kubeadm-config to git

kube-system/kubeadm-config.yaml

@@ -0,0 +1,48 @@
+# changes are rolled out manually with most $ kubeadm upgrade commands
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeadm-config
+  namespace: kube-system
+data:
+  ClusterConfiguration: |
+    apiServer:
+      certSANs:
+      - master.kube.k-space.ee
+      extraArgs:
+      - name: authorization-mode
+        value: Node,RBAC
+      - name: oidc-client-id
+        value: passmower.kubelogin
+      - name: oidc-groups-claim
+        value: groups
+      - name: oidc-issuer-url
+        value: https://auth.k-space.ee/
+      - name: oidc-username-claim
+        value: sub
+    apiVersion: kubeadm.k8s.io/v1beta4
+    caCertificateValidityPeriod: 87600h0m0s
+    certificateValidityPeriod: 8760h0m0s
+    certificatesDir: /etc/kubernetes/pki
+    clusterName: kubernetes
+    controlPlaneEndpoint: master.kube.k-space.ee:6443
+    controllerManager:
+      extraArgs:
+      - name: node-cidr-mask-size-ipv4
+        value: "20"
+      - name: node-cidr-mask-size-ipv6
+        value: "96"
+    dns: {}
+    encryptionAlgorithm: RSA-2048
+    etcd:
+      local:
+        dataDir: /var/lib/etcd
+    imageRepository: registry.k8s.io
+    kind: ClusterConfiguration
+    kubernetesVersion: v1.34.3
+    networking:
+      dnsDomain: cluster.local
+      podSubnet: 10.244.0.0/16,2001:bb8:4008:21:244::/80
+      serviceSubnet: 10.96.0.0/12
+    proxy: {}
+    scheduler: {}

kube-system/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 namespace: kube-system
 
 resources:
+- ./kubeadm-config.yaml
 - ./descheduler.yaml
 - ./kube-state-metrics.yaml
 - ./metrics-server.yaml