mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-27 13:29:33 +01:00
7eafa59d8f
* Fix a regression caused by lowering the Kubelet TLS client certificate to system:nodes group (#100) since dropping cluster-admin dropped the Kubelet's ability to delete nodes. * On clouds where workers can scale down (manual terraform apply, AWS spot termination, Azure low priority deletion), worker shutdown runs the delete-node.service to remove a node to prevent NotReady nodes from accumulating * Allow Kubelets to delete cluster nodes via system:nodes group. Kubelets acting with system:node and kubelet-delete ClusterRoles is still an improvement over acting as cluster-admin
19 lines
751 B
HCL
19 lines
751 B
HCL
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
|
module "bootkube" {
|
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=e892e291b572655699aee8565c14c8446bab2104"
|
|
|
|
cluster_name = "${var.cluster_name}"
|
|
api_servers = ["${var.k8s_domain_name}"]
|
|
etcd_servers = ["${var.controller_domains}"]
|
|
asset_dir = "${var.asset_dir}"
|
|
networking = "${var.networking}"
|
|
network_mtu = "${var.network_mtu}"
|
|
pod_cidr = "${var.pod_cidr}"
|
|
service_cidr = "${var.service_cidr}"
|
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
|
enable_reporting = "${var.enable_reporting}"
|
|
|
|
# Fedora
|
|
trusted_certs_dir = "/etc/pki/tls/certs"
|
|
}
|