direktil/config
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to v1.32

Browse Source
This commit is contained in:
Guillaume
2025-11-02 18:31:13 +01:00
parent 09e63cf400
commit de5971961c
43 changed files with 9492 additions and 1426 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
static-pods/master/api-haproxy.yaml
View File

@ -3,6 +3,8 @@ kind: Pod
metadata:
namespace: kube-system
name: k8s-api-haproxy
annotations:
novit.io/bootstrap-prio: "200"
labels:
component: k8s-api-haproxy
tier: control-plane
@ -16,7 +18,7 @@ spec:
effect: NoSchedule
containers:
- name: api-haproxy
image: haproxy:2.4.19-alpine
image: haproxy:2.8.15-alpine
{{ if .vars.control_plane.reserve_resources }}
resources:
requests:

8
static-pods/master/apiserver.yaml
View File

@ -18,11 +18,15 @@ spec:
effect: NoSchedule
containers:
- name: apiserver
image: {{ .vars.k8s_registry}}/kube-apiserver:{{ .vars.kubernetes_version }}
image: {{ .vars.gcr_io}}/kube-apiserver:{{ .vars.kubernetes_version }}
command:
- kube-apiserver
- --advertise-address={{ .host.ip }}
- --secure-port={{ .vars.control_plane.api_port }}
- --etcd-servers={{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2379{{end}}
- --etcd-servers={{ range $i, $host := shuffled_hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2379{{end}}
{{- if .vars.etcd_split_events }}
- --etcd-servers-overrides=/events#{{ range $i, $host := shuffled_hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2381{{end}}
{{- end }}
- --etcd-cafile=/tls/etcd-client/ca.crt
- --etcd-keyfile=/tls/etcd-client/tls.key
- --etcd-certfile=/tls/etcd-client/tls.crt

4
static-pods/master/controller-manager.yaml
View File

@ -18,7 +18,7 @@ spec:
effect: NoSchedule
containers:
- name: controller-manager
image: {{ .vars.k8s_registry}}/kube-controller-manager:{{ .vars.kubernetes_version }}
image: {{ .vars.gcr_io}}/kube-controller-manager:{{ .vars.kubernetes_version }}
command:
- kube-controller-manager
- --cluster-signing-cert-file=/tls-ca/cluster/ca.crt
@ -28,7 +28,7 @@ spec:
- --kubeconfig=/run/k8s/kubeconfig
- --allocate-node-cidrs
- --cluster-cidr={{ .cluster.subnets.pods }}
- --node-cidr-mask-size=24
- --node-cidr-mask-size={{ .cluster.vars.node_cidr_mask_size }}
- --controllers=*,bootstrapsigner,tokencleaner
- --authentication-kubeconfig=/run/k8s/kubeconfig
- --authorization-kubeconfig=/run/k8s/kubeconfig

4
static-pods/master/docker-registries-mirror.yaml
View File

@ -15,12 +15,12 @@ spec:
priorityClassName: system-node-critical
containers:
- name: docker-registries-mirror
image: mcluseau/docker-registries-mirror
image: novit.tech/direktil/docker-registries-mirror
command:
- ash
- -c
- |
ALL_HOSTS="{{ if .vars.docker_registries_mirror_cache.remote }}{{ .vars.docker_registries_mirror_cache.remote}}{{ end }}{{ range $i, $host := hosts_by_group "master" }} http://{{$host.ip}}:{{ $cache_port }}{{end}}" \
ALL_HOSTS="{{ if .vars.docker_registries_mirror_cache.remote }}{{ .vars.docker_registries_mirror_cache.remote}}{{ end }}{{ range $i, $host := hosts_by_group .vars.master_group }} http://{{$host.ip}}:{{ $cache_port }}{{end}}" \
CURRENT_HOST="http://{{ .host.ip }}:{{ $cache_port }}" \
OTHER_HOSTS="$(echo ${ALL_HOSTS/${CURRENT_HOST}/})" \
sh -c '/bin/docker-registries-mirror -addr=:{{ $cache_port }} -cache-mib={{ .vars.docker_registries_mirror_cache.mb }} -peers=${OTHER_HOSTS/ /,}'

88
static-pods/master/etcd-events.yaml Normal file
View File

@ -0,0 +1,88 @@
{{ if .vars.etcd_split_events }}
apiVersion: v1
kind: Pod
metadata:
namespace: kube-system
name: k8s-etcd
annotations:
novit.io/bootstrap-prio: "300"
labels:
component: k8s-etcd
tier: control-plane
spec:
hostNetwork: true
dnsPolicy: Default
priorityClassName: system-cluster-critical
automountServiceAccountToken: false
tolerations:
- key: node.kubernetes.io/not-ready
effect: NoSchedule
containers:
- name: etcd
image: {{.vars.etcd_image}}:{{.vars.etcd_version}}
command:
- etcd
- --name={{ .host.name }}
- --data-dir=/var/lib/etcd
- --trusted-ca-file=/tls/etcd-server/ca.crt
- --key-file=/tls/etcd-server/tls.key
- --cert-file=/tls/etcd-server/tls.crt
- --client-cert-auth=true
- --trusted-ca-file=/tls/etcd-server/ca.crt
- --listen-client-urls=https://127.0.0.1:2381,https://{{ .host.ip }}:2381
- --advertise-client-urls=https://{{ .host.ip }}:2381
- --listen-peer-urls=https://{{ .host.ip }}:2382
- --peer-trusted-ca-file=/tls/etcd-peer/ca.crt
- --peer-key-file=/tls/etcd-peer/tls.key
- --peer-cert-file=/tls/etcd-peer/tls.crt
- --peer-client-cert-auth=true
- --initial-advertise-peer-urls=https://{{ .host.ip }}:2382
env:
- name: ETCD_INITIAL_CLUSTER
value: {{ range $i, $host := hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}{{$host.name}}=https://{{$host.ip}}:2382{{end}}
- name: ETCD_INITIAL_CLUSTER_STATE
value: existing
- name: ETCD_INITIAL_CLUSTER_TOKEN
value: '{{ token "etcd-events" }}'
- name: ETCDCTL_ENDPOINTS
value: {{ range $i, $host := hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2381{{end}}
- name: ETCDCTL_CACERT
value: /tls/etcd-peer/ca.crt
- name: ETCDCTL_CERT
value: /tls/etcd-peer/tls.crt
- name: ETCDCTL_KEY
value: /tls/etcd-peer/tls.key
{{ if .vars.control_plane.reserve_resources }}
resources:
requests:
cpu: 200m
memory: 1.2Gi
{{ end }}
volumeMounts:
- name: etc-certs
mountPath: /etc/ssl/certs
- name: tls-etcd-server
mountPath: /tls/etcd-server
- name: tls-etcd-peer
mountPath: /tls/etcd-peer
- name: k8s
mountPath: /etc/kubernetes
- name: data
mountPath: /var/lib/etcd
volumes:
- name: etc-certs
hostPath:
path: /etc/ssl/certs
- name: tls-etcd-server
hostPath:
path: /etc/tls/etcd-server
- name: tls-etcd-peer
hostPath:
path: /etc/tls/etcd-peer
- name: k8s
hostPath:
path: /etc/kubernetes
- name: data
hostPath:
path: /var/lib/etcd-events
{{ end }}

8
static-pods/master/etcd.yaml
View File

@ -18,7 +18,7 @@ spec:
effect: NoSchedule
containers:
- name: etcd
image: {{.vars.etcd.image}}:{{.vars.etcd.version}}
image: {{.vars.etcd_image}}:{{.vars.etcd_version}}
command:
- etcd
- --name={{ .host.name }}
@ -38,13 +38,13 @@ spec:
- --initial-advertise-peer-urls=https://{{ .host.ip }}:2380
env:
- name: ETCD_INITIAL_CLUSTER
value: {{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}{{$host.name}}=https://{{$host.ip}}:2380{{end}}
value: {{ range $i, $host := hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}{{$host.name}}=https://{{$host.ip}}:2380{{end}}
- name: ETCD_INITIAL_CLUSTER_STATE
value: {{ .vars.etcd.cluster_state }}
value: {{ .vars.etcd_cluster_state }}
- name: ETCD_INITIAL_CLUSTER_TOKEN
value: '{{ token "etcd-initial-cluster" }}'
- name: ETCDCTL_ENDPOINTS
value: {{ range $i, $host := hosts_by_group "master" }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2379{{end}}
value: {{ range $i, $host := hosts_by_group .vars.master_group }}{{ if gt $i 0 }},{{end}}https://{{$host.ip}}:2379{{end}}
- name: ETCDCTL_CACERT
value: /tls/etcd-peer/ca.crt
- name: ETCDCTL_CERT

14
static-pods/master/keepalived.yaml
View File

@ -19,28 +19,32 @@ spec:
effect: NoSchedule
containers:
- name: keepalived
image: {{.vars.keepalived.image}}:{{.vars.keepalived.version}}
image: {{.vars.keepalived_image}}:{{.vars.keepalived_version}}
env:
- name: KEEPALIVED_AUTH_PASSWORD
value: '{{ token "keepalived-vip" }}'
{{- range $i, $host := hosts_by_group "master" }}
{{- range $i, $host := hosts_by_group .vars.master_group }}
- name: KEEPALIVED_UNICAST_PEER_{{$i}}
value: {{ $host.ip }}
{{- end }}
- name: KEEPALIVED_VIRTUAL_IPADDRESS_0
value: {{.vars.public_vip}}/{{.vars.netmask}}
{{- if .vars.dmz_vip }}
- name: KEEPALIVED_VIRTUAL_IPADDRESS_1
value: {{.vars.dmz_vip}}/{{.vars.dmz_netmask}}
{{- end }}
- name: KEEPALIVED_INTERFACE
value: {{ .vars.vip_interface }}
{{- if .vars.keepalived.router_id }}
{{- if .vars.keepalived_router_id }}
- name: KEEPALIVED_VIRTUAL_ROUTER_ID
value: "{{ .vars.keepalived.router_id }}"
value: "{{ .vars.keepalived_router_id }}"
{{- end }}
- name: KEEPALIVED_KUBE_APISERVER_CHECK
value: "true"
- name: KUBE_APISERVER_ADDRESS
value: 127.0.0.1
- name: KEEPALIVED_GARP_MASTER_REFRESH
value: "{{ .vars.keepalived.garp_master_refresh }}"
value: "{{ .vars.keepalived_garp_master_refresh }}"
securityContext:
capabilities:
add:

53
static-pods/master/minio.yaml Normal file
View File

@ -0,0 +1,53 @@
{{ if .vars.enable_minio }}
apiVersion: v1
kind: Pod
metadata:
name: minio
labels:
app: minio
spec:
hostNetwork: true
volumes:
- name: data
hostPath:
path: /mnt/storage/k8s-pv-backup
type: BlockDevice
- name: config
emptyDir: {}
containers:
- name: minio
image: minio/minio:RELEASE.2025-01-20T14-49-07Z
imagePullPolicy: IfNotPresent
args:
- server
- /data
- --config-dir=/config
env:
- name: MINIO_ACCESS_KEY
value: {{ .vars.minio_access_key }}
- name: MINIO_SECRET_KEY
value: {{ .vars.minio_secret_key }}
livenessProbe:
httpGet:
path: /minio/login
port: 9000
httpHeaders:
- name: User-Agent
value: Mozilla
readinessProbe:
failureThreshold: 3
httpGet:
path: /minio/login
port: 9000
httpHeaders:
- name: User-Agent
value: Mozilla
initialDelaySeconds: 15
ports:
- containerPort: 9000
volumeMounts:
- name: data
mountPath: "/data"
- name: config
mountPath: "/config"
{{ end }}

2
static-pods/master/scheduler.yaml
View File

@ -18,7 +18,7 @@ spec:
effect: NoSchedule
containers:
- name: scheduler
image: {{ .vars.k8s_registry}}/kube-scheduler:{{ .vars.kubernetes_version }}
image: {{ .vars.gcr_io}}/kube-scheduler:{{ .vars.kubernetes_version }}
command:
- kube-scheduler
- --kubeconfig=/run/k8s/kubeconfig

1
static-pods/node/minio.yaml Symbolic link
View File

@ -0,0 +1 @@
../master/minio.yaml