55 lines
1.1 KiB
HCL
55 lines
1.1 KiB
HCL
locals {
|
|
bootstrap_kubeconfig = <<EOM
|
|
apiVersion: v1
|
|
kind: Config
|
|
clusters:
|
|
- cluster:
|
|
certificate-authority: /var/lib/kubernetes/ca.pem
|
|
server: ${local.kubernetes_server}
|
|
name: bootstrap
|
|
contexts:
|
|
- context:
|
|
cluster: bootstrap
|
|
user: kubelet-bootstrap
|
|
name: bootstrap
|
|
current-context: bootstrap
|
|
preferences: {}
|
|
users:
|
|
- name: kubelet-bootstrap
|
|
user:
|
|
token: ${local.bootstrap_token}
|
|
EOM
|
|
|
|
kubelet_config = yamlencode({
|
|
kind = "KubeletConfiguration"
|
|
apiVersion = "kubelet.config.k8s.io/v1beta1"
|
|
|
|
authentication = {
|
|
anonymous = { enabled = false }
|
|
webhook = { enabled = true }
|
|
x509 = {
|
|
clientCAFile = "/var/lib/kubernetes/ca.pem"
|
|
}
|
|
}
|
|
authorization = {
|
|
mode = "Webhook"
|
|
}
|
|
|
|
rotateCertificates = true
|
|
serverTLSBootstrap = true
|
|
clusterDomain = "cluster.local"
|
|
clusterDNS = [local.cluster_dns]
|
|
resolvConf = "/run/systemd/resolve/resolv.conf"
|
|
|
|
maxPods = 110
|
|
systemReserved = {
|
|
cpu = "200m"
|
|
memory = "128M"
|
|
}
|
|
kubeReserved = {
|
|
cpu = "100m"
|
|
memory = "128M"
|
|
}
|
|
})
|
|
}
|