Allow non-YAML config file content

- Detect if the content of a auxiliary config file is a string
  to be directly written to a file or something that should be
  serialized as YAML.

Change-Id: I51a25e0911b81b88e58c90576063f39562ef4fee
This commit is contained in:
Scott Hussey 2019-03-27 12:44:49 -05:00 committed by Hussey, Scott (sh8121)
parent 4f7999bd00
commit 4bc788e8b7
2 changed files with 33 additions and 22 deletions

View File

@ -30,6 +30,10 @@ data:
{{/* Dynamically added config files */}}
{{- range $key, $val := .Values.conf }}
{{ $val.file }}: |
{{- if kindIs "string" $val.content }}
{{ indent 4 $val.content }}
{{- else }}
{{ toYaml $val.content | indent 4 }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -81,32 +81,40 @@ anchor:
manifest_path: /etc/kubernetes/manifests
period: 15
# TODO(sh8121att): Add dynamic rendering of the admission controller list allowing a base list
# and each conf entry to enable additional AC plugins
conf:
# Uncomment any of the below to enable the file placement and associated apiserver
# command line options
#
# acconfig:
# file: acconfig.yaml
acconfig:
file: acconfig.yaml
command_options:
- '--admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml'
- '--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction,EventRateLimit'
content:
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: EventRateLimit
path: eventconfig.yaml
eventconfig:
file: eventconfig.yaml
content:
kind: Configuration
apiVersion: eventratelimit.admission.k8s.io/v1alpha1
limits:
- type: Server
qps: 1000
burst: 10000
# aggapi:
# file: kube-agg-api-ca.pem
# command_options:
# - '--admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml'
# - '--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction,EventRateLimit'
# content:
# kind: AdmissionConfiguration
# apiVersion: apiserver.k8s.io/v1alpha1
# plugins:
# - name: EventRateLimit
# path: eventconfig.yaml
# eventconfig:
# file: eventconfig.yaml
# command_options: []
# content:
# kind: Configuration
# apiVersion: eventratelimit.admission.k8s.io/v1alpha1
# limits:
# - type: Server
# qps: 1000
# burst: 10000
# - '--requestheader-client-ca-file=/etc/kubernetes/apiserver/kube-agg-api-ca.pem'
# - '--requestheader-allowed-names=agg-client'
# content: |
# -----SOME CA----
#
# Uncomment any of the below to enable enhanced Audit Logging command line options.
#
# auditpolicy:
@ -144,7 +152,6 @@ apiserver:
- --feature-gates=PodShareProcessNamespace=true
# NOTE(mark-burnett): This flag is removed in Kubernetes 1.11
- --repair-malformed-updates=false
- --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction
- --v=3
etcd:
endpoints: https://kubernetes-etcd.kube-system.svc.cluster.local