airship/armada
Code Issues Proposed changes

Disable apiserver in the bootstrap daemonset

Browse Source 
Change-Id: I49010ddf3166e2612dd173338a0ec50073fcabd8
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
This commit is contained in:
Ruslan Aliev
2025-06-14 21:15:31 -05:00
parent d29b37e1fb
commit 4fb2cbdc7c
2 changed files with 0 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
charts/armada/templates/daemonset-bootstrap.yaml
View File

@@ -143,31 +143,6 @@ spec:
{{ if $mounts_monitor_bootstrap.volumeMounts }}
volumeMounts:
{{ toYaml $mounts_monitor_bootstrap.volumeMounts | indent 8 }}
{{ end }}
- command:
{{- range .Values.bootstrap_apiserver.command_prefix }}
- {{ . }}
{{- end }}
{{- range .Values.bootstrap_apiserver.genesis_arguments }}
- {{ . }}
{{- end }}
{{- range .Values.bootstrap_apiserver.arguments }}
- {{ . }}
{{- end }}
{{- if .Values.pod.env.apiserver_bootstrap }}
env:
{{- range .Values.pod.env.apiserver_bootstrap }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{ tuple $envAll "apiserver" | include "helm-toolkit.snippets.image" | indent 8 }}
name: kubectl-apiserver
{{ tuple $envAll $envAll.Values.pod.resources.apiserver_bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
{{ dict "envAll" $envAll "application" "armada" "container" "manager" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
{{ if $mounts_apiserver_bootstrap.volumeMounts }}
volumeMounts:
{{ toYaml $mounts_apiserver_bootstrap.volumeMounts | indent 8 }}
{{ end }}
dnsPolicy: Default
hostNetwork: true
@@ -183,5 +158,4 @@ spec:
volumes:
{{ toYaml $mounts_armada_bootstrap.volumes | indent 8 }}
{{ end }}
{{- end }}

42
charts/armada/values.yaml
View File

@@ -46,31 +46,6 @@ images:
- dep_check
- image_repo_sync
bootstrap_apiserver:
command_prefix:
- kube-apiserver
- --advertise-address=$(ADVERTISE_ADDRESS)
- --allow-privileged=true
- --anonymous-auth=false
- --bind-address=0.0.0.0
- --client-ca-file=/etc/kubernetes/apiserver/pki/cluster-ca.pem
- --etcd-cafile=/etc/kubernetes/apiserver/pki/etcd-client-ca.pem
- --etcd-certfile=/etc/kubernetes/apiserver/pki/etcd-client.pem
- --etcd-keyfile=/etc/kubernetes/apiserver/pki/etcd-client-key.pem
- --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/kubelet-client-ca.pem
- --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/kubelet-client.pem
- --kubelet-client-key=/etc/kubernetes/apiserver/pki/kubelet-client-key.pem
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/kubernetes/apiserver/pki/service-account.pub
- --service-account-signing-key-file=/etc/kubernetes/apiserver/pki/service-account.key
- --tls-cert-file=/etc/kubernetes/apiserver/pki/apiserver.pem
- --tls-private-key-file=/etc/kubernetes/apiserver/pki/apiserver-key.pem
genesis_arguments: []
arguments:
- --etcd-servers=https://localhost:12379
- --secure-port=6444
- --endpoint-reconciler-type=none
network:
api:
@@ -296,9 +271,6 @@ pod:
value: /tmp/log/bootstrap-armada-operator.log
- name: KUBECONFIG
value: /root/.kube/config
apiserver_bootstrap:
- name: KUBECONFIG
value: /etc/kubernetes/admin/config
# NOTE(@drewwalters96): These configuration values change the Armada API's
# uWSGI configuration.
armada_api:
@@ -371,13 +343,6 @@ pod:
name: ipc
- mountPath: /etc/kubernetes/manifests
name: manifest
apiserver:
volumeMounts:
- name: auth
mountPath: /etc/kubernetes/admin
- name: config
mountPath: /etc/kubernetes/apiserver
readOnly: true
armada_api:
init_container: null
armada_api:
@@ -429,13 +394,6 @@ pod:
requests:
cpu: "100m"
memory: "128Mi"
apiserver_bootstrap:
limits:
cpu: "8"
memory: "8Gi"
requests:
cpu: "100m"
memory: "128Mi"
api:
limits:
memory: "128Mi"