From 70f7c3f41645455b6fbe559f213e18207a28484e Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Sat, 16 Dec 2023 15:28:52 +0100 Subject: [PATCH] Add parameter documentation to every class/define - added parameter documentaion with the help of copilot - remove lint ignore of missing parameters - update references - sort parameters --- .puppet-lint.rc | 1 - REFERENCE.md | 1715 +++++++++++----------- manifests/binary.pp | 9 + manifests/init.pp | 59 +- manifests/install/cni_plugins.pp | 4 +- manifests/install/container_runtime.pp | 6 +- manifests/node.pp | 5 +- manifests/node/kube_proxy.pp | 13 + manifests/node/kubectl.pp | 2 + manifests/node/kubelet.pp | 10 +- manifests/repo.pp | 4 +- manifests/server.pp | 7 +- manifests/server/apiserver.pp | 17 +- manifests/server/bootstrap_token.pp | 13 + manifests/server/controller_manager.pp | 15 + manifests/server/etcd.pp | 12 +- manifests/server/etcd/member.pp | 7 + manifests/server/etcd/setup.pp | 40 +- manifests/server/resources.pp | 27 + manifests/server/resources/bootstrap.pp | 3 + manifests/server/resources/flannel.pp | 10 +- manifests/server/resources/kube_proxy.pp | 8 +- manifests/server/scheduler.pp | 12 + manifests/server/tls.pp | 15 + manifests/server/tls/ca.pp | 11 + manifests/server/tls/cert.pp | 17 + manifests/server/tls/k8s_sign.pp | 2 + manifests/server/wait_online.pp | 1 + 28 files changed, 1113 insertions(+), 932 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index dd8272c..b2d2a64 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,3 +1,2 @@ --fail-on-warnings ---no-parameter_documentation-check --no-parameter_types-check diff --git a/REFERENCE.md b/REFERENCE.md index 4047a7c..e6ad398 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -85,234 +85,225 @@ Sets up a Kubernetes instance - either as a node or as a server The following parameters are available in the `k8s` class: -* [`manage_kernel_modules`](#-k8s--manage_kernel_modules) -* [`manage_sysctl_settings`](#-k8s--manage_sysctl_settings) -* [`manage_kube_proxy`](#-k8s--manage_kube_proxy) -* [`ensure`](#-k8s--ensure) -* [`packaging`](#-k8s--packaging) -* [`user`](#-k8s--user) -* [`group`](#-k8s--group) -* [`uid`](#-k8s--uid) -* [`gid`](#-k8s--gid) -* [`etcd_cluster_name`](#-k8s--etcd_cluster_name) +* [`api_service_address`](#-k8s--api_service_address) +* [`cluster_cidr`](#-k8s--cluster_cidr) * [`cluster_domain`](#-k8s--cluster_domain) -* [`native_packaging`](#-k8s--native_packaging) -* [`version`](#-k8s--version) -* [`etcd_version`](#-k8s--etcd_version) -* [`container_registry`](#-k8s--container_registry) * [`container_image_tag`](#-k8s--container_image_tag) * [`container_manager`](#-k8s--container_manager) +* [`container_registry`](#-k8s--container_registry) * [`container_runtime_service`](#-k8s--container_runtime_service) -* [`crio_package`](#-k8s--crio_package) * [`containerd_package`](#-k8s--containerd_package) +* [`control_plane_url`](#-k8s--control_plane_url) * [`crictl_package`](#-k8s--crictl_package) -* [`runc_version`](#-k8s--runc_version) +* [`crio_package`](#-k8s--crio_package) +* [`dns_service_address`](#-k8s--dns_service_address) +* [`ensure`](#-k8s--ensure) +* [`etcd_cluster_name`](#-k8s--etcd_cluster_name) +* [`etcd_version`](#-k8s--etcd_version) +* [`firewall_type`](#-k8s--firewall_type) +* [`gid`](#-k8s--gid) +* [`group`](#-k8s--group) +* [`hyperkube_name`](#-k8s--hyperkube_name) +* [`incluster_control_plane_url`](#-k8s--incluster_control_plane_url) +* [`manage_container_manager`](#-k8s--manage_container_manager) * [`manage_etcd`](#-k8s--manage_etcd) * [`manage_firewall`](#-k8s--manage_firewall) * [`manage_image`](#-k8s--manage_image) -* [`manage_repo`](#-k8s--manage_repo) +* [`manage_kernel_modules`](#-k8s--manage_kernel_modules) +* [`manage_kube_proxy`](#-k8s--manage_kube_proxy) * [`manage_packages`](#-k8s--manage_packages) -* [`manage_container_manager`](#-k8s--manage_container_manager) +* [`manage_repo`](#-k8s--manage_repo) +* [`manage_sysctl_settings`](#-k8s--manage_sysctl_settings) +* [`native_packaging`](#-k8s--native_packaging) +* [`native_url_template`](#-k8s--native_url_template) +* [`node_auth`](#-k8s--node_auth) +* [`package_template`](#-k8s--package_template) +* [`packaging`](#-k8s--packaging) * [`puppetdb_discovery`](#-k8s--puppetdb_discovery) * [`puppetdb_discovery_tag`](#-k8s--puppetdb_discovery_tag) * [`purge_manifests`](#-k8s--purge_manifests) -* [`native_url_template`](#-k8s--native_url_template) -* [`tarball_url_template`](#-k8s--tarball_url_template) -* [`package_template`](#-k8s--package_template) -* [`hyperkube_name`](#-k8s--hyperkube_name) -* [`sysconfig_path`](#-k8s--sysconfig_path) -* [`node_auth`](#-k8s--node_auth) -* [`incluster_control_plane_url`](#-k8s--incluster_control_plane_url) -* [`control_plane_url`](#-k8s--control_plane_url) -* [`service_cluster_cidr`](#-k8s--service_cluster_cidr) -* [`cluster_cidr`](#-k8s--cluster_cidr) -* [`api_service_address`](#-k8s--api_service_address) -* [`dns_service_address`](#-k8s--dns_service_address) * [`role`](#-k8s--role) -* [`firewall_type`](#-k8s--firewall_type) - -##### `manage_kernel_modules` - -Data type: `Boolean` +* [`runc_version`](#-k8s--runc_version) +* [`service_cluster_cidr`](#-k8s--service_cluster_cidr) +* [`sysconfig_path`](#-k8s--sysconfig_path) +* [`tarball_url_template`](#-k8s--tarball_url_template) +* [`uid`](#-k8s--uid) +* [`user`](#-k8s--user) +* [`version`](#-k8s--version) -A flag to manage required Kernel modules. +##### `api_service_address` -Default value: `true` +Data type: `Stdlib::IP::Address::Nosubnet` -##### `manage_sysctl_settings` +IP address for the API service -Data type: `Boolean` +Default value: `k8s::ip_in_cidr($service_cluster_cidr, 'first')` -A flag to manage required sysctl settings. +##### `cluster_cidr` -Default value: `true` +Data type: `K8s::CIDR` -##### `manage_kube_proxy` +CIDR for the pod network -Data type: `K8s::Proxy_method` +Default value: `'10.0.0.0/16'` -How/if the kube-proxy component should be managed, either as an in-cluster -component (default), or as an on-node component for advanced use-cases. +##### `cluster_domain` -Default value: `true` +Data type: `Stdlib::Fqdn` -##### `ensure` +domain name for the cluster -Data type: `K8s::Ensure` +Default value: `'cluster.local'` +##### `container_image_tag` +Data type: `Optional[String[1]]` -Default value: `'present'` +container image tag to use -##### `packaging` +Default value: `undef` -Data type: `Enum['container', 'native']` +##### `container_manager` +Data type: `K8s::Container_runtimes` +container manager to use -Default value: `'native'` +Default value: `'crio'` -##### `user` +##### `container_registry` Data type: `String[1]` -username for kubernetes files and services +container registry to use -Default value: `'kube'` +Default value: `'registry.k8s.io'` -##### `group` +##### `container_runtime_service` Data type: `String[1]` -groupname for kubernetes files and services - -Default value: `'kube'` - -##### `uid` +name of the container runtime service -Data type: `Integer[0, 65535]` +Default value: `"${container_manager}.service"` -user id for kubernetes files and services +##### `containerd_package` -Default value: `888` +Data type: `Optional[String[1]]` -##### `gid` +name of the containerd package -Data type: `Integer[0, 65535]` +Default value: `undef` -group id for kubernetes files and services +##### `control_plane_url` -Default value: `888` +Data type: `Stdlib::HTTPUrl` -##### `etcd_cluster_name` +URL for the control plane -Data type: `String[1]` +Default value: `'https://kubernetes:6443'` -name of the etcd cluster for searching its nodes in the puppetdb +##### `crictl_package` -Default value: `'default'` +Data type: `Optional[String[1]]` -##### `cluster_domain` +name of the crictl package -Data type: `Stdlib::Fqdn` +Default value: `undef` -domain name for the cluster +##### `crio_package` -Default value: `'cluster.local'` +Data type: `Optional[String[1]]` -##### `native_packaging` +name of the crio package -Data type: `K8s::Native_packaging` +Default value: `undef` +##### `dns_service_address` +Data type: `K8s::IP_addresses` -Default value: `'loose'` +IP address for the DNS service -##### `version` +Default value: `k8s::ip_in_cidr($service_cluster_cidr, 'second')` -Data type: `String[1]` +##### `ensure` +Data type: `K8s::Ensure` +whether kubernetes should be present or absent -Default value: `'1.26.1'` +Default value: `'present'` -##### `etcd_version` +##### `etcd_cluster_name` Data type: `String[1]` +name of the etcd cluster for searching its nodes in the puppetdb +Default value: `'default'` -Default value: `'3.5.1'` - -##### `container_registry` +##### `etcd_version` Data type: `String[1]` +version of etcd to install +Default value: `'3.5.1'` -Default value: `'registry.k8s.io'` - -##### `container_image_tag` - -Data type: `Optional[String[1]]` +##### `firewall_type` +Data type: `Optional[K8s::Firewall]` +type of firewall to use Default value: `undef` -##### `container_manager` - -Data type: `K8s::Container_runtimes` +##### `gid` +Data type: `Integer[0, 65535]` +group id for kubernetes files and services -Default value: `'crio'` +Default value: `888` -##### `container_runtime_service` +##### `group` Data type: `String[1]` +groupname for kubernetes files and services +Default value: `'kube'` -Default value: `"${container_manager}.service"` - -##### `crio_package` - -Data type: `Optional[String[1]]` - - - -Default value: `undef` - -##### `containerd_package` - -Data type: `Optional[String[1]]` - - +##### `hyperkube_name` -Default value: `undef` +Data type: `String[1]` -##### `crictl_package` +name of the hyperkube binary -Data type: `Optional[String[1]]` +Default value: `'hyperkube'` +##### `incluster_control_plane_url` +Data type: `Stdlib::HTTPUrl` -Default value: `undef` +URL for the control plane from within the cluster -##### `runc_version` +Default value: `'https://kubernetes.default.svc'` -Data type: `String[1]` +##### `manage_container_manager` +Data type: `Boolean` +whether to manage the container manager -Default value: `'installed'` +Default value: `true` ##### `manage_etcd` Data type: `Boolean` - +whether to manage etcd Default value: `true` @@ -320,7 +311,7 @@ Default value: `true` Data type: `Boolean` - +whether to manage the firewall Default value: `false` @@ -328,169 +319,177 @@ Default value: `false` Data type: `Boolean` - +whether to manage the image Default value: `false` -##### `manage_repo` +##### `manage_kernel_modules` Data type: `Boolean` - +A flag to manage required Kernel modules. Default value: `true` -##### `manage_packages` - -Data type: `Boolean` +##### `manage_kube_proxy` +Data type: `K8s::Proxy_method` +How/if the kube-proxy component should be managed, either as an in-cluster component (default), or as an on-node component for advanced use-cases. Default value: `true` -##### `manage_container_manager` +##### `manage_packages` Data type: `Boolean` - +whether to manage packages Default value: `true` -##### `puppetdb_discovery` +##### `manage_repo` Data type: `Boolean` +whether to manage the repo +Default value: `true` -Default value: `false` - -##### `puppetdb_discovery_tag` - -Data type: `String[1]` - +##### `manage_sysctl_settings` +Data type: `Boolean` -Default value: `'default'` +A flag to manage required sysctl settings. -##### `purge_manifests` +Default value: `true` -Data type: `Boolean` +##### `native_packaging` +Data type: `K8s::Native_packaging` +type of native packaging to use -Default value: `true` +Default value: `'loose'` ##### `native_url_template` Data type: `String[1]` - +template for native packaging Default value: `'https://storage.googleapis.com/kubernetes-release/release/v%{version}/bin/%{kernel}/%{arch}/%{binary}'` -##### `tarball_url_template` - -Data type: `String[1]` +##### `node_auth` +Data type: `K8s::Node_auth` +authentication method for nodes -Default value: `'https://dl.k8s.io/v%{version}/kubernetes-%{component}-%{kernel}-%{arch}.tar.gz'` +Default value: `'bootstrap'` ##### `package_template` Data type: `String[1]` - +template for package names Default value: `'kubernetes-%{component}'` -##### `hyperkube_name` - -Data type: `String[1]` +##### `packaging` +Data type: `Enum['container', 'native']` +whether to use native or container packaging -Default value: `'hyperkube'` +Default value: `'native'` -##### `sysconfig_path` +##### `puppetdb_discovery` -Data type: `Optional[Stdlib::Unixpath]` +Data type: `Boolean` +whether to use puppetdb for node discovery +Default value: `false` -Default value: `undef` +##### `puppetdb_discovery_tag` -##### `node_auth` +Data type: `String[1]` -Data type: `K8s::Node_auth` +tag to use for puppetdb node discovery +Default value: `'default'` +##### `purge_manifests` -Default value: `'bootstrap'` +Data type: `Boolean` -##### `incluster_control_plane_url` +whether to purge manifests -Data type: `Stdlib::HTTPUrl` +Default value: `true` +##### `role` +Data type: `Enum['node','server','none']` -Default value: `'https://kubernetes.default.svc'` +role of the node -##### `control_plane_url` +Default value: `'none'` -Data type: `Stdlib::HTTPUrl` +##### `runc_version` +Data type: `String[1]` +version of runc to install -Default value: `'https://kubernetes:6443'` +Default value: `'installed'` ##### `service_cluster_cidr` Data type: `K8s::CIDR` - +CIDR for the service network Default value: `'10.1.0.0/24'` -##### `cluster_cidr` - -Data type: `K8s::CIDR` - - - -Default value: `'10.0.0.0/16'` - -##### `api_service_address` +##### `sysconfig_path` -Data type: `Stdlib::IP::Address::Nosubnet` +Data type: `Optional[Stdlib::Unixpath]` +path to the sysconfig directory +Default value: `undef` -Default value: `k8s::ip_in_cidr($service_cluster_cidr, 'first')` +##### `tarball_url_template` -##### `dns_service_address` +Data type: `String[1]` -Data type: `K8s::IP_addresses` +template for tarball packaging +Default value: `'https://dl.k8s.io/v%{version}/kubernetes-%{component}-%{kernel}-%{arch}.tar.gz'` +##### `uid` -Default value: `k8s::ip_in_cidr($service_cluster_cidr, 'second')` +Data type: `Integer[0, 65535]` -##### `role` +user id for kubernetes files and services -Data type: `Enum['node','server','none']` +Default value: `888` +##### `user` +Data type: `String[1]` -Default value: `'none'` +username for kubernetes files and services -##### `firewall_type` +Default value: `'kube'` -Data type: `Optional[K8s::Firewall]` +##### `version` +Data type: `String[1]` +version of kubernetes to install -Default value: `undef` +Default value: `'1.26.1'` ### `k8s::install::cni_plugins` @@ -500,42 +499,42 @@ Class: k8s::install::cni_plugins The following parameters are available in the `k8s::install::cni_plugins` class: -* [`ensure`](#-k8s--install--cni_plugins--ensure) -* [`version`](#-k8s--install--cni_plugins--version) * [`arch`](#-k8s--install--cni_plugins--arch) +* [`ensure`](#-k8s--install--cni_plugins--ensure) * [`method`](#-k8s--install--cni_plugins--method) +* [`version`](#-k8s--install--cni_plugins--version) -##### `ensure` +##### `arch` -Data type: `K8s::Ensure` +Data type: `String[1]` -set ensure for installation or deinstallation +sets the arch to use for binary download -Default value: `$k8s::ensure` +Default value: `'amd64'` -##### `version` +##### `ensure` -Data type: `String[1]` +Data type: `K8s::Ensure` -sets the version to use +set ensure for installation or deinstallation -Default value: `'v1.2.0'` +Default value: `$k8s::ensure` -##### `arch` +##### `method` Data type: `String[1]` -sets the arch to use for binary download +installation method -Default value: `'amd64'` +Default value: `$k8s::native_packaging` -##### `method` +##### `version` Data type: `String[1]` -installation method +sets the version to use -Default value: `$k8s::native_packaging` +Default value: `'v1.2.0'` ### `k8s::install::container_runtime` @@ -545,21 +544,13 @@ Class: k8s::install::container_runtime The following parameters are available in the `k8s::install::container_runtime` class: -* [`manage_repo`](#-k8s--install--container_runtime--manage_repo) * [`container_manager`](#-k8s--install--container_runtime--container_manager) -* [`crio_package`](#-k8s--install--container_runtime--crio_package) * [`containerd_package`](#-k8s--install--container_runtime--containerd_package) +* [`crio_package`](#-k8s--install--container_runtime--crio_package) * [`k8s_version`](#-k8s--install--container_runtime--k8s_version) -* [`runc_version`](#-k8s--install--container_runtime--runc_version) +* [`manage_repo`](#-k8s--install--container_runtime--manage_repo) * [`package_ensure`](#-k8s--install--container_runtime--package_ensure) - -##### `manage_repo` - -Data type: `Boolean` - -whether to manage the repo or not - -Default value: `$k8s::manage_repo` +* [`runc_version`](#-k8s--install--container_runtime--runc_version) ##### `container_manager` @@ -569,21 +560,21 @@ set the cri to use Default value: `$k8s::container_manager` -##### `crio_package` +##### `containerd_package` Data type: `Optional[String[1]]` -cri-o the package name +the containerd package anme -Default value: `$k8s::crio_package` +Default value: `$k8s::containerd_package` -##### `containerd_package` +##### `crio_package` Data type: `Optional[String[1]]` -the containerd package anme +cri-o the package name -Default value: `$k8s::containerd_package` +Default value: `$k8s::crio_package` ##### `k8s_version` @@ -593,13 +584,13 @@ the k8s version Default value: `$k8s::version` -##### `runc_version` +##### `manage_repo` -Data type: `String[1]` +Data type: `Boolean` -the runc version +whether to manage the repo or not -Default value: `$k8s::runc_version` +Default value: `$k8s::manage_repo` ##### `package_ensure` @@ -609,6 +600,14 @@ the ensure value to set on the cri package Default value: `installed` +##### `runc_version` + +Data type: `String[1]` + +the runc version + +Default value: `$k8s::runc_version` + ### `k8s::install::crictl` Class: k8s::install::crictl @@ -730,14 +729,16 @@ The following parameters are available in the `k8s::node` class: * [`ca_cert`](#-k8s--node--ca_cert) * [`cert_path`](#-k8s--node--cert_path) +* [`control_plane_url`](#-k8s--node--control_plane_url) * [`ensure`](#-k8s--node--ensure) * [`firewall_type`](#-k8s--node--firewall_type) +* [`manage_crictl`](#-k8s--node--manage_crictl) * [`manage_firewall`](#-k8s--node--manage_firewall) * [`manage_kernel_modules`](#-k8s--node--manage_kernel_modules) * [`manage_kubelet`](#-k8s--node--manage_kubelet) * [`manage_proxy`](#-k8s--node--manage_proxy) +* [`manage_simple_cni`](#-k8s--node--manage_simple_cni) * [`manage_sysctl_settings`](#-k8s--node--manage_sysctl_settings) -* [`control_plane_url`](#-k8s--node--control_plane_url) * [`node_auth`](#-k8s--node--node_auth) * [`node_cert`](#-k8s--node--node_cert) * [`node_key`](#-k8s--node--node_key) @@ -747,8 +748,6 @@ The following parameters are available in the `k8s::node` class: * [`proxy_key`](#-k8s--node--proxy_key) * [`proxy_token`](#-k8s--node--proxy_token) * [`puppetdb_discovery_tag`](#-k8s--node--puppetdb_discovery_tag) -* [`manage_simple_cni`](#-k8s--node--manage_simple_cni) -* [`manage_crictl`](#-k8s--node--manage_crictl) ##### `ca_cert` @@ -766,6 +765,14 @@ path to cert files Default value: `'/var/lib/kubelet/pki'` +##### `control_plane_url` + +Data type: `Stdlib::HTTPUrl` + +cluster API connection + +Default value: `$k8s::control_plane_url` + ##### `ensure` Data type: `K8s::Ensure` @@ -782,6 +789,14 @@ define the type of firewall to use Default value: `$k8s::firewall_type` +##### `manage_crictl` + +Data type: `Boolean` + +toggle to install crictl + +Default value: `false` + ##### `manage_firewall` Data type: `Boolean` @@ -814,21 +829,21 @@ whether to manage kube-proxy or not Default value: `$k8s::manage_kube_proxy == 'on-node'` -##### `manage_sysctl_settings` +##### `manage_simple_cni` Data type: `Boolean` -whether to manage sysctl settings or not +toggle to use a simple bridge network for containers -Default value: `$k8s::manage_sysctl_settings` +Default value: `false` -##### `control_plane_url` +##### `manage_sysctl_settings` -Data type: `Stdlib::HTTPUrl` +Data type: `Boolean` -cluster API connection +whether to manage sysctl settings or not -Default value: `$k8s::control_plane_url` +Default value: `$k8s::manage_sysctl_settings` ##### `node_auth` @@ -894,135 +909,119 @@ k8s token for kube-proxy Default value: `undef` -##### `puppetdb_discovery_tag` - -Data type: `String[1]` - -enable puppetdb resource searching - -Default value: `$k8s::puppetdb_discovery_tag` - -##### `manage_simple_cni` - -Data type: `Boolean` - -toggle to use a simple bridge network for containers - -Default value: `false` - -##### `manage_crictl` - -Data type: `Boolean` - - - -Default value: `false` - -### `k8s::node::kube_proxy` - -For most use-cases, running kube-proxy inside the cluster itself is recommended - -#### Parameters - -The following parameters are available in the `k8s::node::kube_proxy` class: - -* [`ensure`](#-k8s--node--kube_proxy--ensure) -* [`control_plane_url`](#-k8s--node--kube_proxy--control_plane_url) -* [`config`](#-k8s--node--kube_proxy--config) -* [`arguments`](#-k8s--node--kube_proxy--arguments) -* [`puppetdb_discovery_tag`](#-k8s--node--kube_proxy--puppetdb_discovery_tag) -* [`cluster_cidr`](#-k8s--node--kube_proxy--cluster_cidr) -* [`auth`](#-k8s--node--kube_proxy--auth) -* [`ca_cert`](#-k8s--node--kube_proxy--ca_cert) -* [`cert`](#-k8s--node--kube_proxy--cert) -* [`key`](#-k8s--node--kube_proxy--key) -* [`token`](#-k8s--node--kube_proxy--token) - -##### `ensure` - -Data type: `K8s::Ensure` +##### `puppetdb_discovery_tag` +Data type: `String[1]` +enable puppetdb resource searching -Default value: `$k8s::node::ensure` +Default value: `$k8s::puppetdb_discovery_tag` -##### `control_plane_url` +### `k8s::node::kube_proxy` -Data type: `Stdlib::HTTPUrl` +For most use-cases, running kube-proxy inside the cluster itself is recommended +#### Parameters +The following parameters are available in the `k8s::node::kube_proxy` class: -Default value: `$k8s::node::control_plane_url` +* [`arguments`](#-k8s--node--kube_proxy--arguments) +* [`auth`](#-k8s--node--kube_proxy--auth) +* [`ca_cert`](#-k8s--node--kube_proxy--ca_cert) +* [`cert`](#-k8s--node--kube_proxy--cert) +* [`cluster_cidr`](#-k8s--node--kube_proxy--cluster_cidr) +* [`config`](#-k8s--node--kube_proxy--config) +* [`control_plane_url`](#-k8s--node--kube_proxy--control_plane_url) +* [`ensure`](#-k8s--node--kube_proxy--ensure) +* [`key`](#-k8s--node--kube_proxy--key) +* [`puppetdb_discovery_tag`](#-k8s--node--kube_proxy--puppetdb_discovery_tag) +* [`token`](#-k8s--node--kube_proxy--token) -##### `config` +##### `arguments` Data type: `Hash[String, Data]` - +A hash of additional arguments to pass to kube-proxy Default value: `{}` -##### `arguments` +##### `auth` -Data type: `Hash[String, Data]` +Data type: `K8s::Proxy_auth` +The authentication method to use for the API server +Default value: `$k8s::node::proxy_auth` -Default value: `{}` +##### `ca_cert` -##### `puppetdb_discovery_tag` +Data type: `Optional[Stdlib::Unixpath]` -Data type: `String` +The path to the CA certificate to use for the API server +Default value: `$k8s::node::ca_cert` +##### `cert` -Default value: `$k8s::node::puppetdb_discovery_tag` +Data type: `Optional[Stdlib::Unixpath]` + +The path to the client certificate to use for the API server + +Default value: `$k8s::node::proxy_cert` ##### `cluster_cidr` Data type: `K8s::CIDR` - +The CIDR range of the cluster Default value: `$k8s::cluster_cidr` -##### `auth` +##### `config` -Data type: `K8s::Proxy_auth` +Data type: `Hash[String, Data]` +A hash of additional configuration options to pass to kube-proxy +Default value: `{}` -Default value: `$k8s::node::proxy_auth` +##### `control_plane_url` -##### `ca_cert` +Data type: `Stdlib::HTTPUrl` -Data type: `Optional[Stdlib::Unixpath]` +The URL of the Kubernetes API server +Default value: `$k8s::node::control_plane_url` +##### `ensure` -Default value: `$k8s::node::ca_cert` +Data type: `K8s::Ensure` -##### `cert` +Whether the kube-proxy service should be configured -Data type: `Optional[Stdlib::Unixpath]` +Default value: `$k8s::node::ensure` +##### `key` +Data type: `Optional[Stdlib::Unixpath]` -Default value: `$k8s::node::proxy_cert` +The path to the client key to use for the API server -##### `key` +Default value: `$k8s::node::proxy_key` -Data type: `Optional[Stdlib::Unixpath]` +##### `puppetdb_discovery_tag` +Data type: `String` +The tag to use for PuppetDB service discovery -Default value: `$k8s::node::proxy_key` +Default value: `$k8s::node::puppetdb_discovery_tag` ##### `token` Data type: `Optional[Sensitive[String]]` - +The token to use for the API server Default value: `$k8s::node::proxy_token` @@ -1040,7 +1039,7 @@ The following parameters are available in the `k8s::node::kubectl` class: Data type: `K8s::Ensure` - +Whether to install the binary Default value: `$k8s::ensure` @@ -1058,6 +1057,7 @@ The following parameters are available in the `k8s::node::kubelet` class: * [`cert`](#-k8s--node--kubelet--cert) * [`cert_path`](#-k8s--node--kubelet--cert_path) * [`config`](#-k8s--node--kubelet--config) +* [`control_plane_url`](#-k8s--node--kubelet--control_plane_url) * [`ensure`](#-k8s--node--kubelet--ensure) * [`firewall_type`](#-k8s--node--kubelet--firewall_type) * [`key`](#-k8s--node--kubelet--key) @@ -1065,7 +1065,6 @@ The following parameters are available in the `k8s::node::kubelet` class: * [`manage_firewall`](#-k8s--node--kubelet--manage_firewall) * [`manage_kernel_modules`](#-k8s--node--kubelet--manage_kernel_modules) * [`manage_sysctl_settings`](#-k8s--node--kubelet--manage_sysctl_settings) -* [`control_plane_url`](#-k8s--node--kubelet--control_plane_url) * [`puppetdb_discovery_tag`](#-k8s--node--kubelet--puppetdb_discovery_tag) * [`rotate_server_tls`](#-k8s--node--kubelet--rotate_server_tls) * [`runtime`](#-k8s--node--kubelet--runtime) @@ -1077,7 +1076,7 @@ The following parameters are available in the `k8s::node::kubelet` class: Data type: `Hash[String, Data]` - +additional arguments to pass to kubelet Default value: `{}` @@ -1117,10 +1116,18 @@ Default value: `$k8s::node::cert_path` Data type: `Hash[String, Data]` - +additional config to pass to kubelet Default value: `{}` +##### `control_plane_url` + +Data type: `Stdlib::HTTPUrl` + +cluster API connection + +Default value: `$k8s::node::control_plane_url` + ##### `ensure` Data type: `K8s::Ensure` @@ -1177,14 +1184,6 @@ whether to manage sysctl settings or not Default value: `$k8s::node::manage_sysctl_settings` -##### `control_plane_url` - -Data type: `Stdlib::HTTPUrl` - -cluster API connection - -Default value: `$k8s::node::control_plane_url` - ##### `puppetdb_discovery_tag` Data type: `String[1]` @@ -1197,7 +1196,7 @@ Default value: `$k8s::node::puppetdb_discovery_tag` Data type: `Boolean` - +whether to rotate server tls or not Default value: `$auth == 'bootstrap'` @@ -1221,7 +1220,7 @@ Default value: `$k8s::container_runtime_service` Data type: `Boolean` - +whether to support dualstack or not Default value: `$k8s::cluster_cidr =~ Array[Data, 2]` @@ -1259,17 +1258,17 @@ Handles repositories for the container runtime The following parameters are available in the `k8s::repo` class: -* [`manage_container_manager`](#-k8s--repo--manage_container_manager) -* [`crio_version`](#-k8s--repo--crio_version) * [`container_manager`](#-k8s--repo--container_manager) +* [`crio_version`](#-k8s--repo--crio_version) +* [`manage_container_manager`](#-k8s--repo--manage_container_manager) -##### `manage_container_manager` +##### `container_manager` -Data type: `Boolean` +Data type: `K8s::Container_runtimes` -whether to add cri-o repository or not +The name of the container manager -Default value: `$k8s::manage_container_manager` +Default value: `$k8s::container_manager` ##### `crio_version` @@ -1279,13 +1278,13 @@ version o cri-o Default value: `$k8s::version.split('\.')[0, 2].join('.')` -##### `container_manager` +##### `manage_container_manager` -Data type: `K8s::Container_runtimes` +Data type: `Boolean` -The name of the container manager +whether to add cri-o repository or not -Default value: `$k8s::container_manager` +Default value: `$k8s::manage_container_manager` ### `k8s::server` @@ -1303,6 +1302,7 @@ The following parameters are available in the `k8s::server` class: * [`cert_path`](#-k8s--server--cert_path) * [`cluster_cidr`](#-k8s--server--cluster_cidr) * [`cluster_domain`](#-k8s--server--cluster_domain) +* [`control_plane_url`](#-k8s--server--control_plane_url) * [`direct_control_plane_url`](#-k8s--server--direct_control_plane_url) * [`dns_service_address`](#-k8s--server--dns_service_address) * [`ensure`](#-k8s--server--ensure) @@ -1318,7 +1318,6 @@ The following parameters are available in the `k8s::server` class: * [`manage_kubeadm`](#-k8s--server--manage_kubeadm) * [`manage_resources`](#-k8s--server--manage_resources) * [`manage_signing`](#-k8s--server--manage_signing) -* [`control_plane_url`](#-k8s--server--control_plane_url) * [`node_on_server`](#-k8s--server--node_on_server) * [`puppetdb_discovery_tag`](#-k8s--server--puppetdb_discovery_tag) @@ -1326,7 +1325,7 @@ The following parameters are available in the `k8s::server` class: Data type: `Stdlib::Unixpath` - +path to the aggregator ca cert Default value: `"${cert_path}/aggregator-ca.pem"` @@ -1334,7 +1333,7 @@ Default value: `"${cert_path}/aggregator-ca.pem"` Data type: `Stdlib::Unixpath` - +path to the aggregator ca key Default value: `"${cert_path}/aggregator-ca.key"` @@ -1386,6 +1385,14 @@ cluster domain name Default value: `$k8s::cluster_domain` +##### `control_plane_url` + +Data type: `String` + +cluster API connection + +Default value: `$k8s::control_plane_url` + ##### `direct_control_plane_url` Data type: `String` @@ -1506,14 +1513,6 @@ whether to manage cert signing or not Default value: `$k8s::puppetdb_discovery` -##### `control_plane_url` - -Data type: `String` - -cluster API connection - -Default value: `$k8s::control_plane_url` - ##### `node_on_server` Data type: `Boolean` @@ -1547,6 +1546,9 @@ The following parameters are available in the `k8s::server::apiserver` class: * [`arguments`](#-k8s--server--apiserver--arguments) * [`ca_cert`](#-k8s--server--apiserver--ca_cert) * [`cert_path`](#-k8s--server--apiserver--cert_path) +* [`container_image`](#-k8s--server--apiserver--container_image) +* [`container_image_tag`](#-k8s--server--apiserver--container_image_tag) +* [`container_registry`](#-k8s--server--apiserver--container_registry) * [`discover_etcd_servers`](#-k8s--server--apiserver--discover_etcd_servers) * [`ensure`](#-k8s--server--apiserver--ensure) * [`etcd_ca`](#-k8s--server--apiserver--etcd_ca) @@ -1562,9 +1564,6 @@ The following parameters are available in the `k8s::server::apiserver` class: * [`service_cluster_cidr`](#-k8s--server--apiserver--service_cluster_cidr) * [`serviceaccount_private`](#-k8s--server--apiserver--serviceaccount_private) * [`serviceaccount_public`](#-k8s--server--apiserver--serviceaccount_public) -* [`container_registry`](#-k8s--server--apiserver--container_registry) -* [`container_image`](#-k8s--server--apiserver--container_image) -* [`container_image_tag`](#-k8s--server--apiserver--container_image_tag) ##### `advertise_address` @@ -1578,7 +1577,7 @@ Default value: `fact('networking.ip')` Data type: `Stdlib::Unixpath` - +path to the aggregator ca cert file Default value: `$k8s::server::tls::aggregator_ca_cert` @@ -1618,7 +1617,7 @@ Default value: `"${cert_path}/kube-apiserver.key"` Data type: `Hash[String, Data]` - +additional arguments for the apiserver Default value: `{}` @@ -1638,6 +1637,30 @@ path to cert files Default value: `$k8s::server::tls::cert_path` +##### `container_image` + +Data type: `String[1]` + +container image to use for the apiserver + +Default value: `'kube-apiserver'` + +##### `container_image_tag` + +Data type: `Optional[String[1]]` + +container image tag to use for the apiserver + +Default value: `$k8s::container_image_tag` + +##### `container_registry` + +Data type: `String[1]` + +container registry to pull the image from + +Default value: `$k8s::container_registry` + ##### `discover_etcd_servers` Data type: `Boolean` @@ -1706,7 +1729,7 @@ Default value: `$k8s::server::firewall_type` Data type: `Stdlib::Unixpath` - +path to the front proxy cert file Default value: `"${cert_path}/front-proxy-client.pem"` @@ -1714,7 +1737,7 @@ Default value: `"${cert_path}/front-proxy-client.pem"` Data type: `Stdlib::Unixpath` - +path to the front proxy key file Default value: `"${cert_path}/front-proxy-client.key"` @@ -1738,7 +1761,7 @@ Default value: `$k8s::server::puppetdb_discovery_tag` Data type: `K8s::CIDR` - +cidr of the service cluster Default value: `$k8s::service_cluster_cidr` @@ -1746,7 +1769,7 @@ Default value: `$k8s::service_cluster_cidr` Data type: `Stdlib::Unixpath` - +path to the service account private key file Default value: `"${cert_path}/service-account.key"` @@ -1754,34 +1777,10 @@ Default value: `"${cert_path}/service-account.key"` Data type: `Stdlib::Unixpath` - +path to the service account public key file Default value: `"${cert_path}/service-account.pub"` -##### `container_registry` - -Data type: `String[1]` - - - -Default value: `$k8s::container_registry` - -##### `container_image` - -Data type: `String[1]` - - - -Default value: `'kube-apiserver'` - -##### `container_image_tag` - -Data type: `Optional[String[1]]` - - - -Default value: `$k8s::container_image_tag` - ### `k8s::server::controller_manager` Installs and configures a Kubernetes controller manager @@ -1790,123 +1789,123 @@ Installs and configures a Kubernetes controller manager The following parameters are available in the `k8s::server::controller_manager` class: -* [`ensure`](#-k8s--server--controller_manager--ensure) -* [`control_plane_url`](#-k8s--server--controller_manager--control_plane_url) * [`arguments`](#-k8s--server--controller_manager--arguments) -* [`service_cluster_cidr`](#-k8s--server--controller_manager--service_cluster_cidr) -* [`cluster_cidr`](#-k8s--server--controller_manager--cluster_cidr) -* [`cert_path`](#-k8s--server--controller_manager--cert_path) * [`ca_cert`](#-k8s--server--controller_manager--ca_cert) * [`ca_key`](#-k8s--server--controller_manager--ca_key) * [`cert`](#-k8s--server--controller_manager--cert) -* [`key`](#-k8s--server--controller_manager--key) -* [`container_registry`](#-k8s--server--controller_manager--container_registry) +* [`cert_path`](#-k8s--server--controller_manager--cert_path) +* [`cluster_cidr`](#-k8s--server--controller_manager--cluster_cidr) * [`container_image`](#-k8s--server--controller_manager--container_image) * [`container_image_tag`](#-k8s--server--controller_manager--container_image_tag) - -##### `ensure` - -Data type: `K8s::Ensure` - - - -Default value: `$k8s::server::ensure` - -##### `control_plane_url` - -Data type: `Stdlib::HTTPUrl` - - - -Default value: `$k8s::control_plane_url` +* [`container_registry`](#-k8s--server--controller_manager--container_registry) +* [`control_plane_url`](#-k8s--server--controller_manager--control_plane_url) +* [`ensure`](#-k8s--server--controller_manager--ensure) +* [`key`](#-k8s--server--controller_manager--key) +* [`service_cluster_cidr`](#-k8s--server--controller_manager--service_cluster_cidr) ##### `arguments` Data type: `Hash[String, Data]` - +Additional arguments to pass to the controller manager. Default value: `{}` -##### `service_cluster_cidr` - -Data type: `K8s::CIDR` - +##### `ca_cert` +Data type: `Stdlib::Unixpath` -Default value: `$k8s::service_cluster_cidr` +The path to the CA certificate. -##### `cluster_cidr` +Default value: `$k8s::server::tls::ca_cert` -Data type: `K8s::CIDR` +##### `ca_key` +Data type: `Stdlib::Unixpath` +The path to the CA key. -Default value: `$k8s::cluster_cidr` +Default value: `$k8s::server::tls::ca_key` -##### `cert_path` +##### `cert` Data type: `Stdlib::Unixpath` +The path to the controller manager certificate. +Default value: `"${cert_path}/kube-controller-manager.pem"` -Default value: `$k8s::server::tls::cert_path` - -##### `ca_cert` +##### `cert_path` Data type: `Stdlib::Unixpath` +The path to the TLS certificates. +Default value: `$k8s::server::tls::cert_path` -Default value: `$k8s::server::tls::ca_cert` +##### `cluster_cidr` -##### `ca_key` +Data type: `K8s::CIDR` -Data type: `Stdlib::Unixpath` +The CIDR of the cluster. + +Default value: `$k8s::cluster_cidr` +##### `container_image` +Data type: `String[1]` -Default value: `$k8s::server::tls::ca_key` +The container image to use for the controller manager. -##### `cert` +Default value: `'kube-controller-manager'` -Data type: `Stdlib::Unixpath` +##### `container_image_tag` +Data type: `Optional[String[1]]` +The container image tag to use for the controller manager. -Default value: `"${cert_path}/kube-controller-manager.pem"` +Default value: `$k8s::container_image_tag` -##### `key` +##### `container_registry` -Data type: `Stdlib::Unixpath` +Data type: `String[1]` +The container registry to pull the controller manager image from. +Default value: `$k8s::container_registry` -Default value: `"${cert_path}/kube-controller-manager.key"` +##### `control_plane_url` -##### `container_registry` +Data type: `Stdlib::HTTPUrl` -Data type: `String[1]` +The URL of the Kubernetes API server. +Default value: `$k8s::control_plane_url` +##### `ensure` -Default value: `$k8s::container_registry` +Data type: `K8s::Ensure` -##### `container_image` +Whether the controller manager should be configured. -Data type: `String[1]` +Default value: `$k8s::server::ensure` +##### `key` +Data type: `Stdlib::Unixpath` -Default value: `'kube-controller-manager'` +The path to the controller manager key. -##### `container_image_tag` +Default value: `"${cert_path}/kube-controller-manager.key"` -Data type: `Optional[String[1]]` +##### `service_cluster_cidr` +Data type: `K8s::CIDR` +The CIDR of the service cluster. -Default value: `$k8s::container_image_tag` +Default value: `$k8s::service_cluster_cidr` ### `k8s::server::etcd` @@ -1924,6 +1923,7 @@ The following parameters are available in the `k8s::server::etcd` class: * [`ensure`](#-k8s--server--etcd--ensure) * [`firewall_type`](#-k8s--server--etcd--firewall_type) * [`generate_ca`](#-k8s--server--etcd--generate_ca) +* [`group`](#-k8s--server--etcd--group) * [`manage_certs`](#-k8s--server--etcd--manage_certs) * [`manage_firewall`](#-k8s--server--etcd--manage_firewall) * [`manage_members`](#-k8s--server--etcd--manage_members) @@ -1932,9 +1932,8 @@ The following parameters are available in the `k8s::server::etcd` class: * [`peer_ca_key`](#-k8s--server--etcd--peer_ca_key) * [`puppetdb_discovery_tag`](#-k8s--server--etcd--puppetdb_discovery_tag) * [`self_signed_tls`](#-k8s--server--etcd--self_signed_tls) -* [`version`](#-k8s--server--etcd--version) * [`user`](#-k8s--server--etcd--user) -* [`group`](#-k8s--server--etcd--group) +* [`version`](#-k8s--server--etcd--version) ##### `addn_names` @@ -1956,7 +1955,7 @@ Default value: `'/var/lib/etcd/certs'` Data type: `Stdlib::Unixpath` - +path to the client ca cert Default value: `"${cert_path}/client-ca.pem"` @@ -1964,7 +1963,7 @@ Default value: `"${cert_path}/client-ca.pem"` Data type: `Stdlib::Unixpath` - +path to the client ca key Default value: `"${cert_path}/client-ca.key"` @@ -2000,6 +1999,14 @@ whether to generate a own ca or not Default value: `false` +##### `group` + +Data type: `String[1]` + +group to run etcd as + +Default value: `'etcd'` + ##### `manage_certs` Data type: `Boolean` @@ -2036,7 +2043,7 @@ Default value: `true` Data type: `Stdlib::Unixpath` - +path to the peer ca cert Default value: `"${cert_path}/peer-ca.pem"` @@ -2044,7 +2051,7 @@ Default value: `"${cert_path}/peer-ca.pem"` Data type: `Stdlib::Unixpath` - +path to the peer ca key Default value: `"${cert_path}/peer-ca.key"` @@ -2060,33 +2067,25 @@ Default value: `pick($k8s::server::puppetdb_discovery_tag, $cluster_name)` Data type: `Boolean` - +whether to use self signed tls or not Default value: `false` -##### `version` - -Data type: `String[1]` - -version of ectd to install - -Default value: `pick($k8s::etcd_version, '3.5.1')` - ##### `user` Data type: `String[1]` - +user to run etcd as Default value: `'etcd'` -##### `group` +##### `version` Data type: `String[1]` +version of ectd to install - -Default value: `'etcd'` +Default value: `pick($k8s::etcd_version, '3.5.1')` ### `k8s::server::etcd::setup` @@ -2134,7 +2133,7 @@ The following parameters are available in the `k8s::server::etcd::setup` class: Data type: `Array[Stdlib::HTTPUrl]` - +The client urls to advertise Default value: `["https://${fqdn}:2379"]` @@ -2150,7 +2149,7 @@ Default value: `'https://storage.googleapis.com/etcd/v%{version}/etcd-v%{version Data type: `Optional[Integer]` - +The auto compaction retention Default value: `undef` @@ -2158,7 +2157,7 @@ Default value: `undef` Data type: `Boolean` - +Use auto tls Default value: `$k8s::server::etcd::self_signed_tls` @@ -2174,7 +2173,7 @@ Default value: `undef` Data type: `Optional[Stdlib::Unixpath]` - +path to the cert file Default value: `undef` @@ -2182,7 +2181,7 @@ Default value: `undef` Data type: `Boolean` - +Use client cert auth Default value: `false` @@ -2190,7 +2189,7 @@ Default value: `false` Data type: `String[1]` - +path to the data dir Default value: `"${etcd_name}.etcd"` @@ -2238,7 +2237,7 @@ Default value: `$k8s::server::etcd::group` Data type: `Array[Stdlib::HTTPUrl]` - +The peer urls to advertise Default value: `["https://${fqdn}:2380"]` @@ -2246,7 +2245,7 @@ Default value: `["https://${fqdn}:2380"]` Data type: `Array[String[1]]` - +The initial cluster Default value: `[]` @@ -2254,7 +2253,7 @@ Default value: `[]` Data type: `Optional[Enum['existing', 'new']]` - +The initial cluster state Default value: `undef` @@ -2262,7 +2261,7 @@ Default value: `undef` Data type: `Optional[String[1]]` - +The initial cluster token Default value: `undef` @@ -2278,7 +2277,7 @@ Default value: `'archive'` Data type: `Optional[Stdlib::Unixpath]` - +path to the key file Default value: `undef` @@ -2286,7 +2285,7 @@ Default value: `undef` Data type: `Array[Stdlib::HTTPUrl]` - +The client urls to listen on Default value: `['https://[::]:2379']` @@ -2294,7 +2293,7 @@ Default value: `['https://[::]:2379']` Data type: `Array[Stdlib::HTTPUrl]` - +The peer urls to listen on Default value: `['https://[::]:2380']` @@ -2310,7 +2309,7 @@ Default value: `'etcd'` Data type: `Boolean` - +Use peer auto tls Default value: `$k8s::server::etcd::self_signed_tls` @@ -2318,7 +2317,7 @@ Default value: `$k8s::server::etcd::self_signed_tls` Data type: `Optional[Stdlib::Unixpath]` - +path to the peer cert file Default value: `undef` @@ -2326,7 +2325,7 @@ Default value: `undef` Data type: `Boolean` - +Use peer client cert auth Default value: `false` @@ -2334,7 +2333,7 @@ Default value: `false` Data type: `Optional[Stdlib::Unixpath]` - +path to the peer key file Default value: `undef` @@ -2342,7 +2341,7 @@ Default value: `undef` Data type: `Optional[Stdlib::Unixpath]` - +path to the peer trusted ca file Default value: `undef` @@ -2350,7 +2349,7 @@ Default value: `undef` Data type: `Enum['on','off','readonly']` - +The proxy mode Default value: `'off'` @@ -2366,7 +2365,7 @@ Default value: `'/var/lib/etcd'` Data type: `Optional[Stdlib::Unixpath]` - +path to the trusted ca file Default value: `undef` @@ -2402,79 +2401,55 @@ Generates and deploys standard Kubernetes in-cluster services The following parameters are available in the `k8s::server::resources` class: -* [`image_pull_secrets`](#-k8s--server--resources--image_pull_secrets) -* [`kubeconfig`](#-k8s--server--resources--kubeconfig) -* [`cluster_cidr`](#-k8s--server--resources--cluster_cidr) -* [`dns_service_address`](#-k8s--server--resources--dns_service_address) * [`ca_cert`](#-k8s--server--resources--ca_cert) +* [`cluster_cidr`](#-k8s--server--resources--cluster_cidr) * [`cluster_domain`](#-k8s--server--resources--cluster_domain) * [`control_plane_url`](#-k8s--server--resources--control_plane_url) -* [`manage_bootstrap`](#-k8s--server--resources--manage_bootstrap) -* [`manage_coredns`](#-k8s--server--resources--manage_coredns) -* [`manage_flannel`](#-k8s--server--resources--manage_flannel) -* [`manage_kube_proxy`](#-k8s--server--resources--manage_kube_proxy) -* [`kube_proxy_registry`](#-k8s--server--resources--kube_proxy_registry) -* [`kube_proxy_image`](#-k8s--server--resources--kube_proxy_image) -* [`kube_proxy_tag`](#-k8s--server--resources--kube_proxy_tag) -* [`kube_proxy_daemonset_config`](#-k8s--server--resources--kube_proxy_daemonset_config) -* [`extra_kube_proxy_args`](#-k8s--server--resources--extra_kube_proxy_args) -* [`coredns_registry`](#-k8s--server--resources--coredns_registry) +* [`coredns_deployment_config`](#-k8s--server--resources--coredns_deployment_config) * [`coredns_image`](#-k8s--server--resources--coredns_image) +* [`coredns_registry`](#-k8s--server--resources--coredns_registry) * [`coredns_tag`](#-k8s--server--resources--coredns_tag) -* [`coredns_deployment_config`](#-k8s--server--resources--coredns_deployment_config) -* [`flannel_cni_registry`](#-k8s--server--resources--flannel_cni_registry) +* [`dns_service_address`](#-k8s--server--resources--dns_service_address) +* [`extra_kube_proxy_args`](#-k8s--server--resources--extra_kube_proxy_args) * [`flannel_cni_image`](#-k8s--server--resources--flannel_cni_image) +* [`flannel_cni_registry`](#-k8s--server--resources--flannel_cni_registry) * [`flannel_cni_tag`](#-k8s--server--resources--flannel_cni_tag) -* [`flannel_registry`](#-k8s--server--resources--flannel_registry) +* [`flannel_daemonset_config`](#-k8s--server--resources--flannel_daemonset_config) * [`flannel_image`](#-k8s--server--resources--flannel_image) +* [`flannel_registry`](#-k8s--server--resources--flannel_registry) * [`flannel_tag`](#-k8s--server--resources--flannel_tag) -* [`flannel_daemonset_config`](#-k8s--server--resources--flannel_daemonset_config) - -##### `image_pull_secrets` - -Data type: `Optional[Array]` - -the secrets to pull from private registries - -Default value: `undef` +* [`image_pull_secrets`](#-k8s--server--resources--image_pull_secrets) +* [`kube_proxy_daemonset_config`](#-k8s--server--resources--kube_proxy_daemonset_config) +* [`kube_proxy_image`](#-k8s--server--resources--kube_proxy_image) +* [`kube_proxy_registry`](#-k8s--server--resources--kube_proxy_registry) +* [`kube_proxy_tag`](#-k8s--server--resources--kube_proxy_tag) +* [`kubeconfig`](#-k8s--server--resources--kubeconfig) +* [`manage_bootstrap`](#-k8s--server--resources--manage_bootstrap) +* [`manage_coredns`](#-k8s--server--resources--manage_coredns) +* [`manage_flannel`](#-k8s--server--resources--manage_flannel) +* [`manage_kube_proxy`](#-k8s--server--resources--manage_kube_proxy) -##### `kubeconfig` +##### `ca_cert` Data type: `Stdlib::Unixpath` +the path to the CA certificate to use for the cluster - -Default value: `'/root/.kube/config'` +Default value: `$k8s::server::tls::ca_cert` ##### `cluster_cidr` Data type: `K8s::CIDR` - +the CIDR to use for the cluster Default value: `$k8s::server::cluster_cidr` -##### `dns_service_address` - -Data type: `K8s::IP_addresses` - - - -Default value: `$k8s::server::dns_service_address` - -##### `ca_cert` - -Data type: `Stdlib::Unixpath` - - - -Default value: `$k8s::server::tls::ca_cert` - ##### `cluster_domain` Data type: `String[1]` - +the domain to use for the cluster Default value: `$k8s::server::cluster_domain` @@ -2482,169 +2457,193 @@ Default value: `$k8s::server::cluster_domain` Data type: `String[1]` - +the URL to use for the control plane Default value: `$k8s::server::control_plane_url` -##### `manage_bootstrap` - -Data type: `Boolean` +##### `coredns_deployment_config` +Data type: `Hash[String,Data]` +the configuration to use for the CoreDNS Deployment -Default value: `true` +Default value: `{}` -##### `manage_coredns` +##### `coredns_image` -Data type: `Boolean` +Data type: `String[1]` +the image to use for the CoreDNS +Default value: `'coredns/coredns'` -Default value: `true` +##### `coredns_registry` -##### `manage_flannel` +Data type: `String[1]` -Data type: `Boolean` +the registry to use for the CoreDNS image +Default value: `'docker.io'` +##### `coredns_tag` -Default value: `true` +Data type: `String[1]` -##### `manage_kube_proxy` +the tag to use for the CoreDNS image -Data type: `K8s::Proxy_method` +Default value: `'1.8.7'` +##### `dns_service_address` +Data type: `K8s::IP_addresses` -Default value: `$k8s::manage_kube_proxy` +the IP address to use for the DNS service -##### `kube_proxy_registry` +Default value: `$k8s::server::dns_service_address` -Data type: `String[1]` +##### `extra_kube_proxy_args` +Data type: `Hash[String,Data]` +the extra arguments to pass to the kube-proxy -Default value: `$k8s::container_registry` +Default value: `{}` -##### `kube_proxy_image` +##### `flannel_cni_image` Data type: `String[1]` +the image to use for the Flannel CNI +Default value: `'rancher/mirrored-flannelcni-flannel-cni-plugin'` -Default value: `'kube-proxy'` - -##### `kube_proxy_tag` +##### `flannel_cni_registry` Data type: `String[1]` +the registry to use for the Flannel CNI image +Default value: `'docker.io'` -Default value: `"v${k8s::version}"` - -##### `kube_proxy_daemonset_config` - -Data type: `Hash[String,Data]` +##### `flannel_cni_tag` +Data type: `String[1]` +the tag to use for the Flannel CNI image -Default value: `{}` +Default value: `'v1.0.0'` -##### `extra_kube_proxy_args` +##### `flannel_daemonset_config` Data type: `Hash[String,Data]` - +the configuration to use for the Flannel DaemonSet Default value: `{}` -##### `coredns_registry` +##### `flannel_image` Data type: `String[1]` +the image to use for the Flannel +Default value: `'rancher/mirrored-flannelcni-flannel'` -Default value: `'docker.io'` - -##### `coredns_image` +##### `flannel_registry` Data type: `String[1]` +the registry to use for the Flannel image +Default value: `'docker.io'` -Default value: `'coredns/coredns'` - -##### `coredns_tag` +##### `flannel_tag` Data type: `String[1]` +the tag to use for the Flannel image +Default value: `'v0.16.1'` -Default value: `'1.8.7'` +##### `image_pull_secrets` -##### `coredns_deployment_config` +Data type: `Optional[Array]` -Data type: `Hash[String,Data]` +the secrets to pull from private registries + +Default value: `undef` +##### `kube_proxy_daemonset_config` + +Data type: `Hash[String,Data]` +the configuration to use for the kube-proxy DaemonSet Default value: `{}` -##### `flannel_cni_registry` +##### `kube_proxy_image` Data type: `String[1]` +the image to use for the kube-proxy +Default value: `'kube-proxy'` -Default value: `'docker.io'` - -##### `flannel_cni_image` +##### `kube_proxy_registry` Data type: `String[1]` +the registry to use for the kube-proxy image +Default value: `$k8s::container_registry` -Default value: `'rancher/mirrored-flannelcni-flannel-cni-plugin'` - -##### `flannel_cni_tag` +##### `kube_proxy_tag` Data type: `String[1]` +the tag to use for the kube-proxy image +Default value: `"v${k8s::version}"` -Default value: `'v1.0.0'` - -##### `flannel_registry` +##### `kubeconfig` -Data type: `String[1]` +Data type: `Stdlib::Unixpath` +the path to the kubeconfig file to use for kubectl +Default value: `'/root/.kube/config'` -Default value: `'docker.io'` +##### `manage_bootstrap` -##### `flannel_image` +Data type: `Boolean` -Data type: `String[1]` +whether to manage the bootstrap resources +Default value: `true` +##### `manage_coredns` -Default value: `'rancher/mirrored-flannelcni-flannel'` +Data type: `Boolean` -##### `flannel_tag` +whether to manage the CoreDNS resources -Data type: `String[1]` +Default value: `true` +##### `manage_flannel` +Data type: `Boolean` -Default value: `'v0.16.1'` +whether to manage the Flannel resources -##### `flannel_daemonset_config` +Default value: `true` -Data type: `Hash[String,Data]` +##### `manage_kube_proxy` +Data type: `K8s::Proxy_method` +whether to manage the kube-proxy resources -Default value: `{}` +Default value: `$k8s::manage_kube_proxy` ### `k8s::server::resources::bootstrap` @@ -2655,9 +2654,9 @@ Generates and deploys the default Puppet boostrap configuration into the cluster The following parameters are available in the `k8s::server::resources::bootstrap` class: * [`control_plane_url`](#-k8s--server--resources--bootstrap--control_plane_url) -* [`secret`](#-k8s--server--resources--bootstrap--secret) * [`ensure`](#-k8s--server--resources--bootstrap--ensure) * [`kubeconfig`](#-k8s--server--resources--bootstrap--kubeconfig) +* [`secret`](#-k8s--server--resources--bootstrap--secret) ##### `control_plane_url` @@ -2667,20 +2666,11 @@ The main API URL to encode in the bootstrap configuration Default value: `$k8s::server::resources::control_plane_url` -##### `secret` - -Data type: `Optional[Sensitive[K8s::Bootstrap_token]]` - -The exact token secret to use, will be generated as a random 16-char string if left blank. -The generated value can be retrieved from the bootstrap-token-puppet Secret in kube-system. - -Default value: `undef` - ##### `ensure` Data type: `K8s::Ensure` - +Whether the resources should be present or absent Default value: `$k8s::ensure` @@ -2688,10 +2678,19 @@ Default value: `$k8s::ensure` Data type: `Stdlib::Unixpath` - +The path to the kubeconfig file to use for the bootstrap configuration Default value: `$k8s::server::resources::kubeconfig` +##### `secret` + +Data type: `Optional[Sensitive[K8s::Bootstrap_token]]` + +The exact token secret to use, will be generated as a random 16-char string if left blank. +The generated value can be retrieved from the bootstrap-token-puppet Secret in kube-system. + +Default value: `undef` + ### `k8s::server::resources::coredns` Generates and deploys the default CoreDNS DNS provider for Kubernetes @@ -2827,17 +2826,17 @@ Generates and deploys the default CoreDNS DNS provider for Kubernetes The following parameters are available in the `k8s::server::resources::flannel` class: * [`cluster_cidr`](#-k8s--server--resources--flannel--cluster_cidr) -* [`cni_registry`](#-k8s--server--resources--flannel--cni_registry) * [`cni_image`](#-k8s--server--resources--flannel--cni_image) * [`cni_image_tag`](#-k8s--server--resources--flannel--cni_image_tag) -* [`registry`](#-k8s--server--resources--flannel--registry) -* [`image`](#-k8s--server--resources--flannel--image) -* [`image_tag`](#-k8s--server--resources--flannel--image_tag) +* [`cni_registry`](#-k8s--server--resources--flannel--cni_registry) * [`daemonset_config`](#-k8s--server--resources--flannel--daemonset_config) -* [`net_config`](#-k8s--server--resources--flannel--net_config) -* [`image_pull_secrets`](#-k8s--server--resources--flannel--image_pull_secrets) * [`ensure`](#-k8s--server--resources--flannel--ensure) +* [`image`](#-k8s--server--resources--flannel--image) +* [`image_pull_secrets`](#-k8s--server--resources--flannel--image_pull_secrets) +* [`image_tag`](#-k8s--server--resources--flannel--image_tag) * [`kubeconfig`](#-k8s--server--resources--flannel--kubeconfig) +* [`net_config`](#-k8s--server--resources--flannel--net_config) +* [`registry`](#-k8s--server--resources--flannel--registry) ##### `cluster_cidr` @@ -2847,14 +2846,6 @@ The internal cluster CIDR to proxy for Default value: `$k8s::server::resources::cluster_cidr` -##### `cni_registry` - -Data type: `String[1]` - -The Flannel CNI plugin image registry to use - -Default value: `$k8s::server::resources::flannel_cni_registry` - ##### `cni_image` Data type: `String[1]` @@ -2871,13 +2862,29 @@ The Flannel CNI plugin image tag to use Default value: `$k8s::server::resources::flannel_cni_tag` -##### `registry` +##### `cni_registry` Data type: `String[1]` -The Flannel image registry to use +The Flannel CNI plugin image registry to use -Default value: `$k8s::server::resources::flannel_registry` +Default value: `$k8s::server::resources::flannel_cni_registry` + +##### `daemonset_config` + +Data type: `Hash[String,Data]` + +Additional configuration to merge into the DaemonSet object + +Default value: `$k8s::server::resources::flannel_daemonset_config` + +##### `ensure` + +Data type: `K8s::Ensure` + +Whether the resource should be present or absent on the system + +Default value: `$k8s::ensure` ##### `image` @@ -2887,6 +2894,14 @@ The Flannel image name to use Default value: `$k8s::server::resources::flannel_image` +##### `image_pull_secrets` + +Data type: `Optional[Array]` + +the secrets to pull from private registries + +Default value: `$k8s::server::resources::image_pull_secrets` + ##### `image_tag` Data type: `String[1]` @@ -2895,13 +2910,13 @@ The Flannel image tag to use Default value: `$k8s::server::resources::flannel_tag` -##### `daemonset_config` +##### `kubeconfig` -Data type: `Hash[String,Data]` +Data type: `Stdlib::Unixpath` -Additional configuration to merge into the DaemonSet object +The path to the kubeconfig file to use -Default value: `$k8s::server::resources::flannel_daemonset_config` +Default value: `$k8s::server::resources::kubeconfig` ##### `net_config` @@ -2911,29 +2926,13 @@ Additional configuration to merge into net-conf.json for Flannel Default value: `{}` -##### `image_pull_secrets` - -Data type: `Optional[Array]` - -the secrets to pull from private registries - -Default value: `$k8s::server::resources::image_pull_secrets` - -##### `ensure` - -Data type: `K8s::Ensure` - - - -Default value: `$k8s::ensure` - -##### `kubeconfig` - -Data type: `Stdlib::Unixpath` +##### `registry` +Data type: `String[1]` +The Flannel image registry to use -Default value: `$k8s::server::resources::kubeconfig` +Default value: `$k8s::server::resources::flannel_registry` ### `k8s::server::resources::kube_proxy` @@ -2944,15 +2943,15 @@ Generates and deploys the default kube-proxy service for Kubernetes The following parameters are available in the `k8s::server::resources::kube_proxy` class: * [`cluster_cidr`](#-k8s--server--resources--kube_proxy--cluster_cidr) -* [`registry`](#-k8s--server--resources--kube_proxy--registry) -* [`image`](#-k8s--server--resources--kube_proxy--image) -* [`image_tag`](#-k8s--server--resources--kube_proxy--image_tag) * [`daemonset_config`](#-k8s--server--resources--kube_proxy--daemonset_config) +* [`ensure`](#-k8s--server--resources--kube_proxy--ensure) * [`extra_args`](#-k8s--server--resources--kube_proxy--extra_args) * [`extra_config`](#-k8s--server--resources--kube_proxy--extra_config) +* [`image`](#-k8s--server--resources--kube_proxy--image) * [`image_pull_secrets`](#-k8s--server--resources--kube_proxy--image_pull_secrets) -* [`ensure`](#-k8s--server--resources--kube_proxy--ensure) +* [`image_tag`](#-k8s--server--resources--kube_proxy--image_tag) * [`kubeconfig`](#-k8s--server--resources--kube_proxy--kubeconfig) +* [`registry`](#-k8s--server--resources--kube_proxy--registry) ##### `cluster_cidr` @@ -2962,30 +2961,6 @@ The internal cluster CIDR to proxy for Default value: `$k8s::server::resources::cluster_cidr` -##### `registry` - -Data type: `String[1]` - -The kube-proxy image registry to use - -Default value: `$k8s::server::resources::kube_proxy_registry` - -##### `image` - -Data type: `String[1]` - -The kube-proxy image name to use - -Default value: `$k8s::server::resources::kube_proxy_image` - -##### `image_tag` - -Data type: `String[1]` - -The kube-proxy image tag to use - -Default value: `$k8s::server::resources::kube_proxy_tag` - ##### `daemonset_config` Data type: `Hash[String,Data]` @@ -2994,6 +2969,14 @@ Additional configuration to merge into the DaemonSet object Default value: `{}` +##### `ensure` + +Data type: `K8s::Ensure` + +Whether the resource should be present or absent + +Default value: `$k8s::ensure` + ##### `extra_args` Data type: `Hash[String,Data]` @@ -3010,6 +2993,14 @@ Additional configuration data to apply to the kube-proxy configuration file Default value: `{}` +##### `image` + +Data type: `String[1]` + +The kube-proxy image name to use + +Default value: `$k8s::server::resources::kube_proxy_image` + ##### `image_pull_secrets` Data type: `Optional[Array]` @@ -3018,22 +3009,30 @@ the secrets to pull from private registries Default value: `$k8s::server::resources::image_pull_secrets` -##### `ensure` - -Data type: `K8s::Ensure` +##### `image_tag` +Data type: `String[1]` +The kube-proxy image tag to use -Default value: `$k8s::ensure` +Default value: `$k8s::server::resources::kube_proxy_tag` ##### `kubeconfig` Data type: `Stdlib::Unixpath` - +The path to the kubeconfig file to use Default value: `$k8s::server::resources::kubeconfig` +##### `registry` + +Data type: `String[1]` + +The kube-proxy image registry to use + +Default value: `$k8s::server::resources::kube_proxy_registry` + ### `k8s::server::scheduler` Installs and configures a Kubernetes scheduler @@ -3057,7 +3056,7 @@ The following parameters are available in the `k8s::server::scheduler` class: Data type: `K8s::Ensure` - +Whether the scheduler should be configured. Default value: `$k8s::server::ensure` @@ -3065,7 +3064,7 @@ Default value: `$k8s::server::ensure` Data type: `Stdlib::HTTPUrl` - +The URL of the Kubernetes API server. Default value: `$k8s::control_plane_url` @@ -3073,7 +3072,7 @@ Default value: `$k8s::control_plane_url` Data type: `Hash[String, Data]` - +Additional arguments to pass to the scheduler. Default value: `{}` @@ -3081,7 +3080,7 @@ Default value: `{}` Data type: `Stdlib::Unixpath` - +The path to the directory containing the TLS certificates. Default value: `$k8s::server::tls::cert_path` @@ -3089,7 +3088,7 @@ Default value: `$k8s::server::tls::cert_path` Data type: `Stdlib::Unixpath` - +The path to the CA certificate. Default value: `$k8s::server::tls::ca_cert` @@ -3097,7 +3096,7 @@ Default value: `$k8s::server::tls::ca_cert` Data type: `Stdlib::Unixpath` - +The path to the scheduler certificate. Default value: `"${cert_path}/kube-scheduler.pem"` @@ -3105,7 +3104,7 @@ Default value: `"${cert_path}/kube-scheduler.pem"` Data type: `Stdlib::Unixpath` - +The path to the scheduler key. Default value: `"${cert_path}/kube-scheduler.key"` @@ -3113,7 +3112,7 @@ Default value: `"${cert_path}/kube-scheduler.key"` Data type: `String[1]` - +The container registry to pull images from. Default value: `$k8s::container_registry` @@ -3121,7 +3120,7 @@ Default value: `$k8s::container_registry` Data type: `String[1]` - +The container image to use for the scheduler. Default value: `'kube-scheduler'` @@ -3129,7 +3128,7 @@ Default value: `'kube-scheduler'` Data type: `Optional[String[1]]` - +The container image tag to use for the scheduler. Default value: `$k8s::container_image_tag` @@ -3141,123 +3140,123 @@ Generates the necessary Kubernetes certificates for a server The following parameters are available in the `k8s::server::tls` class: -* [`ensure`](#-k8s--server--tls--ensure) -* [`generate_ca`](#-k8s--server--tls--generate_ca) -* [`manage_certs`](#-k8s--server--tls--manage_certs) +* [`aggregator_ca_cert`](#-k8s--server--tls--aggregator_ca_cert) +* [`aggregator_ca_key`](#-k8s--server--tls--aggregator_ca_key) * [`api_addn_names`](#-k8s--server--tls--api_addn_names) -* [`cluster_domain`](#-k8s--server--tls--cluster_domain) * [`api_service_address`](#-k8s--server--tls--api_service_address) +* [`ca_cert`](#-k8s--server--tls--ca_cert) +* [`ca_key`](#-k8s--server--tls--ca_key) * [`cert_path`](#-k8s--server--tls--cert_path) +* [`cluster_domain`](#-k8s--server--tls--cluster_domain) +* [`ensure`](#-k8s--server--tls--ensure) +* [`generate_ca`](#-k8s--server--tls--generate_ca) * [`key_bits`](#-k8s--server--tls--key_bits) +* [`manage_certs`](#-k8s--server--tls--manage_certs) * [`valid_days`](#-k8s--server--tls--valid_days) -* [`ca_key`](#-k8s--server--tls--ca_key) -* [`ca_cert`](#-k8s--server--tls--ca_cert) -* [`aggregator_ca_key`](#-k8s--server--tls--aggregator_ca_key) -* [`aggregator_ca_cert`](#-k8s--server--tls--aggregator_ca_cert) - -##### `ensure` - -Data type: `K8s::Ensure` - - - -Default value: `'present'` - -##### `generate_ca` - -Data type: `Boolean` +##### `aggregator_ca_cert` +Data type: `Stdlib::Unixpath` -Default value: `$k8s::server::generate_ca` +The path to the aggregator CA certificate -##### `manage_certs` +Default value: `$k8s::server::aggregator_ca_cert` -Data type: `Boolean` +##### `aggregator_ca_key` +Data type: `Stdlib::Unixpath` +The path to the aggregator CA key -Default value: `$k8s::server::manage_certs` +Default value: `$k8s::server::aggregator_ca_key` ##### `api_addn_names` Data type: `K8s::TLS_altnames` - +Additional names to add to the API server certificate Default value: `[]` -##### `cluster_domain` - -Data type: `String[1]` - - - -Default value: `$k8s::cluster_domain` - ##### `api_service_address` Data type: `Stdlib::IP::Address::Nosubnet` - +The API service address Default value: `$k8s::api_service_address` -##### `cert_path` +##### `ca_cert` Data type: `Stdlib::Unixpath` +The path to the CA certificate +Default value: `$k8s::server::ca_cert` -Default value: `$k8s::server::cert_path` +##### `ca_key` -##### `key_bits` +Data type: `Stdlib::Unixpath` -Data type: `Integer[512]` +The path to the CA key +Default value: `$k8s::server::ca_key` +##### `cert_path` -Default value: `2048` +Data type: `Stdlib::Unixpath` -##### `valid_days` +The path to the certificates + +Default value: `$k8s::server::cert_path` -Data type: `Integer[1]` +##### `cluster_domain` +Data type: `String[1]` +The cluster domain -Default value: `10000` +Default value: `$k8s::cluster_domain` -##### `ca_key` +##### `ensure` -Data type: `Stdlib::Unixpath` +Data type: `K8s::Ensure` +Whether to generate the certificates or not +Default value: `'present'` -Default value: `$k8s::server::ca_key` +##### `generate_ca` -##### `ca_cert` +Data type: `Boolean` -Data type: `Stdlib::Unixpath` +Whether to generate the CA or not +Default value: `$k8s::server::generate_ca` +##### `key_bits` -Default value: `$k8s::server::ca_cert` +Data type: `Integer[512]` -##### `aggregator_ca_key` +The number of bits to use for the key -Data type: `Stdlib::Unixpath` +Default value: `2048` +##### `manage_certs` +Data type: `Boolean` -Default value: `$k8s::server::aggregator_ca_key` +Whether to manage the certificates or not -##### `aggregator_ca_cert` +Default value: `$k8s::server::manage_certs` -Data type: `Stdlib::Unixpath` +##### `valid_days` +Data type: `Integer[1]` +The number of days the certificate is valid for -Default value: `$k8s::server::aggregator_ca_cert` +Default value: `10000` ### `k8s::server::wait_online` @@ -3285,7 +3284,7 @@ The following parameters are available in the `k8s::binary` defined type: Data type: `K8s::Ensure` - +Whether the binary should be present or absent Default value: `$k8s::ensure` @@ -3293,7 +3292,7 @@ Default value: `$k8s::ensure` Data type: `String[1]` - +The version to deploy Default value: `$k8s::version` @@ -3301,7 +3300,7 @@ Default value: `$k8s::version` Data type: `String[1]` - +The packaging method to use Default value: `$k8s::packaging` @@ -3309,7 +3308,7 @@ Default value: `$k8s::packaging` Data type: `String[1]` - +The directory to deploy the binary to Default value: `"/opt/k8s/${$version}"` @@ -3317,7 +3316,7 @@ Default value: `"/opt/k8s/${$version}"` Data type: `String[1]` - +The directory to download tarballs to Default value: `'/opt/k8s/archives'` @@ -3325,7 +3324,7 @@ Default value: `'/opt/k8s/archives'` Data type: `Boolean` - +Whether the binary should be active Default value: `true` @@ -3333,7 +3332,7 @@ Default value: `true` Data type: `Optional[String]` - +The component to deploy Default value: `undef` @@ -3345,104 +3344,104 @@ You generally only want this to be done on a single Kubernetes server The following parameters are available in the `k8s::server::bootstrap_token` defined type: -* [`kubeconfig`](#-k8s--server--bootstrap_token--kubeconfig) +* [`addn_data`](#-k8s--server--bootstrap_token--addn_data) +* [`description`](#-k8s--server--bootstrap_token--description) * [`ensure`](#-k8s--server--bootstrap_token--ensure) +* [`expiration`](#-k8s--server--bootstrap_token--expiration) +* [`extra_groups`](#-k8s--server--bootstrap_token--extra_groups) * [`id`](#-k8s--server--bootstrap_token--id) +* [`kubeconfig`](#-k8s--server--bootstrap_token--kubeconfig) * [`secret`](#-k8s--server--bootstrap_token--secret) -* [`use_authentication`](#-k8s--server--bootstrap_token--use_authentication) * [`update`](#-k8s--server--bootstrap_token--update) -* [`description`](#-k8s--server--bootstrap_token--description) -* [`expiration`](#-k8s--server--bootstrap_token--expiration) +* [`use_authentication`](#-k8s--server--bootstrap_token--use_authentication) * [`use_signing`](#-k8s--server--bootstrap_token--use_signing) -* [`extra_groups`](#-k8s--server--bootstrap_token--extra_groups) -* [`addn_data`](#-k8s--server--bootstrap_token--addn_data) -##### `kubeconfig` +##### `addn_data` -Data type: `Stdlib::Unixpath` +Data type: `Hash[String,Data]` +Additional data to add to the token +Default value: `{}` -##### `ensure` +##### `description` -Data type: `K8s::Ensure` +Data type: `Optional[String]` +A description of the token +Default value: `undef` -Default value: `'present'` +##### `ensure` -##### `id` +Data type: `K8s::Ensure` -Data type: `Pattern[/^[a-z0-9]{6}$/]` +Whether the token should be present or absent +Default value: `'present'` +##### `expiration` -Default value: `$name` +Data type: `Optional[K8s::Timestamp]` -##### `secret` +The expiration time of the token -Data type: `Sensitive[K8s::Bootstrap_token]` +Default value: `undef` +##### `extra_groups` +Data type: `Optional[Array[String]]` -Default value: `Sensitive(fqdn_rand_string(16).downcase())` +An array of extra groups to add to the token -##### `use_authentication` +Default value: `undef` -Data type: `Boolean` +##### `id` +Data type: `Pattern[/^[a-z0-9]{6}$/]` +The ID of the token to generate -Default value: `true` +Default value: `$name` -##### `update` +##### `kubeconfig` -Data type: `Boolean` +Data type: `Stdlib::Unixpath` +The path to the kubeconfig file to use +##### `secret` -Default value: `false` +Data type: `Sensitive[K8s::Bootstrap_token]` -##### `description` +The secret to use for the token -Data type: `Optional[String]` +Default value: `Sensitive(fqdn_rand_string(16).downcase())` +##### `update` +Data type: `Boolean` -Default value: `undef` +Whether to update the token if it already exists -##### `expiration` +Default value: `false` -Data type: `Optional[K8s::Timestamp]` +##### `use_authentication` +Data type: `Boolean` +Whether the token should be used for authentication -Default value: `undef` +Default value: `true` ##### `use_signing` Data type: `Optional[Boolean]` - - -Default value: `undef` - -##### `extra_groups` - -Data type: `Optional[Array[String]]` - - +Whether the token should be used for signing Default value: `undef` -##### `addn_data` - -Data type: `Hash[String,Data]` - - - -Default value: `{}` - ### `k8s::server::etcd::member` TODO - Convert to native type @@ -3451,49 +3450,49 @@ TODO - Convert to native type The following parameters are available in the `k8s::server::etcd::member` defined type: -* [`peer_urls`](#-k8s--server--etcd--member--peer_urls) -* [`cluster_urls`](#-k8s--server--etcd--member--cluster_urls) * [`cluster_ca`](#-k8s--server--etcd--member--cluster_ca) * [`cluster_cert`](#-k8s--server--etcd--member--cluster_cert) * [`cluster_key`](#-k8s--server--etcd--member--cluster_key) +* [`cluster_urls`](#-k8s--server--etcd--member--cluster_urls) +* [`peer_urls`](#-k8s--server--etcd--member--peer_urls) -##### `peer_urls` - -Data type: `Array[String, 1]` +##### `cluster_ca` +Data type: `Optional[Stdlib::Unixpath]` +The cluster CA for the new member -##### `cluster_urls` +Default value: `undef` -Data type: `Optional[Array[Stdlib::HTTPUrl]]` +##### `cluster_cert` +Data type: `Optional[Stdlib::Unixpath]` +The cluster cert for the new member Default value: `undef` -##### `cluster_ca` +##### `cluster_key` Data type: `Optional[Stdlib::Unixpath]` - +The cluster key for the new member Default value: `undef` -##### `cluster_cert` - -Data type: `Optional[Stdlib::Unixpath]` +##### `cluster_urls` +Data type: `Optional[Array[Stdlib::HTTPUrl]]` +The cluster URLs for the new member Default value: `undef` -##### `cluster_key` - -Data type: `Optional[Stdlib::Unixpath]` - +##### `peer_urls` +Data type: `Array[String, 1]` -Default value: `undef` +The peer URLs for the new member ### `k8s::server::tls::ca` @@ -3517,19 +3516,19 @@ The following parameters are available in the `k8s::server::tls::ca` defined typ Data type: `Stdlib::Unixpath` - +The path to the CA key ##### `cert` Data type: `Stdlib::Unixpath` - +The path to the CA certificate ##### `ensure` Data type: `K8s::Ensure` - +Whether the CA should be present or absent Default value: `present` @@ -3537,7 +3536,7 @@ Default value: `present` Data type: `String[1]` - +The subject of the CA certificate Default value: `"/CN=${title}"` @@ -3545,7 +3544,7 @@ Default value: `"/CN=${title}"` Data type: `String[1]` - +The owner of the CA key and certificate Default value: `'root'` @@ -3553,7 +3552,7 @@ Default value: `'root'` Data type: `String[1]` - +The group of the CA key and certificate Default value: `'root'` @@ -3561,7 +3560,7 @@ Default value: `'root'` Data type: `Integer[512]` - +The number of bits in the CA key Default value: `2048` @@ -3569,7 +3568,7 @@ Default value: `2048` Data type: `Integer[1]` - +The number of days the CA certificate is valid Default value: `10000` @@ -3577,7 +3576,7 @@ Default value: `10000` Data type: `Boolean` - +Whether to generate the CA key and certificate Default value: `true` @@ -3589,133 +3588,133 @@ Generates and signs a TLS certificate The following parameters are available in the `k8s::server::tls::cert` defined type: -* [`distinguished_name`](#-k8s--server--tls--cert--distinguished_name) -* [`cert_path`](#-k8s--server--tls--cert--cert_path) -* [`ca_key`](#-k8s--server--tls--cert--ca_key) +* [`addn_names`](#-k8s--server--tls--cert--addn_names) * [`ca_cert`](#-k8s--server--tls--cert--ca_cert) +* [`ca_key`](#-k8s--server--tls--cert--ca_key) +* [`cert`](#-k8s--server--tls--cert--cert) +* [`cert_path`](#-k8s--server--tls--cert--cert_path) +* [`config`](#-k8s--server--tls--cert--config) +* [`csr`](#-k8s--server--tls--cert--csr) +* [`distinguished_name`](#-k8s--server--tls--cert--distinguished_name) * [`ensure`](#-k8s--server--tls--cert--ensure) -* [`key_bits`](#-k8s--server--tls--cert--key_bits) -* [`valid_days`](#-k8s--server--tls--cert--valid_days) * [`extended_key_usage`](#-k8s--server--tls--cert--extended_key_usage) -* [`addn_names`](#-k8s--server--tls--cert--addn_names) -* [`config`](#-k8s--server--tls--cert--config) +* [`group`](#-k8s--server--tls--cert--group) * [`key`](#-k8s--server--tls--cert--key) -* [`csr`](#-k8s--server--tls--cert--csr) -* [`cert`](#-k8s--server--tls--cert--cert) +* [`key_bits`](#-k8s--server--tls--cert--key_bits) * [`owner`](#-k8s--server--tls--cert--owner) -* [`group`](#-k8s--server--tls--cert--group) +* [`valid_days`](#-k8s--server--tls--cert--valid_days) -##### `distinguished_name` +##### `addn_names` -Data type: `Hash[String, String]` +Data type: `K8s::TLS_altnames` +The additional names for the certificate +Default value: `[]` -##### `cert_path` +##### `ca_cert` Data type: `Stdlib::Unixpath` - +The path to the CA certificate ##### `ca_key` Data type: `Stdlib::Unixpath` +The path to the CA key - -##### `ca_cert` +##### `cert` Data type: `Stdlib::Unixpath` +The path to the certificate file +Default value: `"${cert_path}/${title}.pem"` -##### `ensure` - -Data type: `K8s::Ensure` - - - -Default value: `present` +##### `cert_path` -##### `key_bits` +Data type: `Stdlib::Unixpath` -Data type: `Integer[512]` +The path to the directory where the certificate will be stored +##### `config` +Data type: `Stdlib::Unixpath` -Default value: `2048` +The path to the OpenSSL config file -##### `valid_days` +Default value: `"${cert_path}/${title}.cnf"` -Data type: `Integer[1]` +##### `csr` +Data type: `Stdlib::Unixpath` +The path to the CSR file -Default value: `10000` +Default value: `"${cert_path}/${title}.csr"` -##### `extended_key_usage` +##### `distinguished_name` -Data type: `K8s::Extended_key_usage` +Data type: `Hash[String, String]` +The distinguished name for the certificate +##### `ensure` -Default value: `['clientAuth']` +Data type: `K8s::Ensure` -##### `addn_names` +Whether the certificate should be present or absent -Data type: `K8s::TLS_altnames` +Default value: `present` +##### `extended_key_usage` +Data type: `K8s::Extended_key_usage` -Default value: `[]` +The extended key usage for the certificate -##### `config` +Default value: `['clientAuth']` -Data type: `Stdlib::Unixpath` +##### `group` +Data type: `String[1]` +The group of the certificate files -Default value: `"${cert_path}/${title}.cnf"` +Default value: `'root'` ##### `key` Data type: `Stdlib::Unixpath` - +The path to the key file Default value: `"${cert_path}/${title}.key"` -##### `csr` - -Data type: `Stdlib::Unixpath` - - - -Default value: `"${cert_path}/${title}.csr"` - -##### `cert` - -Data type: `Stdlib::Unixpath` +##### `key_bits` +Data type: `Integer[512]` +The number of bits in the key -Default value: `"${cert_path}/${title}.pem"` +Default value: `2048` ##### `owner` Data type: `String[1]` - +The owner of the certificate files Default value: `'root'` -##### `group` - -Data type: `String[1]` +##### `valid_days` +Data type: `Integer[1]` +The number of days the certificate should be valid -Default value: `'root'` +Default value: `10000` ### `k8s::server::tls::k8s_sign` @@ -3731,7 +3730,7 @@ The following parameters are available in the `k8s::server::tls::k8s_sign` defin Data type: `Any` - +Path to the kubeconfig file Default value: `'/root/.kube/config'` diff --git a/manifests/binary.pp b/manifests/binary.pp index b75c8c3..7858cef 100644 --- a/manifests/binary.pp +++ b/manifests/binary.pp @@ -1,4 +1,13 @@ # @summary Deploys a Kubernetes binary +# +# @param ensure Whether the binary should be present or absent +# @param version The version to deploy +# @param packaging The packaging method to use +# @param target The directory to deploy the binary to +# @param tarball_target The directory to download tarballs to +# @param active Whether the binary should be active +# @param component The component to deploy +# define k8s::binary ( K8s::Ensure $ensure = $k8s::ensure, String[1] $version = $k8s::version, diff --git a/manifests/init.pp b/manifests/init.pp index c943af5..1e13141 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,23 +1,50 @@ # @summary Sets up a Kubernetes instance - either as a node or as a server # -# @param manage_kernel_modules -# A flag to manage required Kernel modules. -# -# @param manage_sysctl_settings -# A flag to manage required sysctl settings. -# -# @param manage_kube_proxy -# How/if the kube-proxy component should be managed, either as an in-cluster -# component (default), or as an on-node component for advanced use-cases. -# @param ensure -# @param packaging -# -# @param user username for kubernetes files and services +# @param api_service_address IP address for the API service +# @param cluster_cidr CIDR for the pod network +# @param cluster_domain domain name for the cluster +# @param container_image_tag container image tag to use +# @param container_manager container manager to use +# @param container_registry container registry to use +# @param container_runtime_service name of the container runtime service +# @param containerd_package name of the containerd package +# @param control_plane_url URL for the control plane +# @param crictl_package name of the crictl package +# @param crio_package name of the crio package +# @param dns_service_address IP address for the DNS service +# @param ensure whether kubernetes should be present or absent +# @param etcd_cluster_name name of the etcd cluster for searching its nodes in the puppetdb +# @param etcd_version version of etcd to install +# @param firewall_type type of firewall to use +# @param gid group id for kubernetes files and services # @param group groupname for kubernetes files and services +# @param hyperkube_name name of the hyperkube binary +# @param incluster_control_plane_url URL for the control plane from within the cluster +# @param manage_container_manager whether to manage the container manager +# @param manage_etcd whether to manage etcd +# @param manage_firewall whether to manage the firewall +# @param manage_image whether to manage the image +# @param manage_kernel_modules A flag to manage required Kernel modules. +# @param manage_kube_proxy How/if the kube-proxy component should be managed, either as an in-cluster component (default), or as an on-node component for advanced use-cases. +# @param manage_packages whether to manage packages +# @param manage_repo whether to manage the repo +# @param manage_sysctl_settings A flag to manage required sysctl settings. +# @param native_packaging type of native packaging to use +# @param native_url_template template for native packaging +# @param node_auth authentication method for nodes +# @param package_template template for package names +# @param packaging whether to use native or container packaging +# @param puppetdb_discovery whether to use puppetdb for node discovery +# @param puppetdb_discovery_tag tag to use for puppetdb node discovery +# @param purge_manifests whether to purge manifests +# @param role role of the node +# @param runc_version version of runc to install +# @param service_cluster_cidr CIDR for the service network +# @param sysconfig_path path to the sysconfig directory +# @param tarball_url_template template for tarball packaging # @param uid user id for kubernetes files and services -# @param gid group id for kubernetes files and services -# @param etcd_cluster_name name of the etcd cluster for searching its nodes in the puppetdb -# @param cluster_domain domain name for the cluster +# @param user username for kubernetes files and services +# @param version version of kubernetes to install # class k8s ( K8s::Ensure $ensure = 'present', diff --git a/manifests/install/cni_plugins.pp b/manifests/install/cni_plugins.pp index 618d2c9..8fe1721 100644 --- a/manifests/install/cni_plugins.pp +++ b/manifests/install/cni_plugins.pp @@ -2,10 +2,10 @@ # # @summary manages the installation of the cni plugins # -# @param ensure set ensure for installation or deinstallation -# @param version sets the version to use # @param arch sets the arch to use for binary download +# @param ensure set ensure for installation or deinstallation # @param method installation method +# @param version sets the version to use # class k8s::install::cni_plugins ( K8s::Ensure $ensure = $k8s::ensure, diff --git a/manifests/install/container_runtime.pp b/manifests/install/container_runtime.pp index 0d8986e..d2b4273 100644 --- a/manifests/install/container_runtime.pp +++ b/manifests/install/container_runtime.pp @@ -2,13 +2,13 @@ # # @summary manages the installation of cri # -# @param manage_repo whether to manage the repo or not # @param container_manager set the cri to use -# @param crio_package cri-o the package name # @param containerd_package the containerd package anme +# @param crio_package cri-o the package name # @param k8s_version the k8s version -# @param runc_version the runc version +# @param manage_repo whether to manage the repo or not # @param package_ensure the ensure value to set on the cri package +# @param runc_version the runc version # class k8s::install::container_runtime ( Boolean $manage_repo = $k8s::manage_repo, diff --git a/manifests/node.pp b/manifests/node.pp index 6c746e4..001988e 100644 --- a/manifests/node.pp +++ b/manifests/node.pp @@ -2,14 +2,16 @@ # # @param ca_cert path to the ca cert # @param cert_path path to cert files +# @param control_plane_url cluster API connection # @param ensure set ensure for installation or deinstallation # @param firewall_type define the type of firewall to use +# @param manage_crictl toggle to install crictl # @param manage_firewall whether to manage firewall or not # @param manage_kernel_modules whether to load kernel modules or not # @param manage_kubelet whether to manage kublet or not # @param manage_proxy whether to manage kube-proxy or not +# @param manage_simple_cni toggle to use a simple bridge network for containers # @param manage_sysctl_settings whether to manage sysctl settings or not -# @param control_plane_url cluster API connection # @param node_auth type of node authentication # @param node_cert path to node cert file # @param node_key path to node key file @@ -19,7 +21,6 @@ # @param proxy_key path to proxy key file # @param proxy_token k8s token for kube-proxy # @param puppetdb_discovery_tag enable puppetdb resource searching -# @param manage_simple_cni toggle to use a simple bridge network for containers # class k8s::node ( K8s::Ensure $ensure = $k8s::ensure, diff --git a/manifests/node/kube_proxy.pp b/manifests/node/kube_proxy.pp index d58971d..0cc79b4 100644 --- a/manifests/node/kube_proxy.pp +++ b/manifests/node/kube_proxy.pp @@ -1,6 +1,19 @@ # @summary Sets up a on-node kube-proxy instance # # For most use-cases, running kube-proxy inside the cluster itself is recommended +# +# @param arguments A hash of additional arguments to pass to kube-proxy +# @param auth The authentication method to use for the API server +# @param ca_cert The path to the CA certificate to use for the API server +# @param cert The path to the client certificate to use for the API server +# @param cluster_cidr The CIDR range of the cluster +# @param config A hash of additional configuration options to pass to kube-proxy +# @param control_plane_url The URL of the Kubernetes API server +# @param ensure Whether the kube-proxy service should be configured +# @param key The path to the client key to use for the API server +# @param puppetdb_discovery_tag The tag to use for PuppetDB service discovery +# @param token The token to use for the API server +# class k8s::node::kube_proxy ( K8s::Ensure $ensure = $k8s::node::ensure, diff --git a/manifests/node/kubectl.pp b/manifests/node/kubectl.pp index 3e28496..a6b4c6f 100644 --- a/manifests/node/kubectl.pp +++ b/manifests/node/kubectl.pp @@ -1,4 +1,6 @@ # @summary Installs the kubectl binary +# +# @param ensure Whether to install the binary class k8s::node::kubectl ( K8s::Ensure $ensure = $k8s::ensure, ) { diff --git a/manifests/node/kubelet.pp b/manifests/node/kubelet.pp index 08c8eed..bb90c0c 100644 --- a/manifests/node/kubelet.pp +++ b/manifests/node/kubelet.pp @@ -1,11 +1,12 @@ # @summary Installs and configures kubelet # -# @param arguments +# @param arguments additional arguments to pass to kubelet # @param auth type of node authentication # @param ca_cert path to the ca cert # @param cert path to node cert file # @param cert_path path to cert files -# @param config +# @param config additional config to pass to kubelet +# @param control_plane_url cluster API connection # @param ensure set ensure for installation or deinstallation # @param firewall_type define the type of firewall to use # @param key path to node key file @@ -13,12 +14,11 @@ # @param manage_firewall whether to manage firewall or not # @param manage_kernel_modules whether to load kernel modules or not # @param manage_sysctl_settings whether to manage sysctl settings or not -# @param control_plane_url cluster API connection # @param puppetdb_discovery_tag enable puppetdb resource searching -# @param rotate_server_tls +# @param rotate_server_tls whether to rotate server tls or not # @param runtime which container runtime to use # @param runtime_service name of the service of the container runtime -# @param support_dualstack +# @param support_dualstack whether to support dualstack or not # @param token k8s token to join a cluster # class k8s::node::kubelet ( diff --git a/manifests/repo.pp b/manifests/repo.pp index bbd5b4c..7d3ed19 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,8 +1,8 @@ # @summary Handles repositories for the container runtime # -# @param manage_container_manager whether to add cri-o repository or not -# @param crio_version version o cri-o # @param container_manager The name of the container manager +# @param crio_version version o cri-o +# @param manage_container_manager whether to add cri-o repository or not # class k8s::repo ( Boolean $manage_container_manager = $k8s::manage_container_manager, diff --git a/manifests/server.pp b/manifests/server.pp index 0e7db7a..0d504a7 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,13 +1,14 @@ # @summary Sets up a Kubernetes server instance # -# @param aggregator_ca_cert -# @param aggregator_ca_key +# @param aggregator_ca_cert path to the aggregator ca cert +# @param aggregator_ca_key path to the aggregator ca key # @param api_port Cluster API port # @param ca_cert path to the ca cert # @param ca_key path to the ca key # @param cert_path path to cert files # @param cluster_cidr cluster cidr # @param cluster_domain cluster domain name +# @param control_plane_url cluster API connection # @param direct_control_plane_url direct clust API connection # @param dns_service_address cluster dns service address # @param ensure set ensure for installation or deinstallation @@ -23,7 +24,6 @@ # @param manage_kubeadm whether to install kubeadm or not # @param manage_resources whether to manage cluster internal resources or not # @param manage_signing whether to manage cert signing or not -# @param control_plane_url cluster API connection # @param node_on_server whether to use controller also as nodes or not # @param puppetdb_discovery_tag enable puppetdb resource searching # @@ -58,7 +58,6 @@ Optional[Array[Stdlib::HTTPUrl]] $etcd_servers = undef, Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type, String[1] $etcd_cluster_name = $k8s::etcd_cluster_name, - ) { if $manage_etcd { class { 'k8s::server::etcd': diff --git a/manifests/server/apiserver.pp b/manifests/server/apiserver.pp index 8e87168..08745ef 100644 --- a/manifests/server/apiserver.pp +++ b/manifests/server/apiserver.pp @@ -1,14 +1,17 @@ # @summary Installs and configures a Kubernetes apiserver # # @param advertise_address bind address of the apiserver -# @param aggregator_ca_cert +# @param aggregator_ca_cert path to the aggregator ca cert file # @param apiserver_cert path to the apiserver cert file # @param apiserver_client_cert path to the apiserver client cert file # @param apiserver_client_key path to the apiserver client key file # @param apiserver_key path to the apiserver cert file -# @param arguments +# @param arguments additional arguments for the apiserver # @param ca_cert path to the ca cert # @param cert_path path to cert files +# @param container_image container image to use for the apiserver +# @param container_image_tag container image tag to use for the apiserver +# @param container_registry container registry to pull the image from # @param discover_etcd_servers enable puppetdb resource searching # @param ensure set ensure for installation or deinstallation # @param etcd_ca path to the etcd ca cert file @@ -17,13 +20,13 @@ # @param etcd_key path to the etcd key file # @param etcd_servers list etcd servers if no puppetdb is used # @param firewall_type define the type of firewall to use -# @param front_proxy_cert -# @param front_proxy_key +# @param front_proxy_cert path to the front proxy cert file +# @param front_proxy_key path to the front proxy key file # @param manage_firewall whether to manage firewall or not # @param puppetdb_discovery_tag enable puppetdb resource searching -# @param service_cluster_cidr -# @param serviceaccount_private -# @param serviceaccount_public +# @param service_cluster_cidr cidr of the service cluster +# @param serviceaccount_private path to the service account private key file +# @param serviceaccount_public path to the service account public key file # class k8s::server::apiserver ( K8s::Ensure $ensure = $k8s::server::ensure, diff --git a/manifests/server/bootstrap_token.pp b/manifests/server/bootstrap_token.pp index a1f36a7..6413477 100644 --- a/manifests/server/bootstrap_token.pp +++ b/manifests/server/bootstrap_token.pp @@ -1,6 +1,19 @@ # @summary Generates and stores a kubelet bootstrap token into the cluster # # You generally only want this to be done on a single Kubernetes server +# +# @param addn_data Additional data to add to the token +# @param description A description of the token +# @param ensure Whether the token should be present or absent +# @param expiration The expiration time of the token +# @param extra_groups An array of extra groups to add to the token +# @param id The ID of the token to generate +# @param kubeconfig The path to the kubeconfig file to use +# @param secret The secret to use for the token +# @param update Whether to update the token if it already exists +# @param use_authentication Whether the token should be used for authentication +# @param use_signing Whether the token should be used for signing +# define k8s::server::bootstrap_token ( Stdlib::Unixpath $kubeconfig, K8s::Ensure $ensure = 'present', diff --git a/manifests/server/controller_manager.pp b/manifests/server/controller_manager.pp index a8ed0f2..08860a4 100644 --- a/manifests/server/controller_manager.pp +++ b/manifests/server/controller_manager.pp @@ -1,4 +1,19 @@ # @summary Installs and configures a Kubernetes controller manager +# +# @param arguments Additional arguments to pass to the controller manager. +# @param ca_cert The path to the CA certificate. +# @param ca_key The path to the CA key. +# @param cert The path to the controller manager certificate. +# @param cert_path The path to the TLS certificates. +# @param cluster_cidr The CIDR of the cluster. +# @param container_image The container image to use for the controller manager. +# @param container_image_tag The container image tag to use for the controller manager. +# @param container_registry The container registry to pull the controller manager image from. +# @param control_plane_url The URL of the Kubernetes API server. +# @param ensure Whether the controller manager should be configured. +# @param key The path to the controller manager key. +# @param service_cluster_cidr The CIDR of the service cluster. +# class k8s::server::controller_manager ( K8s::Ensure $ensure = $k8s::server::ensure, diff --git a/manifests/server/etcd.pp b/manifests/server/etcd.pp index 80ef1e4..b083431 100644 --- a/manifests/server/etcd.pp +++ b/manifests/server/etcd.pp @@ -2,20 +2,22 @@ # # @param addn_names additional names for certificates # @param cert_path path to cert files -# @param client_ca_cert -# @param client_ca_key +# @param client_ca_cert path to the client ca cert +# @param client_ca_key path to the client ca key # @param cluster_name name of the etcd cluster for searching its nodes in the puppetdb # @param ensure set ensure for installation or deinstallation # @param firewall_type define the type of firewall to use # @param generate_ca whether to generate a own ca or not +# @param group group to run etcd as # @param manage_certs whether to manage certs or not # @param manage_firewall whether to manage firewall or not # @param manage_members whether to manage the ectd cluster member joining or not # @param manage_setup whether to manage the setup of etcd or not -# @param peer_ca_cert -# @param peer_ca_key +# @param peer_ca_cert path to the peer ca cert +# @param peer_ca_key path to the peer ca key # @param puppetdb_discovery_tag enable puppetdb resource searching -# @param self_signed_tls +# @param self_signed_tls whether to use self signed tls or not +# @param user user to run etcd as # @param version version of ectd to install # class k8s::server::etcd ( diff --git a/manifests/server/etcd/member.pp b/manifests/server/etcd/member.pp index c64806a..1c66140 100644 --- a/manifests/server/etcd/member.pp +++ b/manifests/server/etcd/member.pp @@ -1,6 +1,13 @@ # @summary Adds another member to a local etcd cluster # # TODO - Convert to native type +# +# @param cluster_ca The cluster CA for the new member +# @param cluster_cert The cluster cert for the new member +# @param cluster_key The cluster key for the new member +# @param cluster_urls The cluster URLs for the new member +# @param peer_urls The peer URLs for the new member +# define k8s::server::etcd::member ( Array[String, 1] $peer_urls, diff --git a/manifests/server/etcd/setup.pp b/manifests/server/etcd/setup.pp index eda59ed..da774e3 100644 --- a/manifests/server/etcd/setup.pp +++ b/manifests/server/etcd/setup.pp @@ -1,35 +1,35 @@ # @summary Installs and configures an etcd instance # -# @param advertise_client_urls +# @param advertise_client_urls The client urls to advertise # @param archive_template The download url template for the etc archive -# @param auto_compaction_retention -# @param auto_tls +# @param auto_compaction_retention The auto compaction retention +# @param auto_tls Use auto tls # @param binary_path path to the etcd binary -# @param cert_file -# @param client_cert_auth -# @param data_dir +# @param cert_file path to the cert file +# @param client_cert_auth Use client cert auth +# @param data_dir path to the data dir # @param ensure set ensure for installation or deinstallation # @param etcd_name The etcd instance name # @param fqdn fully qualified domain name # @param gid The group system id # @param group etcd system user group -# @param initial_advertise_peer_urls -# @param initial_cluster -# @param initial_cluster_state -# @param initial_cluster_token +# @param initial_advertise_peer_urls The peer urls to advertise +# @param initial_cluster The initial cluster +# @param initial_cluster_state The initial cluster state +# @param initial_cluster_token The initial cluster token # @param install etcd installation method -# @param key_file -# @param listen_client_urls -# @param listen_peer_urls +# @param key_file path to the key file +# @param listen_client_urls The client urls to listen on +# @param listen_peer_urls The peer urls to listen on # @param package etcd package name -# @param peer_auto_tls -# @param peer_cert_file -# @param peer_client_cert_auth -# @param peer_key_file -# @param peer_trusted_ca_file -# @param proxy +# @param peer_auto_tls Use peer auto tls +# @param peer_cert_file path to the peer cert file +# @param peer_client_cert_auth Use peer client cert auth +# @param peer_key_file path to the peer key file +# @param peer_trusted_ca_file path to the peer trusted ca file +# @param proxy The proxy mode # @param storage_path path to the working dir of etcd -# @param trusted_ca_file +# @param trusted_ca_file path to the trusted ca file # @param uid The user system id # @param user etcd system user # @param version The ectd version to install diff --git a/manifests/server/resources.pp b/manifests/server/resources.pp index d382274..cf9f28e 100644 --- a/manifests/server/resources.pp +++ b/manifests/server/resources.pp @@ -1,5 +1,32 @@ # @summary Generates and deploys standard Kubernetes in-cluster services +# +# @param ca_cert the path to the CA certificate to use for the cluster +# @param cluster_cidr the CIDR to use for the cluster +# @param cluster_domain the domain to use for the cluster +# @param control_plane_url the URL to use for the control plane +# @param coredns_deployment_config the configuration to use for the CoreDNS Deployment +# @param coredns_image the image to use for the CoreDNS +# @param coredns_registry the registry to use for the CoreDNS image +# @param coredns_tag the tag to use for the CoreDNS image +# @param dns_service_address the IP address to use for the DNS service +# @param extra_kube_proxy_args the extra arguments to pass to the kube-proxy +# @param flannel_cni_image the image to use for the Flannel CNI +# @param flannel_cni_registry the registry to use for the Flannel CNI image +# @param flannel_cni_tag the tag to use for the Flannel CNI image +# @param flannel_daemonset_config the configuration to use for the Flannel DaemonSet +# @param flannel_image the image to use for the Flannel +# @param flannel_registry the registry to use for the Flannel image +# @param flannel_tag the tag to use for the Flannel image # @param image_pull_secrets the secrets to pull from private registries +# @param kube_proxy_daemonset_config the configuration to use for the kube-proxy DaemonSet +# @param kube_proxy_image the image to use for the kube-proxy +# @param kube_proxy_registry the registry to use for the kube-proxy image +# @param kube_proxy_tag the tag to use for the kube-proxy image +# @param kubeconfig the path to the kubeconfig file to use for kubectl +# @param manage_bootstrap whether to manage the bootstrap resources +# @param manage_coredns whether to manage the CoreDNS resources +# @param manage_flannel whether to manage the Flannel resources +# @param manage_kube_proxy whether to manage the kube-proxy resources # class k8s::server::resources ( Stdlib::Unixpath $kubeconfig = '/root/.kube/config', diff --git a/manifests/server/resources/bootstrap.pp b/manifests/server/resources/bootstrap.pp index af1c048..2815581 100644 --- a/manifests/server/resources/bootstrap.pp +++ b/manifests/server/resources/bootstrap.pp @@ -1,8 +1,11 @@ # @summary Generates and deploys the default Puppet boostrap configuration into the cluster # # @param control_plane_url The main API URL to encode in the bootstrap configuration +# @param ensure Whether the resources should be present or absent +# @param kubeconfig The path to the kubeconfig file to use for the bootstrap configuration # @param secret The exact token secret to use, will be generated as a random 16-char string if left blank. # The generated value can be retrieved from the bootstrap-token-puppet Secret in kube-system. +# class k8s::server::resources::bootstrap ( K8s::Ensure $ensure = $k8s::ensure, Stdlib::Unixpath $kubeconfig = $k8s::server::resources::kubeconfig, diff --git a/manifests/server/resources/flannel.pp b/manifests/server/resources/flannel.pp index cab9fdc..19a0d8b 100644 --- a/manifests/server/resources/flannel.pp +++ b/manifests/server/resources/flannel.pp @@ -1,15 +1,17 @@ # @summary Generates and deploys the default CoreDNS DNS provider for Kubernetes # # @param cluster_cidr The internal cluster CIDR to proxy for -# @param cni_registry The Flannel CNI plugin image registry to use # @param cni_image The Flannel CNI plugin image name to use # @param cni_image_tag The Flannel CNI plugin image tag to use -# @param registry The Flannel image registry to use +# @param cni_registry The Flannel CNI plugin image registry to use +# @param daemonset_config Additional configuration to merge into the DaemonSet object +# @param ensure Whether the resource should be present or absent on the system # @param image The Flannel image name to use +# @param image_pull_secrets the secrets to pull from private registries # @param image_tag The Flannel image tag to use -# @param daemonset_config Additional configuration to merge into the DaemonSet object +# @param kubeconfig The path to the kubeconfig file to use # @param net_config Additional configuration to merge into net-conf.json for Flannel -# @param image_pull_secrets the secrets to pull from private registries +# @param registry The Flannel image registry to use # class k8s::server::resources::flannel ( K8s::Ensure $ensure = $k8s::ensure, diff --git a/manifests/server/resources/kube_proxy.pp b/manifests/server/resources/kube_proxy.pp index 3ffc747..81d935e 100644 --- a/manifests/server/resources/kube_proxy.pp +++ b/manifests/server/resources/kube_proxy.pp @@ -1,13 +1,15 @@ # @summary Generates and deploys the default kube-proxy service for Kubernetes # # @param cluster_cidr The internal cluster CIDR to proxy for -# @param registry The kube-proxy image registry to use -# @param image The kube-proxy image name to use -# @param image_tag The kube-proxy image tag to use # @param daemonset_config Additional configuration to merge into the DaemonSet object +# @param ensure Whether the resource should be present or absent # @param extra_args Additional arguments to specify to the kube-proxy application # @param extra_config Additional configuration data to apply to the kube-proxy configuration file +# @param image The kube-proxy image name to use # @param image_pull_secrets the secrets to pull from private registries +# @param image_tag The kube-proxy image tag to use +# @param kubeconfig The path to the kubeconfig file to use +# @param registry The kube-proxy image registry to use # class k8s::server::resources::kube_proxy ( K8s::Ensure $ensure = $k8s::ensure, diff --git a/manifests/server/scheduler.pp b/manifests/server/scheduler.pp index 810e56c..ab96dff 100644 --- a/manifests/server/scheduler.pp +++ b/manifests/server/scheduler.pp @@ -1,4 +1,16 @@ # @summary Installs and configures a Kubernetes scheduler +# +# @param ensure Whether the scheduler should be configured. +# @param control_plane_url The URL of the Kubernetes API server. +# @param arguments Additional arguments to pass to the scheduler. +# @param cert_path The path to the directory containing the TLS certificates. +# @param ca_cert The path to the CA certificate. +# @param cert The path to the scheduler certificate. +# @param key The path to the scheduler key. +# @param container_registry The container registry to pull images from. +# @param container_image The container image to use for the scheduler. +# @param container_image_tag The container image tag to use for the scheduler. +# class k8s::server::scheduler ( K8s::Ensure $ensure = $k8s::server::ensure, diff --git a/manifests/server/tls.pp b/manifests/server/tls.pp index d9c5a9f..a89c334 100644 --- a/manifests/server/tls.pp +++ b/manifests/server/tls.pp @@ -1,4 +1,19 @@ # @summary Generates the necessary Kubernetes certificates for a server +# +# @param aggregator_ca_cert The path to the aggregator CA certificate +# @param aggregator_ca_key The path to the aggregator CA key +# @param api_addn_names Additional names to add to the API server certificate +# @param api_service_address The API service address +# @param ca_cert The path to the CA certificate +# @param ca_key The path to the CA key +# @param cert_path The path to the certificates +# @param cluster_domain The cluster domain +# @param ensure Whether to generate the certificates or not +# @param generate_ca Whether to generate the CA or not +# @param key_bits The number of bits to use for the key +# @param manage_certs Whether to manage the certificates or not +# @param valid_days The number of days the certificate is valid for +# class k8s::server::tls ( K8s::Ensure $ensure = 'present', Boolean $generate_ca = $k8s::server::generate_ca, diff --git a/manifests/server/tls/ca.pp b/manifests/server/tls/ca.pp index 47822d2..aa2e72f 100644 --- a/manifests/server/tls/ca.pp +++ b/manifests/server/tls/ca.pp @@ -1,4 +1,15 @@ # @summary Generates a TLS CA +# +# @param key The path to the CA key +# @param cert The path to the CA certificate +# @param ensure Whether the CA should be present or absent +# @param subject The subject of the CA certificate +# @param owner The owner of the CA key and certificate +# @param group The group of the CA key and certificate +# @param key_bits The number of bits in the CA key +# @param valid_days The number of days the CA certificate is valid +# @param generate Whether to generate the CA key and certificate +# define k8s::server::tls::ca ( Stdlib::Unixpath $key, Stdlib::Unixpath $cert, diff --git a/manifests/server/tls/cert.pp b/manifests/server/tls/cert.pp index db98520..ac83af6 100644 --- a/manifests/server/tls/cert.pp +++ b/manifests/server/tls/cert.pp @@ -1,4 +1,21 @@ # @summary Generates and signs a TLS certificate +# +# @param addn_names The additional names for the certificate +# @param ca_cert The path to the CA certificate +# @param ca_key The path to the CA key +# @param cert The path to the certificate file +# @param cert_path The path to the directory where the certificate will be stored +# @param config The path to the OpenSSL config file +# @param csr The path to the CSR file +# @param distinguished_name The distinguished name for the certificate +# @param ensure Whether the certificate should be present or absent +# @param extended_key_usage The extended key usage for the certificate +# @param group The group of the certificate files +# @param key The path to the key file +# @param key_bits The number of bits in the key +# @param owner The owner of the certificate files +# @param valid_days The number of days the certificate should be valid +# define k8s::server::tls::cert ( Hash[String, String] $distinguished_name, Stdlib::Unixpath $cert_path, diff --git a/manifests/server/tls/k8s_sign.pp b/manifests/server/tls/k8s_sign.pp index b1b875d..2d7712e 100644 --- a/manifests/server/tls/k8s_sign.pp +++ b/manifests/server/tls/k8s_sign.pp @@ -1,6 +1,8 @@ # @summary Signs pending CSR requests for bootstrapping clients # # TODO - This should probably be done as a service next to the apiservers +# @param kubeconfig Path to the kubeconfig file +# define k8s::server::tls::k8s_sign ( $kubeconfig = '/root/.kube/config', ) { diff --git a/manifests/server/wait_online.pp b/manifests/server/wait_online.pp index 4cd2d1c..5215c51 100644 --- a/manifests/server/wait_online.pp +++ b/manifests/server/wait_online.pp @@ -1,4 +1,5 @@ # @summary Creates a dummy exec to allow deferring applies until the Kubernetes API server has started +# class k8s::server::wait_online { # Wait up to 30 seconds for kube-apiserver to start exec { 'k8s apiserver wait online':