How to set API Server parameters on kubespray deployment

5/3/2019

I am using kubespray for the deployment of a kubernetes cluster and want to set some API Server parameters for the deployment. In specific I want to configure the authentication via OpenID Connect (e.g set the oidc-issuer-url parameter). I saw that kubespray has some vars to set (https://github.com/kubernetes-sigs/kubespray/blob/master/docs/vars.md), but not the ones I am looking for.

Is there a way to set these parameters via kubespray? I don't want to configure each master manually (e.g by editing the /etc/kubernetes/manifests/kube-apiserver.yaml files).

Thanks for your help

-- chresse
kubernetes
kubespray

2 Answers

5/3/2019

On the bottom of the page you are referring to there is description how to define custom flags for various components of k8s:

kubelet_custom_flags:
  - "--eviction-hard=memory.available<100Mi"
  - "--eviction-soft-grace-period=memory.available=30s"
  - "--eviction-soft=memory.available<300Mi"

The possible vars are:

apiserver_custom_flags
controller_mgr_custom_flags
scheduler_custom_flags
kubelet_custom_flags
kubelet_node_custom_flags
-- Vasily Angapov
Source: StackOverflow

5/3/2019

The k8s-cluster.yml file has some parameters which allow to set the OID configuration:

kube_oidc_auth: true
...
kube_oidc_url: https:// ...
kube_oidc_client_id: kubernetes
kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
kube_oidc_username_claim: sub
kube_oidc_username_prefix: oidc:
kube_oidc_groups_claim: groups
kube_oidc_groups_prefix: oidc:

These parameters are the counter parts to the oidc api server parameters

-- chresse
Source: StackOverflow