Refactor controller_manager Chart
Refactor controller_manager chart to align with OSH standards Change-Id: I6adfbb23dc6f00a1521168ecf6c062c490947192
This commit is contained in:
parent
4d7df8610a
commit
f0fed2dd7b
|
@ -1,3 +1,17 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
description: A chart for Kubernetes controller-manager
|
||||
name: controller_manager
|
||||
|
|
|
@ -1,3 +1,17 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
|
|
|
@ -1,79 +1,48 @@
|
|||
#!/bin/sh
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -x
|
||||
|
||||
export MANIFEST_PATH=/host{{ .Values.anchor.kubelet.manifest_path }}/{{ .Values.service.name }}.yaml
|
||||
export ETC_PATH=/host{{ .Values.controller_manager.host_etc_path }}
|
||||
compare_copy_files() {
|
||||
|
||||
copy_etc_files() {
|
||||
mkdir -p $ETC_PATH
|
||||
cp /configmap/* /secret/* $ETC_PATH
|
||||
}
|
||||
|
||||
create_manifest() {
|
||||
mkdir -p $(dirname $MANIFEST_PATH)
|
||||
cat <<EODOC > $MANIFEST_PATH
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ .Values.service.name }}-service: enabled
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: controller-manager
|
||||
image: {{ .Values.images.controller_manager }}
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
command:
|
||||
- {{ .Values.controller_manager.command }}
|
||||
- --allocate-node-cidrs=true
|
||||
- --cluster-cidr={{ .Values.network.pod_cidr }}
|
||||
- --configure-cloud-routes=false
|
||||
- --leader-elect=true
|
||||
- --node-monitor-period={{ .Values.controller_manager.node_monitor_period }}
|
||||
- --node-monitor-grace-period={{ .Values.controller_manager.node_monitor_grace_period }}
|
||||
- --pod-eviction-timeout={{ .Values.controller_manager.pod_eviction_timeout }}
|
||||
- --kubeconfig=/etc/kubernetes/controller-manager/kubeconfig.yaml
|
||||
- --root-ca-file=/etc/kubernetes/controller-manager/cluster-ca.pem
|
||||
- --service-account-private-key-file=/etc/kubernetes/controller-manager/service-account.priv
|
||||
- --service-cluster-ip-range={{ .Values.network.service_cidr }}
|
||||
- --use-service-account-credentials=true
|
||||
|
||||
- --v=5
|
||||
|
||||
volumeMounts:
|
||||
- name: etc
|
||||
mountPath: /etc/kubernetes/controller-manager
|
||||
volumes:
|
||||
- name: etc
|
||||
hostPath:
|
||||
path: {{ .Values.controller_manager.host_etc_path }}
|
||||
EODOC
|
||||
{{range .Values.anchor.files_to_copy}}
|
||||
if [ ! -e /host{{ .dest }} ] || cmp -s {{ .source }} /host{{ .dest }}; then
|
||||
mkdir -p $(dirname /host{{ .dest }})
|
||||
cp {{ .source }} /host{{ .dest }}
|
||||
fi
|
||||
{{end}}
|
||||
}
|
||||
|
||||
cleanup() {
|
||||
rm -f $MANIFEST_PATH
|
||||
rm -rf $ETC_PATH
|
||||
|
||||
{{range .Values.anchor.files_to_copy}}
|
||||
rm -f /host{{ .dest }}
|
||||
{{end}}
|
||||
}
|
||||
|
||||
while true; do
|
||||
|
||||
if [ -e /tmp/stop ]; then
|
||||
echo Stopping
|
||||
cleanup
|
||||
break
|
||||
fi
|
||||
|
||||
if [ ! -e $MANIFEST_PATH ]; then
|
||||
copy_etc_files
|
||||
create_manifest
|
||||
fi
|
||||
# Compare and replace files on Genesis host if needed
|
||||
# Copy files to other master nodes
|
||||
compare_copy_files
|
||||
|
||||
sleep {{ .Values.anchor.period }}
|
||||
done
|
||||
|
|
|
@ -1,4 +1,17 @@
|
|||
#!/bin/sh
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -x
|
||||
|
||||
|
|
|
@ -1,3 +1,22 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_bin }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -8,3 +27,4 @@ data:
|
|||
{{ tuple "bin/_anchor.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
pre_stop: |+
|
||||
{{ tuple "bin/_pre_stop.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,29 +1,32 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.configmap_etc }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}-etc
|
||||
data:
|
||||
cluster-ca.pem: {{ .Values.tls.ca | quote }}
|
||||
controller-manager.pem: {{ .Values.tls.cert | quote }}
|
||||
cluster-ca.pem: {{ .Values.secrets.tls.ca | quote }}
|
||||
controller-manager.pem: {{ .Values.secrets.tls.cert | quote }}
|
||||
kubeconfig.yaml: |+
|
||||
---
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
server: https://{{ .Values.network.kubernetes_netloc }}
|
||||
certificate-authority: cluster-ca.pem
|
||||
name: kubernetes
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: controller-manager
|
||||
name: controller-manager@kubernetes
|
||||
current-context: controller-manager@kubernetes
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: controller-manager
|
||||
user:
|
||||
client-certificate: controller-manager.pem
|
||||
client-key: controller-manager-key.pem
|
||||
{{ tuple "etc/_kubeconfig.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
kubernetes-controller-manager.yaml: |+
|
||||
{{ tuple "etc/_kubernetes-controller-manager.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,39 +1,62 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.controller_manager }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.controller_manager }}
|
||||
{{- $mounts_controller_manager := .Values.pod.mounts.controller_manager.controller_manager }}
|
||||
{{- $mounts_controller_manager_init := .Values.pod.mounts.controller_manager.init_container }}
|
||||
---
|
||||
apiVersion: "extensions/v1beta1"
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}-anchor
|
||||
labels:
|
||||
application: kubernetes
|
||||
component: kubernetes-controller-manager-anchor
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ .Values.service.name | quote }}: anchor
|
||||
updateStrategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
{{ tuple $envAll "controller_manager" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "kubernetes" "controller-manager-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
labels:
|
||||
{{ .Values.service.name | quote }}: anchor
|
||||
spec:
|
||||
hostNetwork: true
|
||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||
nodeSelector:
|
||||
{{ .Values.anchor.node_selector.key }}: {{ .Values.anchor.node_selector.value }}
|
||||
{{ .Values.labels.controller_manager.node_selector_key }}: {{ .Values.labels.controller_manager.node_selector_value }}
|
||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||
hostNetwork: true
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.controller_manager.timeout }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_controller_manager_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: anchor
|
||||
image: {{ .Values.images.anchor }}
|
||||
image: {{ .Values.images.tags.anchor }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
env:
|
||||
- name: MANIFEST_PATH
|
||||
value: /host{{ .Values.anchor.kubelet.manifest_path }}/kubernetes-controller-manager.yaml
|
||||
- name: ETC_PATH
|
||||
value: /host{{ .Values.controller_manager.host_etc_path }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.controller_manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
- /tmp/bin/anchor
|
||||
lifecycle:
|
||||
|
@ -42,21 +65,21 @@ spec:
|
|||
command:
|
||||
- /tmp/bin/pre_stop
|
||||
volumeMounts:
|
||||
- name: bin
|
||||
- name: {{ .Values.service.name }}-bin
|
||||
mountPath: /tmp/bin
|
||||
- name: etc
|
||||
- name: {{ .Values.service.name }}-etc
|
||||
mountPath: /configmap
|
||||
- name: host
|
||||
mountPath: /host
|
||||
- name: secret
|
||||
mountPath: /secret
|
||||
terminationGracePeriodSeconds: {{ .Values.anchor.termination_grace_period }}
|
||||
{{ if $mounts_controller_manager.volumeMounts }}{{ toYaml $mounts_controller_manager.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: bin
|
||||
- name: {{ .Values.service.name }}-bin
|
||||
configMap:
|
||||
name: {{ .Values.service.name }}-bin
|
||||
defaultMode: 0555
|
||||
- name: etc
|
||||
- name: {{ .Values.service.name }}-etc
|
||||
configMap:
|
||||
name: {{ .Values.service.name }}-etc
|
||||
defaultMode: 0444
|
||||
|
@ -67,3 +90,5 @@ spec:
|
|||
secret:
|
||||
secretName: {{ .Values.service.name }}
|
||||
defaultMode: 0444
|
||||
{{ if $mounts_controller_manager.volumes }}{{ toYaml $mounts_controller_manager.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
server: https://{{ .Values.network.kubernetes_netloc }}
|
||||
certificate-authority: cluster-ca.pem
|
||||
name: kubernetes
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: controller-manager
|
||||
name: controller-manager@kubernetes
|
||||
current-context: controller-manager@kubernetes
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: controller-manager
|
||||
user:
|
||||
client-certificate: controller-manager.pem
|
||||
client-key: controller-manager-key.pem
|
|
@ -0,0 +1,53 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ .Values.service.name }}-service: enabled
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: controller-manager
|
||||
image: {{ .Values.images.tags.controller_manager }}
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
# NOTE: We will not expose parameters that should take on fixed values
|
||||
# in the values.yaml as these parameters should not be changed by user(s).
|
||||
command:
|
||||
{{- range .Values.command_prefix }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
- --configure-cloud-routes=false
|
||||
- --leader-elect=true
|
||||
- --kubeconfig=/etc/kubernetes/controller-manager/kubeconfig.yaml
|
||||
- --root-ca-file=/etc/kubernetes/controller-manager/cluster-ca.pem
|
||||
- --service-account-private-key-file=/etc/kubernetes/controller-manager/service-account.priv
|
||||
- --use-service-account-credentials=true
|
||||
- --v=5
|
||||
|
||||
volumeMounts:
|
||||
- name: etc
|
||||
mountPath: /etc/kubernetes/controller-manager
|
||||
volumes:
|
||||
- name: etc
|
||||
hostPath:
|
||||
path: {{ .Values.controller_manager.host_etc_path }}
|
|
@ -1,3 +1,21 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
|
@ -5,5 +23,6 @@ metadata:
|
|||
name: {{ .Values.service.name }}
|
||||
type: Opaque
|
||||
data:
|
||||
controller-manager-key.pem: {{ .Values.tls.key | b64enc }}
|
||||
service-account.priv: {{ .Values.service_account.private_key | b64enc }}
|
||||
controller-manager-key.pem: {{ .Values.secrets.tls.key | b64enc }}
|
||||
service-account.priv: {{ .Values.secrets.service_account.private_key | b64enc }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,31 +1,68 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
release_group: null
|
||||
|
||||
images:
|
||||
tags:
|
||||
anchor: quay.io/attcomdev/kube-controller-manager:v1.8.0
|
||||
controller_manager: quay.io/attcomdev/kube-controller-manager:v1.8.0
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
labels:
|
||||
controller_manager:
|
||||
node_selector_key: kubernetes-controller-manager
|
||||
node_selector_value: enabled
|
||||
|
||||
anchor:
|
||||
dns_policy: Default
|
||||
kubelet:
|
||||
manifest_path: /etc/kubernetes/manifests
|
||||
node_selector:
|
||||
key: kubernetes-controller-manager
|
||||
value: enabled
|
||||
period: 15
|
||||
termination_grace_period: 3600
|
||||
files_to_copy:
|
||||
- source: /configmap/cluster-ca.pem
|
||||
dest: /etc/kubernetes/controller-manager/cluster-ca.pem
|
||||
- source: /configmap/controller-manager.pem
|
||||
dest: /etc/kubernetes/controller-manager/controller-manager.pem
|
||||
- source: /configmap/kubeconfig.yaml
|
||||
dest: /etc/kubernetes/controller-manager/kubeconfig.yaml
|
||||
- source: /secret/controller-manager-key.pem
|
||||
dest: /etc/kubernetes/controller-manager/controller-manager-key.pem
|
||||
- source: /secret/service-account.priv
|
||||
dest: /etc/kubernetes/controller-manager/service-account.priv
|
||||
- source: /configmap/kubernetes-controller-manager.yaml
|
||||
dest: /etc/kubernetes/manifests/kubernetes-controller-manager.yaml
|
||||
|
||||
controller_manager:
|
||||
command: /controller-manager
|
||||
host_etc_path: /etc/kubernetes/controller-manager
|
||||
node_monitor_period: 5s
|
||||
node_monitor_grace_period: 20s
|
||||
pod_eviction_timeout: 60s
|
||||
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
command_prefix:
|
||||
- /controller-manager
|
||||
- --cluster-cidr=10.97.0.0/16
|
||||
- --node-monitor-period=5s
|
||||
- --node-monitor-grace-period=20s
|
||||
- --pod-eviction-timeout=60s
|
||||
- --service-cluster-ip-range=10.96.0.0/16
|
||||
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
|
||||
images:
|
||||
anchor: quay.io/attcomdev/kube-controller-manager:v1.8.0
|
||||
controller_manager: quay.io/attcomdev/kube-controller-manager:v1.8.0
|
||||
secrets:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
|
||||
network:
|
||||
kubernetes_netloc: 10.96.0.1
|
||||
|
@ -34,3 +71,38 @@ network:
|
|||
|
||||
service:
|
||||
name: kubernetes-controller-manager
|
||||
|
||||
dependencies:
|
||||
controller_manager:
|
||||
|
||||
pod:
|
||||
mounts:
|
||||
controller_manager:
|
||||
init_container: null
|
||||
controller_manager:
|
||||
lifecycle:
|
||||
upgrades:
|
||||
daemonsets:
|
||||
pod_replacement_strategy: RollingUpdate
|
||||
controller_manager:
|
||||
enabled: false
|
||||
min_ready_seconds: 0
|
||||
max_unavailable: 1
|
||||
termination_grace_period:
|
||||
controller_manager:
|
||||
timeout: 3600
|
||||
resources:
|
||||
enabled: false
|
||||
controller_manager:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
manifests:
|
||||
configmap_bin: true
|
||||
configmap_etc: true
|
||||
controller_manager: true
|
||||
secret: true
|
||||
|
|
|
@ -619,7 +619,7 @@ metadata:
|
|||
name: kubernetes
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.ca
|
||||
path: $.values.secrets.tls.ca
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -627,21 +627,21 @@ metadata:
|
|||
name: controller-manager
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.cert
|
||||
path: $.values.secrets.tls.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: controller-manager
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.key
|
||||
path: $.values.secrets.tls.key
|
||||
-
|
||||
src:
|
||||
schema: deckhand/PrivateKey/v1
|
||||
name: service-account
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.service_account.private_key
|
||||
path: $.values.secrets.service_account.private_key
|
||||
|
||||
data:
|
||||
chart_name: controller_manager
|
||||
|
@ -652,14 +652,16 @@ data:
|
|||
no_hooks: true
|
||||
values:
|
||||
images:
|
||||
anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tags:
|
||||
anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
secrets:
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
network:
|
||||
kubernetes_netloc: apiserver.kubernetes.promenade:6443
|
||||
pod_cidr: 10.97.0.0/16
|
||||
|
|
|
@ -648,7 +648,7 @@ metadata:
|
|||
name: kubernetes
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.ca
|
||||
path: $.values.secrets.tls.ca
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -656,21 +656,21 @@ metadata:
|
|||
name: controller-manager
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.cert
|
||||
path: $.values.secrets.tls.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: controller-manager
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.key
|
||||
path: $.values.secrets.tls.key
|
||||
-
|
||||
src:
|
||||
schema: deckhand/PrivateKey/v1
|
||||
name: service-account
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.service_account.private_key
|
||||
path: $.values.secrets.service_account.private_key
|
||||
|
||||
data:
|
||||
chart_name: controller_manager
|
||||
|
@ -681,14 +681,16 @@ data:
|
|||
no_hooks: true
|
||||
values:
|
||||
images:
|
||||
anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tags:
|
||||
anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
secrets:
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
network:
|
||||
kubernetes_netloc: apiserver.kubernetes.promenade:6443
|
||||
pod_cidr: 10.97.0.0/16
|
||||
|
|
|
@ -632,7 +632,7 @@ metadata:
|
|||
name: kubernetes
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.ca
|
||||
path: $.values.secrets.tls.ca
|
||||
|
||||
-
|
||||
src:
|
||||
|
@ -640,21 +640,21 @@ metadata:
|
|||
name: controller-manager
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.cert
|
||||
path: $.values.secrets.tls.cert
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: controller-manager
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.tls.key
|
||||
path: $.values.secrets.tls.key
|
||||
-
|
||||
src:
|
||||
schema: deckhand/PrivateKey/v1
|
||||
name: service-account
|
||||
path: $
|
||||
dest:
|
||||
path: $.values.service_account.private_key
|
||||
path: $.values.secrets.service_account.private_key
|
||||
|
||||
data:
|
||||
chart_name: controller_manager
|
||||
|
@ -665,14 +665,16 @@ data:
|
|||
no_hooks: true
|
||||
values:
|
||||
images:
|
||||
anchor: ${IMAGE_HYPERKUBE}
|
||||
controller_manager: ${IMAGE_HYPERKUBE}
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
tags:
|
||||
anchor: ${IMAGE_HYPERKUBE}
|
||||
controller_manager: ${IMAGE_HYPERKUBE}
|
||||
secrets:
|
||||
service_account:
|
||||
private_key: placeholder
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
network:
|
||||
kubernetes_netloc: apiserver.kubernetes.promenade:6443
|
||||
pod_cidr: 10.97.0.0/16
|
||||
|
|
Loading…
Reference in New Issue