From 4fb2cbdc7c15be5fca1c173e1001bc787ca1c048 Mon Sep 17 00:00:00 2001 From: Ruslan Aliev Date: Sat, 14 Jun 2025 21:15:31 -0500 Subject: [PATCH] Disable apiserver in the bootstrap daemonset Change-Id: I49010ddf3166e2612dd173338a0ec50073fcabd8 Signed-off-by: Ruslan Aliev --- .../armada/templates/daemonset-bootstrap.yaml | 26 ------------ charts/armada/values.yaml | 42 ------------------- 2 files changed, 68 deletions(-) diff --git a/charts/armada/templates/daemonset-bootstrap.yaml b/charts/armada/templates/daemonset-bootstrap.yaml index 5451475c..b27f07e7 100644 --- a/charts/armada/templates/daemonset-bootstrap.yaml +++ b/charts/armada/templates/daemonset-bootstrap.yaml @@ -143,31 +143,6 @@ spec: {{ if $mounts_monitor_bootstrap.volumeMounts }} volumeMounts: {{ toYaml $mounts_monitor_bootstrap.volumeMounts | indent 8 }} -{{ end }} - - command: - {{- range .Values.bootstrap_apiserver.command_prefix }} - - {{ . }} - {{- end }} - {{- range .Values.bootstrap_apiserver.genesis_arguments }} - - {{ . }} - {{- end }} - {{- range .Values.bootstrap_apiserver.arguments }} - - {{ . }} - {{- end }} -{{- if .Values.pod.env.apiserver_bootstrap }} - env: - {{- range .Values.pod.env.apiserver_bootstrap }} - - name: {{ .name | quote }} - value: {{ .value | quote }} - {{- end }} -{{- end }} -{{ tuple $envAll "apiserver" | include "helm-toolkit.snippets.image" | indent 8 }} - name: kubectl-apiserver -{{ tuple $envAll $envAll.Values.pod.resources.apiserver_bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} -{{ dict "envAll" $envAll "application" "armada" "container" "manager" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }} -{{ if $mounts_apiserver_bootstrap.volumeMounts }} - volumeMounts: -{{ toYaml $mounts_apiserver_bootstrap.volumeMounts | indent 8 }} {{ end }} dnsPolicy: Default hostNetwork: true @@ -183,5 +158,4 @@ spec: volumes: {{ toYaml $mounts_armada_bootstrap.volumes | indent 8 }} {{ end }} - {{- end }} diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml index bdab4573..51ba2549 100644 --- a/charts/armada/values.yaml +++ b/charts/armada/values.yaml @@ -46,31 +46,6 @@ images: - dep_check - image_repo_sync -bootstrap_apiserver: - command_prefix: - - kube-apiserver - - --advertise-address=$(ADVERTISE_ADDRESS) - - --allow-privileged=true - - --anonymous-auth=false - - --bind-address=0.0.0.0 - - --client-ca-file=/etc/kubernetes/apiserver/pki/cluster-ca.pem - - --etcd-cafile=/etc/kubernetes/apiserver/pki/etcd-client-ca.pem - - --etcd-certfile=/etc/kubernetes/apiserver/pki/etcd-client.pem - - --etcd-keyfile=/etc/kubernetes/apiserver/pki/etcd-client-key.pem - - --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/kubelet-client-ca.pem - - --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/kubelet-client.pem - - --kubelet-client-key=/etc/kubernetes/apiserver/pki/kubelet-client-key.pem - - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - - --service-account-issuer=https://kubernetes.default.svc.cluster.local - - --service-account-key-file=/etc/kubernetes/apiserver/pki/service-account.pub - - --service-account-signing-key-file=/etc/kubernetes/apiserver/pki/service-account.key - - --tls-cert-file=/etc/kubernetes/apiserver/pki/apiserver.pem - - --tls-private-key-file=/etc/kubernetes/apiserver/pki/apiserver-key.pem - genesis_arguments: [] - arguments: - - --etcd-servers=https://localhost:12379 - - --secure-port=6444 - - --endpoint-reconciler-type=none network: api: @@ -296,9 +271,6 @@ pod: value: /tmp/log/bootstrap-armada-operator.log - name: KUBECONFIG value: /root/.kube/config - apiserver_bootstrap: - - name: KUBECONFIG - value: /etc/kubernetes/admin/config # NOTE(@drewwalters96): These configuration values change the Armada API's # uWSGI configuration. armada_api: @@ -371,13 +343,6 @@ pod: name: ipc - mountPath: /etc/kubernetes/manifests name: manifest - apiserver: - volumeMounts: - - name: auth - mountPath: /etc/kubernetes/admin - - name: config - mountPath: /etc/kubernetes/apiserver - readOnly: true armada_api: init_container: null armada_api: @@ -429,13 +394,6 @@ pod: requests: cpu: "100m" memory: "128Mi" - apiserver_bootstrap: - limits: - cpu: "8" - memory: "8Gi" - requests: - cpu: "100m" - memory: "128Mi" api: limits: memory: "128Mi"