contrib/terraform/upcloud/cluster-settings.tfvars

@@ -116,8 +116,9 @@ k8s_allowed_remote_ips = [
 master_allowed_ports = []
 worker_allowed_ports = []
 
-loadbalancer_enabled = false
-loadbalancer_plan    = "development"
+loadbalancer_enabled        = false
+loadbalancer_plan           = "development"
+loadbalancer_proxy_protocol = false
 loadbalancers = {
   # "http" : {
   #   "port" : 80,

contrib/terraform/upcloud/main.tf

@@ -31,9 +31,10 @@ module "kubernetes" {
   master_allowed_ports      = var.master_allowed_ports
   worker_allowed_ports      = var.worker_allowed_ports
 
-  loadbalancer_enabled = var.loadbalancer_enabled
-  loadbalancer_plan    = var.loadbalancer_plan
-  loadbalancers        = var.loadbalancers
+  loadbalancer_enabled                 = var.loadbalancer_enabled
+  loadbalancer_plan                    = var.loadbalancer_plan
+  loadbalancer_outbound_proxy_protocol = var.loadbalancer_proxy_protocol ? "v2" : ""
+  loadbalancers                        = var.loadbalancers
 
   server_groups = var.server_groups
 }

contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf

@@ -521,6 +521,9 @@ resource "upcloud_loadbalancer_backend" "lb_backend" {
 
   loadbalancer = upcloud_loadbalancer.lb[0].id
   name         = "lb-backend-${each.key}"
+  properties {
+    outbound_proxy_protocol = var.loadbalancer_outbound_proxy_protocol
+  }
 }
 
 resource "upcloud_loadbalancer_frontend" "lb_frontend" {

contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf

@@ -85,6 +85,10 @@ variable "loadbalancer_plan" {
   type = string
 }
 
+variable "loadbalancer_outbound_proxy_protocol" {
+  type = string
+}
+
 variable "loadbalancers" {
   description = "Load balancers"
 

contrib/terraform/upcloud/variables.tf

@@ -121,6 +121,11 @@ variable "loadbalancer_plan" {
   default     = "development"
 }
 
+variable "loadbalancer_proxy_protocol" {
+  type    = bool
+  default = false
+}
+
 variable "loadbalancers" {
   description = "Load balancers"
 

docs/vars.md

@@ -220,6 +220,14 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 
 * *kubelet_cpu_manager_policy* -  If set to `static`, allows pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. And it should be set with `kube_reserved` or `system-reserved`, enable this with the following guide:[Control CPU Management Policies on the Node](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/)
 
+* *kubelet_cpu_manager_policy_options* -  A dictionary of cpuManagerPolicyOptions to enable. Keep in mind to enable the corresponding feature gates and make sure to pass the booleans as string (i.e. don't forget the quotes)!
+
+```yml
+kubelet_cpu_manager_policy_options:
+    distribute-cpus-across-numa: "true"
+    full-pcpus-only: "true"
+```
+
 * *kubelet_topology_manager_policy* - Control the behavior of the allocation of CPU and Memory from different [NUMA](https://en.wikipedia.org/wiki/Non-uniform_memory_access) Nodes. Enable this with the following guide: [Control Topology Management Policies on a node](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager).
 
 * *kubelet_topology_manager_scope* - The Topology Manager can deal with the alignment of resources in a couple of distinct scopes: `container` and `pod`. See [Topology Manager Scopes](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager/#topology-manager-scopes).

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -14,7 +14,7 @@ certificateKey: {{ kubeadm_certificate_key }}
 {% endif %}
 nodeRegistration:
 {% if kube_override_hostname | default('') %}
-  name: {{ kube_override_hostname }}
+  name: "{{ kube_override_hostname }}"
 {% endif %}
 {% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube_node'] %}
   taints:
@@ -76,17 +76,17 @@ etcd:
 {% endfor %}
     serverCertSANs:
 {% for san in etcd_cert_alt_names %}
-      - {{ san }}
+      - "{{ san }}"
 {% endfor %}
 {% for san in etcd_cert_alt_ips %}
-      - {{ san }}
+      - "{{ san }}"
 {% endfor %}
     peerCertSANs:
 {% for san in etcd_cert_alt_names %}
-      - {{ san }}
+      - "{{ san }}"
 {% endfor %}
 {% for san in etcd_cert_alt_ips %}
-      - {{ san }}
+      - "{{ san }}"
 {% endfor %}
 {% endif %}
 dns:
@@ -294,7 +294,7 @@ apiServer:
 {% endif %}
   certSANs:
 {% for san in apiserver_sans %}
-  - {{ san }}
+  - "{{ san }}"
 {% endfor %}
   timeoutForControlPlane: 5m0s
 controllerManager:
@@ -416,7 +416,7 @@ conntrack:
   tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
 enableProfiling: {{ kube_proxy_enable_profiling }}
 healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
-hostnameOverride: {{ kube_override_hostname }}
+hostnameOverride: "{{ kube_override_hostname }}"
 iptables:
   masqueradeAll: {{ kube_proxy_masquerade_all }}
   masqueradeBit: {{ kube_proxy_masquerade_bit }}

roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2

@@ -160,6 +160,10 @@ seccompDefault: {{ kubelet_seccomp_default | bool }}
 {% if kubelet_cpu_manager_policy is defined %}
 cpuManagerPolicy: {{ kubelet_cpu_manager_policy }}
 {% endif %}
+{% if kubelet_cpu_manager_policy_options is defined %}
+cpuManagerPolicyOptions:
+  {{ kubelet_cpu_manager_policy_options | to_nice_yaml(indent=2) }}
+{% endif %}
 {% if kubelet_topology_manager_policy is defined %}
 topologyManagerPolicy: {{ kubelet_topology_manager_policy }}
 {% endif %}