From f77aea13e95be13cf9f03cee64c8327330340c02 Mon Sep 17 00:00:00 2001 From: ChengHao Yang <17496418+tico88612@users.noreply.github.com> Date: Sun, 15 Jun 2025 04:38:56 +0800 Subject: [PATCH] Cleanup: kubeadm-config v1beta4 extra args defined conditions (#12307) * Cleanup: kubeadm-config v1beta4 extra args defined conditions Some variables have already been defined, so there is no need to useconditional statements to check whether they have been defined. Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com> * Cleanup: cloud-provider extra args Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com> --------- Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com> --- .../templates/kubeadm-config.v1beta3.yaml.j2 | 18 +++------- .../templates/kubeadm-config.v1beta4.yaml.j2 | 36 +++---------------- 2 files changed, 9 insertions(+), 45 deletions(-) diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 index 4612917d1..4330efafb 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 @@ -106,18 +106,10 @@ certificatesDir: {{ kube_cert_dir }} imageRepository: {{ kube_image_repo }} apiServer: extraArgs: -{% if kube_apiserver_etcd_compaction_interval is defined %} etcd-compaction-interval: "{{ kube_apiserver_etcd_compaction_interval }}" -{% endif %} -{% if kube_apiserver_pod_eviction_not_ready_timeout_seconds is defined %} default-not-ready-toleration-seconds: "{{ kube_apiserver_pod_eviction_not_ready_timeout_seconds }}" -{% endif %} -{% if kube_apiserver_pod_eviction_unreachable_timeout_seconds is defined %} default-unreachable-toleration-seconds: "{{ kube_apiserver_pod_eviction_unreachable_timeout_seconds }}" -{% endif %} -{% if kube_api_anonymous_auth is defined %} anonymous-auth: "{{ kube_api_anonymous_auth }}" -{% endif %} {% if kube_apiserver_use_authorization_config_file %} authorization-config: "{{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml" {% else %} @@ -150,7 +142,7 @@ apiServer: {% if kube_apiserver_service_account_lookup %} service-account-lookup: "{{ kube_apiserver_service_account_lookup }}" {% endif %} -{% if kube_oidc_auth | default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} +{% if kube_oidc_auth and kube_oidc_url is defined and kube_oidc_client_id is defined %} oidc-issuer-url: "{{ kube_oidc_url }}" oidc-client-id: "{{ kube_oidc_client_id }}" {% if kube_oidc_ca_file is defined %} @@ -169,7 +161,7 @@ apiServer: oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}" {% endif %} {% endif %} -{% if kube_webhook_token_auth | default(false) %} +{% if kube_webhook_token_auth %} authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml {% endif %} {% if kube_webhook_authorization and not kube_apiserver_use_authorization_config_file %} @@ -213,9 +205,7 @@ apiServer: tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %} {% endif %} -{% if event_ttl_duration is defined %} event-ttl: {{ event_ttl_duration }} -{% endif %} {% if kubelet_rotate_server_certificates %} kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt {% endif %} @@ -229,12 +219,12 @@ apiServer: hostPath: {{ kube_token_dir }} mountPath: {{ kube_token_dir }} {% endif %} -{% if kube_webhook_token_auth | default(false) %} +{% if kube_webhook_token_auth %} - name: webhook-token-auth-config hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml {% endif %} -{% if kube_webhook_authorization | default(false) %} +{% if kube_webhook_authorization %} - name: webhook-authorization-config hostPath: {{ kube_config_dir }}/webhook-authorization-config.yaml mountPath: {{ kube_config_dir }}/webhook-authorization-config.yaml diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 index 5d4d40eda..fc4c28c04 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 @@ -125,22 +125,14 @@ certificatesDir: {{ kube_cert_dir }} imageRepository: {{ kube_image_repo }} apiServer: extraArgs: -{% if kube_apiserver_etcd_compaction_interval is defined %} - name: etcd-compaction-interval value: "{{ kube_apiserver_etcd_compaction_interval }}" -{% endif %} -{% if kube_apiserver_pod_eviction_not_ready_timeout_seconds is defined %} - name: default-not-ready-toleration-seconds value: "{{ kube_apiserver_pod_eviction_not_ready_timeout_seconds }}" -{% endif %} -{% if kube_apiserver_pod_eviction_unreachable_timeout_seconds is defined %} - name: default-unreachable-toleration-seconds value: "{{ kube_apiserver_pod_eviction_unreachable_timeout_seconds }}" -{% endif %} -{% if kube_api_anonymous_auth is defined %} - name: anonymous-auth value: "{{ kube_api_anonymous_auth }}" -{% endif %} {% if kube_apiserver_use_authorization_config_file %} - name: authorization-config value: "{{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml" @@ -186,7 +178,7 @@ apiServer: - name: service-account-lookup value: "{{ kube_apiserver_service_account_lookup }}" {% endif %} -{% if kube_oidc_auth | default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} +{% if kube_oidc_auth and kube_oidc_url is defined and kube_oidc_client_id is defined %} - name: oidc-issuer-url value: "{{ kube_oidc_url }}" - name: oidc-client-id @@ -212,7 +204,7 @@ apiServer: value: "{{ kube_oidc_groups_prefix }}" {% endif %} {% endif %} -{% if kube_webhook_token_auth | default(false) %} +{% if kube_webhook_token_auth %} - name: authentication-token-webhook-config-file value: "{{ kube_config_dir }}/webhook-token-auth-config.yaml" {% endif %} @@ -274,10 +266,8 @@ apiServer: - name: tls-cipher-suites value: "{% for tls in tls_cipher_suites %}{{ tls }}{{ ',' if not loop.last else '' }}{% endfor %}" {% endif %} -{% if event_ttl_duration is defined %} - name: event-ttl value: "{{ event_ttl_duration }}" -{% endif %} {% if kubelet_rotate_server_certificates %} - name: kubelet-certificate-authority value: "{{ kube_cert_dir }}/ca.crt" @@ -293,12 +283,12 @@ apiServer: hostPath: {{ kube_token_dir }} mountPath: {{ kube_token_dir }} {% endif %} -{% if kube_webhook_token_auth | default(false) %} +{% if kube_webhook_token_auth %} - name: webhook-token-auth-config hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml {% endif %} -{% if kube_webhook_authorization | default(false) %} +{% if kube_webhook_authorization %} - name: webhook-authorization-config hostPath: {{ kube_config_dir }}/webhook-authorization-config.yaml mountPath: {{ kube_config_dir }}/webhook-authorization-config.yaml @@ -395,12 +385,6 @@ controllerManager: - name: "{{ key }}" value: "{{ kube_kubeadm_controller_extra_args[key] }}" {% endfor %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} - - name: cloud-provider - value: "{{ cloud_provider }}" - - name: cloud-config - value: "{{ kube_config_dir }}/cloud_config" -{% endif %} {% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %} - name: configure-cloud-routes value: "false" @@ -417,18 +401,8 @@ controllerManager: - name: tls-cipher-suites value: "{% for tls in tls_cipher_suites %}{{ tls }}{{ ',' if not loop.last else '' }}{% endfor %}" {% endif %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] or controller_manager_extra_volumes %} +{% if controller_manager_extra_volumes %} extraVolumes: -{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %} - - name: openstackcacert - hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" - mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" -{% endif %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} - - name: cloud-config - hostPath: {{ kube_config_dir }}/cloud_config - mountPath: {{ kube_config_dir }}/cloud_config -{% endif %} {% for volume in controller_manager_extra_volumes %} - name: {{ volume.name }} hostPath: {{ volume.hostPath }}