kubespray/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2

---
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
discovery:
  bootstrapToken:
{% if kubeadm_config_api_fqdn is defined %}
    apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
{% else %}
    apiServerEndpoint: {{ kubeadm_discovery_address }}
{% endif %}
    token: {{ kubeadm_token }}
{% if kubeadm_ca_hash.stdout is defined %}
    caCertHashes:
    - sha256:{{ kubeadm_ca_hash.stdout }}
{% else %}
    unsafeSkipCAVerification: true
{% endif %}
  timeout: {{ discovery_timeout }}
  tlsBootstrapToken: {{ kubeadm_token }}
caCertPath: {{ kube_cert_dir }}/ca.crt
{% if kubeadm_cert_controlplane is defined and kubeadm_cert_controlplane %}
controlPlane:
  localAPIEndpoint:
    advertiseAddress: {{ kube_apiserver_address }}
    bindPort: {{ kube_apiserver_port }}
  certificateKey: {{ kubeadm_certificate_key }}
{% endif %}
nodeRegistration:
  name: '{{ kube_override_hostname }}'
  criSocket: {{ cri_socket }}
{% if 'calico_rr' in group_names and 'kube_node' not in group_names %}
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/calico-rr
{% endif %}
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
patches:
  directory: {{ kubeadm_patches.dest_dir }}
{% endif %}