Example Hooks¶
Ready-to-use hooks are provided in the example-hooks/ directory. Each hook can be assigned to one or more lifecycle hook points via the kubernetes_hookfiles variable.
Note
These hooks are intended for bootstrapping only. For ongoing management and version upgrades of cluster components, use GitOps tools like ArgoCD or Flux.
CNI Plugins¶
| Hook | Hook Point | Description |
|---|---|---|
| Cilium | post_cluster_init |
Cilium CNI with kube-proxy replacement, WireGuard, Hubble, and BGP |
| Calico | post_cluster_init |
Calico CNI from upstream manifest |
Cluster Components¶
| Hook | Hook Point | Description |
|---|---|---|
| ArgoCD | post_workers |
ArgoCD HA with Azure OIDC |
| Sealed Secrets | post_workers |
Bitnami Sealed Secrets controller |
| Kube-VIP | post_workers |
Virtual IP for LoadBalancer services |
| vSphere CPI | post_cluster_init |
vSphere Cloud Provider Interface |
| Kubelet CSR Approver | post_control_planes |
Automatic kubelet CSR approval |
| Etcd Backup | post_control_planes |
Daily etcd snapshot CronJob |
Tools¶
| Hook | Hook Points | Description |
|---|---|---|
| Helm | pre_configure_control_planes, pre_upgrade_control_planes |
Install/upgrade Helm CLI |
| Kustomize | pre_configure_control_planes, pre_upgrade_control_planes |
Install/upgrade Kustomize CLI |
| crun | pre_prerequisites, post_upgrade |
crun OCI runtime (replaces runc) |
Configuration¶
| Hook | Hook Point | Description |
|---|---|---|
| Admin Role Binding | post_cluster_init |
OIDC admin ClusterRoleBinding |
| Copy Admin Config | post_cluster_init |
Copy kubeconfig locally |
| Local Kubeconfig (Azure) | post_control_planes |
Azure OIDC kubeconfig via kubelogin |
| Local Kubeconfig (int128) | post_control_planes |
Generic OIDC kubeconfig via kubelogin |
| Containerd Config | pre_prerequisites, post_upgrade |
CDI/KubeVirt containerd support |
| Registry Mirrors | post_proxies |
Container registry pull-through mirrors |
| Proxy on Control Planes | pre_control_planes |
HAProxy + Keepalived on control planes |