From 04b19359cb71aef2f6981a74fd69a6e6f8c3927a Mon Sep 17 00:00:00 2001 From: Hans Feldt <2808287+hafe@users.noreply.github.com> Date: Wed, 21 Oct 2020 16:32:20 +0200 Subject: [PATCH] allow non existing etcd group (#6797) When using kubeadm managed etcd, configuring an etcd group can now be skipped. --- .../preinstall/tasks/0020-verify-settings.yml | 15 ++++++++++++--- .../kubernetes/preinstall/tasks/0090-etchosts.yml | 2 +- roles/kubespray-defaults/defaults/main.yaml | 7 +++++-- roles/kubespray-defaults/tasks/no_proxy.yml | 2 +- .../calico/templates/calico-node.yml.j2 | 3 ++- 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 95086e6f9..e590d6609 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -1,14 +1,22 @@ --- -- name: Stop if either kube-master, kube-node or etcd is empty +- name: Stop if either kube-master or kube-node group is empty assert: - that: groups.get('{{ item }}') + that: "groups.get('{{ item }}')" with_items: - kube-master - kube-node - - etcd run_once: true when: not ignore_assert_errors +- name: Stop if etcd group is empty in external etcd mode + assert: + that: groups.get('etcd') + fail_msg: "Group 'etcd' cannot be empty in external etcd mode" + run_once: true + when: + - not ignore_assert_errors + - not etcd_kubeadm_enabled + - name: Stop if non systemd OS type assert: that: ansible_service_mgr == "systemd" @@ -61,6 +69,7 @@ that: groups.etcd|length is not divisibleby 2 when: - not ignore_assert_errors + - groups.get('etcd') - inventory_hostname in groups['etcd'] - name: Stop if memory is too small for masters diff --git a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml index a8c40f6f9..81913cb10 100644 --- a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml +++ b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml @@ -2,7 +2,7 @@ - name: Hosts | create list from inventory set_fact: etc_hosts_inventory_block: |- - {% for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%} + {% for item in (groups['k8s-cluster'] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%} {% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or 'ansible_default_ipv4' in hostvars[item] -%} {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }} {%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }}{% endif %} {{ item }}.{{ dns_domain }} {{ item }} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 13c947a2d..7a9c31dc2 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -472,6 +472,9 @@ kube_apiserver_client_key: "{{ kube_cert_dir }}/ca.key" # Set to true to deploy etcd-events cluster etcd_events_cluster_enabled: false +# etcd group can be empty when kubeadm manages etcd +etcd_hosts: "{{ groups['etcd'] | default(groups['kube-master']) }}" + # Vars for pointing to etcd endpoints is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}" etcd_address: "{{ ip | default(fallback_ips[inventory_hostname]) }}" @@ -482,12 +485,12 @@ etcd_client_url: "https://{{ etcd_access_address }}:2379" etcd_events_peer_url: "https://{{ etcd_events_access_address }}:2382" etcd_events_client_url: "https://{{ etcd_events_access_address }}:2381" etcd_access_addresses: |- - {% for item in groups['etcd'] -%} + {% for item in etcd_hosts -%} https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:2379{% if not loop.last %},{% endif %} {%- endfor %} etcd_events_access_addresses_list: |- [ - {% for item in groups['etcd'] -%} + {% for item in etcd_hosts -%} 'https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:2381'{% if not loop.last %},{% endif %} {%- endfor %} ] diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml index 5af4cc068..a0de178f7 100755 --- a/roles/kubespray-defaults/tasks/no_proxy.yml +++ b/roles/kubespray-defaults/tasks/no_proxy.yml @@ -11,7 +11,7 @@ {% else %} {% set cluster_or_master = 'k8s-cluster' %} {% endif %} - {%- for item in (groups[cluster_or_master] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%} + {%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%} {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}, {%- if item != hostvars[item].get('ansible_hostname', '') -%} {{ hostvars[item]['ansible_hostname'] }}, diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index 056f26dd4..0cdfbbc02 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -18,8 +18,9 @@ spec: labels: k8s-app: calico-node annotations: - # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12) +{% if calico_datastore == "etcd" %} kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}" +{% endif %} {% if calico_felix_prometheusmetricsenabled %} prometheus.io/scrape: 'true' prometheus.io/port: "{{ calico_felix_prometheusmetricsport }}"