Code Review / ta / caas-kubernetes.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Revert "Audit log bugfix"
[ta/caas-kubernetes.git] / ansible / roles / kube_master / defaults / main.yaml
diff --git a/ansible/roles/kube_master/defaults/main.yaml b/ansible/roles/kube_master/defaults/main.yaml
index bc71bb9..6aeadaa 100644 (file)
--- a/ansible/roles/kube_master/defaults/main.yaml
+++ b/ansible/roles/kube_master/defaults/main.yaml
@@ -30,6 +30,7 @@ apiserver_feature_gates:
   DevicePlugins: true
   HugePages: true
   TokenRequest: true
+  SCTPSupport: true
 
 apiserver_params:
   - "--admission-control={{ apiserver_admission_controllers | join(',') }}"
@@ -46,10 +47,7 @@ apiserver_params:
   - "--bind-address={{ apiserver }}"
   - "--client-ca-file=/etc/openssl/ca.pem"
   - "--enable-bootstrap-token-auth=true"
-  - "--etcd-cafile=/etc/etcd/ssl/ca.pem"
-  - "--etcd-certfile=/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
-  - "--etcd-keyfile=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
-  - "--etcd-servers={% for host in groups['caas_master'] %}https://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+  - "--etcd-servers=http://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},http://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% endfor %}"
   - "--experimental-encryption-provider-config={{ caas.cert_path }}/{{ caas._secrets_conf }}"
   - "--feature-gates={{ apiserver_feature_gates | get_kube_options }}"
   - "--insecure-port=0"
packages, configures, and integrates the major components of the Kubernetes management plane (https://github.com/kubernetes/kubernetes ). Includes the code related to deploying the API server, scheduler, controller-manager, kube-proxy, and kubelet components.