From d6ebe8c3e7abba6da384283e85815071556dd9bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <andreas@kruger.nu>
Date: Mon, 24 Sep 2018 11:17:18 +0200
Subject: [PATCH] Sync manifests with kubeadm (#3383)

---
 roles/kubernetes/master/defaults/main.yml                       | 2 ++
 .../kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 | 2 ++
 .../kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 | 2 ++
 .../master/templates/manifests/kube-apiserver.manifest.j2       | 1 +
 .../templates/manifests/kube-controller-manager.manifest.j2     | 2 +-
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 4a7269bae..cf0ca459b 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -61,6 +61,7 @@ kube_controller_cpu_requests: 100m
 kube_controller_node_monitor_grace_period: 40s
 kube_controller_node_monitor_period: 5s
 kube_controller_pod_eviction_timeout: 5m0s
+kube_controller_terminated_pod_gc_threshold: 12500
 kube_scheduler_memory_limit: 512M
 kube_scheduler_cpu_limit: 250m
 kube_scheduler_memory_requests: 170M
@@ -69,6 +70,7 @@ kube_apiserver_memory_limit: 2000M
 kube_apiserver_cpu_limit: 800m
 kube_apiserver_memory_requests: 256M
 kube_apiserver_cpu_requests: 100m
+kube_apiserver_request_timeout: "1m0s"
 
 # 1.9 and below Admission control plug-ins
 kube_apiserver_admission_control:
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
index ca1ffe2e4..425b29f27 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
@@ -69,6 +69,7 @@ apiServerExtraArgs:
   service-node-port-range: {{ kube_apiserver_node_port_range }}
   kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
   profiling: "{{ kube_profiling }}"
+  request-timeout: "{{ kube_apiserver_request_timeout }}"
   repair-malformed-updates: "false"
   enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
 {% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=')  %}
@@ -112,6 +113,7 @@ controllerManagerExtraArgs:
   node-monitor-period: {{ kube_controller_node_monitor_period }}
   pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
   profiling: "{{ kube_profiling }}"
+  terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
 {% if kube_feature_gates %}
   feature-gates: {{ kube_feature_gates|join(',') }}
 {% endif %}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 0807d8ee2..6fb9ec1b0 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -61,6 +61,7 @@ apiServerExtraArgs:
   service-node-port-range: {{ kube_apiserver_node_port_range }}
   kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
   profiling: "{{ kube_profiling }}"
+  request-timeout: "{{ kube_apiserver_request_timeout }}"
   repair-malformed-updates: "false"
   enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
 {% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=')  %}
@@ -111,6 +112,7 @@ controllerManagerExtraArgs:
   node-monitor-period: {{ kube_controller_node_monitor_period }}
   pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
   profiling: "{{ kube_profiling }}"
+  terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
 {% if kube_feature_gates %}
   feature-gates: {{ kube_feature_gates|join(',') }}
 {% endif %}
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index a157fec62..dbf9f082c 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -73,6 +73,7 @@ spec:
     - --kubelet-client-key={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem
     - --service-account-lookup=true
     - --kubelet-preferred-address-types={{ kubelet_preferred_address_types }}
+    - --request-timeout={{ kube_apiserver_request_timeout }}
 {% if kube_basic_auth|default(true) %}
     - --basic-auth-file={{ kube_users_dir }}/known_users.csv
 {% endif %}
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index 674c1a4cf..a14d689d0 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -38,7 +38,7 @@ spec:
     - --node-monitor-period={{ kube_controller_node_monitor_period }}
     - --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
     - --profiling={{ kube_profiling }}
-    - --terminated-pod-gc-threshold=12500
+    - --terminated-pod-gc-threshold={{ kube_controller_terminated_pod_gc_threshold }}
     - --v={{ kube_log_level }}
 {% if rbac_enabled %}
     - --use-service-account-credentials=true
-- 
GitLab