k8s
: Sets up a Kubernetes instance - either as a node or as a serverk8s::install::cni_plugins
: Manages the installation of CNI pluginsk8s::install::container_runtime
: Manages the installation of a container runtime / CRIk8s::install::crictl
: installs the crictl debugging toolk8s::install::kubeadm
: Installs the kubeadm binaryk8s::install::kubectl
: Installs the kubectl binaryk8s::node
: Installs a Kubernetes nodek8s::node::kube_proxy
: Sets up a on-node kube-proxy instancek8s::node::kubectl
: Installs the kubectl binaryk8s::node::kubelet
: Installs and configures kubeletk8s::node::simple_cni
: Provide a simple bridged standard network interface. For basic usage if one does not have flannel, cilium, calico or something else yet. Uses the cni-plugins bridge binary to create a bridge interface to connect the containersk8s::repo
: Handles repositories for the container runtimek8s::server
: Sets up a Kubernetes server instancek8s::server::apiserver
: Installs and configures a Kubernetes apiserverk8s::server::controller_manager
: Installs and configures a Kubernetes controller managerk8s::server::etcd
: Sets up an etcd cluster nodek8s::server::etcd::setup
: Installs and configures an etcd instancek8s::server::resources
: Generates and deploys standard Kubernetes in-cluster servicesk8s::server::resources::bootstrap
: Generates and deploys the default Puppet boostrap configuration into the clusterk8s::server::resources::coredns
: Generates and deploys the default CoreDNS DNS provider for Kubernetesk8s::server::resources::flannel
: Generates and deploys the default CoreDNS DNS provider for Kubernetesk8s::server::resources::kube_proxy
: Generates and deploys the default kube-proxy service for Kubernetesk8s::server::scheduler
: Installs and configures a Kubernetes schedulerk8s::server::tls
: Generates the necessary Kubernetes certificates for a serverk8s::server::wait_online
: Creates a dummy exec to allow deferring applies until the Kubernetes API server has started
k8s::binary
: Deploys a Kubernetes binaryk8s::server::bootstrap_token
: Generates and stores a kubelet bootstrap token into the clusterk8s::server::etcd::member
: Adds another member to a local etcd clusterk8s::server::tls::ca
: Generates a TLS CAk8s::server::tls::cert
: Generates and signs a TLS certificatek8s::server::tls::k8s_sign
: Signs pending CSR requests for bootstrapping clients
kubeconfig
: Example: kubeconfig { '/var/lib/kubernetes/utility.conf': ca_cert => '/etc/kubernetes.ca.pem', token => 'utility-token', }kubectl_apply
: Example: To encode the bootstrap token "tokenid.tokensecret" into a Kubernetes secret; $tokenid = 'tokenid' $tokensecret = 'tokense
k8s::format_arguments
: Formats a hash of arguments into something that can be passed to a kubernetes applicationk8s::format_url
: Formats a download URL for K8s binariesk8s::ip_in_cidr
: Retrieves an IP inside of a CIDR based on an index
K8s::Bootstrap_token
: A Kubernetes bootstrap token, must be 16-characters lowercase alphanumericalK8s::CIDR
: a type to describe one or more IPv4/6 CIDRK8s::Container_runtimes
: a type to describe the supported container runtimesK8s::Duration
: This regexp matches Go duration values, as taken from;K8s::Ensure
: a type to describe the ensure patternK8s::Extended_key_usage
: a type to describe extended key usage for a TLS certificateK8s::Firewall
: a type to describe the type of the firewall to useK8s::IP_addresses
: a type to describe multiple IP addresses without subnet sizesK8s::Native_packaging
: a type to describe Kubernetes native packaging methodsK8s::Node_auth
: a type to describe node/kubelet authentication methodsK8s::PortRange
: This regexp matches port range valuesK8s::Proxy_auth
: a type to describe kube-proxy authentication methodsK8s::Proxy_method
: a type to describe how kube-proxy should be deployedK8s::Quantity
: This regexp matches quantities, like those for resource requests/limitsK8s::TLS_altnames
: a type to describe TLS alternative names in certificatesK8s::Timestamp
: This regexp matches RFC3339 timestamps, the same as what Kubernetes expects to findK8s::URI
: This regexp matches URI valuesK8s::Version
: A type for handling Kubernetes version numbers
Sets up a Kubernetes instance - either as a node or as a server
The following parameters are available in the k8s
class:
api_service_address
cluster_cidr
cluster_domain
container_image_tag
container_manager
container_registry
container_runtime_service
containerd_package
control_plane_url
crictl_package
crio_package
dns_service_address
ensure
etcd_cluster_name
etcd_version
firewall_type
gid
group
hyperkube_name
incluster_control_plane_url
manage_container_manager
manage_etcd
manage_firewall
manage_image
manage_kernel_modules
manage_kube_proxy
manage_packages
manage_repo
manage_sysctl_settings
native_packaging
native_url_template
node_auth
package_template
packaging
puppetdb_discovery
puppetdb_discovery_tag
purge_manifests
role
runc_version
service_cluster_cidr
sysconfig_path
tarball_url_template
uid
user
version
Data type: Stdlib::IP::Address::Nosubnet
IP address for the API service
Default value: k8s::ip_in_cidr($service_cluster_cidr, 'first')
Data type: K8s::CIDR
CIDR for the pod network
Default value: '10.0.0.0/16'
Data type: Stdlib::Fqdn
domain name for the cluster
Default value: 'cluster.local'
Data type: Optional[String[1]]
container image tag to use
Default value: undef
Data type: K8s::Container_runtimes
container manager to use
Default value: 'crio'
Data type: String[1]
container registry to use
Default value: 'registry.k8s.io'
Data type: String[1]
name of the container runtime service
Default value: "${container_manager}.service"
Data type: Optional[String[1]]
name of the containerd package
Default value: undef
Data type: Stdlib::HTTPUrl
URL for the control plane
Default value: 'https://kubernetes:6443'
Data type: Optional[String[1]]
name of the crictl package
Default value: undef
Data type: Optional[String[1]]
name of the crio package
Default value: undef
Data type: K8s::IP_addresses
IP address for the DNS service
Default value: k8s::ip_in_cidr($service_cluster_cidr, 'second')
Data type: K8s::Ensure
whether kubernetes should be present or absent
Default value: 'present'
Data type: String[1]
name of the etcd cluster for searching its nodes in the puppetdb
Default value: 'default'
Data type: String[1]
version of etcd to install
Default value: '3.5.16'
Data type: Optional[K8s::Firewall]
type of firewall to use
Default value: undef
Data type: Integer[0, 65535]
group id for kubernetes files and services
Default value: 888
Data type: String[1]
groupname for kubernetes files and services
Default value: 'kube'
Data type: String[1]
name of the hyperkube binary
Default value: 'hyperkube'
Data type: Stdlib::HTTPUrl
URL for the control plane from within the cluster
Default value: 'https://kubernetes.default.svc'
Data type: Boolean
whether to manage the container manager
Default value: true
Data type: Boolean
whether to manage etcd
Default value: true
Data type: Boolean
whether to manage the firewall
Default value: false
Data type: Boolean
whether to manage the image
Default value: false
Data type: Boolean
A flag to manage required Kernel modules.
Default value: true
Data type: K8s::Proxy_method
How/if the kube-proxy component should be managed, either as an in-cluster component (default), or as an on-node component for advanced use-cases.
Default value: true
Data type: Boolean
whether to manage packages
Default value: true
Data type: Boolean
whether to manage the repo
Default value: true
Data type: Boolean
A flag to manage required sysctl settings.
Default value: true
Data type: K8s::Native_packaging
type of native packaging to use
Default value: 'loose'
Data type: String[1]
template for native packaging
Default value: 'https://dl.k8s.io/release/v%{version}/bin/%{kernel}/%{arch}/%{binary}'
Data type: K8s::Node_auth
authentication method for nodes
Default value: 'bootstrap'
Data type: String[1]
template for package names
Default value: 'kubernetes-%{component}'
Data type: Enum['container', 'native']
whether to use native or container packaging
Default value: 'native'
Data type: Boolean
whether to use puppetdb for node discovery
Default value: false
Data type: String[1]
tag to use for puppetdb node discovery
Default value: 'default'
Data type: Boolean
whether to purge manifests
Default value: true
Data type: Enum['node','server','none']
role of the node
Default value: 'none'
Data type: String[1]
version of runc to install
Default value: 'installed'
Data type: K8s::CIDR
CIDR for the service network
Default value: '10.1.0.0/24'
Data type: Optional[Stdlib::Unixpath]
path to the sysconfig directory
Default value: undef
Data type: String[1]
template for tarball packaging
Default value: 'https://dl.k8s.io/release/v%{version}/kubernetes-%{component}-%{kernel}-%{arch}.tar.gz'
Data type: Integer[0, 65535]
user id for kubernetes files and services
Default value: 888
Data type: String[1]
username for kubernetes files and services
Default value: 'kube'
Data type: String[1]
version of kubernetes to install
Default value: '1.28.14'
Manages the installation of CNI plugins
The following parameters are available in the k8s::install::cni_plugins
class:
Data type: K8s::Ensure
Set ensure for installation or deinstallation
Default value: $k8s::ensure
Data type: String[1]
The installation method to use
Default value: $k8s::native_packaging
Data type: String[1]
The version of CNI plugins to install - if applicable
Default value: 'v1.2.0'
Data type: String[1]
Template string for the cni_plugins download url
Default value: 'https://github.com/containernetworking/plugins/releases/download/%{version}/cni-plugins-linux-%{arch}-%{version}.tgz'
Data type: Optional[String[1]]
Package name for the CNI plugins, will use OS default if omitted
Default value: undef
Manages the installation of a container runtime / CRI
The following parameters are available in the k8s::install::container_runtime
class:
Data type: Boolean
Whether to manage the repo or not
Default value: $k8s::manage_repo
Data type: K8s::Container_runtimes
The CRI implementation to install
Default value: $k8s::container_manager
Data type: Optional[String[1]]
The CRI-o package name
Default value: $k8s::crio_package
Data type: Optional[String[1]]
The containerd package name
Default value: $k8s::containerd_package
Data type: String[1]
The runc version
Default value: $k8s::runc_version
Data type: String[1]
The ensure value to set on the cri package
Default value: installed
Class: k8s::install::crictl
The following parameters are available in the k8s::install::crictl
class:
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::ensure
Data type: String[1]
the k8s version
Default value: 'v1.26.0'
Data type: Hash
config for crictl, for example: k8s::install::crictl::config: 'runtime-endpoint': 'unix:///run/containerd/containerd.sock' 'image-endpoint': 'unix:///run/containerd/containerd.sock'
Default value: {}
Data type: Optional[String[1]]
the package name of crictl
Default value: $k8s::crictl_package
Data type: Boolean
whether to manage the repo or not
Default value: $k8s::manage_repo
Data type: Stdlib::HTTPUrl
template string for the URL to download tar.gz from
Default value: 'https://github.com/kubernetes-sigs/cri-tools/releases/download/%{version}/crictl-%{version}-linux-%{arch}.tar.gz'
Installs the kubeadm binary
The following parameters are available in the k8s::install::kubeadm
class:
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::ensure
Installs the kubectl binary
The following parameters are available in the k8s::install::kubectl
class:
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::ensure
Installs a Kubernetes node
The following parameters are available in the k8s::node
class:
ca_cert
cert_path
control_plane_url
ensure
firewall_type
manage_crictl
manage_firewall
manage_kernel_modules
manage_kubelet
manage_proxy
manage_simple_cni
manage_sysctl_settings
node_auth
node_cert
node_key
node_token
proxy_auth
proxy_cert
proxy_key
proxy_token
puppetdb_discovery_tag
Data type: Stdlib::Unixpath
path to the ca cert
Default value: "${cert_path}/ca.pem"
Data type: Stdlib::Unixpath
path to cert files
Default value: '/var/lib/kubelet/pki'
Data type: Stdlib::HTTPUrl
cluster API connection
Default value: $k8s::control_plane_url
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::ensure
Data type: Optional[K8s::Firewall]
define the type of firewall to use
Default value: $k8s::firewall_type
Data type: Boolean
toggle to install crictl
Default value: false
Data type: Boolean
whether to manage firewall or not
Default value: $k8s::manage_firewall
Data type: Boolean
whether to load kernel modules or not
Default value: $k8s::manage_kernel_modules
Data type: Boolean
whether to manage kublet or not
Default value: true
Data type: Boolean
whether to manage kube-proxy or not
Default value: $k8s::manage_kube_proxy == 'on-node'
Data type: Boolean
toggle to use a simple bridge network for containers
Default value: false
Data type: Boolean
whether to manage sysctl settings or not
Default value: $k8s::manage_sysctl_settings
Data type: K8s::Node_auth
type of node authentication
Default value: $k8s::node_auth
Data type: Optional[Stdlib::Unixpath]
path to node cert file
Default value: undef
Data type: Optional[Stdlib::Unixpath]
path to node key file
Default value: undef
Data type: Optional[Sensitive[String]]
k8s token to join a cluster
Default value: undef
Data type: K8s::Proxy_auth
which proxy auth to use
Default value: 'incluster'
Data type: Optional[Stdlib::Unixpath]
path to proxy cert file
Default value: undef
Data type: Optional[Stdlib::Unixpath]
path to proxy key file
Default value: undef
Data type: Optional[Sensitive[String]]
k8s token for kube-proxy
Default value: undef
Data type: String[1]
enable puppetdb resource searching
Default value: $k8s::puppetdb_discovery_tag
For most use-cases, running kube-proxy inside the cluster itself is recommended
The following parameters are available in the k8s::node::kube_proxy
class:
arguments
auth
ca_cert
cert
cluster_cidr
config
control_plane_url
ensure
key
puppetdb_discovery_tag
token
Data type: Hash[String, Data]
A hash of additional arguments to pass to kube-proxy
Default value: {}
Data type: K8s::Proxy_auth
The authentication method to use for the API server
Default value: $k8s::node::proxy_auth
Data type: Optional[Stdlib::Unixpath]
The path to the CA certificate to use for the API server
Default value: $k8s::node::ca_cert
Data type: Optional[Stdlib::Unixpath]
The path to the client certificate to use for the API server
Default value: $k8s::node::proxy_cert
Data type: K8s::CIDR
The CIDR range of the cluster
Default value: $k8s::cluster_cidr
Data type: Hash[String, Data]
A hash of additional configuration options to pass to kube-proxy
Default value: {}
Data type: Stdlib::HTTPUrl
The URL of the Kubernetes API server
Default value: $k8s::node::control_plane_url
Data type: K8s::Ensure
Whether the kube-proxy service should be configured
Default value: $k8s::node::ensure
Data type: Optional[Stdlib::Unixpath]
The path to the client key to use for the API server
Default value: $k8s::node::proxy_key
Data type: String
The tag to use for PuppetDB service discovery
Default value: $k8s::node::puppetdb_discovery_tag
Data type: Optional[Sensitive[String]]
The token to use for the API server
Default value: $k8s::node::proxy_token
Installs the kubectl binary
The following parameters are available in the k8s::node::kubectl
class:
Data type: K8s::Ensure
Whether to install the binary
Default value: $k8s::ensure
Installs and configures kubelet
The following parameters are available in the k8s::node::kubelet
class:
arguments
auth
ca_cert
cert
cert_path
config
control_plane_url
ensure
firewall_type
key
kubeconfig
manage_firewall
manage_kernel_modules
manage_sysctl_settings
puppetdb_discovery_tag
rotate_server_tls
runtime
runtime_service
support_dualstack
token
Data type: Hash[String, Data]
additional arguments to pass to kubelet
Default value: {}
Data type: K8s::Node_auth
type of node authentication
Default value: $k8s::node::node_auth
Data type: Optional[Stdlib::Unixpath]
path to the ca cert
Default value: $k8s::node::ca_cert
Data type: Optional[Stdlib::Unixpath]
path to node cert file
Default value: $k8s::node::node_cert
Data type: Stdlib::Unixpath
path to cert files
Default value: $k8s::node::cert_path
Data type: Hash[String, Data]
additional config to pass to kubelet
Default value: {}
Data type: Stdlib::HTTPUrl
cluster API connection
Default value: $k8s::node::control_plane_url
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::node::ensure
Data type: Optional[K8s::Firewall]
define the type of firewall to use
Default value: $k8s::node::firewall_type
Data type: Optional[Stdlib::Unixpath]
path to node key file
Default value: $k8s::node::node_key
Data type: Stdlib::Unixpath
path to kubeconfig
Default value: '/srv/kubernetes/kubelet.kubeconf'
Data type: Boolean
whether to manage firewall or not
Default value: $k8s::node::manage_firewall
Data type: Boolean
whether to load kernel modules or not
Default value: $k8s::node::manage_kernel_modules
Data type: Boolean
whether to manage sysctl settings or not
Default value: $k8s::node::manage_sysctl_settings
Data type: String[1]
enable puppetdb resource searching
Default value: $k8s::node::puppetdb_discovery_tag
Data type: Boolean
whether to rotate server tls or not
Default value: $auth == 'bootstrap'
Data type: String
which container runtime to use
Default value: $k8s::container_manager
Data type: String
name of the service of the container runtime
Default value: $k8s::container_runtime_service
Data type: Boolean
whether to support dualstack or not
Default value: $k8s::cluster_cidr =~ Array[Data, 2]
Data type: Optional[Sensitive[String]]
k8s token to join a cluster
Default value: $k8s::node::node_token
Class: k8s::node::simple_cni
The following parameters are available in the k8s::node::simple_cni
class:
Data type: K8s::CIDR
cidr for pods in the network
Default value: $k8s::cluster_cidr
Handles repositories for the container runtime
The following parameters are available in the k8s::repo
class:
Data type: Boolean
Whether to add the CRI-o repository or not
Default value: $k8s::manage_container_manager
Data type: K8s::Container_runtimes
The name of the container manager
Default value: $k8s::container_manager
Data type: String[1]
The major version of Kubernetes to deploy repos for
Default value: $k8s::version.split('\.')[0, 2].join('.')
Sets up a Kubernetes server instance
The following parameters are available in the k8s::server
class:
aggregator_ca_cert
aggregator_ca_key
api_port
ca_cert
ca_key
cert_path
cluster_cidr
cluster_domain
control_plane_url
direct_control_plane_url
dns_service_address
ensure
etcd_cluster_name
etcd_servers
firewall_type
generate_ca
manage_certs
manage_components
manage_crictl
manage_etcd
manage_firewall
manage_kubeadm
manage_resources
manage_signing
node_on_server
puppetdb_discovery_tag
Data type: Stdlib::Unixpath
path to the aggregator ca cert
Default value: "${cert_path}/aggregator-ca.pem"
Data type: Stdlib::Unixpath
path to the aggregator ca key
Default value: "${cert_path}/aggregator-ca.key"
Data type: Integer[1]
Cluster API port
Default value: 6443
Data type: Stdlib::Unixpath
path to the ca cert
Default value: "${cert_path}/ca.pem"
Data type: Stdlib::Unixpath
path to the ca key
Default value: "${cert_path}/ca.key"
Data type: Stdlib::Unixpath
path to cert files
Default value: '/etc/kubernetes/certs'
Data type: K8s::CIDR
cluster cidr
Default value: $k8s::cluster_cidr
Data type: String
cluster domain name
Default value: $k8s::cluster_domain
Data type: String
cluster API connection
Default value: $k8s::control_plane_url
Data type: String
direct clust API connection
Default value: "https://${fact('networking.ip')}:${api_port}"
Data type: K8s::IP_addresses
cluster dns service address
Default value: $k8s::dns_service_address
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::ensure
Data type: String[1]
name of the etcd cluster for searching its nodes in the puppetdb
Default value: $k8s::etcd_cluster_name
Data type: Optional[Array[Stdlib::HTTPUrl]]
list etcd servers if no puppetdb is used
Default value: undef
Data type: Optional[K8s::Firewall]
define the type of firewall to use
Default value: $k8s::firewall_type
Data type: Boolean
initially generate ca
Default value: false
Data type: Boolean
whether to manage certs or not
Default value: true
Data type: Boolean
whether to manage components or not
Default value: true
Data type: Boolean
whether to install crictl or not
Default value: false
Data type: Boolean
whether to manage etcd or not
Default value: $k8s::manage_etcd
Data type: Boolean
whether to manage firewall or not
Default value: $k8s::manage_firewall
Data type: Boolean
whether to install kubeadm or not
Default value: false
Data type: Boolean
whether to manage cluster internal resources or not
Default value: true
Data type: Boolean
whether to manage cert signing or not
Default value: $k8s::puppetdb_discovery
Data type: Boolean
whether to use controller also as nodes or not
Default value: true
Data type: String[1]
enable puppetdb resource searching
Default value: $k8s::puppetdb_discovery_tag
Installs and configures a Kubernetes apiserver
The following parameters are available in the k8s::server::apiserver
class:
advertise_address
aggregator_ca_cert
apiserver_cert
apiserver_client_cert
apiserver_client_key
apiserver_key
arguments
ca_cert
cert_path
container_image
container_image_tag
container_registry
discover_etcd_servers
ensure
etcd_ca
etcd_cert
etcd_cluster_name
etcd_key
etcd_servers
firewall_type
front_proxy_cert
front_proxy_key
manage_firewall
puppetdb_discovery_tag
service_cluster_cidr
serviceaccount_private
serviceaccount_public
Data type: Stdlib::IP::Address::Nosubnet
bind address of the apiserver
Default value: fact('networking.ip')
Data type: Stdlib::Unixpath
path to the aggregator ca cert file
Default value: $k8s::server::tls::aggregator_ca_cert
Data type: Stdlib::Unixpath
path to the apiserver cert file
Default value: "${cert_path}/kube-apiserver.pem"
Data type: Stdlib::Unixpath
path to the apiserver client cert file
Default value: "${cert_path}/apiserver-kubelet-client.pem"
Data type: Stdlib::Unixpath
path to the apiserver client key file
Default value: "${cert_path}/apiserver-kubelet-client.key"
Data type: Stdlib::Unixpath
path to the apiserver cert file
Default value: "${cert_path}/kube-apiserver.key"
Data type: Hash[String, Data]
additional arguments for the apiserver
Default value: {}
Data type: Stdlib::Unixpath
path to the ca cert
Default value: $k8s::server::tls::ca_cert
Data type: Stdlib::Unixpath
path to cert files
Default value: $k8s::server::tls::cert_path
Data type: String[1]
container image to use for the apiserver
Default value: 'kube-apiserver'
Data type: Optional[String[1]]
container image tag to use for the apiserver
Default value: $k8s::container_image_tag
Data type: String[1]
container registry to pull the image from
Default value: $k8s::container_registry
Data type: Boolean
enable puppetdb resource searching
Default value: $k8s::puppetdb_discovery
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::server::ensure
Data type: Stdlib::Unixpath
path to the etcd ca cert file
Default value: "${cert_path}/etcd-ca.pem"
Data type: Stdlib::Unixpath
path to the etcd cert file
Default value: "${cert_path}/etcd.pem"
Data type: String[1]
name of the etcd cluster for searching its nodes in the puppetdb
Default value: $k8s::server::etcd_cluster_name
Data type: Stdlib::Unixpath
path to the etcd key file
Default value: "${cert_path}/etcd.key"
Data type: Optional[Array[Stdlib::HTTPUrl]]
list etcd servers if no puppetdb is used
Default value: $k8s::server::etcd_servers
Data type: Optional[K8s::Firewall]
define the type of firewall to use
Default value: $k8s::server::firewall_type
Data type: Stdlib::Unixpath
path to the front proxy cert file
Default value: "${cert_path}/front-proxy-client.pem"
Data type: Stdlib::Unixpath
path to the front proxy key file
Default value: "${cert_path}/front-proxy-client.key"
Data type: Boolean
whether to manage firewall or not
Default value: $k8s::server::manage_firewall
Data type: String
enable puppetdb resource searching
Default value: $k8s::server::puppetdb_discovery_tag
Data type: K8s::CIDR
cidr of the service cluster
Default value: $k8s::service_cluster_cidr
Data type: Stdlib::Unixpath
path to the service account private key file
Default value: "${cert_path}/service-account.key"
Data type: Stdlib::Unixpath
path to the service account public key file
Default value: "${cert_path}/service-account.pub"
Installs and configures a Kubernetes controller manager
The following parameters are available in the k8s::server::controller_manager
class:
arguments
ca_cert
ca_key
cert
cert_path
cluster_cidr
container_image
container_image_tag
container_registry
control_plane_url
ensure
key
service_cluster_cidr
Data type: Hash[String, Data]
Additional arguments to pass to the controller manager.
Default value: {}
Data type: Stdlib::Unixpath
The path to the CA certificate.
Default value: $k8s::server::tls::ca_cert
Data type: Stdlib::Unixpath
The path to the CA key.
Default value: $k8s::server::tls::ca_key
Data type: Stdlib::Unixpath
The path to the controller manager certificate.
Default value: "${cert_path}/kube-controller-manager.pem"
Data type: Stdlib::Unixpath
The path to the TLS certificates.
Default value: $k8s::server::tls::cert_path
Data type: K8s::CIDR
The CIDR of the cluster.
Default value: $k8s::cluster_cidr
Data type: String[1]
The container image to use for the controller manager.
Default value: 'kube-controller-manager'
Data type: Optional[String[1]]
The container image tag to use for the controller manager.
Default value: $k8s::container_image_tag
Data type: String[1]
The container registry to pull the controller manager image from.
Default value: $k8s::container_registry
Data type: Stdlib::HTTPUrl
The URL of the Kubernetes API server.
Default value: $k8s::control_plane_url
Data type: K8s::Ensure
Whether the controller manager should be configured.
Default value: $k8s::server::ensure
Data type: Stdlib::Unixpath
The path to the controller manager key.
Default value: "${cert_path}/kube-controller-manager.key"
Data type: K8s::CIDR
The CIDR of the service cluster.
Default value: $k8s::service_cluster_cidr
Sets up an etcd cluster node
The following parameters are available in the k8s::server::etcd
class:
addn_names
cert_path
client_ca_cert
client_ca_key
cluster_name
ensure
firewall_type
generate_ca
group
manage_certs
manage_firewall
manage_members
manage_setup
peer_ca_cert
peer_ca_key
puppetdb_discovery_tag
self_signed_tls
user
version
Data type: K8s::TLS_altnames
additional names for certificates
Default value: []
Data type: Stdlib::Unixpath
path to cert files
Default value: '/var/lib/etcd/certs'
Data type: Stdlib::Unixpath
path to the client ca cert
Default value: "${cert_path}/client-ca.pem"
Data type: Stdlib::Unixpath
path to the client ca key
Default value: "${cert_path}/client-ca.key"
Data type: String[1]
name of the etcd cluster for searching its nodes in the puppetdb
Default value: pick($k8s::server::etcd_cluster_name, 'default')
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: 'present'
Data type: Optional[K8s::Firewall]
define the type of firewall to use
Default value: $k8s::server::firewall_type
Data type: Boolean
whether to generate a own ca or not
Default value: false
Data type: String[1]
group to run etcd as
Default value: 'etcd'
Data type: Boolean
whether to manage certs or not
Default value: true
Data type: Boolean
whether to manage firewall or not
Default value: false
Data type: Boolean
whether to manage the ectd cluster member joining or not
Default value: false
Data type: Boolean
whether to manage the setup of etcd or not
Default value: true
Data type: Stdlib::Unixpath
path to the peer ca cert
Default value: "${cert_path}/peer-ca.pem"
Data type: Stdlib::Unixpath
path to the peer ca key
Default value: "${cert_path}/peer-ca.key"
Data type: String[1]
enable puppetdb resource searching
Default value: pick($k8s::server::puppetdb_discovery_tag, $cluster_name)
Data type: Boolean
whether to use self signed tls or not
Default value: false
Data type: String[1]
user to run etcd as
Default value: 'etcd'
Data type: String[1]
version of ectd to install
Default value: pick($k8s::etcd_version, '3.5.1')
Installs and configures an etcd instance
The following parameters are available in the k8s::server::etcd::setup
class:
advertise_client_urls
archive_template
auto_compaction_retention
auto_tls
binary_path
cert_file
client_cert_auth
data_dir
ensure
etcd_name
fqdn
gid
group
initial_advertise_peer_urls
initial_cluster
initial_cluster_state
initial_cluster_token
install
key_file
listen_client_urls
listen_peer_urls
package
peer_auto_tls
peer_cert_file
peer_client_cert_auth
peer_key_file
peer_trusted_ca_file
proxy
storage_path
trusted_ca_file
uid
user
version
Data type: Array[Stdlib::HTTPUrl]
The client urls to advertise
Default value: ["https://${fqdn}:2379"]
Data type: Stdlib::HTTPUrl
The download url template for the etc archive
Default value: 'https://storage.googleapis.com/etcd/v%{version}/etcd-v%{version}-%{kernel}-%{arch}.%{kernel_ext}'
Data type: Optional[Integer]
The auto compaction retention
Default value: undef
Data type: Boolean
Use auto tls
Default value: $k8s::server::etcd::self_signed_tls
Data type: Optional[Stdlib::Unixpath]
path to the etcd binary
Default value: undef
Data type: Optional[Stdlib::Unixpath]
path to the cert file
Default value: undef
Data type: Boolean
Use client cert auth
Default value: false
Data type: String[1]
path to the data dir
Default value: "${etcd_name}.etcd"
Data type: K8s::Ensure
set ensure for installation or deinstallation
Default value: $k8s::server::etcd::ensure
Data type: String[1]
The etcd instance name
Default value: $facts['networking']['hostname']
Data type: String[1]
fully qualified domain name
Default value: $facts['networking']['fqdn']
Data type: Optional[Integer[0, 65535]]
The group system id
Default value: undef
Data type: String[1]
etcd system user group
Default value: $k8s::server::etcd::group
Data type: Array[Stdlib::HTTPUrl]
The peer urls to advertise
Default value: ["https://${fqdn}:2380"]
Data type: Array[String[1]]
The initial cluster
Default value: []
Data type: Optional[Enum['existing', 'new']]
The initial cluster state
Default value: undef
Data type: Optional[String[1]]
The initial cluster token
Default value: undef
Data type: Enum['archive','package']
etcd installation method
Default value: 'archive'
Data type: Optional[Stdlib::Unixpath]
path to the key file
Default value: undef
Data type: Array[Stdlib::HTTPUrl]
The client urls to listen on
Default value: ['https://[::]:2379']
Data type: Array[Stdlib::HTTPUrl]
The peer urls to listen on
Default value: ['https://[::]:2380']
Data type: String[1]
etcd package name
Default value: 'etcd'
Data type: Boolean
Use peer auto tls
Default value: $k8s::server::etcd::self_signed_tls
Data type: Optional[Stdlib::Unixpath]
path to the peer cert file
Default value: undef
Data type: Boolean
Use peer client cert auth
Default value: false
Data type: Optional[Stdlib::Unixpath]
path to the peer key file
Default value: undef
Data type: Optional[Stdlib::Unixpath]
path to the peer trusted ca file
Default value: undef
Data type: Enum['on','off','readonly']
The proxy mode
Default value: 'off'
Data type: Stdlib::Unixpath
path to the working dir of etcd
Default value: '/var/lib/etcd'
Data type: Optional[Stdlib::Unixpath]
path to the trusted ca file
Default value: undef
Data type: Optional[Integer[0, 65535]]
The user system id
Default value: undef
Data type: String[1]
etcd system user
Default value: $k8s::server::etcd::user
Data type: String[1]
The ectd version to install
Default value: $k8s::server::etcd::version
Generates and deploys standard Kubernetes in-cluster services
The following parameters are available in the k8s::server::resources
class:
ca_cert
cluster_cidr
cluster_domain
control_plane_url
coredns_deployment_config
coredns_image
coredns_registry
coredns_tag
dns_service_address
extra_kube_proxy_args
flannel_cni_image
flannel_cni_registry
flannel_cni_tag
flannel_daemonset_config
flannel_image
flannel_registry
flannel_tag
image_pull_secrets
kube_proxy_daemonset_config
kube_proxy_image
kube_proxy_registry
kube_proxy_tag
kubeconfig
manage_bootstrap
manage_coredns
manage_flannel
manage_kube_proxy
Data type: Stdlib::Unixpath
the path to the CA certificate to use for the cluster
Default value: $k8s::server::tls::ca_cert
Data type: K8s::CIDR
the CIDR to use for the cluster
Default value: $k8s::server::cluster_cidr
Data type: String[1]
the domain to use for the cluster
Default value: $k8s::server::cluster_domain
Data type: String[1]
the URL to use for the control plane
Default value: $k8s::server::control_plane_url
Data type: Hash[String,Data]
the configuration to use for the CoreDNS Deployment
Default value: {}
Data type: String[1]
the image to use for the CoreDNS
Default value: 'coredns/coredns'
Data type: String[1]
the registry to use for the CoreDNS image
Default value: 'docker.io'
Data type: String[1]
the tag to use for the CoreDNS image
Default value: '1.8.7'
Data type: K8s::IP_addresses
the IP address to use for the DNS service
Default value: $k8s::server::dns_service_address
Data type: Hash[String,Data]
the extra arguments to pass to the kube-proxy
Default value: {}
Data type: String[1]
the image to use for the Flannel CNI
Default value: 'rancher/mirrored-flannelcni-flannel-cni-plugin'
Data type: String[1]
the registry to use for the Flannel CNI image
Default value: 'docker.io'
Data type: String[1]
the tag to use for the Flannel CNI image
Default value: 'v1.0.0'
Data type: Hash[String,Data]
the configuration to use for the Flannel DaemonSet
Default value: {}
Data type: String[1]
the image to use for the Flannel
Default value: 'rancher/mirrored-flannelcni-flannel'
Data type: String[1]
the registry to use for the Flannel image
Default value: 'docker.io'
Data type: String[1]
the tag to use for the Flannel image
Default value: 'v0.16.1'
Data type: Optional[Array]
the secrets to pull from private registries
Default value: undef
Data type: Hash[String,Data]
the configuration to use for the kube-proxy DaemonSet
Default value: {}
Data type: String[1]
the image to use for the kube-proxy
Default value: 'kube-proxy'
Data type: String[1]
the registry to use for the kube-proxy image
Default value: $k8s::container_registry
Data type: String[1]
the tag to use for the kube-proxy image
Default value: "v${k8s::version}"
Data type: Stdlib::Unixpath
the path to the kubeconfig file to use for kubectl
Default value: '/root/.kube/config'
Data type: Boolean
whether to manage the bootstrap resources
Default value: true
Data type: Boolean
whether to manage the CoreDNS resources
Default value: true
Data type: Boolean
whether to manage the Flannel resources
Default value: true
Data type: K8s::Proxy_method
whether to manage the kube-proxy resources
Default value: $k8s::manage_kube_proxy
Generates and deploys the default Puppet boostrap configuration into the cluster
The following parameters are available in the k8s::server::resources::bootstrap
class:
Data type: String[1]
The main API URL to encode in the bootstrap configuration
Default value: $k8s::server::resources::control_plane_url
Data type: K8s::Ensure
Whether the resources should be present or absent
Default value: $k8s::ensure
Data type: Stdlib::Unixpath
The path to the kubeconfig file to use for the bootstrap configuration
Default value: $k8s::server::resources::kubeconfig
Data type: Optional[Sensitive[K8s::Bootstrap_token]]
The exact token secret to use, will be generated as a random 16-char string if left blank. The generated value can be retrieved from the bootstrap-token-puppet Secret in kube-system.
Default value: undef
Generates and deploys the default CoreDNS DNS provider for Kubernetes
The following parameters are available in the k8s::server::resources::coredns
class:
cluster_domain
corefile_content
deployment_config
dns_service_address
ensure
hosts
image
image_pull_secrets
image_tag
kubeconfig
registry
template_path
template_variables
Data type: Stdlib::Fqdn
The cluster domain to use for the CoreDNS ConfigMap
Default value: $k8s::server::resources::cluster_domain
Data type: Optional[String[1]]
The content to use for the CoreDNS ConfigMap
Default value: undef
Data type: Hash[String,Data]
Additional configuration to merge into the Kubernetes Deployment object
Default value: $k8s::server::resources::coredns_deployment_config
Data type: K8s::IP_addresses
The address for the DNS service
Default value: $k8s::server::resources::dns_service_address
Data type: K8s::Ensure
Whether the resource should be present or absent on the target system
Default value: $k8s::ensure
Data type: Array[String[1]]
Additional host-style entries for the CoreDNS deployment to serve
Default value: []
Data type: String[1]
The CoreDNS image name to use
Default value: $k8s::server::resources::coredns_image
Data type: Optional[Array]
the secrets to pull from private registries
Default value: $k8s::server::resources::image_pull_secrets
Data type: String[1]
The CoreDNS image tag to use
Default value: $k8s::server::resources::coredns_tag
Data type: Stdlib::Unixpath
The path to the kubeconfig to use for kubectl commands
Default value: $k8s::server::resources::kubeconfig
Data type: String[1]
The CoreDNS image registry to use
Default value: $k8s::server::resources::coredns_registry
Data type: String[1]
The path to the template to use for the CoreDNS ConfigMap
Default value: 'k8s/server/resources/coredns_corefile.epp'
Data type: Hash[String, Any]
The variables to use for the CoreDNS ConfigMap template
Default value: { cluster_domain => $cluster_domain }
Generates and deploys the default CoreDNS DNS provider for Kubernetes
The following parameters are available in the k8s::server::resources::flannel
class:
cluster_cidr
cni_image
cni_image_tag
cni_registry
daemonset_config
ensure
image
image_pull_secrets
image_tag
kubeconfig
net_config
registry
Data type: K8s::CIDR
The internal cluster CIDR to proxy for
Default value: $k8s::server::resources::cluster_cidr
Data type: String[1]
The Flannel CNI plugin image name to use
Default value: $k8s::server::resources::flannel_cni_image
Data type: String[1]
The Flannel CNI plugin image tag to use
Default value: $k8s::server::resources::flannel_cni_tag
Data type: String[1]
The Flannel CNI plugin image registry to use
Default value: $k8s::server::resources::flannel_cni_registry
Data type: Hash[String,Data]
Additional configuration to merge into the DaemonSet object
Default value: $k8s::server::resources::flannel_daemonset_config
Data type: K8s::Ensure
Whether the resource should be present or absent on the system
Default value: $k8s::ensure
Data type: String[1]
The Flannel image name to use
Default value: $k8s::server::resources::flannel_image
Data type: Optional[Array]
the secrets to pull from private registries
Default value: $k8s::server::resources::image_pull_secrets
Data type: String[1]
The Flannel image tag to use
Default value: $k8s::server::resources::flannel_tag
Data type: Stdlib::Unixpath
The path to the kubeconfig file to use
Default value: $k8s::server::resources::kubeconfig
Data type: Hash[String,Data]
Additional configuration to merge into net-conf.json for Flannel
Default value: {}
Data type: String[1]
The Flannel image registry to use
Default value: $k8s::server::resources::flannel_registry
Generates and deploys the default kube-proxy service for Kubernetes
The following parameters are available in the k8s::server::resources::kube_proxy
class:
cluster_cidr
daemonset_config
ensure
extra_args
extra_config
image
image_pull_secrets
image_tag
kubeconfig
registry
Data type: K8s::CIDR
The internal cluster CIDR to proxy for
Default value: $k8s::server::resources::cluster_cidr
Data type: Hash[String,Data]
Additional configuration to merge into the DaemonSet object
Default value: {}
Data type: K8s::Ensure
Whether the resource should be present or absent
Default value: $k8s::ensure
Data type: Hash[String,Data]
Additional arguments to specify to the kube-proxy application
Default value: {}
Data type: Hash[String,Data]
Additional configuration data to apply to the kube-proxy configuration file
Default value: {}
Data type: String[1]
The kube-proxy image name to use
Default value: $k8s::server::resources::kube_proxy_image
Data type: Optional[Array]
the secrets to pull from private registries
Default value: $k8s::server::resources::image_pull_secrets
Data type: String[1]
The kube-proxy image tag to use
Default value: $k8s::server::resources::kube_proxy_tag
Data type: Stdlib::Unixpath
The path to the kubeconfig file to use
Default value: $k8s::server::resources::kubeconfig
Data type: String[1]
The kube-proxy image registry to use
Default value: $k8s::server::resources::kube_proxy_registry
Installs and configures a Kubernetes scheduler
The following parameters are available in the k8s::server::scheduler
class:
ensure
control_plane_url
arguments
cert_path
ca_cert
cert
key
container_registry
container_image
container_image_tag
Data type: K8s::Ensure
Whether the scheduler should be configured.
Default value: $k8s::server::ensure
Data type: Stdlib::HTTPUrl
The URL of the Kubernetes API server.
Default value: $k8s::control_plane_url
Data type: Hash[String, Data]
Additional arguments to pass to the scheduler.
Default value: {}
Data type: Stdlib::Unixpath
The path to the directory containing the TLS certificates.
Default value: $k8s::server::tls::cert_path
Data type: Stdlib::Unixpath
The path to the CA certificate.
Default value: $k8s::server::tls::ca_cert
Data type: Stdlib::Unixpath
The path to the scheduler certificate.
Default value: "${cert_path}/kube-scheduler.pem"
Data type: Stdlib::Unixpath
The path to the scheduler key.
Default value: "${cert_path}/kube-scheduler.key"
Data type: String[1]
The container registry to pull images from.
Default value: $k8s::container_registry
Data type: String[1]
The container image to use for the scheduler.
Default value: 'kube-scheduler'
Data type: Optional[String[1]]
The container image tag to use for the scheduler.
Default value: $k8s::container_image_tag
Generates the necessary Kubernetes certificates for a server
The following parameters are available in the k8s::server::tls
class:
aggregator_ca_cert
aggregator_ca_key
api_addn_names
api_service_address
ca_cert
ca_key
cert_path
cluster_domain
ensure
generate_ca
key_bits
manage_certs
valid_days
Data type: Stdlib::Unixpath
The path to the aggregator CA certificate
Default value: $k8s::server::aggregator_ca_cert
Data type: Stdlib::Unixpath
The path to the aggregator CA key
Default value: $k8s::server::aggregator_ca_key
Data type: K8s::TLS_altnames
Additional names to add to the API server certificate
Default value: []
Data type: Stdlib::IP::Address::Nosubnet
The API service address
Default value: $k8s::api_service_address
Data type: Stdlib::Unixpath
The path to the CA certificate
Default value: $k8s::server::ca_cert
Data type: Stdlib::Unixpath
The path to the CA key
Default value: $k8s::server::ca_key
Data type: Stdlib::Unixpath
The path to the certificates
Default value: $k8s::server::cert_path
Data type: String[1]
The cluster domain
Default value: $k8s::cluster_domain
Data type: K8s::Ensure
Whether to generate the certificates or not
Default value: 'present'
Data type: Boolean
Whether to generate the CA or not
Default value: $k8s::server::generate_ca
Data type: Integer[512]
The number of bits to use for the key
Default value: 2048
Data type: Boolean
Whether to manage the certificates or not
Default value: $k8s::server::manage_certs
Data type: Integer[1]
The number of days the certificate is valid for
Default value: 10000
Creates a dummy exec to allow deferring applies until the Kubernetes API server has started
Deploys a Kubernetes binary
The following parameters are available in the k8s::binary
defined type:
Data type: K8s::Ensure
Whether the binary should be present or absent
Default value: $k8s::ensure
Data type: String[1]
The version to deploy
Default value: $k8s::version
Data type: String[1]
The packaging method to use
Default value: $k8s::packaging
Data type: String[1]
The directory to deploy the binary to
Default value: "/opt/k8s/${$version}"
Data type: String[1]
The directory to download tarballs to
Default value: '/opt/k8s/archives'
Data type: Boolean
Whether the binary should be active
Default value: true
Data type: Optional[String]
The component to deploy
Default value: undef
You generally only want this to be done on a single Kubernetes server
The following parameters are available in the k8s::server::bootstrap_token
defined type:
addn_data
description
ensure
expiration
extra_groups
id
kubeconfig
secret
update
use_authentication
use_signing
Data type: Hash[String,Data]
Additional data to add to the token
Default value: {}
Data type: Optional[String]
A description of the token
Default value: undef
Data type: K8s::Ensure
Whether the token should be present or absent
Default value: 'present'
Data type: Optional[K8s::Timestamp]
The expiration time of the token
Default value: undef
Data type: Optional[Array[String]]
An array of extra groups to add to the token
Default value: undef
Data type: Pattern[/^[a-z0-9]{6}$/]
The ID of the token to generate
Default value: $name
Data type: Stdlib::Unixpath
The path to the kubeconfig file to use
Data type: Sensitive[K8s::Bootstrap_token]
The secret to use for the token
Default value: Sensitive(fqdn_rand_string(16).downcase())
Data type: Boolean
Whether to update the token if it already exists
Default value: false
Data type: Boolean
Whether the token should be used for authentication
Default value: true
Data type: Optional[Boolean]
Whether the token should be used for signing
Default value: undef
TODO - Convert to native type
The following parameters are available in the k8s::server::etcd::member
defined type:
Data type: Optional[Stdlib::Unixpath]
The cluster CA for the new member
Default value: undef
Data type: Optional[Stdlib::Unixpath]
The cluster cert for the new member
Default value: undef
Data type: Optional[Stdlib::Unixpath]
The cluster key for the new member
Default value: undef
Data type: Optional[Array[Stdlib::HTTPUrl]]
The cluster URLs for the new member
Default value: undef
Data type: Array[String, 1]
The peer URLs for the new member
Generates a TLS CA
The following parameters are available in the k8s::server::tls::ca
defined type:
Data type: Stdlib::Unixpath
The path to the CA key
Data type: Stdlib::Unixpath
The path to the CA certificate
Data type: K8s::Ensure
Whether the CA should be present or absent
Default value: present
Data type: String[1]
The subject of the CA certificate
Default value: "/CN=${title}"
Data type: String[1]
The owner of the CA key and certificate
Default value: 'root'
Data type: String[1]
The group of the CA key and certificate
Default value: 'root'
Data type: Integer[512]
The number of bits in the CA key
Default value: 2048
Data type: Integer[1]
The number of days the CA certificate is valid
Default value: 10000
Data type: Boolean
Whether to generate the CA key and certificate
Default value: true
Generates and signs a TLS certificate
The following parameters are available in the k8s::server::tls::cert
defined type:
addn_names
ca_cert
ca_key
cert
cert_path
config
csr
distinguished_name
ensure
extended_key_usage
group
key
key_bits
owner
valid_days
Data type: K8s::TLS_altnames
The additional names for the certificate
Default value: []
Data type: Stdlib::Unixpath
The path to the CA certificate
Data type: Stdlib::Unixpath
The path to the CA key
Data type: Stdlib::Unixpath
The path to the certificate file
Default value: "${cert_path}/${title}.pem"
Data type: Stdlib::Unixpath
The path to the directory where the certificate will be stored
Data type: Stdlib::Unixpath
The path to the OpenSSL config file
Default value: "${cert_path}/${title}.cnf"
Data type: Stdlib::Unixpath
The path to the CSR file
Default value: "${cert_path}/${title}.csr"
Data type: Hash[String, String]
The distinguished name for the certificate
Data type: K8s::Ensure
Whether the certificate should be present or absent
Default value: present
Data type: K8s::Extended_key_usage
The extended key usage for the certificate
Default value: ['clientAuth']
Data type: String[1]
The group of the certificate files
Default value: 'root'
Data type: Stdlib::Unixpath
The path to the key file
Default value: "${cert_path}/${title}.key"
Data type: Integer[512]
The number of bits in the key
Default value: 2048
Data type: String[1]
The owner of the certificate files
Default value: 'root'
Data type: Integer[1]
The number of days the certificate should be valid
Default value: 10000
TODO - This should probably be done as a service next to the apiservers
The following parameters are available in the k8s::server::tls::k8s_sign
defined type:
Data type: Any
Path to the kubeconfig file
Default value: '/root/.kube/config'
Example:
kubeconfig { '/var/lib/kubernetes/utility.conf': ca_cert => '/etc/kubernetes.ca.pem', token => 'utility-token', }
The following properties are available in the kubeconfig
type.
Valid values: present
, absent
Whether the kubeconfig should be present or absent (default: present)
Default value: present
The following parameters are available in the kubeconfig
type.
ca_cert
client_cert
client_key
cluster
context
current_context
embed_certs
group
mode
namespace
owner
password
path
provider
server
skip_tls_verify
tls_server_name
token
token_file
user
username
The path to a CA certificate to include in the kubeconfig
The path to a client certificate to include in the kubeconfig
The path to a client key to include in the kubeconfig
The name of the cluster to manage in the kubeconfig file
Default value: default
The name of the cluster to manage in the kubeconfig file
Default value: default
The current context to set
Valid values: true
, false
Should the certificate files be embedded into the kubeconfig file
Default value: true
The owner of the kubeconfig file
The access mode of the kubeconfig file
Default value: 0600
The namespace to default to
Default value: default
The owner of the kubeconfig file
The password of a user
An arbitrary path used as the identity of the resource.
The specific backend to use for this kubeconfig
resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
The server URL for the cluster
Valid values: true
, false
Skip verifying the TLS certs for the cluster
Default value: false
Specify an alternate server name to use for TLS verification
An authentication token for a user
The path to a file containing an authentication token
The name of the user to manage in the kubeconfig file
Default value: default
The username of a user
Example:
To encode the bootstrap token "tokenid.tokensecret" into a Kubernetes secret;
$tokenid = 'tokenid'
$tokensecret = 'tokensecret'
kubectl_apply { "bootstrap-token-${tokenid}":
namespace => 'kube-system',
kubeconfig => '/root/.kube/config',
api_version => 'v1,
kind => 'Secret',
content => {
type => 'bootstrap.kubernetes.io/token',
data => {
'token-id' => Binary.new($tokenid, '%s'),
'token-secret' => Binary.new($tokensecret, '%s'),
'usage-bootstrap-authentication' => 'true',
},
},
}
The following properties are available in the kubectl_apply
type.
Valid values: present
, absent
Whether the described resource should be present or absent (default: present)
Default value: present
The following parameters are available in the kubectl_apply
type.
api_version
content
file
kind
kubeconfig
name
namespace
provider
recreate
resource_name
show_diff
update
The apiVersion of the resource
The resource content, will be used as the base for the resulting Kubernetes resource
Default value: {}
The local file for the resource
The kind of the resource
The kubeconfig file to use for handling the resource
namevar
The Puppet name of the instance
The namespace the resource is contained in
The specific backend to use for this kubectl_apply
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
Valid values: true
, false
, yes
, no
Should updates be done by removal and recreation
Default value: false
The name of the resource
Valid values: true
, false
, yes
, no
Whether to display the difference when the resource changes
Default value: false
Valid values: true
, false
, yes
, no
Whether to update the resource if the content differs
Default value: true
Type: Ruby 4.x API
Formats a hash of arguments into something that can be passed to a kubernetes application
Formats a hash of arguments into something that can be passed to a kubernetes application
Returns: Array[String]
An array of formatted kubernetes arguments
Data type: Hash[String,Data]
A hash of arguments to format
Type: Ruby 4.x API
Formats a download URL for K8s binaries
Formats a download URL for K8s binaries
Returns: Any
String A valid download URL
Data type: String[1]
The URL template to format
Data type: Hash[String,Data]
A hash of additional arguments
Type: Ruby 4.x API
Retrieves an IP inside of a CIDR based on an index
k8s::ip_in_cidr('192.168.0.0/24', 'first')
# => 192.168.0.1
k8s::ip_in_cidr('192.168.0.0/24', 'second')
# => 192.168.0.2
k8s::ip_in_cidr('192.168.0.0/16', 600)
# => 192.168.1.244
k8s::ip_in_cidr(Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Array[Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR]]] $cidr, Optional[Variant[Enum["first","second"], Integer[1]]] $index)
Retrieves an IP inside of a CIDR based on an index
Returns: String
The first IP address in the CIDR
k8s::ip_in_cidr('192.168.0.0/24', 'first')
# => 192.168.0.1
k8s::ip_in_cidr('192.168.0.0/24', 'second')
# => 192.168.0.2
k8s::ip_in_cidr('192.168.0.0/16', 600)
# => 192.168.1.244
Data type: Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Array[Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR]]]
The CIDR to work on
Data type: Optional[Variant[Enum["first","second"], Integer[1]]]
The index of the IP to retrieve
A Kubernetes bootstrap token, must be 16-characters lowercase alphanumerical
Alias of Pattern[/\A[a-z0-9]{16}\z/]
a type to describe one or more IPv4/6 CIDR
Alias of
Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Array[
Variant[
Stdlib::IP::Address::V4::CIDR,
Stdlib::IP::Address::V6::CIDR
],
1
]]
a type to describe the supported container runtimes
Alias of Enum['crio', 'containerd']
https://golang.org/pkg/time/#ParseDuration
Alias of Pattern[/^(-?[0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$/]
a type to describe the ensure pattern
Alias of Enum['present', 'absent']
a type to describe extended key usage for a TLS certificate
Alias of
Array[Enum[
'clientAuth',
'serverAuth'
]]
a type to describe the type of the firewall to use
Alias of Enum['iptables', 'firewalld']
a type to describe multiple IP addresses without subnet sizes
Alias of
Variant[Stdlib::IP::Address::Nosubnet, Array[
Stdlib::IP::Address::Nosubnet,
1
]]
a type to describe Kubernetes native packaging methods
- Note hyperkube is a legacy name for single-binary packages
Alias of Enum['package', 'tarball', 'loose', 'hyperkube', 'manual']
a type to describe node/kubelet authentication methods
Alias of Enum['cert', 'token', 'bootstrap']
This regexp matches port range values
Alias of Pattern[/^[0-9]+(-[0-9]+)?$/]
a type to describe kube-proxy authentication methods
Alias of Enum['cert', 'token', 'incluster']
a type to describe how kube-proxy should be deployed
Alias of
Variant[Enum[
'on-node',
'in-cluster',
], Boolean]
This regexp matches quantities, like those for resource requests/limits
Alias of Pattern[/^[+-]?([0-9]+|[0-9]+\.[0-9]{1,3}|\.[0-9]{1,3}|[0-9]+\.)([KMGTPE]i|[mkMGTPE]|[eE][0-9]+(\.[0-9]+)?)?$/]
a type to describe TLS alternative names in certificates
Alias of
Array[Variant[
Stdlib::Fqdn,
Stdlib::IP::Address::Nosubnet,
]]
This regexp matches RFC3339 timestamps, the same as what Kubernetes expects to find
Alias of Pattern[/^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?([Zz]|[+-]([01][0-9]|2[0-3]):[0-5][0-9])$/]
This regexp matches URI values
Alias of Pattern[/^[a-z]+:\/\//]
A type for handling Kubernetes version numbers
Alias of Pattern[/^(\d+\.){2}\d+$/]