Skip to content

Commit

Permalink
Taint control plane nodes by default
Browse files Browse the repository at this point in the history
plus timeout on bootstrap tokens

Signed-off-by: Artiom Diomin <kron82@gmail.com>
  • Loading branch information
kron4eg committed Jul 6, 2019
1 parent a9aa950 commit 7676785
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 2 deletions.
27 changes: 26 additions & 1 deletion pkg/templates/kubeadm/v1beta1/kubeadm.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1beta1
import (
"fmt"
"strings"
"time"

"github.com/Masterminds/semver"
"github.com/pkg/errors"
Expand All @@ -36,6 +37,10 @@ import (
bootstraputil "k8s.io/cluster-bootstrap/token/util"
)

const (
bootstrapTokenTTL = 60 * time.Minute
)

// NewConfig returns all required configs to init a cluster via a set of v1beta1 configs
func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, error) {
cluster := s.Cluster
Expand All @@ -51,6 +56,12 @@ func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, er

nodeRegistration := kubeadmv1beta1.NodeRegistrationOptions{
Name: host.Hostname,
Taints: []corev1.Taint{
{
Effect: corev1.TaintEffectNoSchedule,
Key: "node-role.kubernetes.io/master",
},
},
KubeletExtraArgs: map[string]string{
"anonymous-auth": "false",
"node-ip": nodeIP,
Expand Down Expand Up @@ -79,7 +90,21 @@ func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, er
APIVersion: "kubeadm.k8s.io/v1beta1",
Kind: "InitConfiguration",
},
BootstrapTokens: []kubeadmv1beta1.BootstrapToken{{Token: bootstrapToken}},
BootstrapTokens: []kubeadmv1beta1.BootstrapToken{
{
Token: bootstrapToken,
Groups: []string{
"system:bootstrappers:kubeadm:default-node-token",
},
TTL: &metav1.Duration{
Duration: bootstrapTokenTTL,
},
Usages: []string{
"signing",
"authentication",
},
},
},
LocalAPIEndpoint: kubeadmv1beta1.APIEndpoint{
AdvertiseAddress: nodeIP,
},
Expand Down
27 changes: 26 additions & 1 deletion pkg/templates/kubeadm/v1beta2/kubeadm.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1beta2
import (
"fmt"
"strings"
"time"

"github.com/Masterminds/semver"
"github.com/pkg/errors"
Expand All @@ -36,6 +37,10 @@ import (
bootstraputil "k8s.io/cluster-bootstrap/token/util"
)

const (
bootstrapTokenTTL = 60 * time.Minute
)

// NewConfig returns all required configs to init a cluster via a set of v1beta2 configs
func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, error) {
cluster := s.Cluster
Expand All @@ -51,6 +56,12 @@ func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, er

nodeRegistration := kubeadmv1beta2.NodeRegistrationOptions{
Name: host.Hostname,
Taints: []corev1.Taint{
{
Effect: corev1.TaintEffectNoSchedule,
Key: "node-role.kubernetes.io/master",
},
},
KubeletExtraArgs: map[string]string{
"anonymous-auth": "false",
"node-ip": nodeIP,
Expand Down Expand Up @@ -79,7 +90,21 @@ func NewConfig(s *state.State, host kubeoneapi.HostConfig) ([]runtime.Object, er
APIVersion: "kubeadm.k8s.io/v1beta1",
Kind: "InitConfiguration",
},
BootstrapTokens: []kubeadmv1beta2.BootstrapToken{{Token: bootstrapToken}},
BootstrapTokens: []kubeadmv1beta2.BootstrapToken{
{
Token: bootstrapToken,
Groups: []string{
"system:bootstrappers:kubeadm:default-node-token",
},
TTL: &metav1.Duration{
Duration: bootstrapTokenTTL,
},
Usages: []string{
"signing",
"authentication",
},
},
},
LocalAPIEndpoint: kubeadmv1beta2.APIEndpoint{
AdvertiseAddress: nodeIP,
},
Expand Down

0 comments on commit 7676785

Please sign in to comment.