count,
- admission_controllers => $admission_controllers,
+ use_package => true,
+ etcd_servers => $etcd_servers,
+ docker_registry => $docker_registry,
+ ssl_cert_path => $ssl_cert_path,
+ ssl_key_path => $ssl_key_path,
+ authz_mode => $authz_mode,
+ service_cluster_ip_range => $service_cluster_ip_range,
+ apiserver_count => $apiserver_count,
+ admission_controllers => $admission_controllers,
+ host_path_prefixes_allowed => $host_path_prefixes_allowed,
+ host_automounts => $host_automounts,
}
class { '::k8s::scheduler': use_package => true }
--
To view, visit https://gerrit.wikimedia.org/r/343787
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1a79db1eb794c39033d266e8dd3e836e9651322a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
