Skip to content

Latest commit

 

History

History
2717 lines (1530 loc) · 67.7 KB

REFERENCE.md

File metadata and controls

2717 lines (1530 loc) · 67.7 KB

Reference

Table of Contents

Classes

Public Classes

Private Classes

  • k8s::common: Sets up common Kubernetes components - users/groups/folders/etc
  • k8s::node::kube_proxy: Sets up a on-node kube-proxy instance
  • k8s::node::kubelet: Installs and configures kubelet
  • k8s::server::apiserver: Installs and configures a Kubernetes apiserver
  • k8s::server::controller_manager: Installs and configures a Kubernetes controller manager
  • k8s::server::resources: Generates and deploys standard Kubernetes in-cluster services
  • k8s::server::resources::bootstrap: Generates and deploys the default Puppet boostrap configuration into the cluster
  • k8s::server::resources::coredns: Generates and deploys the default CoreDNS DNS provider for Kubernetes
  • k8s::server::resources::flannel: Generates and deploys the default CoreDNS DNS provider for Kubernetes
  • k8s::server::resources::kube_proxy: Generates and deploys the default kube-proxy service for Kubernetes
  • k8s::server::scheduler: Installs and configures a Kubernetes scheduler
  • k8s::server::tls: Generates the necessary Kubernetes certificates for a server

Defined types

Resource types

  • kubeconfig: Example: kubeconfig { '/var/lib/kubernetes/utility.conf': ca_cert => '/etc/kubernetes.ca.pem', token => 'utility-token', }
  • kubectl_apply: Example: To encode the bootstrap token "tokenid.tokensecret" into a Kubernetes secret; $tokenid = 'tokenid' $tokensecret = 'tokense

Functions

Data types

Classes

k8s

Sets up a Kubernetes instance - either as a node or as a server

Parameters

The following parameters are available in the k8s class:

api_service_address

Data type: Stdlib::IP::Address::Nosubnet

IP address for the API service

Default value: k8s::ip_in_cidr($service_cluster_cidr, 'first')

cluster_cidr

Data type: K8s::CIDR

CIDR for the pod network

Default value: '10.0.0.0/16'

cluster_domain

Data type: Stdlib::Fqdn

domain name for the cluster

Default value: 'cluster.local'

container_image_tag

Data type: Optional[String[1]]

container image tag to use

Default value: undef

container_manager

Data type: K8s::Container_runtimes

container manager to use

Default value: 'crio'

container_registry

Data type: String[1]

container registry to use

Default value: 'registry.k8s.io'

container_runtime_service

Data type: String[1]

name of the container runtime service

Default value: "${container_manager}.service"

containerd_package

Data type: Optional[String[1]]

name of the containerd package

Default value: undef

control_plane_url

Data type: Stdlib::HTTPUrl

URL for the control plane

Default value: 'https://kubernetes:6443'

crictl_package

Data type: Optional[String[1]]

name of the crictl package

Default value: undef

crio_package

Data type: Optional[String[1]]

name of the crio package

Default value: undef

dns_service_address

Data type: K8s::IP_addresses

IP address for the DNS service

Default value: k8s::ip_in_cidr($service_cluster_cidr, 'second')

ensure

Data type: K8s::Ensure

whether kubernetes should be present or absent

Default value: 'present'

etcd_cluster_name

Data type: String[1]

name of the etcd cluster for searching its nodes in the puppetdb

Default value: 'default'

etcd_version

Data type: String[1]

version of etcd to install

Default value: '3.5.16'

firewall_type

Data type: Optional[K8s::Firewall]

type of firewall to use

Default value: undef

gid

Data type: Integer[0, 65535]

group id for kubernetes files and services

Default value: 888

group

Data type: String[1]

groupname for kubernetes files and services

Default value: 'kube'

hyperkube_name

Data type: String[1]

name of the hyperkube binary

Default value: 'hyperkube'

incluster_control_plane_url

Data type: Stdlib::HTTPUrl

URL for the control plane from within the cluster

Default value: 'https://kubernetes.default.svc'

manage_container_manager

Data type: Boolean

whether to manage the container manager

Default value: true

manage_etcd

Data type: Boolean

whether to manage etcd

Default value: true

manage_firewall

Data type: Boolean

whether to manage the firewall

Default value: false

manage_image

Data type: Boolean

whether to manage the image

Default value: false

manage_kernel_modules

Data type: Boolean

A flag to manage required Kernel modules.

Default value: true

manage_kube_proxy

Data type: K8s::Proxy_method

How/if the kube-proxy component should be managed, either as an in-cluster component (default), or as an on-node component for advanced use-cases.

Default value: true

manage_packages

Data type: Boolean

whether to manage packages

Default value: true

manage_repo

Data type: Boolean

whether to manage the repo

Default value: true

manage_sysctl_settings

Data type: Boolean

A flag to manage required sysctl settings.

Default value: true

native_packaging

Data type: K8s::Native_packaging

type of native packaging to use

Default value: 'loose'

native_url_template

Data type: String[1]

template for native packaging

Default value: 'https://dl.k8s.io/release/v%{version}/bin/%{kernel}/%{arch}/%{binary}'

node_auth

Data type: K8s::Node_auth

authentication method for nodes

Default value: 'bootstrap'

package_template

Data type: String[1]

template for package names

Default value: 'kubernetes-%{component}'

packaging

Data type: Enum['container', 'native']

whether to use native or container packaging

Default value: 'native'

puppetdb_discovery

Data type: Boolean

whether to use puppetdb for node discovery

Default value: false

puppetdb_discovery_tag

Data type: String[1]

tag to use for puppetdb node discovery

Default value: 'default'

purge_manifests

Data type: Boolean

whether to purge manifests

Default value: true

role

Data type: Optional[K8s::Node_role]

the role of the node

Default value: undef

runc_version

Data type: String[1]

version of runc to install

Default value: 'installed'

service_cluster_cidr

Data type: K8s::CIDR

CIDR for the service network

Default value: '10.1.0.0/24'

sysconfig_path

Data type: Stdlib::Unixpath

path to the sysconfig directory, per-OS values are configured in hiera

Default value: '/etc/sysconfig'

tarball_url_template

Data type: String[1]

template for tarball packaging

Default value: 'https://dl.k8s.io/release/v%{version}/kubernetes-%{component}-%{kernel}-%{arch}.tar.gz'

uid

Data type: Integer[0, 65535]

user id for kubernetes files and services

Default value: 888

user

Data type: String[1]

username for kubernetes files and services

Default value: 'kube'

version

Data type: String[1]

version of kubernetes to install

Default value: '1.28.14'

k8s::install::cni_plugins

Manages the installation of CNI plugins

Parameters

The following parameters are available in the k8s::install::cni_plugins class:

ensure

Data type: K8s::Ensure

Set ensure for installation or deinstallation

Default value: $k8s::ensure

method

Data type: String[1]

The installation method to use

Default value: $k8s::native_packaging

version

Data type: String[1]

The version of CNI plugins to install - if applicable

Default value: 'v1.2.0'

download_url_template

Data type: String[1]

Template string for the cni_plugins download url

Default value: 'https://github.com/containernetworking/plugins/releases/download/%{version}/cni-plugins-linux-%{arch}-%{version}.tgz'

package_name

Data type: Optional[String[1]]

Package name for the CNI plugins, will use OS default if omitted

Default value: undef

k8s::install::container_runtime

Manages the installation of a container runtime / CRI

Parameters

The following parameters are available in the k8s::install::container_runtime class:

manage_repo

Data type: Boolean

Whether to manage the repo or not

Default value: $k8s::manage_repo

container_manager

Data type: K8s::Container_runtimes

The CRI implementation to install

Default value: $k8s::container_manager

crio_package

Data type: Optional[String[1]]

The CRI-o package name

Default value: $k8s::crio_package

containerd_package

Data type: Optional[String[1]]

The containerd package name

Default value: $k8s::containerd_package

runc_version

Data type: String[1]

The runc version

Default value: $k8s::runc_version

package_ensure

Data type: String[1]

The ensure value to set on the cri package

Default value: installed

k8s::install::crictl

Class: k8s::install::crictl

Parameters

The following parameters are available in the k8s::install::crictl class:

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: $k8s::ensure

version

Data type: String[1]

the k8s version

Default value: 'v1.26.0'

config

Data type: Hash

config for crictl, for example: k8s::install::crictl::config: 'runtime-endpoint': 'unix:///run/containerd/containerd.sock' 'image-endpoint': 'unix:///run/containerd/containerd.sock'

Default value: {}

crictl_package

Data type: Optional[String[1]]

the package name of crictl

Default value: $k8s::crictl_package

manage_repo

Data type: Boolean

whether to manage the repo or not

Default value: $k8s::manage_repo

download_url_template

Data type: Stdlib::HTTPUrl

template string for the URL to download tar.gz from

Default value: 'https://github.com/kubernetes-sigs/cri-tools/releases/download/%{version}/crictl-%{version}-linux-%{arch}.tar.gz'

k8s::install::kubeadm

Installs the kubeadm binary

Parameters

The following parameters are available in the k8s::install::kubeadm class:

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: $k8s::ensure

k8s::install::kubectl

Installs the kubectl binary

Parameters

The following parameters are available in the k8s::install::kubectl class:

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: $k8s::ensure

k8s::node

Installs a Kubernetes node

Parameters

The following parameters are available in the k8s::node class:

ca_cert

Data type: Stdlib::Unixpath

path to the ca cert

Default value: "${cert_path}/ca.pem"

cert_path

Data type: Stdlib::Unixpath

path to cert files

Default value: '/var/lib/kubelet/pki'

control_plane_url

Data type: Stdlib::HTTPUrl

cluster API connection

Default value: $k8s::control_plane_url

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: $k8s::ensure

firewall_type

Data type: Optional[K8s::Firewall]

define the type of firewall to use

Default value: $k8s::firewall_type

manage_crictl

Data type: Boolean

toggle to install crictl

Default value: false

manage_firewall

Data type: Boolean

whether to manage firewall or not

Default value: $k8s::manage_firewall

manage_kernel_modules

Data type: Boolean

whether to load kernel modules or not

Default value: $k8s::manage_kernel_modules

manage_kubelet

Data type: Boolean

whether to manage kublet or not

Default value: true

manage_proxy

Data type: Boolean

whether to manage kube-proxy or not

Default value: $k8s::manage_kube_proxy == 'on-node'

manage_simple_cni

Data type: Boolean

toggle to use a simple bridge network for containers

Default value: false

manage_sysctl_settings

Data type: Boolean

whether to manage sysctl settings or not

Default value: $k8s::manage_sysctl_settings

node_auth

Data type: K8s::Node_auth

type of node authentication

Default value: $k8s::node_auth

node_cert

Data type: Optional[Stdlib::Unixpath]

path to node cert file

Default value: undef

node_key

Data type: Optional[Stdlib::Unixpath]

path to node key file

Default value: undef

node_token

Data type: Optional[Sensitive[String]]

k8s token to join a cluster

Default value: undef

proxy_auth

Data type: K8s::Proxy_auth

which proxy auth to use

Default value: 'incluster'

proxy_cert

Data type: Optional[Stdlib::Unixpath]

path to proxy cert file

Default value: undef

proxy_key

Data type: Optional[Stdlib::Unixpath]

path to proxy key file

Default value: undef

proxy_token

Data type: Optional[Sensitive[String]]

k8s token for kube-proxy

Default value: undef

puppetdb_discovery_tag

Data type: String[1]

enable puppetdb resource searching

Default value: $k8s::puppetdb_discovery_tag

k8s::node::kubectl

Installs the kubectl binary

Parameters

The following parameters are available in the k8s::node::kubectl class:

ensure

Data type: K8s::Ensure

Whether to install the binary

Default value: $k8s::ensure

k8s::node::simple_cni

Class: k8s::node::simple_cni

Parameters

The following parameters are available in the k8s::node::simple_cni class:

pod_cidr

Data type: K8s::CIDR

cidr for pods in the network

Default value: $k8s::cluster_cidr

k8s::repo

Handles repositories for the container runtime

Parameters

The following parameters are available in the k8s::repo class:

manage_container_manager

Data type: Boolean

Whether to add the CRI-o repository or not

Default value: $k8s::manage_container_manager

container_manager

Data type: K8s::Container_runtimes

The name of the container manager

Default value: $k8s::container_manager

major_version

Data type: String[1]

The major version of Kubernetes to deploy repos for

Default value: $k8s::version.split('\.')[0, 2].join('.')

k8s::server

Sets up a Kubernetes server instance

Parameters

The following parameters are available in the k8s::server class:

aggregator_ca_cert

Data type: Stdlib::Unixpath

path to the aggregator ca cert

Default value: "${cert_path}/aggregator-ca.pem"

aggregator_ca_key

Data type: Stdlib::Unixpath

path to the aggregator ca key

Default value: "${cert_path}/aggregator-ca.key"

api_port

Data type: Integer[1]

Cluster API port

Default value: 6443

ca_cert

Data type: Stdlib::Unixpath

path to the ca cert

Default value: "${cert_path}/ca.pem"

ca_key

Data type: Stdlib::Unixpath

path to the ca key

Default value: "${cert_path}/ca.key"

cert_path

Data type: Stdlib::Unixpath

path to cert files

Default value: '/etc/kubernetes/certs'

cluster_cidr

Data type: K8s::CIDR

cluster cidr

Default value: $k8s::cluster_cidr

cluster_domain

Data type: String

cluster domain name

Default value: $k8s::cluster_domain

control_plane_url

Data type: String

cluster API connection

Default value: $k8s::control_plane_url

direct_control_plane_url

Data type: String

direct clust API connection

Default value: "https://${fact('networking.ip')}:${api_port}"

dns_service_address

Data type: K8s::IP_addresses

cluster dns service address

Default value: $k8s::dns_service_address

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: $k8s::ensure

etcd_cluster_name

Data type: String[1]

name of the etcd cluster for searching its nodes in the puppetdb

Default value: $k8s::etcd_cluster_name

etcd_servers

Data type: Optional[Array[Stdlib::HTTPUrl]]

list etcd servers if no puppetdb is used

Default value: undef

firewall_type

Data type: Optional[K8s::Firewall]

define the type of firewall to use

Default value: $k8s::firewall_type

generate_ca

Data type: Boolean

initially generate ca

Default value: false

manage_certs

Data type: Boolean

whether to manage certs or not

Default value: true

manage_components

Data type: Boolean

whether to manage components or not

Default value: true

manage_crictl

Data type: Boolean

whether to install crictl or not

Default value: false

manage_etcd

Data type: Boolean

whether to manage etcd or not

Default value: $k8s::manage_etcd

manage_firewall

Data type: Boolean

whether to manage firewall or not

Default value: $k8s::manage_firewall

manage_kubeadm

Data type: Boolean

whether to install kubeadm or not

Default value: false

manage_resources

Data type: Boolean

whether to manage cluster internal resources or not

Default value: true

manage_signing

Data type: Boolean

whether to manage cert signing or not

Default value: $k8s::puppetdb_discovery

node_on_server

Data type: Boolean

whether to use controller also as nodes or not

Default value: true

puppetdb_discovery_tag

Data type: String[1]

enable puppetdb resource searching

Default value: $k8s::puppetdb_discovery_tag

k8s::server::etcd

Sets up an etcd cluster node

Parameters

The following parameters are available in the k8s::server::etcd class:

addn_names

Data type: K8s::TLS_altnames

additional names for certificates

Default value: []

cert_path

Data type: Stdlib::Unixpath

path to cert files

Default value: '/var/lib/etcd/certs'

client_ca_cert

Data type: Stdlib::Unixpath

path to the client ca cert

Default value: "${cert_path}/client-ca.pem"

client_ca_key

Data type: Stdlib::Unixpath

path to the client ca key

Default value: "${cert_path}/client-ca.key"

cluster_name

Data type: String[1]

name of the etcd cluster for searching its nodes in the puppetdb, will use k8s::etcd_cluster_name unless otherwise specified

Default value: 'default'

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: 'present'

firewall_type

Data type: Optional[K8s::Firewall]

define the type of firewall to use

Default value: undef

generate_ca

Data type: Boolean

whether to generate a own ca or not

Default value: false

group

Data type: String[1]

group to run etcd as

Default value: 'etcd'

manage_certs

Data type: Boolean

whether to manage certs or not

Default value: true

manage_firewall

Data type: Boolean

whether to manage firewall or not

Default value: false

manage_members

Data type: Boolean

whether to manage the ectd cluster member joining or not

Default value: false

manage_setup

Data type: Boolean

whether to manage the setup of etcd or not

Default value: true

peer_ca_cert

Data type: Stdlib::Unixpath

path to the peer ca cert

Default value: "${cert_path}/peer-ca.pem"

peer_ca_key

Data type: Stdlib::Unixpath

path to the peer ca key

Default value: "${cert_path}/peer-ca.key"

puppetdb_discovery_tag

Data type: String[1]

enable puppetdb resource searching

Default value: $cluster_name

self_signed_tls

Data type: Boolean

whether to use self signed tls or not

Default value: false

user

Data type: String[1]

user to run etcd as

Default value: 'etcd'

version

Data type: String[1]

version of ectd to install, will use k8s::etcd_version unless otherwise specified

Default value: $k8s::etcd_version

k8s::server::etcd::setup

Installs and configures an etcd instance

Parameters

The following parameters are available in the k8s::server::etcd::setup class:

advertise_client_urls

Data type: Array[Stdlib::HTTPUrl]

The client urls to advertise

Default value: ["https://${fqdn}:2379"]

archive_template

Data type: Stdlib::HTTPUrl

The download url template for the etc archive

Default value: 'https://storage.googleapis.com/etcd/v%{version}/etcd-v%{version}-%{kernel}-%{arch}.%{kernel_ext}'

auto_compaction_retention

Data type: Optional[Integer]

The auto compaction retention

Default value: undef

auto_tls

Data type: Optional[Boolean]

Use auto tls

Default value: undef

binary_path

Data type: Optional[Stdlib::Unixpath]

path to the etcd binary

Default value: undef

cert_file

Data type: Optional[Stdlib::Unixpath]

path to the cert file

Default value: undef

client_cert_auth

Data type: Boolean

Use client cert auth

Default value: false

data_dir

Data type: String[1]

path to the data dir

Default value: "${etcd_name}.etcd"

ensure

Data type: K8s::Ensure

set ensure for installation or deinstallation

Default value: 'present'

etcd_name

Data type: String[1]

The etcd instance name

Default value: $facts['networking']['hostname']

fqdn

Data type: String[1]

fully qualified domain name

Default value: $facts['networking']['fqdn']

gid

Data type: Optional[Integer[0, 65535]]

The group system id

Default value: undef

group

Data type: String[1]

etcd system user group

Default value: 'etcd'

initial_advertise_peer_urls

Data type: Array[Stdlib::HTTPUrl]

The peer urls to advertise

Default value: ["https://${fqdn}:2380"]

initial_cluster

Data type: Array[String[1]]

The initial cluster

Default value: []

initial_cluster_state

Data type: Optional[Enum['existing', 'new']]

The initial cluster state

Default value: undef

initial_cluster_token

Data type: Optional[String[1]]

The initial cluster token

Default value: undef

install

Data type: Enum['archive','package']

etcd installation method

Default value: 'archive'

key_file

Data type: Optional[Stdlib::Unixpath]

path to the key file

Default value: undef

listen_client_urls

Data type: Array[Stdlib::HTTPUrl]

The client urls to listen on

Default value: ['https://[::]:2379']

listen_peer_urls

Data type: Array[Stdlib::HTTPUrl]

The peer urls to listen on

Default value: ['https://[::]:2380']

package

Data type: String[1]

etcd package name

Default value: 'etcd'

peer_auto_tls

Data type: Optional[Boolean]

Use peer auto tls

Default value: undef

peer_cert_file

Data type: Optional[Stdlib::Unixpath]

path to the peer cert file

Default value: undef

peer_client_cert_auth

Data type: Boolean

Use peer client cert auth

Default value: false

peer_key_file

Data type: Optional[Stdlib::Unixpath]

path to the peer key file

Default value: undef

peer_trusted_ca_file

Data type: Optional[Stdlib::Unixpath]

path to the peer trusted ca file

Default value: undef

proxy

Data type: Enum['on','off','readonly']

The proxy mode

Default value: 'off'

storage_path

Data type: Stdlib::Unixpath

path to the working dir of etcd

Default value: '/var/lib/etcd'

trusted_ca_file

Data type: Optional[Stdlib::Unixpath]

path to the trusted ca file

Default value: undef

uid

Data type: Optional[Integer[0, 65535]]

The user system id

Default value: undef

user

Data type: String[1]

etcd system user

Default value: 'etcd'

version

Data type: String[1]

The ectd version to install

Default value: $k8s::etcd_version

k8s::server::wait_online

Creates a dummy exec to allow deferring applies until the Kubernetes API server has started

Defined types

k8s::binary

Deploys a Kubernetes binary

Parameters

The following parameters are available in the k8s::binary defined type:

ensure

Data type: K8s::Ensure

Whether the binary should be present or absent

Default value: $k8s::ensure

version

Data type: String[1]

The version to deploy

Default value: $k8s::version

packaging

Data type: String[1]

The packaging method to use

Default value: $k8s::packaging

target

Data type: String[1]

The directory to deploy the binary to

Default value: "/opt/k8s/${$version}"

tarball_target

Data type: String[1]

The directory to download tarballs to

Default value: '/opt/k8s/archives'

active

Data type: Boolean

Whether the binary should be active

Default value: true

component

Data type: Optional[String]

The component to deploy

Default value: undef

k8s::server::bootstrap_token

You generally only want this to be done on a single Kubernetes server

Parameters

The following parameters are available in the k8s::server::bootstrap_token defined type:

addn_data

Data type: Hash[String,Data]

Additional data to add to the token

Default value: {}

description

Data type: Optional[String]

A description of the token

Default value: undef

ensure

Data type: K8s::Ensure

Whether the token should be present or absent

Default value: 'present'

expiration

Data type: Optional[K8s::Timestamp]

The expiration time of the token

Default value: undef

extra_groups

Data type: Optional[Array[String]]

An array of extra groups to add to the token

Default value: undef

id

Data type: Pattern[/^[a-z0-9]{6}$/]

The ID of the token to generate

Default value: $name

kubeconfig

Data type: Stdlib::Unixpath

The path to the kubeconfig file to use

secret

Data type: Sensitive[K8s::Bootstrap_token]

The secret to use for the token

Default value: Sensitive(fqdn_rand_string(16).downcase())

update

Data type: Boolean

Whether to update the token if it already exists

Default value: false

use_authentication

Data type: Boolean

Whether the token should be used for authentication

Default value: true

use_signing

Data type: Optional[Boolean]

Whether the token should be used for signing

Default value: undef

k8s::server::etcd::member

TODO - Convert to native type

Parameters

The following parameters are available in the k8s::server::etcd::member defined type:

cluster_ca

Data type: Optional[Stdlib::Unixpath]

The cluster CA for the new member

Default value: undef

cluster_cert

Data type: Optional[Stdlib::Unixpath]

The cluster cert for the new member

Default value: undef

cluster_key

Data type: Optional[Stdlib::Unixpath]

The cluster key for the new member

Default value: undef

cluster_urls

Data type: Optional[Array[Stdlib::HTTPUrl]]

The cluster URLs for the new member

Default value: undef

peer_urls

Data type: Array[String, 1]

The peer URLs for the new member

k8s::server::tls::ca

Generates a TLS CA

Parameters

The following parameters are available in the k8s::server::tls::ca defined type:

key

Data type: Stdlib::Unixpath

The path to the CA key

cert

Data type: Stdlib::Unixpath

The path to the CA certificate

ensure

Data type: K8s::Ensure

Whether the CA should be present or absent

Default value: present

subject

Data type: String[1]

The subject of the CA certificate

Default value: "/CN=${title}"

owner

Data type: String[1]

The owner of the CA key and certificate

Default value: 'root'

group

Data type: String[1]

The group of the CA key and certificate

Default value: 'root'

key_bits

Data type: Integer[512]

The number of bits in the CA key

Default value: 2048

valid_days

Data type: Integer[1]

The number of days the CA certificate is valid

Default value: 10000

generate

Data type: Boolean

Whether to generate the CA key and certificate

Default value: true

k8s::server::tls::cert

Generates and signs a TLS certificate

Parameters

The following parameters are available in the k8s::server::tls::cert defined type:

addn_names

Data type: K8s::TLS_altnames

The additional names for the certificate

Default value: []

ca_cert

Data type: Stdlib::Unixpath

The path to the CA certificate

ca_key

Data type: Stdlib::Unixpath

The path to the CA key

cert

Data type: Stdlib::Unixpath

The path to the certificate file

Default value: "${cert_path}/${title}.pem"

cert_path

Data type: Stdlib::Unixpath

The path to the directory where the certificate will be stored

config

Data type: Stdlib::Unixpath

The path to the OpenSSL config file

Default value: "${cert_path}/${title}.cnf"

csr

Data type: Stdlib::Unixpath

The path to the CSR file

Default value: "${cert_path}/${title}.csr"

distinguished_name

Data type: Hash[String, String]

The distinguished name for the certificate

ensure

Data type: K8s::Ensure

Whether the certificate should be present or absent

Default value: present

extended_key_usage

Data type: K8s::Extended_key_usage

The extended key usage for the certificate

Default value: ['clientAuth']

group

Data type: String[1]

The group of the certificate files

Default value: 'root'

key

Data type: Stdlib::Unixpath

The path to the key file

Default value: "${cert_path}/${title}.key"

key_bits

Data type: Integer[512]

The number of bits in the key

Default value: 2048

owner

Data type: String[1]

The owner of the certificate files

Default value: 'root'

valid_days

Data type: Integer[1]

The number of days the certificate should be valid

Default value: 10000

k8s::server::tls::k8s_sign

TODO - This should probably be done as a service next to the apiservers

Parameters

The following parameters are available in the k8s::server::tls::k8s_sign defined type:

kubeconfig

Data type: Any

Path to the kubeconfig file

Default value: '/root/.kube/config'

Resource types

kubeconfig

Example:

kubeconfig { '/var/lib/kubernetes/utility.conf': ca_cert => '/etc/kubernetes.ca.pem', token => 'utility-token', }

Properties

The following properties are available in the kubeconfig type.

ensure

Valid values: present, absent

Whether the kubeconfig should be present or absent (default: present)

Default value: present

Parameters

The following parameters are available in the kubeconfig type.

ca_cert

The path to a CA certificate to include in the kubeconfig

client_cert

The path to a client certificate to include in the kubeconfig

client_key

The path to a client key to include in the kubeconfig

cluster

The name of the cluster to manage in the kubeconfig file

Default value: default

context

The name of the cluster to manage in the kubeconfig file

Default value: default

current_context

The current context to set

embed_certs

Valid values: true, false

Should the certificate files be embedded into the kubeconfig file

Default value: true

group

The owner of the kubeconfig file

mode

The access mode of the kubeconfig file

Default value: 0600

namespace

The namespace to default to

Default value: default

owner

The owner of the kubeconfig file

password

The password of a user

path

An arbitrary path used as the identity of the resource.

provider

The specific backend to use for this kubeconfig resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

server

The server URL for the cluster

skip_tls_verify

Valid values: true, false

Skip verifying the TLS certs for the cluster

Default value: false

tls_server_name

Specify an alternate server name to use for TLS verification

token

An authentication token for a user

token_file

The path to a file containing an authentication token

user

The name of the user to manage in the kubeconfig file

Default value: default

username

The username of a user

kubectl_apply

Example:

To encode the bootstrap token "tokenid.tokensecret" into a Kubernetes secret;

$tokenid = 'tokenid'
$tokensecret = 'tokensecret'
kubectl_apply { "bootstrap-token-${tokenid}":
  namespace   => 'kube-system',
  kubeconfig  => '/root/.kube/config',

  api_version => 'v1,
  kind        => 'Secret',

  content     => {
    type => 'bootstrap.kubernetes.io/token',
    data => {
      'token-id'                       => Binary.new($tokenid, '%s'),
      'token-secret'                   => Binary.new($tokensecret, '%s'),
      'usage-bootstrap-authentication' => 'true',
    },
  },
}

Properties

The following properties are available in the kubectl_apply type.

ensure

Valid values: present, absent

Whether the described resource should be present or absent (default: present)

Default value: present

Parameters

The following parameters are available in the kubectl_apply type.

api_version

The apiVersion of the resource

content

The resource content, will be used as the base for the resulting Kubernetes resource

Default value: {}

file

The local file for the resource

kind

The kind of the resource

kubeconfig

The kubeconfig file to use for handling the resource

name

namevar

The Puppet name of the instance

namespace

The namespace the resource is contained in

provider

The specific backend to use for this kubectl_apply resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

recreate

Valid values: true, false, yes, no

Should updates be done by removal and recreation

Default value: false

resource_name

The name of the resource

show_diff

Valid values: true, false, yes, no

Whether to display the difference when the resource changes

Default value: false

update

Valid values: true, false, yes, no

Whether to update the resource if the content differs

Default value: true

Functions

k8s::format_arguments

Type: Ruby 4.x API

Formats a hash of arguments into something that can be passed to a kubernetes application

k8s::format_arguments(Hash[String,Data] $arguments)

Formats a hash of arguments into something that can be passed to a kubernetes application

Returns: Array[String] An array of formatted kubernetes arguments

arguments

Data type: Hash[String,Data]

A hash of arguments to format

k8s::format_url

Type: Ruby 4.x API

Formats a download URL for K8s binaries

k8s::format_url(String[1] $url, Hash[String,Data] $components)

Formats a download URL for K8s binaries

Returns: Any String A valid download URL

url

Data type: String[1]

The URL template to format

components

Data type: Hash[String,Data]

A hash of additional arguments

k8s::ip_in_cidr

Type: Ruby 4.x API

Retrieves an IP inside of a CIDR based on an index

Examples

In 192.168.0.0/24
k8s::ip_in_cidr('192.168.0.0/24', 'first')
# => 192.168.0.1
k8s::ip_in_cidr('192.168.0.0/24', 'second')
# => 192.168.0.2
k8s::ip_in_cidr('192.168.0.0/16', 600)
# => 192.168.1.244

k8s::ip_in_cidr(Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Array[Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR]]] $cidr, Optional[Variant[Enum["first","second"], Integer[1]]] $index)

Retrieves an IP inside of a CIDR based on an index

Returns: String The first IP address in the CIDR

Examples
In 192.168.0.0/24
k8s::ip_in_cidr('192.168.0.0/24', 'first')
# => 192.168.0.1
k8s::ip_in_cidr('192.168.0.0/24', 'second')
# => 192.168.0.2
k8s::ip_in_cidr('192.168.0.0/16', 600)
# => 192.168.1.244
cidr

Data type: Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Array[Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR]]]

The CIDR to work on

index

Data type: Optional[Variant[Enum["first","second"], Integer[1]]]

The index of the IP to retrieve

Data types

K8s::Bootstrap_token

A Kubernetes bootstrap token, must be 16-characters lowercase alphanumerical

Alias of Pattern[/\A[a-z0-9]{16}\z/]

K8s::CIDR

a type to describe one or more IPv4/6 CIDR

Alias of

Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR, Array[
    Variant[
      Stdlib::IP::Address::V4::CIDR,
      Stdlib::IP::Address::V6::CIDR
    ],
    1
  ]]

K8s::Container_runtimes

a type to describe the supported container runtimes

Alias of Enum['crio', 'containerd']

K8s::Duration

https://golang.org/pkg/time/#ParseDuration

Alias of Pattern[/^(-?[0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$/]

K8s::Ensure

a type to describe the ensure pattern

Alias of Enum['present', 'absent']

K8s::Extended_key_usage

a type to describe extended key usage for a TLS certificate

Alias of

Array[Enum[
    'clientAuth',
    'serverAuth'
  ]]

K8s::Firewall

a type to describe the type of the firewall to use

Alias of Enum['iptables', 'firewalld']

K8s::IP_addresses

a type to describe multiple IP addresses without subnet sizes

Alias of

Variant[Stdlib::IP::Address::Nosubnet, Array[
    Stdlib::IP::Address::Nosubnet,
    1
  ]]

K8s::Native_packaging

a type to describe Kubernetes native packaging methods

  • Note hyperkube is a legacy name for single-binary packages

Alias of Enum['package', 'tarball', 'loose', 'hyperkube', 'manual']

K8s::Node_auth

a type to describe node/kubelet authentication methods

Alias of Enum['cert', 'token', 'bootstrap']

K8s::Node_role

a type to describe a type of Kubernetes node

  • Note server/control-plane are identical, one using the Puppet term, the other the Kubernetes term

Alias of Enum['node', 'server', 'control-plane', 'etcd-replica', 'none']

K8s::PortRange

This regexp matches port range values

Alias of Pattern[/^[0-9]+(-[0-9]+)?$/]

K8s::Proxy_auth

a type to describe kube-proxy authentication methods

Alias of Enum['cert', 'token', 'incluster']

K8s::Proxy_method

a type to describe how kube-proxy should be deployed

Alias of

Variant[Enum[
    'on-node',
    'in-cluster',
  ], Boolean]

K8s::Quantity

This regexp matches quantities, like those for resource requests/limits

Alias of Pattern[/^[+-]?([0-9]+|[0-9]+\.[0-9]{1,3}|\.[0-9]{1,3}|[0-9]+\.)([KMGTPE]i|[mkMGTPE]|[eE][0-9]+(\.[0-9]+)?)?$/]

K8s::TLS_altnames

a type to describe TLS alternative names in certificates

Alias of

Array[Variant[
    Stdlib::Fqdn,
    Stdlib::IP::Address::Nosubnet,
  ]]

K8s::Timestamp

This regexp matches RFC3339 timestamps, the same as what Kubernetes expects to find

Alias of Pattern[/^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?([Zz]|[+-]([01][0-9]|2[0-3]):[0-5][0-9])$/]

K8s::URI

This regexp matches URI values

Alias of Pattern[/^[a-z]+:\/\//]

K8s::Version

A type for handling Kubernetes version numbers

Alias of Pattern[/^(\d+\.){2}\d+$/]