From 486b223e01960e66dc2f2177d739f8b7b8799485 Mon Sep 17 00:00:00 2001 From: Kenichi Omichi Date: Tue, 23 Mar 2021 17:26:05 -0700 Subject: [PATCH] Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation --- .gitlab-ci.yml | 2 +- .gitlab-ci/packet.yml | 4 +-- Vagrantfile | 4 +-- cluster.yml | 17 +++++++--- .../aws_inventory/kubespray-aws-inventory.py | 4 +-- .../generate-inventory/templates/inventory.j2 | 6 ++-- .../templates/inventory.j2 | 6 ++-- .../generate-templates/templates/masters.json | 2 +- contrib/inventory_builder/inventory.py | 18 +++++----- .../inventory_builder/tests/test_inventory.py | 4 +-- .../network-storage/glusterfs/glusterfs.yml | 2 +- .../glusterfs/inventory.example | 4 +-- .../kubernetes-pv/ansible/tasks/main.yaml | 4 +-- .../heketi/heketi-tear-down.yml | 2 +- contrib/network-storage/heketi/heketi.yml | 2 +- .../heketi/inventory.yml.sample | 2 +- contrib/terraform/aws/README.md | 2 +- .../terraform/aws/create-infrastructure.tf | 2 +- contrib/terraform/aws/modules/iam/main.tf | 10 +++--- contrib/terraform/aws/modules/iam/outputs.tf | 4 +-- contrib/terraform/aws/templates/inventory.tpl | 4 +-- .../exoscale/templates/inventory.tpl | 6 ++-- contrib/terraform/gcp/generate-inventory.sh | 6 ++-- .../openstack/modules/compute/main.tf | 8 ++--- contrib/terraform/packet/kubespray.tf | 4 +-- .../terraform/upcloud/templates/inventory.tpl | 4 +-- .../terraform/vsphere/templates/inventory.tpl | 4 +-- .../vault-secrets/tasks/gen_certs_vault.yml | 30 ++++++++-------- .../tasks/sync_kube_master_certs.yml | 8 ++--- .../tasks/sync_kube_node_certs.yml | 2 +- contrib/vault/roles/vault/defaults/main.yml | 8 ++--- .../roles/vault/tasks/bootstrap/main.yml | 2 +- .../tasks/bootstrap/sync_vault_certs.yml | 2 +- .../vault/roles/vault/tasks/cluster/main.yml | 2 +- docs/ansible.md | 12 +++---- docs/aws.md | 6 ++-- docs/calico.md | 6 ++-- docs/downloads.md | 2 +- docs/getting-started.md | 10 +++--- docs/ha-mode.md | 16 ++++----- docs/integration.md | 2 +- docs/large-deployments.md | 2 +- docs/nodes.md | 12 +++---- docs/recover-control-plane.md | 8 ++--- docs/test_cases.md | 4 +-- docs/upgrades.md | 2 +- docs/vars.md | 2 +- .../migrate_openstack_provider.yml | 4 +-- extra_playbooks/upgrade-only-k8s.yml | 4 +-- inventory/local/hosts.ini | 4 +-- inventory/sample/inventory.ini | 4 +-- recover-control-plane.yml | 13 +++++-- remove-node.yml | 13 +++++-- reset.yml | 9 +++++ .../containerd/molecule/default/molecule.yml | 2 +- .../cri-o/molecule/default/molecule.yml | 8 ++--- .../molecule/default/molecule.yml | 4 +-- roles/download/defaults/main.yml | 24 ++++++------- roles/download/tasks/main.yml | 2 +- .../ansible/tasks/cleanup_dns.yml | 6 ++-- .../kubernetes-apps/ansible/tasks/coredns.yml | 4 +-- .../ansible/tasks/dashboard.yml | 4 +-- roles/kubernetes-apps/ansible/tasks/main.yml | 10 +++--- .../ansible/tasks/netchecker.yml | 4 +-- .../ansible/tasks/nodelocaldns.yml | 4 +-- .../cloud_controller/oci/tasks/main.yml | 8 ++--- .../cluster_roles/tasks/main.yml | 26 +++++++------- .../cluster_roles/tasks/oci.yml | 4 +-- .../nvidia_gpu/tasks/main.yml | 4 +-- .../container_runtimes/crun/tasks/main.yaml | 4 +-- .../kata_containers/tasks/main.yaml | 4 +-- .../csi_driver/aws_ebs/tasks/main.yml | 4 +-- .../csi_driver/azuredisk/tasks/main.yml | 8 ++--- .../csi_driver/cinder/tasks/main.yml | 8 ++--- .../csi_driver/csi_crd/tasks/main.yml | 4 +-- .../csi_driver/gcp_pd/tasks/main.yml | 8 ++--- .../csi_driver/vsphere/tasks/main.yml | 10 +++--- .../external_cloud_controller/meta/main.yml | 4 +-- .../openstack/tasks/main.yml | 8 ++--- .../vsphere/tasks/main.yml | 10 +++--- .../cephfs_provisioner/tasks/main.yml | 12 +++---- .../local_path_provisioner/tasks/main.yml | 6 ++-- .../local_volume_provisioner/tasks/main.yml | 4 +-- .../external_provisioner/meta/main.yml | 2 +- .../rbd_provisioner/tasks/main.yml | 12 +++---- .../alb_ingress_controller/tasks/main.yml | 4 +-- .../ambassador/tasks/main.yml | 10 +++--- .../cert_manager/tasks/main.yml | 16 ++++----- .../ingress_nginx/tasks/main.yml | 6 ++-- roles/kubernetes-apps/meta/main.yml | 18 +++++----- roles/kubernetes-apps/metallb/tasks/main.yml | 14 ++++---- .../metrics_server/tasks/main.yml | 10 +++--- .../network_plugin/canal/tasks/main.yml | 2 +- .../network_plugin/cilium/tasks/main.yml | 4 +-- .../network_plugin/flannel/tasks/main.yml | 2 +- .../network_plugin/kube-ovn/tasks/main.yml | 2 +- .../network_plugin/kube-router/tasks/main.yml | 4 +-- .../network_plugin/multus/tasks/main.yml | 2 +- .../network_plugin/ovn4nfv/tasks/main.yml | 2 +- .../network_plugin/weave/tasks/main.yml | 4 +-- .../aws-ebs-csi/tasks/main.yml | 4 +-- .../azuredisk-csi/tasks/main.yml | 4 +-- .../cinder-csi/tasks/main.yml | 4 +-- .../gcp-pd-csi/tasks/main.yml | 4 +-- .../openstack/tasks/main.yml | 4 +-- .../policy_controller/calico/tasks/main.yml | 4 +-- roles/kubernetes-apps/registry/tasks/main.yml | 8 ++--- .../snapshots/cinder-csi/tasks/main.yml | 4 +-- .../snapshot-controller/tasks/main.yml | 4 +-- .../control-plane/tasks/encrypt-at-rest.yml | 2 +- .../control-plane/tasks/kubeadm-secondary.yml | 12 +++---- .../control-plane/tasks/kubeadm-setup.yml | 28 +++++++-------- .../control-plane/tasks/kubeadm-upgrade.yml | 6 ++-- .../templates/k8s-certs-renew.timer.j2 | 2 +- .../templates/kubeadm-config.v1beta2.yaml.j2 | 2 +- .../kubeadm/tasks/kubeadm_etcd_node.yml | 2 +- roles/kubernetes/kubeadm/tasks/main.yml | 12 +++---- roles/kubernetes/node-label/tasks/main.yml | 4 +-- roles/kubernetes/node/tasks/install.yml | 2 +- .../templates/loadbalancer/haproxy.cfg.j2 | 2 +- .../node/templates/loadbalancer/nginx.conf.j2 | 2 +- roles/kubernetes/preinstall/handlers/main.yml | 12 +++---- .../preinstall/tasks/0020-verify-settings.yml | 12 +++---- .../kubernetes/tokens/tasks/check-tokens.yml | 4 +-- roles/kubernetes/tokens/tasks/gen_tokens.yml | 16 ++++----- roles/kubespray-defaults/defaults/main.yaml | 8 ++--- roles/kubespray-defaults/tasks/no_proxy.yml | 2 +- roles/network_plugin/calico/tasks/check.yml | 2 +- roles/network_plugin/calico/tasks/install.yml | 34 +++++++++---------- roles/network_plugin/calico/tasks/pre.yml | 2 +- .../calico/templates/calicoctl.kdd.sh.j2 | 2 +- roles/network_plugin/canal/tasks/main.yml | 2 +- roles/network_plugin/cilium/tasks/install.yml | 2 +- roles/network_plugin/cilium/tasks/main.yml | 2 +- roles/network_plugin/flannel/tasks/main.yml | 2 +- roles/network_plugin/kube-ovn/tasks/main.yml | 4 +-- .../kube-router/tasks/annotate.yml | 10 +++--- .../network_plugin/kube-router/tasks/main.yml | 2 +- roles/network_plugin/macvlan/tasks/main.yml | 2 +- roles/network_plugin/ovn4nfv/tasks/main.yml | 4 +-- .../control-plane/tasks/main.yml | 14 ++++---- roles/remove-node/post-remove/tasks/main.yml | 2 +- roles/remove-node/pre-remove/tasks/main.yml | 4 +-- roles/upgrade/post-upgrade/tasks/main.yml | 2 +- roles/upgrade/pre-upgrade/tasks/main.yml | 10 +++--- scale.yml | 15 ++++++-- .../roles/packet-ci/templates/inventory.j2 | 23 +++++++++++++ tests/scripts/testcases_run.sh | 2 +- tests/templates/inventory-aws.j2 | 6 ++-- tests/templates/inventory-do.j2 | 10 +++--- tests/templates/inventory-gce.j2 | 12 +++---- tests/testcases/010_check-apiserver.yml | 2 +- tests/testcases/015_check-nodes-ready.yml | 2 +- tests/testcases/020_check-pods-running.yml | 2 +- tests/testcases/030_check-network.yml | 2 +- tests/testcases/040_check-network-adv.yml | 22 ++++++------ tests/testcases/100_check-k8s-conformance.yml | 2 +- .../roles/cluster-dump/tasks/main.yml | 6 ++-- upgrade-cluster.yml | 23 +++++++++---- 159 files changed, 564 insertions(+), 485 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8161944e7..412f63d3c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,7 +30,7 @@ variables: MITOGEN_ENABLE: "false" ANSIBLE_LOG_LEVEL: "-vv" RECOVER_CONTROL_PLANE_TEST: "false" - RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:],kube-master[1:]" + RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:],kube_control_plane[1:]" before_script: - ./tests/scripts/rebase.sh diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index e5e9e4c27..a34976360 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -223,7 +223,7 @@ packet_ubuntu18-calico-ha-recover: when: on_success variables: RECOVER_CONTROL_PLANE_TEST: "true" - RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:],kube-master[1:]" + RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:],kube_control_plane[1:]" packet_ubuntu18-calico-ha-recover-noquorum: stage: deploy-part3 @@ -231,4 +231,4 @@ packet_ubuntu18-calico-ha-recover-noquorum: when: on_success variables: RECOVER_CONTROL_PLANE_TEST: "true" - RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[1:],kube-master[1:]" + RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[1:],kube_control_plane[1:]" diff --git a/Vagrantfile b/Vagrantfile index 1c43f280b..5ee9e4637 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -253,9 +253,9 @@ Vagrant.configure("2") do |config| #ansible.tags = ['download'] ansible.groups = { "etcd" => ["#{$instance_name_prefix}-[1:#{$etcd_instances}]"], - "kube-master" => ["#{$instance_name_prefix}-[1:#{$kube_master_instances}]"], + "kube_control_plane" => ["#{$instance_name_prefix}-[1:#{$kube_master_instances}]"], "kube-node" => ["#{$instance_name_prefix}-[1:#{$kube_node_instances}]"], - "k8s-cluster:children" => ["kube-master", "kube-node"], + "k8s-cluster:children" => ["kube_control_plane", "kube-node"], } end end diff --git a/cluster.yml b/cluster.yml index cf6942a6e..6a169e9b0 100644 --- a/cluster.yml +++ b/cluster.yml @@ -2,6 +2,15 @@ - name: Check ansible version import_playbook: ansible_version.yml +- name: Add kube-master nodes to kube_control_plane + # This is for old inventory which contains kube-master instead of kube_control_plane + hosts: kube-master + gather_facts: false + tasks: + - name: add nodes to kube_control_plane group + group_by: + key: 'kube_control_plane' + - hosts: bastion[0] gather_facts: False environment: "{{ proxy_disable_env }}" @@ -66,7 +75,7 @@ - { role: kubespray-defaults } - { role: kubernetes/node, tags: node } -- hosts: kube-master +- hosts: kube_control_plane gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -94,7 +103,7 @@ - { role: kubespray-defaults } - { role: network_plugin/calico/rr, tags: ['network', 'calico_rr'] } -- hosts: kube-master[0] +- hosts: kube_control_plane[0] gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -102,7 +111,7 @@ - { role: kubespray-defaults } - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] } -- hosts: kube-master +- hosts: kube_control_plane gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -114,7 +123,7 @@ - { role: kubernetes-apps/ingress_controller, tags: ingress-controller } - { role: kubernetes-apps/external_provisioner, tags: external-provisioner } -- hosts: kube-master +- hosts: kube_control_plane gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" diff --git a/contrib/aws_inventory/kubespray-aws-inventory.py b/contrib/aws_inventory/kubespray-aws-inventory.py index 91a848b62..46ad6a063 100755 --- a/contrib/aws_inventory/kubespray-aws-inventory.py +++ b/contrib/aws_inventory/kubespray-aws-inventory.py @@ -35,7 +35,7 @@ class SearchEC2Tags(object): hosts['_meta'] = { 'hostvars': {} } ##Search ec2 three times to find nodes of each group type. Relies on kubespray-role key/value. - for group in ["kube-master", "kube-node", "etcd"]: + for group in ["kube_control_plane", "kube-node", "etcd"]: hosts[group] = [] tag_key = "kubespray-role" tag_value = ["*"+group+"*"] @@ -70,7 +70,7 @@ class SearchEC2Tags(object): hosts[group].append(dns_name) hosts['_meta']['hostvars'][dns_name] = ansible_host - hosts['k8s-cluster'] = {'children':['kube-master', 'kube-node']} + hosts['k8s-cluster'] = {'children':['kube_control_plane', 'kube-node']} print(json.dumps(hosts, sort_keys=True, indent=2)) SearchEC2Tags() diff --git a/contrib/azurerm/roles/generate-inventory/templates/inventory.j2 b/contrib/azurerm/roles/generate-inventory/templates/inventory.j2 index cd93a2bb6..8a13cc635 100644 --- a/contrib/azurerm/roles/generate-inventory/templates/inventory.j2 +++ b/contrib/azurerm/roles/generate-inventory/templates/inventory.j2 @@ -7,9 +7,9 @@ {% endif %} {% endfor %} -[kube-master] +[kube_control_plane] {% for vm in vm_list %} -{% if 'kube-master' in vm.tags.roles %} +{% if 'kube_control_plane' in vm.tags.roles %} {{ vm.name }} {% endif %} {% endfor %} @@ -30,4 +30,4 @@ [k8s-cluster:children] kube-node -kube-master +kube_control_plane diff --git a/contrib/azurerm/roles/generate-inventory_2/templates/inventory.j2 b/contrib/azurerm/roles/generate-inventory_2/templates/inventory.j2 index 21f7bbf1c..61183cd1d 100644 --- a/contrib/azurerm/roles/generate-inventory_2/templates/inventory.j2 +++ b/contrib/azurerm/roles/generate-inventory_2/templates/inventory.j2 @@ -7,9 +7,9 @@ {% endif %} {% endfor %} -[kube-master] +[kube_control_plane] {% for vm in vm_roles_list %} -{% if 'kube-master' in vm.tags.roles %} +{% if 'kube_control_plane' in vm.tags.roles %} {{ vm.name }} {% endif %} {% endfor %} @@ -30,5 +30,5 @@ [k8s-cluster:children] kube-node -kube-master +kube_control_plane diff --git a/contrib/azurerm/roles/generate-templates/templates/masters.json b/contrib/azurerm/roles/generate-templates/templates/masters.json index 69a42cb68..b299383a6 100644 --- a/contrib/azurerm/roles/generate-templates/templates/masters.json +++ b/contrib/azurerm/roles/generate-templates/templates/masters.json @@ -144,7 +144,7 @@ "[concat('Microsoft.Network/networkInterfaces/', 'master-{{i}}-nic')]" ], "tags": { - "roles": "kube-master,etcd" + "roles": "kube_control_plane,etcd" }, "apiVersion": "{{apiVersion}}", "properties": { diff --git a/contrib/inventory_builder/inventory.py b/contrib/inventory_builder/inventory.py index 66d618474..814085a73 100644 --- a/contrib/inventory_builder/inventory.py +++ b/contrib/inventory_builder/inventory.py @@ -44,7 +44,7 @@ import re import subprocess import sys -ROLES = ['all', 'kube-master', 'kube-node', 'etcd', 'k8s-cluster', +ROLES = ['all', 'kube_control_plane', 'kube-node', 'etcd', 'k8s-cluster', 'calico-rr'] PROTECTED_NAMES = ROLES AVAILABLE_COMMANDS = ['help', 'print_cfg', 'print_ips', 'print_hostnames', @@ -299,21 +299,23 @@ class KubesprayInventory(object): def set_kube_control_plane(self, hosts): for host in hosts: - self.add_host_to_group('kube-master', host) + self.add_host_to_group('kube_control_plane', host) def set_all(self, hosts): for host, opts in hosts.items(): self.add_host_to_group('all', host, opts) def set_k8s_cluster(self): - k8s_cluster = {'children': {'kube-master': None, 'kube-node': None}} + k8s_cluster = {'children': {'kube_control_plane': None, + 'kube-node': None}} self.yaml_config['all']['children']['k8s-cluster'] = k8s_cluster def set_calico_rr(self, hosts): for host in hosts: - if host in self.yaml_config['all']['children']['kube-master']: + if host in self.yaml_config['all']['children']['kube_control_plane']: # noqa self.debug("Not adding {0} to calico-rr group because it " - "conflicts with kube-master group".format(host)) + "conflicts with kube_control_plane " + "group".format(host)) continue if host in self.yaml_config['all']['children']['kube-node']: self.debug("Not adding {0} to calico-rr group because it " @@ -330,10 +332,10 @@ class KubesprayInventory(object): "group.".format(host)) continue if len(self.yaml_config['all']['hosts']) >= MASSIVE_SCALE_THRESHOLD: # noqa - if host in self.yaml_config['all']['children']['kube-master']['hosts']: # noqa + if host in self.yaml_config['all']['children']['kube_control_plane']['hosts']: # noqa self.debug("Not adding {0} to kube-node group because of " - "scale deployment and host is in kube-master " - "group.".format(host)) + "scale deployment and host is in " + "kube_control_plane group.".format(host)) continue self.add_host_to_group('kube-node', host) diff --git a/contrib/inventory_builder/tests/test_inventory.py b/contrib/inventory_builder/tests/test_inventory.py index afcbe7500..c76990240 100644 --- a/contrib/inventory_builder/tests/test_inventory.py +++ b/contrib/inventory_builder/tests/test_inventory.py @@ -223,7 +223,7 @@ class TestInventory(unittest.TestCase): None) def test_set_kube_control_plane(self): - group = 'kube-master' + group = 'kube_control_plane' host = 'node1' self.inv.set_kube_control_plane([host]) @@ -242,7 +242,7 @@ class TestInventory(unittest.TestCase): def test_set_k8s_cluster(self): group = 'k8s-cluster' - expected_hosts = ['kube-node', 'kube-master'] + expected_hosts = ['kube-node', 'kube_control_plane'] self.inv.set_k8s_cluster() for host in expected_hosts: diff --git a/contrib/network-storage/glusterfs/glusterfs.yml b/contrib/network-storage/glusterfs/glusterfs.yml index e5b6f1301..8146dfc06 100644 --- a/contrib/network-storage/glusterfs/glusterfs.yml +++ b/contrib/network-storage/glusterfs/glusterfs.yml @@ -19,6 +19,6 @@ roles: - { role: glusterfs/client } -- hosts: kube-master[0] +- hosts: kube_control_plane[0] roles: - { role: kubernetes-pv } diff --git a/contrib/network-storage/glusterfs/inventory.example b/contrib/network-storage/glusterfs/inventory.example index 15fbad0a8..dc77b4b0a 100644 --- a/contrib/network-storage/glusterfs/inventory.example +++ b/contrib/network-storage/glusterfs/inventory.example @@ -14,7 +14,7 @@ # gfs_node2 ansible_ssh_host=95.54.0.19 # disk_volume_device_1=/dev/vdc ip=10.3.0.8 # gfs_node3 ansible_ssh_host=95.54.0.20 # disk_volume_device_1=/dev/vdc ip=10.3.0.9 -# [kube-master] +# [kube_control_plane] # node1 # node2 @@ -32,7 +32,7 @@ # [k8s-cluster:children] # kube-node -# kube-master +# kube_control_plane # [gfs-cluster] # gfs_node1 diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml index baf8356b6..5ed8f6944 100644 --- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml +++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml @@ -8,7 +8,7 @@ - { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml} - { file: glusterfs-kubernetes-endpoint-svc.json.j2, type: svc, dest: glusterfs-kubernetes-endpoint-svc.json} register: gluster_pv - when: inventory_hostname == groups['kube-master'][0] and groups['gfs-cluster'] is defined and hostvars[groups['gfs-cluster'][0]].gluster_disk_size_gb is defined + when: inventory_hostname == groups['kube_control_plane'][0] and groups['gfs-cluster'] is defined and hostvars[groups['gfs-cluster'][0]].gluster_disk_size_gb is defined - name: Kubernetes Apps | Set GlusterFS endpoint and PV kube: @@ -19,4 +19,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.dest }}" state: "{{ item.changed | ternary('latest','present') }}" with_items: "{{ gluster_pv.results }}" - when: inventory_hostname == groups['kube-master'][0] and groups['gfs-cluster'] is defined + when: inventory_hostname == groups['kube_control_plane'][0] and groups['gfs-cluster'] is defined diff --git a/contrib/network-storage/heketi/heketi-tear-down.yml b/contrib/network-storage/heketi/heketi-tear-down.yml index 92b9f92d6..9e2d1f45a 100644 --- a/contrib/network-storage/heketi/heketi-tear-down.yml +++ b/contrib/network-storage/heketi/heketi-tear-down.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] roles: - { role: tear-down } diff --git a/contrib/network-storage/heketi/heketi.yml b/contrib/network-storage/heketi/heketi.yml index 3ec719e95..2309267b1 100644 --- a/contrib/network-storage/heketi/heketi.yml +++ b/contrib/network-storage/heketi/heketi.yml @@ -3,7 +3,7 @@ roles: - { role: prepare } -- hosts: kube-master[0] +- hosts: kube_control_plane[0] tags: - "provision" roles: diff --git a/contrib/network-storage/heketi/inventory.yml.sample b/contrib/network-storage/heketi/inventory.yml.sample index 7d488d1ba..46adbed44 100644 --- a/contrib/network-storage/heketi/inventory.yml.sample +++ b/contrib/network-storage/heketi/inventory.yml.sample @@ -7,7 +7,7 @@ all: vars: kubelet_fail_swap_on: false children: - kube-master: + kube_control_plane: hosts: node1: etcd: diff --git a/contrib/terraform/aws/README.md b/contrib/terraform/aws/README.md index ea58de93e..993d2bb84 100644 --- a/contrib/terraform/aws/README.md +++ b/contrib/terraform/aws/README.md @@ -122,7 +122,7 @@ You can use the following set of commands to get the kubeconfig file from your n ```commandline # Get the controller's IP address. -CONTROLLER_HOST_NAME=$(cat ./inventory/hosts | grep "\[kube-master\]" -A 1 | tail -n 1) +CONTROLLER_HOST_NAME=$(cat ./inventory/hosts | grep "\[kube_control_plane\]" -A 1 | tail -n 1) CONTROLLER_IP=$(cat ./inventory/hosts | grep $CONTROLLER_HOST_NAME | grep ansible_host | cut -d'=' -f2) # Get the hostname of the load balancer. diff --git a/contrib/terraform/aws/create-infrastructure.tf b/contrib/terraform/aws/create-infrastructure.tf index 72aa27c79..1c7f036b7 100644 --- a/contrib/terraform/aws/create-infrastructure.tf +++ b/contrib/terraform/aws/create-infrastructure.tf @@ -84,7 +84,7 @@ resource "aws_instance" "k8s-master" { vpc_security_group_ids = module.aws-vpc.aws_security_group - iam_instance_profile = module.aws-iam.kube-master-profile + iam_instance_profile = module.aws-iam.kube_control_plane-profile key_name = var.AWS_SSH_KEY_NAME tags = merge(var.default_tags, map( diff --git a/contrib/terraform/aws/modules/iam/main.tf b/contrib/terraform/aws/modules/iam/main.tf index 1dc3c3a6a..a35afc7e5 100644 --- a/contrib/terraform/aws/modules/iam/main.tf +++ b/contrib/terraform/aws/modules/iam/main.tf @@ -1,6 +1,6 @@ #Add AWS Roles for Kubernetes -resource "aws_iam_role" "kube-master" { +resource "aws_iam_role" "kube_control_plane" { name = "kubernetes-${var.aws_cluster_name}-master" assume_role_policy = <- {{ - groups['kube-master'] + + groups['kube_control_plane'] + ['kubernetes.default.svc.'+cluster_name, 'kubernetes.default.svc', 'kubernetes.default', 'kubernetes'] + ['localhost'] }} @@ -36,18 +36,18 @@ when: loadbalancer_apiserver is defined run_once: true -# Issue master components certs to kube-master hosts +# Issue master components certs to kube_control_plane hosts - include_tasks: ../../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "kubernetes" issue_cert_alt_names: "{{ kube_cert_alt_names }}" issue_cert_file_group: "{{ kube_cert_group }}" issue_cert_file_owner: kube - issue_cert_hosts: "{{ groups['kube-master'] }}" + issue_cert_hosts: "{{ groups['kube_control_plane'] }}" issue_cert_run_once: true issue_cert_ip_sans: >- [ - {%- for host in groups['kube-master'] -%} + {%- for host in groups['kube_control_plane'] -%} "{{ hostvars[host]['ansible_default_ipv4']['address'] }}", {%- if hostvars[host]['ip'] is defined -%} "{{ hostvars[host]['ip'] }}", @@ -61,11 +61,11 @@ "127.0.0.1","::1","{{ kube_apiserver_ip }}" ] issue_cert_path: "{{ item }}" - issue_cert_role: kube-master + issue_cert_role: kube_control_plane issue_cert_url: "{{ hostvars[groups.vault|first]['vault_leader_url'] }}" issue_cert_mount_path: "{{ kube_vault_mount_path }}" with_items: "{{ kube_master_components_certs_needed|d([]) }}" - when: inventory_hostname in groups['kube-master'] + when: inventory_hostname in groups['kube_control_plane'] notify: set secret_changed # Issue node certs to k8s-cluster nodes @@ -100,7 +100,7 @@ with_items: "{{ kube_proxy_certs_needed|d([]) }}" when: inventory_hostname in groups['k8s-cluster'] -# Issue front proxy cert to kube-master hosts +# Issue front proxy cert to kube_control_plane hosts - include_tasks: ../../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "front-proxy-client" @@ -109,10 +109,10 @@ issue_cert_alt_names: "{{ kube_cert_alt_names }}" issue_cert_file_group: "{{ kube_cert_group }}" issue_cert_file_owner: kube - issue_cert_hosts: "{{ groups['kube-master'] }}" + issue_cert_hosts: "{{ groups['kube_control_plane'] }}" issue_cert_ip_sans: >- [ - {%- for host in groups['kube-master'] -%} + {%- for host in groups['kube_control_plane'] -%} "{{ hostvars[host]['ansible_default_ipv4']['address'] }}", {%- if hostvars[host]['ip'] is defined -%} "{{ hostvars[host]['ip'] }}", @@ -130,5 +130,5 @@ issue_cert_url: "{{ hostvars[groups.vault|first]['vault_leader_url'] }}" issue_cert_mount_path: "{{ kube_vault_mount_path }}" with_items: "{{ kube_front_proxy_clients_certs_needed|d([]) }}" - when: inventory_hostname in groups['kube-master'] + when: inventory_hostname in groups['kube_control_plane'] notify: set secret_changed diff --git a/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_master_certs.yml b/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_master_certs.yml index 50e1a01e7..6db7c9ddf 100644 --- a/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_master_certs.yml +++ b/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_master_certs.yml @@ -29,7 +29,7 @@ sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" - sync_file_hosts: "{{ groups['kube-master'] }}" + sync_file_hosts: "{{ groups['kube_control_plane'] }}" sync_file_is_cert: true sync_file_owner: kube with_items: ["apiserver.pem", "kube-scheduler.pem", "kube-controller-manager.pem", "service-account.pem"] @@ -49,7 +49,7 @@ sync_file: front-proxy-ca.pem sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" - sync_file_hosts: "{{ groups['kube-master'] }}" + sync_file_hosts: "{{ groups['kube_control_plane'] }}" sync_file_owner: kube - name: sync_kube_master_certs | Unset sync_file_results after front-proxy-ca.pem @@ -61,7 +61,7 @@ sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" - sync_file_hosts: "{{ groups['kube-master'] }}" + sync_file_hosts: "{{ groups['kube_control_plane'] }}" sync_file_is_cert: true sync_file_owner: kube with_items: ["front-proxy-client.pem"] @@ -81,7 +81,7 @@ sync_file: ca.pem sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" - sync_file_hosts: "{{ groups['kube-master'] }}" + sync_file_hosts: "{{ groups['kube_control_plane'] }}" sync_file_owner: kube - name: sync_kube_master_certs | Unset sync_file_results after ca.pem diff --git a/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_node_certs.yml b/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_node_certs.yml index eecb4cfdf..059359a58 100644 --- a/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_node_certs.yml +++ b/contrib/vault/roles/kubernetes/vault-secrets/tasks/sync_kube_node_certs.yml @@ -14,7 +14,7 @@ sync_file_owner: kube with_items: "{{ kube_node_cert_list|default([]) }}" -- name: sync_kube_node_certs | Set facts for kube-master sync_file results +- name: sync_kube_node_certs | Set facts for kube_control_plane sync_file results set_fact: kube_node_certs_needed: "{{ kube_node_certs_needed|default([]) + [item.path] }}" with_items: "{{ sync_file_results|d([]) }}" diff --git a/contrib/vault/roles/vault/defaults/main.yml b/contrib/vault/roles/vault/defaults/main.yml index 0b27e03ff..ececdc2ad 100644 --- a/contrib/vault/roles/vault/defaults/main.yml +++ b/contrib/vault/roles/vault/defaults/main.yml @@ -166,16 +166,16 @@ vault_pki_mounts: description: "Kubernetes Root CA" cert_dir: "{{ kube_cert_dir }}" roles: - - name: kube-master - group: kube-master - password: "{{ lookup('password', credentials_dir + '/vault/kube-master.creds length=15') }}" + - name: kube_control_plane + group: kube_control_plane + password: "{{ lookup('password', credentials_dir + '/vault/kube_control_plane.creds length=15') }}" policy_rules: default role_options: allow_any_name: true enforce_hostnames: false organization: "system:masters" - name: front-proxy-client - group: kube-master + group: kube_control_plane password: "{{ lookup('password', credentials_dir + '/vault/kube-proxy.creds length=15') }}" policy_rules: default role_options: diff --git a/contrib/vault/roles/vault/tasks/bootstrap/main.yml b/contrib/vault/roles/vault/tasks/bootstrap/main.yml index e4e67d11f..419e22e1b 100644 --- a/contrib/vault/roles/vault/tasks/bootstrap/main.yml +++ b/contrib/vault/roles/vault/tasks/bootstrap/main.yml @@ -51,7 +51,7 @@ gen_ca_mount_path: "/{{ vault_pki_mounts.vault.name }}" gen_ca_vault_headers: "{{ vault_headers }}" gen_ca_vault_options: "{{ vault_ca_options.vault }}" - gen_ca_copy_group: "kube-master" + gen_ca_copy_group: "kube_control_plane" when: >- inventory_hostname in groups.vault and not vault_cluster_is_initialized diff --git a/contrib/vault/roles/vault/tasks/bootstrap/sync_vault_certs.yml b/contrib/vault/roles/vault/tasks/bootstrap/sync_vault_certs.yml index cf499099a..28c438ca7 100644 --- a/contrib/vault/roles/vault/tasks/bootstrap/sync_vault_certs.yml +++ b/contrib/vault/roles/vault/tasks/bootstrap/sync_vault_certs.yml @@ -21,7 +21,7 @@ vars: sync_file: "ca.pem" sync_file_dir: "{{ vault_cert_dir }}" - sync_file_hosts: "{{ groups['kube-master'] }}" + sync_file_hosts: "{{ groups['kube_control_plane'] }}" sync_file_owner: vault sync_file_group: root sync_file_is_cert: false diff --git a/contrib/vault/roles/vault/tasks/cluster/main.yml b/contrib/vault/roles/vault/tasks/cluster/main.yml index 3ed23b2cc..74b399c25 100644 --- a/contrib/vault/roles/vault/tasks/cluster/main.yml +++ b/contrib/vault/roles/vault/tasks/cluster/main.yml @@ -35,7 +35,7 @@ gen_ca_mount_path: "/{{ vault_pki_mounts.kube.name }}" gen_ca_vault_headers: "{{ vault_headers }}" gen_ca_vault_options: "{{ vault_ca_options.kube }}" - gen_ca_copy_group: "kube-master" + gen_ca_copy_group: "kube_control_plane" when: inventory_hostname in groups.vault - include_tasks: ../shared/auth_backend.yml diff --git a/docs/ansible.md b/docs/ansible.md index 848862ff5..202a79333 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -5,7 +5,7 @@ The inventory is composed of 3 groups: * **kube-node** : list of kubernetes nodes where the pods will run. -* **kube-master** : list of servers where kubernetes master components (apiserver, scheduler, controller) will run. +* **kube_control_plane** : list of servers where kubernetes control plane components (apiserver, scheduler, controller) will run. * **etcd**: list of servers to compose the etcd server. You should have at least 3 servers for failover purpose. Note: do not modify the children of _k8s-cluster_, like putting @@ -18,9 +18,9 @@ k8s-cluster ⊂ etcd => kube-node ∩ etcd = etcd When _kube-node_ contains _etcd_, you define your etcd cluster to be as well schedulable for Kubernetes workloads. If you want it a standalone, make sure those groups do not intersect. -If you want the server to act both as master and node, the server must be defined -on both groups _kube-master_ and _kube-node_. If you want a standalone and -unschedulable master, the server must be defined only in the _kube-master_ and +If you want the server to act both as control-plane and node, the server must be defined +on both groups _kube_control_plane_ and _kube-node_. If you want a standalone and +unschedulable master, the server must be defined only in the _kube_control_plane_ and not _kube-node_. There are also two special groups: @@ -40,7 +40,7 @@ node4 ansible_host=95.54.0.15 ip=10.3.0.4 node5 ansible_host=95.54.0.16 ip=10.3.0.5 node6 ansible_host=95.54.0.17 ip=10.3.0.6 -[kube-master] +[kube_control_plane] node1 node2 @@ -58,7 +58,7 @@ node6 [k8s-cluster:children] kube-node -kube-master +kube_control_plane ``` ## Group vars and overriding variables precedence diff --git a/docs/aws.md b/docs/aws.md index c76d1cfdf..0e680e0d1 100644 --- a/docs/aws.md +++ b/docs/aws.md @@ -35,11 +35,11 @@ This will produce an inventory that is passed into Ansible that looks like the f ], "k8s-cluster": { "children": [ - "kube-master", + "kube_control_plane", "kube-node" ] }, - "kube-master": [ + "kube_control_plane": [ "ip-172-31-3-xxx.us-east-2.compute.internal" ], "kube-node": [ @@ -51,7 +51,7 @@ This will produce an inventory that is passed into Ansible that looks like the f Guide: - Create instances in AWS as needed. -- Either during or after creation, add tags to the instances with a key of `kubespray-role` and a value of `kube-master`, `etcd`, or `kube-node`. You can also share roles like `kube-master, etcd` +- Either during or after creation, add tags to the instances with a key of `kubespray-role` and a value of `kube_control_plane`, `etcd`, or `kube-node`. You can also share roles like `kube_control_plane, etcd` - Copy the `kubespray-aws-inventory.py` script from `kubespray/contrib/aws_inventory` to the `kubespray/inventory` directory. - Set the following AWS credentials and info as environment variables in your terminal: diff --git a/docs/calico.md b/docs/calico.md index 7e5f86568..45d1b0e90 100644 --- a/docs/calico.md +++ b/docs/calico.md @@ -122,7 +122,7 @@ recommended here: You need to edit your inventory and add: * `calico-rr` group with nodes in it. `calico-rr` can be combined with - `kube-node` and/or `kube-master`. `calico-rr` group also must be a child + `kube-node` and/or `kube_control_plane`. `calico-rr` group also must be a child group of `k8s-cluster` group. * `cluster_id` by route reflector node/group (see details [here](https://hub.docker.com/r/calico/routereflector/)) @@ -138,7 +138,7 @@ node3 ansible_ssh_host=10.210.1.13 ip=10.210.1.13 node4 ansible_ssh_host=10.210.1.14 ip=10.210.1.14 node5 ansible_ssh_host=10.210.1.15 ip=10.210.1.15 -[kube-master] +[kube_control_plane] node2 node3 @@ -155,7 +155,7 @@ node5 [k8s-cluster:children] kube-node -kube-master +kube_control_plane calico-rr [calico-rr] diff --git a/docs/downloads.md b/docs/downloads.md index 781543add..4369120d4 100644 --- a/docs/downloads.md +++ b/docs/downloads.md @@ -8,7 +8,7 @@ Kubespray supports several download/upload modes. The default is: There is also a "pull once, push many" mode as well: -* Setting ``download_run_once: True`` will make kubespray download container images and binaries only once and then push them to the cluster nodes. The default download delegate node is the first `kube-master`. +* Setting ``download_run_once: True`` will make kubespray download container images and binaries only once and then push them to the cluster nodes. The default download delegate node is the first `kube_control_plane`. * Set ``download_localhost: True`` to make localhost the download delegate. This can be useful if cluster nodes cannot access external addresses. To use this requires that docker is installed and running on the ansible master and that the current user is either in the docker group or can do passwordless sudo, to be able to access docker. NOTE: When `download_run_once` is true and `download_localhost` is false, all downloads will be done on the delegate node, including downloads for container images that are not required on that node. As a consequence, the storage required on that node will probably be more than if download_run_once was false, because all images will be loaded into the docker instance on that node, instead of just the images required for that node. diff --git a/docs/getting-started.md b/docs/getting-started.md index 6b3cd1882..18a50e017 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -76,16 +76,16 @@ var in inventory. ## Connecting to Kubernetes -By default, Kubespray configures kube-master hosts with insecure access to +By default, Kubespray configures kube_control_plane hosts with insecure access to kube-apiserver via port 8080. A kubeconfig file is not necessary in this case, because kubectl will use to connect. The kubeconfig files -generated will point to localhost (on kube-masters) and kube-node hosts will +generated will point to localhost (on kube_control_planes) and kube-node hosts will connect either to a localhost nginx proxy or to a loadbalancer if configured. More details on this process are in the [HA guide](/docs/ha-mode.md). Kubespray permits connecting to the cluster remotely on any IP of any -kube-master host on port 6443 by default. However, this requires -authentication. One can get a kubeconfig from kube-master hosts +kube_control_plane host on port 6443 by default. However, this requires +authentication. One can get a kubeconfig from kube_control_plane hosts (see [below](#accessing-kubernetes-api)) or connect with a [username and password](/docs/vars.md#user-accounts). For more information on kubeconfig and accessing a Kubernetes cluster, refer to @@ -119,7 +119,7 @@ kubectl proxy ## Accessing Kubernetes API -The main client of Kubernetes is `kubectl`. It is installed on each kube-master +The main client of Kubernetes is `kubectl`. It is installed on each kube_control_plane host and can optionally be configured on your ansible host by setting `kubectl_localhost: true` and `kubeconfig_localhost: true` in the configuration: diff --git a/docs/ha-mode.md b/docs/ha-mode.md index ddf330715..668558f17 100644 --- a/docs/ha-mode.md +++ b/docs/ha-mode.md @@ -32,7 +32,7 @@ If you choose to NOT use the local internal loadbalancer, you will need to configure your own loadbalancer to achieve HA. Note that deploying a loadbalancer is up to a user and is not covered by ansible roles in Kubespray. By default, it only configures a non-HA endpoint, which points to the -`access_ip` or IP address of the first server node in the `kube-master` group. +`access_ip` or IP address of the first server node in the `kube_control_plane` group. It can also configure clients to use endpoints for a given loadbalancer type. The following diagram shows how traffic to the apiserver is directed. @@ -102,16 +102,16 @@ exclusive to `loadbalancer_apiserver_localhost`. Access API endpoints are evaluated automatically, as the following: -| Endpoint type | kube-master | non-master | external | -|------------------------------|------------------|-------------------------|-----------------------| -| Local LB (default) | `https://bip:sp` | `https://lc:nsp` | `https://m[0].aip:sp` | -| Local LB + Unmanaged here LB | `https://bip:sp` | `https://lc:nsp` | `https://ext` | -| External LB, no internal | `https://bip:sp` | `` | `https://lb:lp` | -| No ext/int LB | `https://bip:sp` | `` | `https://m[0].aip:sp` | +| Endpoint type | kube_control_plane | non-master | external | +|------------------------------|--------------------|-------------------------|-----------------------| +| Local LB (default) | `https://bip:sp` | `https://lc:nsp` | `https://m[0].aip:sp` | +| Local LB + Unmanaged here LB | `https://bip:sp` | `https://lc:nsp` | `https://ext` | +| External LB, no internal | `https://bip:sp` | `` | `https://lb:lp` | +| No ext/int LB | `https://bip:sp` | `` | `https://m[0].aip:sp` | Where: -* `m[0]` - the first node in the `kube-master` group; +* `m[0]` - the first node in the `kube_control_plane` group; * `lb` - LB FQDN, `apiserver_loadbalancer_domain_name`; * `ext` - Externally load balanced VIP:port and FQDN, not managed by Kubespray; * `lc` - localhost; diff --git a/docs/integration.md b/docs/integration.md index 4eab2535b..09c044fa8 100644 --- a/docs/integration.md +++ b/docs/integration.md @@ -62,7 +62,7 @@ You could rename *all.yml* config to something else, i.e. *kubespray.yml* and cr kubemaster kubemaster-ha - [kube-master:children] + [kube_control_plane:children] kubemaster kubemaster-ha diff --git a/docs/large-deployments.md b/docs/large-deployments.md index 8b8ebef4e..130bcf0e7 100644 --- a/docs/large-deployments.md +++ b/docs/large-deployments.md @@ -39,7 +39,7 @@ For a large scaled deployments, consider the following configuration changes: * Add calico-rr nodes if you are deploying with Calico or Canal. Nodes recover from host/network interruption much quicker with calico-rr. Note that - calico-rr role must be on a host without kube-master or kube-node role (but + calico-rr role must be on a host without kube_control_plane or kube-node role (but etcd role is okay). * Check out the diff --git a/docs/nodes.md b/docs/nodes.md index 60844794d..f369a5f3d 100644 --- a/docs/nodes.md +++ b/docs/nodes.md @@ -2,9 +2,9 @@ Modified from [comments in #3471](https://github.com/kubernetes-sigs/kubespray/issues/3471#issuecomment-530036084) -## Limitation: Removal of first kube-master and etcd-master +## Limitation: Removal of first kube_control_plane and etcd-master -Currently you can't remove the first node in your kube-master and etcd-master list. If you still want to remove this node you have to: +Currently you can't remove the first node in your kube_control_plane and etcd-master list. If you still want to remove this node you have to: ### 1) Change order of current masters @@ -12,7 +12,7 @@ Modify the order of your master list by pushing your first entry to any other po ```yaml children: - kube-master: + kube_control_plane: hosts: node-1: node-2: @@ -33,7 +33,7 @@ change your inventory to: ```yaml children: - kube-master: + kube_control_plane: hosts: node-2: node-3: @@ -103,10 +103,10 @@ You need to make sure there are always an odd number of etcd nodes in the cluste ### 1) Add the new node running cluster.yml -Update the inventory and run `cluster.yml` passing `--limit=etcd,kube-master -e ignore_assert_errors=yes`. +Update the inventory and run `cluster.yml` passing `--limit=etcd,kube_control_plane -e ignore_assert_errors=yes`. If the node you want to add as an etcd node is already a worker or master node in your cluster, you have to remove him first using `remove-node.yml`. -Run `upgrade-cluster.yml` also passing `--limit=etcd,kube-master -e ignore_assert_errors=yes`. This is necessary to update all etcd configuration in the cluster. +Run `upgrade-cluster.yml` also passing `--limit=etcd,kube_control_plane -e ignore_assert_errors=yes`. This is necessary to update all etcd configuration in the cluster. At this point, you will have an even number of nodes. Everything should still be working, and you should only have problems if the cluster decides to elect a new etcd leader before you remove a node. diff --git a/docs/recover-control-plane.md b/docs/recover-control-plane.md index d24a4c73a..b454310f0 100644 --- a/docs/recover-control-plane.md +++ b/docs/recover-control-plane.md @@ -5,8 +5,8 @@ To recover from broken nodes in the control plane use the "recover\-control\-pla * Backup what you can * Provision new nodes to replace the broken ones -* Place the surviving nodes of the control plane first in the "etcd" and "kube-master" groups -* Add the new nodes below the surviving control plane nodes in the "etcd" and "kube-master" groups +* Place the surviving nodes of the control plane first in the "etcd" and "kube\_control\_plane" groups +* Add the new nodes below the surviving control plane nodes in the "etcd" and "kube\_control\_plane" groups Examples of what broken means in this context: @@ -20,9 +20,9 @@ __Note that you need at least one functional node to be able to recover using th ## Runbook * Move any broken etcd nodes into the "broken\_etcd" group, make sure the "etcd\_member\_name" variable is set. -* Move any broken master nodes into the "broken\_kube-master" group. +* Move any broken master nodes into the "broken\_kube\_control\_plane" group. -Then run the playbook with ```--limit etcd,kube-master``` and increase the number of ETCD retries by setting ```-e etcd_retries=10``` or something even larger. The amount of retries required is difficult to predict. +Then run the playbook with ```--limit etcd,kube_control_plane``` and increase the number of ETCD retries by setting ```-e etcd_retries=10``` or something even larger. The amount of retries required is difficult to predict. When finished you should have a fully working control plane again. diff --git a/docs/test_cases.md b/docs/test_cases.md index 3b572d8b8..2a8f5e920 100644 --- a/docs/test_cases.md +++ b/docs/test_cases.md @@ -3,10 +3,10 @@ There are four node layout types: `default`, `separate`, `ha`, and `scale`. `default` is a non-HA two nodes setup with one separate `kube-node` -and the `etcd` group merged with the `kube-master`. +and the `etcd` group merged with the `kube_control_plane`. `separate` layout is when there is only node of each type, which includes - a kube-master, kube-node, and etcd cluster member. + a kube_control_plane, kube-node, and etcd cluster member. `ha` layout consists of two etcd nodes, two masters and a single worker node, with role intersection. diff --git a/docs/upgrades.md b/docs/upgrades.md index b325b619f..0a3d6c779 100644 --- a/docs/upgrades.md +++ b/docs/upgrades.md @@ -41,7 +41,7 @@ The var ```-e upgrade_cluster_setup=true``` is needed to be set in order to migr Kubespray also supports cordon, drain and uncordoning of nodes when performing a cluster upgrade. There is a separate playbook used for this purpose. It is important to note that upgrade-cluster.yml can only be used for upgrading an -existing cluster. That means there must be at least 1 kube-master already +existing cluster. That means there must be at least 1 kube_control_plane already deployed. ```ShellSession diff --git a/docs/vars.md b/docs/vars.md index a97eee035..310f3f29f 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -36,7 +36,7 @@ Some variables of note include: * *ansible_default_ipv4.address* - Not Kubespray-specific, but it is used if ip and access_ip are undefined * *loadbalancer_apiserver* - If defined, all hosts will connect to this - address instead of localhost for kube-masters and kube-master[0] for + address instead of localhost for kube_control_planes and kube_control_plane[0] for kube-nodes. See more details in the [HA guide](/docs/ha-mode.md). * *loadbalancer_apiserver_localhost* - makes all hosts to connect to diff --git a/extra_playbooks/migrate_openstack_provider.yml b/extra_playbooks/migrate_openstack_provider.yml index 0e1584470..9d4adbaa9 100644 --- a/extra_playbooks/migrate_openstack_provider.yml +++ b/extra_playbooks/migrate_openstack_provider.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-node:kube-master +- hosts: kube-node:kube_control_plane tasks: - name: Remove old cloud provider config file: @@ -7,7 +7,7 @@ state: absent with_items: - /etc/kubernetes/cloud_config -- hosts: kube-master[0] +- hosts: kube_control_plane[0] tasks: - name: Include kubespray-default variables include_vars: ../roles/kubespray-defaults/defaults/main.yaml diff --git a/extra_playbooks/upgrade-only-k8s.yml b/extra_playbooks/upgrade-only-k8s.yml index 89e8ed1dc..5bdbd012d 100644 --- a/extra_playbooks/upgrade-only-k8s.yml +++ b/extra_playbooks/upgrade-only-k8s.yml @@ -34,7 +34,7 @@ - { role: kubernetes/preinstall, tags: preinstall } - name: Handle upgrades to master components first to maintain backwards compat. - hosts: kube-master + hosts: kube_control_plane any_errors_fatal: "{{ any_errors_fatal | default(true) }}" serial: 1 roles: @@ -47,7 +47,7 @@ - { role: upgrade/post-upgrade, tags: post-upgrade } - name: Finally handle worker upgrades, based on given batch size - hosts: kube-node:!kube-master + hosts: kube-node:!kube_control_plane any_errors_fatal: "{{ any_errors_fatal | default(true) }}" serial: "{{ serial | default('20%') }}" roles: diff --git a/inventory/local/hosts.ini b/inventory/local/hosts.ini index 7834d27c0..551941080 100644 --- a/inventory/local/hosts.ini +++ b/inventory/local/hosts.ini @@ -1,6 +1,6 @@ node1 ansible_connection=local local_release_dir={{ansible_env.HOME}}/releases -[kube-master] +[kube_control_plane] node1 [etcd] @@ -11,5 +11,5 @@ node1 [k8s-cluster:children] kube-node -kube-master +kube_control_plane calico-rr diff --git a/inventory/sample/inventory.ini b/inventory/sample/inventory.ini index 6babb4e9e..b450bc068 100644 --- a/inventory/sample/inventory.ini +++ b/inventory/sample/inventory.ini @@ -13,7 +13,7 @@ # [bastion] # bastion ansible_host=x.x.x.x ansible_user=some_user -[kube-master] +[kube_control_plane] # node1 # node2 # node3 @@ -33,6 +33,6 @@ [calico-rr] [k8s-cluster:children] -kube-master +kube_control_plane kube-node calico-rr diff --git a/recover-control-plane.yml b/recover-control-plane.yml index 26be30769..c2b28d093 100644 --- a/recover-control-plane.yml +++ b/recover-control-plane.yml @@ -2,6 +2,15 @@ - name: Check ansible version import_playbook: ansible_version.yml +- name: Add kube-master nodes to kube_control_plane + # This is for old inventory which contains kube-master instead of kube_control_plane + hosts: kube-master + gather_facts: false + tasks: + - name: add nodes to kube_control_plane group + group_by: + key: 'kube_control_plane' + - hosts: bastion[0] gather_facts: False environment: "{{ proxy_disable_env }}" @@ -15,7 +24,7 @@ - { role: kubespray-defaults} - { role: recover_control_plane/etcd } -- hosts: "{{ groups['kube-master'] | first }}" +- hosts: "{{ groups['kube_control_plane'] | first }}" environment: "{{ proxy_disable_env }}" roles: - { role: kubespray-defaults} @@ -23,7 +32,7 @@ - include: cluster.yml -- hosts: "{{ groups['kube-master'] }}" +- hosts: "{{ groups['kube_control_plane'] }}" environment: "{{ proxy_disable_env }}" roles: - { role: kubespray-defaults} diff --git a/remove-node.yml b/remove-node.yml index b78b71907..27c886035 100644 --- a/remove-node.yml +++ b/remove-node.yml @@ -2,6 +2,15 @@ - name: Check ansible version import_playbook: ansible_version.yml +- name: Add kube-master nodes to kube_control_plane + # This is for old inventory which contains kube-master instead of kube_control_plane + hosts: kube-master + gather_facts: false + tasks: + - name: add nodes to kube_control_plane group + group_by: + key: 'kube_control_plane' + - hosts: "{{ node | default('etcd:k8s-cluster:calico-rr') }}" gather_facts: no environment: "{{ proxy_disable_env }}" @@ -17,7 +26,7 @@ msg: "Delete nodes confirmation failed" when: delete_nodes_confirmation != "yes" -- hosts: kube-master[0] +- hosts: kube_control_plane[0] gather_facts: no environment: "{{ proxy_disable_env }}" roles: @@ -35,7 +44,7 @@ - { role: reset, tags: reset, when: reset_nodes|default(True)|bool } # Currently cannot remove first master or etcd -- hosts: "{{ node | default('kube-master[1:]:etcd[1:]') }}" +- hosts: "{{ node | default('kube_control_plane[1:]:etcd[1:]') }}" gather_facts: no environment: "{{ proxy_disable_env }}" roles: diff --git a/reset.yml b/reset.yml index e053e101c..81f2389d4 100644 --- a/reset.yml +++ b/reset.yml @@ -2,6 +2,15 @@ - name: Check ansible version import_playbook: ansible_version.yml +- name: Add kube-master nodes to kube_control_plane + # This is for old inventory which contains kube-master instead of kube_control_plane + hosts: kube-master + gather_facts: false + tasks: + - name: add nodes to kube_control_plane group + group_by: + key: 'kube_control_plane' + - hosts: bastion[0] gather_facts: False environment: "{{ proxy_disable_env }}" diff --git a/roles/container-engine/containerd/molecule/default/molecule.yml b/roles/container-engine/containerd/molecule/default/molecule.yml index b49d73ce0..48f7b5dd0 100644 --- a/roles/container-engine/containerd/molecule/default/molecule.yml +++ b/roles/container-engine/containerd/molecule/default/molecule.yml @@ -12,7 +12,7 @@ platforms: cpus: 2 memory: 1024 groups: - - kube-master + - kube_control_plane provisioner: name: ansible env: diff --git a/roles/container-engine/cri-o/molecule/default/molecule.yml b/roles/container-engine/cri-o/molecule/default/molecule.yml index a6c36acba..574d49139 100644 --- a/roles/container-engine/cri-o/molecule/default/molecule.yml +++ b/roles/container-engine/cri-o/molecule/default/molecule.yml @@ -12,25 +12,25 @@ platforms: cpus: 2 memory: 1024 groups: - - kube-master + - kube_control_plane - name: centos7 box: centos/7 cpus: 2 memory: 1024 groups: - - kube-master + - kube_control_plane - name: centos8 box: centos/8 cpus: 2 memory: 1024 groups: - - kube-master + - kube_control_plane - name: fedora box: fedora/33-cloud-base cpus: 2 memory: 1024 groups: - - kube-master + - kube_control_plane provisioner: name: ansible env: diff --git a/roles/container-engine/kata-containers/molecule/default/molecule.yml b/roles/container-engine/kata-containers/molecule/default/molecule.yml index 8cccf8dfc..164a47083 100644 --- a/roles/container-engine/kata-containers/molecule/default/molecule.yml +++ b/roles/container-engine/kata-containers/molecule/default/molecule.yml @@ -15,14 +15,14 @@ platforms: memory: 1024 nested: true groups: - - kube-master + - kube_control_plane - name: ubuntu20 box: generic/ubuntu2004 cpus: 1 memory: 1024 nested: true groups: - - kube-master + - kube_control_plane provisioner: name: ansible env: diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index e35711459..67450f446 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -30,7 +30,7 @@ download_container: true # if this is set to true, uses the localhost for download_run_once mode # (requires docker and sudo to access docker). You may want this option for # local caching of docker images or for Flatcar Container Linux by Kinvolk cluster nodes. -# Otherwise, uses the first node in the kube-master group to store images +# Otherwise, uses the first node in the kube_control_plane group to store images # in the download_run_once mode. download_localhost: false @@ -42,8 +42,8 @@ download_always_pull: false # SSL validation of get_url module. Note that kubespray will still be performing checksum validation. download_validate_certs: true -# Use the first kube-master if download_localhost is not set -download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube-master'][0] }}{% endif %}" +# Use the first kube_control_plane if download_localhost is not set +download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube_control_plane'][0] }}{% endif %}" # Arch of Docker images and needed packages image_arch: "{{host_architecture | default('amd64')}}" @@ -733,7 +733,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube-master + - kube_control_plane crictl: file: true @@ -883,7 +883,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube-master + - kube_control_plane weave_kube: enabled: "{{ kube_network_plugin == 'weave' }}" @@ -973,7 +973,7 @@ downloads: tag: "{{ coredns_image_tag }}" sha256: "{{ coredns_digest_checksum|default(None) }}" groups: - - kube-master + - kube_control_plane nodelocaldns: enabled: "{{ enable_nodelocaldns }}" @@ -991,7 +991,7 @@ downloads: tag: "{{ dnsautoscaler_image_tag }}" sha256: "{{ dnsautoscaler_digest_checksum|default(None) }}" groups: - - kube-master + - kube_control_plane testbox: enabled: false @@ -1011,7 +1011,7 @@ downloads: owner: "root" mode: "0755" groups: - - kube-master + - kube_control_plane registry: enabled: "{{ registry_enabled }}" @@ -1038,7 +1038,7 @@ downloads: tag: "{{ metrics_server_image_tag }}" sha256: "{{ metrics_server_digest_checksum|default(None) }}" groups: - - kube-master + - kube_control_plane addon_resizer: # Currently addon_resizer is only used by metrics server @@ -1048,7 +1048,7 @@ downloads: tag: "{{ addon_resizer_image_tag }}" sha256: "{{ addon_resizer_digest_checksum|default(None) }}" groups: - - kube-master + - kube_control_plane local_volume_provisioner: enabled: "{{ local_volume_provisioner_enabled }}" @@ -1219,7 +1219,7 @@ downloads: tag: "{{ dashboard_image_tag }}" sha256: "{{ dashboard_digest_checksum|default(None) }}" groups: - - kube-master + - kube_control_plane dashboard_metrics_scrapper: enabled: "{{ dashboard_enabled }}" @@ -1228,7 +1228,7 @@ downloads: tag: "{{ dashboard_metrics_scraper_tag }}" sha256: "{{ dashboard_digest_checksum|default(None) }}" groups: - - kube-master + - kube_control_plane download_defaults: container: false diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 2fa45929f..394228354 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -18,7 +18,7 @@ include_tasks: prep_kubeadm_images.yml when: - not skip_downloads|default(false) - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] tags: - download - upload diff --git a/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml b/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml index 8d3020875..2f774cfcd 100644 --- a/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml +++ b/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml @@ -6,7 +6,7 @@ ignore_errors: true when: - dns_mode in ['coredns', 'coredns_dual'] - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Delete kubeadm CoreDNS kube: @@ -17,7 +17,7 @@ state: absent when: - dns_mode in ['coredns', 'coredns_dual'] - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - createdby_annotation.stdout != 'kubespray' - name: Kubernetes Apps | Delete kubeadm Kube-DNS service @@ -29,4 +29,4 @@ state: absent when: - dns_mode in ['coredns', 'coredns_dual'] - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml index bb959966b..0bbb269a0 100644 --- a/roles/kubernetes-apps/ansible/tasks/coredns.yml +++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml @@ -20,7 +20,7 @@ clusterIP: "{{ skydns_server }}" when: - dns_mode in ['coredns', 'coredns_dual'] - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - coredns @@ -38,6 +38,6 @@ coredns_ordinal_suffix: "-secondary" when: - dns_mode == 'coredns_dual' - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - coredns diff --git a/roles/kubernetes-apps/ansible/tasks/dashboard.yml b/roles/kubernetes-apps/ansible/tasks/dashboard.yml index ba6c13b2b..94c041d14 100644 --- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml +++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml @@ -6,7 +6,7 @@ with_items: - { file: dashboard.yml, type: deploy, name: kubernetes-dashboard } register: manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Start dashboard kube: @@ -17,4 +17,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index 25ffa7270..75ee477b0 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -9,12 +9,12 @@ until: result.status == 200 retries: 20 delay: 1 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Cleanup DNS import_tasks: cleanup_dns.yml when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade - coredns @@ -24,7 +24,7 @@ import_tasks: "coredns.yml" when: - dns_mode in ['coredns', 'coredns_dual'] - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - coredns @@ -32,7 +32,7 @@ import_tasks: "nodelocaldns.yml" when: - enable_nodelocaldns - - inventory_hostname == groups['kube-master'] | first + - inventory_hostname == groups['kube_control_plane'] | first tags: - nodelocaldns @@ -50,7 +50,7 @@ - "{{ nodelocaldns_manifests.results | default({}) }}" when: - dns_mode != 'none' - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped register: resource_result until: resource_result is succeeded diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml index 81121c53b..46252929a 100644 --- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml +++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml @@ -28,7 +28,7 @@ with_items: "{{ netchecker_templates }}" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Start Netchecker Resources kube: @@ -39,4 +39,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml index 378dbc92f..ce79ceed4 100644 --- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml +++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml @@ -10,7 +10,7 @@ secondaryclusterIP: "{{ skydns_server_secondary }}" when: - enable_nodelocaldns - - inventory_hostname == groups['kube-master'] | first + - inventory_hostname == groups['kube_control_plane'] | first tags: - nodelocaldns - coredns @@ -39,7 +39,7 @@ {%- endif -%} when: - enable_nodelocaldns - - inventory_hostname == groups['kube-master'] | first + - inventory_hostname == groups['kube_control_plane'] | first tags: - nodelocaldns - coredns diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml index cec7deaca..ecf6f511d 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml +++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml @@ -7,7 +7,7 @@ template: src: controller-manager-config.yml.j2 dest: "{{ kube_config_dir }}/controller-manager-config.yml" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: oci - name: "OCI Cloud Controller | Slurp Configuration" @@ -18,14 +18,14 @@ - name: "OCI Cloud Controller | Encode Configuration" set_fact: controller_manager_config_base64: "{{ controller_manager_config.content }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: oci - name: "OCI Cloud Controller | Generate Manifests" template: src: oci-cloud-provider.yml.j2 dest: "{{ kube_config_dir }}/oci-cloud-provider.yml" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: oci - name: "OCI Cloud Controller | Apply Manifests" @@ -33,5 +33,5 @@ kubectl: "{{ bin_dir }}/kubectl" filename: "{{ kube_config_dir }}/oci-cloud-provider.yml" state: latest - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: oci diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml index 91955ea8a..2f5f110af 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml @@ -9,14 +9,14 @@ until: result.status == 200 retries: 10 delay: 6 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Check AppArmor status command: which apparmor_parser register: apparmor_status when: - podsecuritypolicy_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] failed_when: false - name: Kubernetes Apps | Set apparmor_enabled @@ -24,7 +24,7 @@ apparmor_enabled: "{{ apparmor_status.rc == 0 }}" when: - podsecuritypolicy_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Render templates for PodSecurityPolicy template: @@ -37,7 +37,7 @@ - {file: psp-crb.yml, type: rolebinding, name: psp-crb} when: - podsecuritypolicy_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Add policies, roles, bindings for PodSecurityPolicy kube: @@ -52,7 +52,7 @@ delay: 6 with_items: "{{ psp_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" @@ -64,7 +64,7 @@ register: node_crb_manifest when: - rbac_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Apply workaround to allow all nodes with cert O=system:nodes to register kube: @@ -80,7 +80,7 @@ when: - rbac_enabled - node_crb_manifest.changed - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Add webhook ClusterRole that grants access to proxy, stats, log, spec, and metrics on a kubelet template: @@ -90,7 +90,7 @@ when: - rbac_enabled - kubelet_authorization_mode_webhook - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: node-webhook - name: Apply webhook ClusterRole @@ -104,7 +104,7 @@ - rbac_enabled - kubelet_authorization_mode_webhook - node_webhook_cr_manifest.changed - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: node-webhook - name: Kubernetes Apps | Add ClusterRoleBinding for system:nodes to webhook ClusterRole @@ -115,7 +115,7 @@ when: - rbac_enabled - kubelet_authorization_mode_webhook - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: node-webhook - name: Grant system:nodes the webhook ClusterRole @@ -129,7 +129,7 @@ - rbac_enabled - kubelet_authorization_mode_webhook - node_webhook_crb_manifest.changed - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: node-webhook - include_tasks: oci.yml @@ -140,7 +140,7 @@ - name: PriorityClass | Copy k8s-cluster-critical-pc.yml file copy: src=k8s-cluster-critical-pc.yml dest={{ kube_config_dir }}/k8s-cluster-critical-pc.yml - when: inventory_hostname == groups['kube-master']|last + when: inventory_hostname == groups['kube_control_plane']|last - name: PriorityClass | Create k8s-cluster-critical kube: @@ -149,4 +149,4 @@ resource: "PriorityClass" filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml" state: latest - when: inventory_hostname == groups['kube-master']|last + when: inventory_hostname == groups['kube_control_plane']|last diff --git a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml index 22b39b3d4..72142eae6 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml @@ -6,7 +6,7 @@ when: - cloud_provider is defined - cloud_provider == 'oci' - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Apply OCI RBAC kube: @@ -15,4 +15,4 @@ when: - cloud_provider is defined - cloud_provider == 'oci' - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml index fd3ea42fa..75a0b8a10 100644 --- a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml +++ b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml @@ -38,7 +38,7 @@ - { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset } register: container_engine_accelerator_manifests when: - - inventory_hostname == groups['kube-master'][0] and nvidia_driver_install_container + - inventory_hostname == groups['kube_control_plane'][0] and nvidia_driver_install_container - name: Container Engine Acceleration Nvidia GPU | Apply manifests for nvidia accelerators kube: @@ -51,4 +51,4 @@ with_items: - "{{ container_engine_accelerator_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] and nvidia_driver_install_container and nvidia_driver_install_supported + - inventory_hostname == groups['kube_control_plane'][0] and nvidia_driver_install_container and nvidia_driver_install_supported diff --git a/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml index 637d7beef..46384d281 100644 --- a/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml +++ b/roles/kubernetes-apps/container_runtimes/crun/tasks/main.yaml @@ -6,7 +6,7 @@ dest: "{{ kube_config_dir }}/runtimeclass-crun.yml" mode: "0664" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: crun | Apply manifests kube: @@ -16,4 +16,4 @@ filename: "{{ kube_config_dir }}/runtimeclass-crun.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml index 34478b990..3fb059fe6 100644 --- a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml +++ b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml @@ -20,7 +20,7 @@ with_items: "{{ kata_containers_templates }}" register: kata_containers_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kata Containers | Apply manifests kube: @@ -31,4 +31,4 @@ state: "latest" with_items: "{{ kata_containers_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml index 04bb9fd4d..7b2f41a4c 100644 --- a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml @@ -9,7 +9,7 @@ - {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice.yml} - {name: aws-ebs-csi-nodeservice, file: aws-ebs-csi-nodeservice.yml} register: aws_csi_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: aws-ebs-csi-driver - name: AWS CSI Driver | Apply Manifests @@ -20,7 +20,7 @@ with_items: - "{{ aws_csi_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml index e33ca292f..b8bbd7113 100644 --- a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml @@ -8,14 +8,14 @@ dest: "{{ kube_config_dir }}/azure_csi_cloud_config" group: "{{ kube_cert_group }}" mode: 0640 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: azure-csi-driver - name: Azure CSI Driver | Get base64 cloud-config slurp: src: "{{ kube_config_dir }}/azure_csi_cloud_config" register: cloud_config_secret - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: azure-csi-driver - name: Azure CSI Driver | Generate Manifests @@ -30,7 +30,7 @@ - {name: azure-csi-azuredisk-node, file: azure-csi-azuredisk-node.yml} - {name: azure-csi-node-info-crd.yml.j2, file: azure-csi-node-info-crd.yml} register: azure_csi_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: azure-csi-driver - name: Azure CSI Driver | Apply Manifests @@ -41,7 +41,7 @@ with_items: - "{{ azure_csi_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml index 14b827513..47ba0a1d0 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml @@ -20,14 +20,14 @@ dest: "{{ kube_config_dir }}/cinder_cloud_config" group: "{{ kube_cert_group }}" mode: 0640 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: cinder-csi-driver - name: Cinder CSI Driver | Get base64 cloud-config slurp: src: "{{ kube_config_dir }}/cinder_cloud_config" register: cloud_config_secret - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: cinder-csi-driver - name: Cinder CSI Driver | Generate Manifests @@ -43,7 +43,7 @@ - {name: cinder-csi-nodeplugin, file: cinder-csi-nodeplugin.yml} - {name: cinder-csi-poddisruptionbudget, file: cinder-csi-poddisruptionbudget.yml} register: cinder_csi_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: cinder-csi-driver - name: Cinder CSI Driver | Apply Manifests @@ -54,7 +54,7 @@ with_items: - "{{ cinder_csi_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml index 85d637efb..029d7ffe5 100644 --- a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml @@ -8,7 +8,7 @@ - {name: volumesnapshotcontents, file: volumesnapshotcontents.yml} - {name: volumesnapshots, file: volumesnapshots.yml} register: csi_crd_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: csi-driver - name: CSI CRD | Apply Manifests @@ -20,7 +20,7 @@ with_items: - "{{ csi_crd_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml index 7e4315854..05961ef56 100644 --- a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml @@ -11,14 +11,14 @@ dest: "{{ kube_config_dir }}/cloud-sa.json" group: "{{ kube_cert_group }}" mode: 0640 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: gcp-pd-csi-driver - name: GCP PD CSI Driver | Get base64 cloud-sa.json slurp: src: "{{ kube_config_dir }}/cloud-sa.json" register: gcp_cred_secret - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: gcp-pd-csi-driver - name: GCP PD CSI Driver | Generate Manifests @@ -31,7 +31,7 @@ - {name: gcp-pd-csi-controller, file: gcp-pd-csi-controller.yml} - {name: gcp-pd-csi-node, file: gcp-pd-csi-node.yml} register: gcp_pd_csi_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: gcp-pd-csi-driver - name: GCP PD CSI Driver | Apply Manifests @@ -42,7 +42,7 @@ with_items: - "{{ gcp_pd_csi_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml index 4e341b2af..26e8751ac 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml @@ -9,7 +9,7 @@ mode: 0640 with_items: - vsphere-csi-cloud-config - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: vsphere-csi-driver - name: vSphere CSI Driver | Generate Manifests @@ -21,13 +21,13 @@ - vsphere-csi-controller-ss.yml - vsphere-csi-node.yml register: vsphere_csi_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: vsphere-csi-driver - name: vSphere CSI Driver | Generate a CSI secret manifest command: "{{ bin_dir }}/kubectl create secret generic vsphere-config-secret --from-file=csi-vsphere.conf={{ kube_config_dir }}/vsphere-csi-cloud-config -n kube-system --dry-run --save-config -o yaml" register: vsphere_csi_secret_manifest - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] no_log: true tags: vsphere-csi-driver @@ -35,7 +35,7 @@ command: cmd: "{{ bin_dir }}/kubectl apply -f -" stdin: "{{ vsphere_csi_secret_manifest.stdout }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] no_log: true tags: vsphere-csi-driver @@ -47,7 +47,7 @@ with_items: - "{{ vsphere_csi_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item }}" diff --git a/roles/kubernetes-apps/external_cloud_controller/meta/main.yml b/roles/kubernetes-apps/external_cloud_controller/meta/main.yml index b7d1cc698..a75a42995 100644 --- a/roles/kubernetes-apps/external_cloud_controller/meta/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/meta/main.yml @@ -6,7 +6,7 @@ dependencies: - cloud_provider == "external" - external_cloud_provider is defined - external_cloud_provider == "openstack" - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - external-cloud-controller - external-openstack @@ -16,7 +16,7 @@ dependencies: - cloud_provider == "external" - external_cloud_provider is defined - external_cloud_provider == "vsphere" - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - external-cloud-controller - external-vsphere diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml index 220d39168..7c89fdbdf 100644 --- a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml @@ -20,14 +20,14 @@ dest: "{{ kube_config_dir }}/external_openstack_cloud_config" group: "{{ kube_cert_group }}" mode: 0640 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-openstack - name: External OpenStack Cloud Controller | Get base64 cloud-config slurp: src: "{{ kube_config_dir }}/external_openstack_cloud_config" register: external_openstack_cloud_config_secret - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-openstack - name: External OpenStack Cloud Controller | Generate Manifests @@ -42,7 +42,7 @@ - {name: external-openstack-cloud-controller-manager-role-bindings, file: external-openstack-cloud-controller-manager-role-bindings.yml} - {name: external-openstack-cloud-controller-manager-ds, file: external-openstack-cloud-controller-manager-ds.yml} register: external_openstack_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-openstack - name: External OpenStack Cloud Controller | Apply Manifests @@ -53,7 +53,7 @@ with_items: - "{{ external_openstack_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml index 0dbf3f7dc..86e16dbe7 100644 --- a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml @@ -9,7 +9,7 @@ mode: 0640 with_items: - external-vsphere-cpi-cloud-config - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-vsphere - name: External vSphere Cloud Controller | Generate Manifests @@ -22,20 +22,20 @@ - external-vsphere-cloud-controller-manager-role-bindings.yml - external-vsphere-cloud-controller-manager-ds.yml register: external_vsphere_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-vsphere - name: External vSphere Cloud Provider Interface | Create a CPI configMap manifest command: "{{ bin_dir }}/kubectl create configmap cloud-config --from-file=vsphere.conf={{ kube_config_dir }}/external-vsphere-cpi-cloud-config -n kube-system --dry-run --save-config -o yaml" register: external_vsphere_configmap_manifest - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-vsphere - name: External vSphere Cloud Provider Interface | Apply a CPI configMap manifest command: cmd: "{{ bin_dir }}/kubectl apply -f -" stdin: "{{ external_vsphere_configmap_manifest.stdout }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: external-vsphere - name: External vSphere Cloud Controller | Apply Manifests @@ -46,7 +46,7 @@ with_items: - "{{ external_vsphere_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item }}" diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml index c93ecfde7..15b2ecf2b 100644 --- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml @@ -5,7 +5,7 @@ path: "{{ kube_config_dir }}/addons/cephfs_provisioner" state: absent when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -14,7 +14,7 @@ {{ bin_dir }}/kubectl delete namespace {{ cephfs_provisioner_namespace }} ignore_errors: yes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -23,7 +23,7 @@ {{ bin_dir }}/kubectl delete storageclass {{ cephfs_provisioner_storage_class }} ignore_errors: yes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -35,7 +35,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: CephFS Provisioner | Templates list set_fact: @@ -65,7 +65,7 @@ dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}" with_items: "{{ cephfs_provisioner_templates }}" register: cephfs_provisioner_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: CephFS Provisioner | Apply manifests kube: @@ -76,4 +76,4 @@ filename: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.item.file }}" state: "latest" with_items: "{{ cephfs_provisioner_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml index a723d24f8..1c3606882 100644 --- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml @@ -7,7 +7,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Local Path Provisioner | Create claim root dir file: @@ -42,7 +42,7 @@ dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}" with_items: "{{ local_path_provisioner_templates }}" register: local_path_provisioner_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Local Path Provisioner | Apply manifests kube: @@ -53,4 +53,4 @@ filename: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.item.file }}" state: "latest" with_items: "{{ local_path_provisioner_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml index b4c4f68eb..88a178825 100644 --- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml @@ -42,7 +42,7 @@ dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}" with_items: "{{ local_volume_provisioner_templates }}" register: local_volume_provisioner_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Local Volume Provisioner | Apply manifests kube: @@ -53,6 +53,6 @@ filename: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.item.file }}" state: "latest" with_items: "{{ local_volume_provisioner_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/external_provisioner/meta/main.yml b/roles/kubernetes-apps/external_provisioner/meta/main.yml index 19fe8ba48..13bc8b6e8 100644 --- a/roles/kubernetes-apps/external_provisioner/meta/main.yml +++ b/roles/kubernetes-apps/external_provisioner/meta/main.yml @@ -3,7 +3,7 @@ dependencies: - role: kubernetes-apps/external_provisioner/local_volume_provisioner when: - local_volume_provisioner_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - apps - local-volume-provisioner diff --git a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml index 7c09168b2..e25e0b143 100644 --- a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml @@ -5,7 +5,7 @@ path: "{{ kube_config_dir }}/addons/rbd_provisioner" state: absent when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -14,7 +14,7 @@ {{ bin_dir }}/kubectl delete namespace {{ rbd_provisioner_namespace }} ignore_errors: yes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -23,7 +23,7 @@ {{ bin_dir }}/kubectl delete storageclass {{ rbd_provisioner_storage_class }} ignore_errors: yes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -35,7 +35,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: RBD Provisioner | Templates list set_fact: @@ -65,7 +65,7 @@ dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}" with_items: "{{ rbd_provisioner_templates }}" register: rbd_provisioner_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: RBD Provisioner | Apply manifests kube: @@ -76,4 +76,4 @@ filename: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.item.file }}" state: "latest" with_items: "{{ rbd_provisioner_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml index 77f3df4e0..2e8b2f89f 100644 --- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml @@ -20,7 +20,7 @@ - { name: alb-ingress-deploy, file: alb-ingress-deploy.yml, type: deploy } register: alb_ingress_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: ALB Ingress Controller | Apply manifests kube: @@ -32,4 +32,4 @@ state: "latest" with_items: "{{ alb_ingress_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/ingress_controller/ambassador/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ambassador/tasks/main.yml index 91524dea2..e4cbc8bcc 100644 --- a/roles/kubernetes-apps/ingress_controller/ambassador/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ambassador/tasks/main.yml @@ -8,7 +8,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Ambassador | Templates list set_fact: @@ -29,7 +29,7 @@ loop: "{{ ingress_ambassador_templates }}" register: ingress_ambassador_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Ambassador | Apply manifests kube: @@ -41,7 +41,7 @@ state: "latest" loop: "{{ ingress_ambassador_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] # load the AmbassadorInstallation _after_ the CustomResourceDefinition has been loaded @@ -57,7 +57,7 @@ loop: "{{ ingress_ambassador_cr_templates }}" register: ingress_ambassador_cr_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Ambassador | Apply AmbassadorInstallation kube: @@ -69,4 +69,4 @@ state: "latest" loop: "{{ ingress_ambassador_cr_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml index c8fdce8f1..42112b0d5 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml @@ -5,7 +5,7 @@ path: "{{ kube_config_dir }}/addons/cert_manager" state: absent when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -14,7 +14,7 @@ {{ bin_dir }}/kubectl delete namespace {{ cert_manager_namespace }} ignore_errors: yes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -26,7 +26,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Cert Manager | Templates list set_fact: @@ -54,7 +54,7 @@ with_items: "{{ cert_manager_templates }}" register: cert_manager_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Cert Manager | Apply manifests kube: @@ -65,12 +65,12 @@ state: "latest" with_items: "{{ cert_manager_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Cert Manager | Wait for Webhook pods become ready command: "{{ bin_dir }}/kubectl wait po --namespace={{ cert_manager_namespace }} --selector app=webhook --for=condition=Ready --timeout=600s" register: cert_manager_webhook_pods_ready - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Cert Manager | Create ClusterIssuer manifest template: @@ -78,7 +78,7 @@ dest: "{{ kube_config_dir }}/addons/cert_manager/clusterissuer-cert-manager.yml" register: cert_manager_clusterissuer_manifest when: - - inventory_hostname == groups['kube-master'][0] and cert_manager_webhook_pods_ready is succeeded + - inventory_hostname == groups['kube_control_plane'][0] and cert_manager_webhook_pods_ready is succeeded - name: Cert Manager | Apply ClusterIssuer manifest kube: @@ -86,4 +86,4 @@ kubectl: "{{ bin_dir }}/kubectl" filename: "{{ kube_config_dir }}/addons/cert_manager/clusterissuer-cert-manager.yml" state: "latest" - when: inventory_hostname == groups['kube-master'][0] and cert_manager_clusterissuer_manifest is succeeded + when: inventory_hostname == groups['kube_control_plane'][0] and cert_manager_clusterissuer_manifest is succeeded diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml index b8c575817..05d35b3ac 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml @@ -8,7 +8,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: NGINX Ingress Controller | Templates list set_fact: @@ -38,7 +38,7 @@ with_items: "{{ ingress_nginx_templates }}" register: ingress_nginx_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: NGINX Ingress Controller | Apply manifests kube: @@ -50,4 +50,4 @@ state: "latest" with_items: "{{ ingress_nginx_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml index e0f8e9a12..a3b1f1dfe 100644 --- a/roles/kubernetes-apps/meta/main.yml +++ b/roles/kubernetes-apps/meta/main.yml @@ -2,7 +2,7 @@ dependencies: - role: kubernetes-apps/ansible when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - role: kubernetes-apps/helm when: @@ -13,21 +13,21 @@ dependencies: - role: kubernetes-apps/registry when: - registry_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - registry - role: kubernetes-apps/metrics_server when: - metrics_server_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - metrics_server - role: kubernetes-apps/csi_driver/csi_crd when: - cinder_csi_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - csi-driver @@ -69,19 +69,19 @@ dependencies: - role: kubernetes-apps/persistent_volumes when: - persistent_volumes_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - persistent_volumes - role: kubernetes-apps/snapshots - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: - snapshots - csi-driver - role: kubernetes-apps/container_runtimes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - container-runtimes @@ -94,13 +94,13 @@ dependencies: when: - cloud_provider is defined - cloud_provider == "oci" - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - oci - role: kubernetes-apps/metallb when: - metallb_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - metallb diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml index 5d3c58d6e..990500c28 100644 --- a/roles/kubernetes-apps/metallb/tasks/main.yml +++ b/roles/kubernetes-apps/metallb/tasks/main.yml @@ -22,7 +22,7 @@ register: apparmor_status when: - podsecuritypolicy_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] failed_when: false - name: Kubernetes Apps | Set apparmor_enabled @@ -30,7 +30,7 @@ apparmor_enabled: "{{ apparmor_status.rc == 0 }}" when: - podsecuritypolicy_enabled - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: "Kubernetes Apps | Lay Down MetalLB" become: true @@ -38,7 +38,7 @@ with_items: ["metallb.yml", "metallb-config.yml"] register: "rendering" when: - - "inventory_hostname == groups['kube-master'][0]" + - "inventory_hostname == groups['kube_control_plane'][0]" - name: "Kubernetes Apps | Install and configure MetalLB" kube: @@ -49,7 +49,7 @@ become: true with_items: "{{ rendering.results }}" when: - - "inventory_hostname == groups['kube-master'][0]" + - "inventory_hostname == groups['kube_control_plane'][0]" - name: Kubernetes Apps | Check existing secret of MetalLB command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf -n metallb-system get secret memberlist" @@ -57,18 +57,18 @@ become: true ignore_errors: yes when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Apps | Create random bytes for MetalLB command: "openssl rand -base64 32" register: metallb_rand when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - metallb_secret.rc != 0 - name: Kubernetes Apps | Install secret of MetalLB if not existing command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf -n metallb-system create secret generic memberlist --from-literal=secretkey={{ metallb_rand.stdout }}" become: true when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - metallb_secret.rc != 0 diff --git a/roles/kubernetes-apps/metrics_server/tasks/main.yml b/roles/kubernetes-apps/metrics_server/tasks/main.yml index d7dc45443..c3be4b830 100644 --- a/roles/kubernetes-apps/metrics_server/tasks/main.yml +++ b/roles/kubernetes-apps/metrics_server/tasks/main.yml @@ -2,14 +2,14 @@ # If all masters have node role, there are no tainted master and toleration should not be specified. - name: Check all masters are node or not set_fact: - masters_are_not_tainted: "{{ groups['kube-node'] | intersect(groups['kube-master']) == groups['kube-master'] }}" + masters_are_not_tainted: "{{ groups['kube-node'] | intersect(groups['kube_control_plane']) == groups['kube_control_plane'] }}" - name: Metrics Server | Delete addon dir file: path: "{{ kube_config_dir }}/addons/metrics_server" state: absent when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] tags: - upgrade @@ -21,7 +21,7 @@ group: root mode: 0755 when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Metrics Server | Templates list set_fact: @@ -43,7 +43,7 @@ with_items: "{{ metrics_server_templates }}" register: metrics_server_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Metrics Server | Apply manifests kube: @@ -54,4 +54,4 @@ state: "latest" with_items: "{{ metrics_server_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml index b495106b1..db7e3f268 100644 --- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml @@ -8,4 +8,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ canal_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped diff --git a/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml b/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml index 1baaa1ce6..d3d6ceec5 100644 --- a/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml @@ -8,7 +8,7 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ cilium_node_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped - name: Cilium | Wait for pods to run command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601 @@ -17,4 +17,4 @@ retries: 30 delay: 10 ignore_errors: yes - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml b/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml index 3ed49db81..ff56d2461 100644 --- a/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml @@ -8,7 +8,7 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ flannel_node_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped - name: Flannel | Wait for flannel subnet.env file presence wait_for: diff --git a/roles/kubernetes-apps/network_plugin/kube-ovn/tasks/main.yml b/roles/kubernetes-apps/network_plugin/kube-ovn/tasks/main.yml index 56d21717c..9f4250183 100644 --- a/roles/kubernetes-apps/network_plugin/kube-ovn/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/kube-ovn/tasks/main.yml @@ -6,4 +6,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ kube_ovn_node_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped diff --git a/roles/kubernetes-apps/network_plugin/kube-router/tasks/main.yml b/roles/kubernetes-apps/network_plugin/kube-router/tasks/main.yml index 8694e496f..3e483bf7f 100644 --- a/roles/kubernetes-apps/network_plugin/kube-router/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/kube-router/tasks/main.yml @@ -8,7 +8,7 @@ resource: "ds" namespace: "kube-system" state: "latest" - delegate_to: "{{ groups['kube-master'] | first }}" + delegate_to: "{{ groups['kube_control_plane'] | first }}" run_once: true - name: kube-router | Wait for kube-router pods to be ready @@ -18,6 +18,6 @@ retries: 30 delay: 10 ignore_errors: yes - delegate_to: "{{ groups['kube-master'] | first }}" + delegate_to: "{{ groups['kube_control_plane'] | first }}" run_once: true changed_when: false diff --git a/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml b/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml index eb4965028..232d3e403 100644 --- a/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml @@ -8,4 +8,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ multus_manifest_1.results }} + {{ multus_manifest_2.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped diff --git a/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml b/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml index 1262ee6b9..987ff2949 100644 --- a/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml @@ -6,4 +6,4 @@ filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ ovn4nfv_node_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] and not item is skipped + when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml index daeea97b0..bc0f932d8 100644 --- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml @@ -8,7 +8,7 @@ resource: "ds" namespace: "kube-system" state: "latest" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Weave | Wait for Weave to become available uri: @@ -18,4 +18,4 @@ retries: 180 delay: 5 until: "weave_status.status == 200 and 'Status: ready' in weave_status.content" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml index 006c35d1e..7588c1f72 100644 --- a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Persistent Volumes | Add AWS EBS CSI Storage Class kube: @@ -15,5 +15,5 @@ filename: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - manifests.changed diff --git a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml index 04cca7618..04ac99ef8 100644 --- a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Persistent Volumes | Add Azure CSI Storage Class kube: @@ -15,5 +15,5 @@ filename: "{{ kube_config_dir }}/azure-csi-storage-class.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - manifests.changed diff --git a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml index f94f8ca3e..c8ca8bc15 100644 --- a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Persistent Volumes | Add Cinder CSI Storage Class kube: @@ -15,5 +15,5 @@ filename: "{{ kube_config_dir }}/cinder-csi-storage-class.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - manifests.changed diff --git a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml index f1935e76b..d85e68fb4 100644 --- a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Persistent Volumes | Add GCP PD CSI Storage Class kube: @@ -15,5 +15,5 @@ filename: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - manifests.changed diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml index 629c6add7..cc42224e1 100644 --- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/openstack-storage-class.yml" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class kube: @@ -15,5 +15,5 @@ filename: "{{ kube_config_dir }}/openstack-storage-class.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - manifests.changed diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml index bbd39d63f..10f13893d 100644 --- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml +++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml @@ -19,7 +19,7 @@ - {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding} register: calico_kube_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - rbac_enabled or item.type not in rbac_resources - name: Start of Calico kube controllers @@ -33,7 +33,7 @@ with_items: - "{{ calico_kube_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml index aa3676498..6b8b5e7bc 100644 --- a/roles/kubernetes-apps/registry/tasks/main.yml +++ b/roles/kubernetes-apps/registry/tasks/main.yml @@ -38,7 +38,7 @@ dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}" with_items: "{{ registry_templates }}" register: registry_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Registry | Apply manifests kube: @@ -49,7 +49,7 @@ filename: "{{ kube_config_dir }}/addons/registry/{{ item.item.file }}" state: "latest" with_items: "{{ registry_manifests.results }}" - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Registry | Create PVC manifests template: @@ -61,7 +61,7 @@ when: - registry_storage_class != none and registry_storage_class - registry_disk_size != none and registry_disk_size - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Registry | Apply PVC manifests kube: @@ -75,4 +75,4 @@ when: - registry_storage_class != none and registry_storage_class - registry_disk_size != none and registry_disk_size - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml index 32940af08..b979501cd 100644 --- a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml +++ b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/cinder-csi-snapshot-class.yml" register: manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kubernetes Snapshots | Add Cinder CSI Snapshot Class kube: @@ -13,5 +13,5 @@ filename: "{{ kube_config_dir }}/cinder-csi-snapshot-class.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - manifests.changed diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml index feeee4a41..58f9c2ca2 100644 --- a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml +++ b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml @@ -7,7 +7,7 @@ - {name: rbac-snapshot-controller, file: rbac-snapshot-controller.yml} - {name: snapshot-controller, file: snapshot-controller.yml} register: snapshot_controller_manifests - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] tags: snapshot-controller - name: Snapshot Controller | Apply Manifests @@ -18,7 +18,7 @@ with_items: - "{{ snapshot_controller_manifests.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" diff --git a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml index 234fa9bff..b88f57c3c 100644 --- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml +++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml @@ -28,7 +28,7 @@ kube_encrypt_token: "{{ kube_encrypt_token_extracted }}" delegate_to: "{{ item }}" delegate_facts: true - with_inventory_hostnames: kube-master + with_inventory_hostnames: kube_control_plane when: kube_encrypt_token_extracted is defined - name: Write secrets for encrypting secret data at rest diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml index 6f961f2bc..1af7f0c6e 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml @@ -18,15 +18,15 @@ --upload-certs register: kubeadm_upload_cert when: - - inventory_hostname == groups['kube-master']|first + - inventory_hostname == groups['kube_control_plane']|first - name: Parse certificate key if not set set_fact: - kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}" + kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}" run_once: yes when: - - hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is defined - - hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is not skipped + - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is defined + - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is not skipped - name: Create kubeadm ControlPlane config template: @@ -35,7 +35,7 @@ mode: 0640 backup: yes when: - - inventory_hostname != groups['kube-master']|first + - inventory_hostname != groups['kube_control_plane']|first - not kubeadm_already_run.stat.exists - name: Wait for k8s apiserver @@ -64,5 +64,5 @@ throttle: 1 until: kubeadm_join_control_plane is succeeded when: - - inventory_hostname != groups['kube-master']|first + - inventory_hostname != groups['kube_control_plane']|first - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index 5a51a24be..ba214dcc3 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -25,7 +25,7 @@ - name: kubeadm | aggregate all SANs set_fact: - apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}" + apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}" vars: sans_base: - "kubernetes" @@ -38,12 +38,12 @@ sans_lb: "{{ [apiserver_loadbalancer_domain_name] if apiserver_loadbalancer_domain_name is defined else [] }}" sans_lb_ip: "{{ [loadbalancer_apiserver.address] if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined else [] }}" sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}" - sans_access_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}" - sans_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}" - sans_address: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}" + sans_access_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}" + sans_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}" + sans_address: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}" sans_override: "{{ [kube_override_hostname] if kube_override_hostname else [] }}" - sans_hostname: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}" - sans_fqdn: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}" + sans_hostname: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}" + sans_fqdn: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}" tags: facts - name: Create audit-policy directory @@ -86,7 +86,7 @@ register: apiserver_sans_check changed_when: "'does match certificate' not in apiserver_sans_check.stdout" when: - - inventory_hostname == groups['kube-master']|first + - inventory_hostname == groups['kube_control_plane']|first - kubeadm_already_run.stat.exists - name: kubeadm | regenerate apiserver cert 1/2 @@ -97,7 +97,7 @@ - apiserver.crt - apiserver.key when: - - inventory_hostname == groups['kube-master']|first + - inventory_hostname == groups['kube_control_plane']|first - kubeadm_already_run.stat.exists - apiserver_sans_check.changed @@ -107,7 +107,7 @@ init phase certs apiserver --config={{ kube_config_dir }}/kubeadm-config.yaml when: - - inventory_hostname == groups['kube-master']|first + - inventory_hostname == groups['kube_control_plane']|first - kubeadm_already_run.stat.exists - apiserver_sans_check.changed @@ -123,7 +123,7 @@ # Retry is because upload config sometimes fails retries: 3 until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr - when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists + when: inventory_hostname == groups['kube_control_plane']|first and not kubeadm_already_run.stat.exists failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr environment: PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" @@ -132,7 +132,7 @@ - name: set kubeadm certificate key set_fact: kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)','\\1') | first }}" - with_items: "{{ hostvars[groups['kube-master'][0]]['kubeadm_init'].stdout_lines | default([]) }}" + with_items: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_init'].stdout_lines | default([]) }}" when: - kubeadm_certificate_key is not defined - (item | trim) is match('.*--certificate-key.*') @@ -143,7 +143,7 @@ {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }} changed_when: false when: - - inventory_hostname == groups['kube-master']|first + - inventory_hostname == groups['kube_control_plane']|first - kubeadm_token is defined - kubeadm_refresh_token tags: @@ -156,7 +156,7 @@ retries: 5 delay: 5 until: temp_token is succeeded - delegate_to: "{{ groups['kube-master'] | first }}" + delegate_to: "{{ groups['kube_control_plane'] | first }}" when: kubeadm_token is not defined tags: - kubeadm_token @@ -180,7 +180,7 @@ # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. - name: kubeadm | Remove taint for master with node role command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} {{ item }}" - delegate_to: "{{ groups['kube-master'] | first }}" + delegate_to: "{{ groups['kube_control_plane'] | first }}" with_items: - "node-role.kubernetes.io/master:NoSchedule-" - "node-role.kubernetes.io/control-plane:NoSchedule-" diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index 39fb4f3f9..0570ee9d0 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -3,7 +3,7 @@ uri: url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz" validate_certs: false - when: inventory_hostname in groups['kube-master'] + when: inventory_hostname in groups['kube_control_plane'] register: _result retries: 60 delay: 5 @@ -23,7 +23,7 @@ # Retry is because upload config sometimes fails retries: 3 until: kubeadm_upgrade.rc == 0 - when: inventory_hostname == groups['kube-master']|first + when: inventory_hostname == groups['kube_control_plane']|first failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr environment: PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" @@ -40,7 +40,7 @@ --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }} --force register: kubeadm_upgrade - when: inventory_hostname != groups['kube-master']|first + when: inventory_hostname != groups['kube_control_plane']|first failed_when: - kubeadm_upgrade.rc != 0 - '"field is immutable" not in kubeadm_upgrade.stderr' diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 index 3c5e0c18f..825d983c6 100644 --- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 +++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 @@ -3,7 +3,7 @@ Description=Timer to renew K8S control plane certificates [Timer] # First Monday of each month -OnCalendar=Mon *-*-1..7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00 +OnCalendar=Mon *-*-1..7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00 [Install] WantedBy=multi-user.target diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 index 50025330a..c0c6e5439 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 @@ -16,7 +16,7 @@ nodeRegistration: {% if kube_override_hostname|default('') %} name: {{ kube_override_hostname }} {% endif %} -{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %} +{% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube-node'] %} taints: - effect: NoSchedule key: node-role.kubernetes.io/master diff --git a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml index b5c0f2552..787613e60 100644 --- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml +++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml @@ -1,7 +1,7 @@ --- - name: Parse certificate key if not set set_fact: - kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_certificate_key'] }}" + kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_certificate_key'] }}" when: kubeadm_certificate_key is undefined - name: Pull control plane certs down diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 148226e6d..5cb654320 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -25,7 +25,7 @@ get_checksum: no get_mime: no register: kubeadm_ca_stat - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true - name: Calculate kubeadm CA cert hash @@ -36,14 +36,14 @@ when: - kubeadm_ca_stat.stat is defined - kubeadm_ca_stat.stat.exists - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true changed_when: false - name: Create kubeadm token for joining nodes with 24h expiration (default) command: "{{ bin_dir }}/kubeadm token create" register: temp_token - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: kubeadm_token is not defined changed_when: false @@ -118,7 +118,7 @@ args: executable: /bin/bash run_once: true - delegate_to: "{{ groups['kube-master']|first }}" + delegate_to: "{{ groups['kube_control_plane']|first }}" delegate_facts: false when: - kubeadm_config_api_fqdn is not defined @@ -138,7 +138,7 @@ - name: Restart all kube-proxy pods to ensure that they load the new configmap command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0" run_once: true - delegate_to: "{{ groups['kube-master']|first }}" + delegate_to: "{{ groups['kube_control_plane']|first }}" delegate_facts: false when: - kubeadm_config_api_fqdn is not defined @@ -151,6 +151,6 @@ include_tasks: kubeadm_etcd_node.yml when: - etcd_kubeadm_enabled - - inventory_hostname not in groups['kube-master'] + - inventory_hostname not in groups['kube_control_plane'] - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin != "calico" or calico_datastore == "etcd" diff --git a/roles/kubernetes/node-label/tasks/main.yml b/roles/kubernetes/node-label/tasks/main.yml index 9522d29b5..d01fda835 100644 --- a/roles/kubernetes/node-label/tasks/main.yml +++ b/roles/kubernetes/node-label/tasks/main.yml @@ -9,7 +9,7 @@ until: result.status == 200 retries: 10 delay: 6 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Set role node label to empty list set_fact: @@ -42,6 +42,6 @@ command: >- {{ bin_dir }}/kubectl label node {{ kube_override_hostname | default(inventory_hostname) }} {{ item }} --overwrite=true loop: "{{ role_node_labels + inventory_node_labels }}" - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" changed_when: false ... diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index f7deae705..c24a1fedc 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -8,7 +8,7 @@ tags: - kubeadm when: - - not inventory_hostname in groups['kube-master'] + - not inventory_hostname in groups['kube_control_plane'] - name: install | Copy kubelet binary from download dir copy: diff --git a/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2 b/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2 index ef3269fc8..1d5d7d945 100644 --- a/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2 +++ b/roles/kubernetes/node/templates/loadbalancer/haproxy.cfg.j2 @@ -38,6 +38,6 @@ backend kube_api_backend default-server inter 15s downinter 15s rise 2 fall 2 slowstart 60s maxconn 1000 maxqueue 256 weight 100 option httpchk GET /healthz http-check expect status 200 - {% for host in groups['kube-master'] -%} + {% for host in groups['kube_control_plane'] -%} server {{ host }} {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }} check check-ssl verify none {% endfor -%} diff --git a/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2 b/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2 index 6361a6f39..38e34aa40 100644 --- a/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2 +++ b/roles/kubernetes/node/templates/loadbalancer/nginx.conf.j2 @@ -13,7 +13,7 @@ events { stream { upstream kube_apiserver { least_conn; - {% for host in groups['kube-master'] -%} + {% for host in groups['kube_control_plane'] -%} server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }}; {% endfor -%} } diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml index ec78c50b6..6325ac336 100644 --- a/roles/kubernetes/preinstall/handlers/main.yml +++ b/roles/kubernetes/preinstall/handlers/main.yml @@ -55,7 +55,7 @@ get_checksum: no get_mime: no register: kube_apiserver_set - when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' + when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' # FIXME(mattymo): Also restart for kubeadm mode - name: Preinstall | kube-controller configured @@ -65,13 +65,13 @@ get_checksum: no get_mime: no register: kube_controller_set - when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' + when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' - name: Preinstall | restart kube-controller-manager docker shell: "{{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f" when: - container_manager == "docker" - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' - kube_controller_set.stat.exists @@ -80,7 +80,7 @@ shell: "{{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'" when: - container_manager in ['crio', 'containerd'] - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' - kube_controller_set.stat.exists @@ -89,7 +89,7 @@ shell: "{{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-apiserver* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f" when: - container_manager == "docker" - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' @@ -97,7 +97,7 @@ shell: "{{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'" when: - container_manager in ['crio', 'containerd'] - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index fe18b23fe..c2bc22555 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -1,9 +1,9 @@ --- -- name: Stop if either kube-master or kube-node group is empty +- name: Stop if either kube_control_plane or kube-node group is empty assert: that: "groups.get('{{ item }}')" with_items: - - kube-master + - kube_control_plane - kube-node run_once: true when: not ignore_assert_errors @@ -79,7 +79,7 @@ that: ansible_memtotal_mb >= minimal_master_memory_mb when: - not ignore_assert_errors - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - name: Stop if memory is too small for nodes assert: @@ -136,7 +136,7 @@ assert: that: rbac_enabled and kube_api_anonymous_auth when: - - kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube-master'] + - kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube_control_plane'] - not ignore_assert_errors - name: Stop if kernel version is too low @@ -193,7 +193,7 @@ - kube_network_plugin == 'calico' - 'calico_version_on_server.stdout is defined' - calico_version_on_server.stdout - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] run_once: yes - name: "Check that cluster_id is set if calico_rr enabled" @@ -204,7 +204,7 @@ when: - kube_network_plugin == 'calico' - peer_with_calico_rr - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] run_once: yes - name: "Check that calico_rr nodes are in k8s-cluster group" diff --git a/roles/kubernetes/tokens/tasks/check-tokens.yml b/roles/kubernetes/tokens/tasks/check-tokens.yml index c8fe3812f..ae75f0d04 100644 --- a/roles/kubernetes/tokens/tasks/check-tokens.yml +++ b/roles/kubernetes/tokens/tasks/check-tokens.yml @@ -5,7 +5,7 @@ get_attributes: no get_checksum: yes get_mime: no - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" register: known_tokens_master run_once: true @@ -32,7 +32,7 @@ set_fact: sync_tokens: >- {%- set tokens = {'sync': False} -%} - {%- for server in groups['kube-master'] | intersect(ansible_play_batch) + {%- for server in groups['kube_control_plane'] | intersect(ansible_play_batch) if (not hostvars[server].known_tokens.stat.exists) or (hostvars[server].known_tokens.stat.checksum|default('') != known_tokens_master.stat.checksum|default('')) -%} {%- set _ = tokens.update({'sync': True}) -%} diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml index 2b94ce4f3..40d4910d2 100644 --- a/roles/kubernetes/tokens/tasks/gen_tokens.yml +++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml @@ -5,7 +5,7 @@ dest: "{{ kube_script_dir }}/kube-gen-token.sh" mode: 0700 run_once: yes - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens|default(false) - name: Gen_tokens | generate tokens for master components @@ -14,11 +14,11 @@ TOKEN_DIR: "{{ kube_token_dir }}" with_nested: - [ "system:kubectl" ] - - "{{ groups['kube-master'] }}" + - "{{ groups['kube_control_plane'] }}" register: gentoken_master changed_when: "'Added' in gentoken_master.stdout" run_once: yes - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens|default(false) - name: Gen_tokens | generate tokens for node components @@ -31,14 +31,14 @@ register: gentoken_node changed_when: "'Added' in gentoken_node.stdout" run_once: yes - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens|default(false) - name: Gen_tokens | Get list of tokens from first master command: "find {{ kube_token_dir }} -maxdepth 1 -type f" register: tokens_list check_mode: no - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: sync_tokens|default(false) @@ -49,7 +49,7 @@ executable: /bin/bash register: tokens_data check_mode: no - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: sync_tokens|default(false) @@ -58,7 +58,7 @@ args: executable: /bin/bash when: - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - sync_tokens|default(false) - - inventory_hostname != groups['kube-master'][0] + - inventory_hostname != groups['kube_control_plane'][0] - tokens_data.stdout diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 3b66cab84..782e15d40 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -447,11 +447,11 @@ ssl_ca_dirs: |- ] # Vars for pointing to kubernetes api endpoints -is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}" -kube_apiserver_count: "{{ groups['kube-master'] | length }}" +is_kube_master: "{{ inventory_hostname in groups['kube_control_plane'] }}" +kube_apiserver_count: "{{ groups['kube_control_plane'] | length }}" kube_apiserver_address: "{{ ip | default(fallback_ips[inventory_hostname]) }}" kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}" -first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(fallback_ips[groups['kube-master'][0]])) }}" +first_kube_master: "{{ hostvars[groups['kube_control_plane'][0]]['access_ip'] | default(hostvars[groups['kube_control_plane'][0]]['ip'] | default(fallback_ips[groups['kube_control_plane'][0]])) }}" loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}" loadbalancer_apiserver_type: "nginx" # applied if only external loadbalancer_apiserver is defined, otherwise ignored @@ -483,7 +483,7 @@ kube_apiserver_client_key: "{{ kube_cert_dir }}/ca.key" etcd_events_cluster_enabled: false # etcd group can be empty when kubeadm manages etcd -etcd_hosts: "{{ groups['etcd'] | default(groups['kube-master']) }}" +etcd_hosts: "{{ groups['etcd'] | default(groups['kube_control_plane']) }}" # Vars for pointing to etcd endpoints is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}" diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml index 954418537..984bb50a2 100644 --- a/roles/kubespray-defaults/tasks/no_proxy.yml +++ b/roles/kubespray-defaults/tasks/no_proxy.yml @@ -7,7 +7,7 @@ {{ loadbalancer_apiserver.address | default('') }}, {%- endif -%} {%- if no_proxy_exclude_workers | default(false) -%} - {% set cluster_or_master = 'kube-master' %} + {% set cluster_or_master = 'kube_control_plane' %} {%- else -%} {% set cluster_or_master = 'k8s-cluster' %} {%- endif -%} diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 78e4cb881..a0a656707 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -43,7 +43,7 @@ changed_when: False register: calico run_once: True - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Set calico_pool_conf" set_fact: diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index c4831cbbc..d214b29b5 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -39,7 +39,7 @@ include_tasks: typha_certs.yml when: - typha_secure - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Calico | Install calicoctl wrapper script template: @@ -74,14 +74,14 @@ delay: "{{ retry_stagger | random + 3 }}" changed_when: false when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Calico | Ensure that calico_pool_cidr is within kube_pods_subnet when defined assert: that: "[calico_pool_cidr] | ipaddr(kube_pods_subnet) | length == 1" msg: "{{ calico_pool_cidr }} is not within or equal to {{ kube_pods_subnet }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - 'calico_conf.stdout == "0"' - calico_pool_cidr is defined @@ -97,7 +97,7 @@ delay: "{{ retry_stagger | random + 3 }}" changed_when: false when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - enable_dual_stack_networks - name: Calico | Ensure that calico_pool_cidr_ipv6 is within kube_pods_subnet_ipv6 when defined @@ -105,7 +105,7 @@ that: "[calico_pool_cidr_ipv6] | ipaddr(kube_pods_subnet_ipv6) | length == 1" msg: "{{ calico_pool_cidr_ipv6 }} is not within or equal to {{ kube_pods_subnet_ipv6 }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0" - calico_pool_cidr_ipv6 is defined - enable_dual_stack_networks @@ -134,9 +134,9 @@ filename: "{{ kube_config_dir }}/kdd-crds.yml" state: "latest" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] when: - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - calico_datastore == "kdd" - name: Calico | Configure calico network pool @@ -157,7 +157,7 @@ "vxlanMode": "{{ calico_vxlan_mode }}", "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - 'calico_conf.stdout == "0"' - name: Calico | Configure calico ipv6 network pool (version >= v3.3.0) @@ -176,7 +176,7 @@ "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}", "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }} when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0" - calico_version is version("v3.3.0", ">=") - enable_dual_stack_networks | bool @@ -214,7 +214,7 @@ "serviceExternalIPs": {{ _service_external_ips|default([]) }} }} changed_when: false when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Calico | Configure peering with router(s) at global scope command: @@ -238,7 +238,7 @@ with_items: - "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - peer_with_router|default(false) - name: Calico | Configure peering with route reflectors at global scope @@ -264,7 +264,7 @@ with_items: - "{{ groups['calico-rr'] | default([]) }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - peer_with_calico_rr|default(false) - name: Calico | Configure route reflectors to peer with each other @@ -290,7 +290,7 @@ with_items: - "{{ groups['calico-rr'] | default([]) }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - peer_with_calico_rr|default(false) - name: Calico | Create calico manifests @@ -305,7 +305,7 @@ - {name: calico, file: calico-crb.yml, type: clusterrolebinding} register: calico_node_manifests when: - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - rbac_enabled or item.type not in rbac_resources - name: Calico | Create calico manifests for typha @@ -316,7 +316,7 @@ - {name: calico, file: calico-typha.yml, type: typha} register: calico_node_typha_manifest when: - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - typha_enabled and calico_datastore == "kdd" - name: Start Calico resources @@ -331,7 +331,7 @@ - "{{ calico_node_manifests.results }}" - "{{ calico_node_typha_manifest.results }}" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not item is skipped loop_control: label: "{{ item.item.file }}" @@ -340,7 +340,7 @@ wait_for: path: /etc/cni/net.d/calico-kubeconfig when: - - inventory_hostname not in groups['kube-master'] + - inventory_hostname not in groups['kube_control_plane'] - calico_datastore == "kdd" - name: Calico | Configure node asNumber for per node peering diff --git a/roles/network_plugin/calico/tasks/pre.yml b/roles/network_plugin/calico/tasks/pre.yml index 517218a88..e3ca15065 100644 --- a/roles/network_plugin/calico/tasks/pre.yml +++ b/roles/network_plugin/calico/tasks/pre.yml @@ -22,6 +22,6 @@ args: executable: /bin/bash register: calico_kubelet_name - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: - "cloud_provider is defined" diff --git a/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 index e6e4ec6e8..a6c080cf4 100644 --- a/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 +++ b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 @@ -1,6 +1,6 @@ #!/bin/bash DATASTORE_TYPE=kubernetes \ -{% if inventory_hostname in groups['kube-master'] %} +{% if inventory_hostname in groups['kube_control_plane'] %} KUBECONFIG=/etc/kubernetes/admin.conf \ {% else %} KUBECONFIG=/etc/cni/net.d/calico-kubeconfig \ diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index 982182446..320c20ad3 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -59,7 +59,7 @@ - {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding} register: canal_manifests when: - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - name: Canal | Install calicoctl wrapper script template: diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml index 7a8750d5d..1470d2d97 100644 --- a/roles/network_plugin/cilium/tasks/install.yml +++ b/roles/network_plugin/cilium/tasks/install.yml @@ -39,7 +39,7 @@ - {name: cilium, file: cilium-sa.yml, type: sa} register: cilium_node_manifests when: - - inventory_hostname in groups['kube-master'] + - inventory_hostname in groups['kube_control_plane'] - name: Cilium | Enable portmap addon template: diff --git a/roles/network_plugin/cilium/tasks/main.yml b/roles/network_plugin/cilium/tasks/main.yml index 515536094..c3bee558e 100644 --- a/roles/network_plugin/cilium/tasks/main.yml +++ b/roles/network_plugin/cilium/tasks/main.yml @@ -1,4 +1,4 @@ --- - import_tasks: check.yml -- include_tasks: install.yml \ No newline at end of file +- include_tasks: install.yml diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml index 115743ace..8db000c30 100644 --- a/roles/network_plugin/flannel/tasks/main.yml +++ b/roles/network_plugin/flannel/tasks/main.yml @@ -8,4 +8,4 @@ - {name: kube-flannel, file: cni-flannel.yml, type: ds} register: flannel_node_manifests when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/network_plugin/kube-ovn/tasks/main.yml b/roles/network_plugin/kube-ovn/tasks/main.yml index c416f120a..2efafa4cd 100644 --- a/roles/network_plugin/kube-ovn/tasks/main.yml +++ b/roles/network_plugin/kube-ovn/tasks/main.yml @@ -1,9 +1,9 @@ --- - name: Kube-OVN | Label ovn-db node command: >- - {{ bin_dir }}/kubectl label --overwrite node {{ groups['kube-master'] | first }} kube-ovn/role=master + {{ bin_dir }}/kubectl label --overwrite node {{ groups['kube_control_plane'] | first }} kube-ovn/role=master when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: Kube-OVN | Create Kube-OVN manifests template: diff --git a/roles/network_plugin/kube-router/tasks/annotate.yml b/roles/network_plugin/kube-router/tasks/annotate.yml index 6b8719e8a..6be517bc4 100644 --- a/roles/network_plugin/kube-router/tasks/annotate.yml +++ b/roles/network_plugin/kube-router/tasks/annotate.yml @@ -1,21 +1,21 @@ --- -- name: kube-router | Add annotations on kube-master +- name: kube-router | Add annotations on kube_control_plane command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}" with_items: - "{{ kube_router_annotations_master }}" - delegate_to: "{{ groups['kube-master'][0] }}" - when: kube_router_annotations_master is defined and inventory_hostname in groups['kube-master'] + delegate_to: "{{ groups['kube_control_plane'][0] }}" + when: kube_router_annotations_master is defined and inventory_hostname in groups['kube_control_plane'] - name: kube-router | Add annotations on kube-node command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}" with_items: - "{{ kube_router_annotations_node }}" - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: kube_router_annotations_node is defined and inventory_hostname in groups['kube-node'] - name: kube-router | Add common annotations on all servers command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}" with_items: - "{{ kube_router_annotations_all }}" - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: kube_router_annotations_all is defined and inventory_hostname in groups['k8s-cluster'] diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml index 48d8abe32..f107eed64 100644 --- a/roles/network_plugin/kube-router/tasks/main.yml +++ b/roles/network_plugin/kube-router/tasks/main.yml @@ -55,5 +55,5 @@ template: src: kube-router.yml.j2 dest: "{{ kube_config_dir }}/kube-router.yml" - delegate_to: "{{ groups['kube-master'] | first }}" + delegate_to: "{{ groups['kube_control_plane'] | first }}" run_once: true diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml index 45f877f6f..191df8cef 100644 --- a/roles/network_plugin/macvlan/tasks/main.yml +++ b/roles/network_plugin/macvlan/tasks/main.yml @@ -3,7 +3,7 @@ command: "{{ bin_dir }}/kubectl get nodes {{ kube_override_hostname | default(inventory_hostname) }} -o jsonpath='{.spec.podCIDR}'" changed_when: false register: node_pod_cidr_cmd - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Macvlan | set node_pod_cidr set_fact: diff --git a/roles/network_plugin/ovn4nfv/tasks/main.yml b/roles/network_plugin/ovn4nfv/tasks/main.yml index 32a4c2dc5..26dbd32bd 100644 --- a/roles/network_plugin/ovn4nfv/tasks/main.yml +++ b/roles/network_plugin/ovn4nfv/tasks/main.yml @@ -1,9 +1,9 @@ --- - name: ovn4nfv | Label control-plane node command: >- - {{ bin_dir }}/kubectl label --overwrite node {{ groups['kube-master'] | first }} ovn4nfv-k8s-plugin=ovn-control-plane + {{ bin_dir }}/kubectl label --overwrite node {{ groups['kube_control_plane'] | first }} ovn4nfv-k8s-plugin=ovn-control-plane when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - name: ovn4nfv | Create ovn4nfv-k8s manifests template: diff --git a/roles/recover_control_plane/control-plane/tasks/main.yml b/roles/recover_control_plane/control-plane/tasks/main.yml index 5f4b6a922..450e6f36d 100644 --- a/roles/recover_control_plane/control-plane/tasks/main.yml +++ b/roles/recover_control_plane/control-plane/tasks/main.yml @@ -8,22 +8,22 @@ retries: 6 delay: 10 changed_when: false - when: groups['broken_kube-master'] + when: groups['broken_kube_control_plane'] -- name: Delete broken kube-master nodes from cluster +- name: Delete broken kube_control_plane nodes from cluster command: "{{ bin_dir }}/kubectl delete node {{ item }}" environment: - KUBECONFIG: "{{ ansible_env.HOME | default('/root') }}/.kube/config" - with_items: "{{ groups['broken_kube-master'] }}" + with_items: "{{ groups['broken_kube_control_plane'] }}" register: delete_broken_kube_masters failed_when: false - when: groups['broken_kube-master'] + when: groups['broken_kube_control_plane'] -- name: Fail if unable to delete broken kube-master nodes from cluster +- name: Fail if unable to delete broken kube_control_plane nodes from cluster fail: - msg: "Unable to delete broken kube-master node: {{ item.item }}" + msg: "Unable to delete broken kube_control_plane node: {{ item.item }}" loop: "{{ delete_broken_kube_masters.results }}" changed_when: false when: - - groups['broken_kube-master'] + - groups['broken_kube_control_plane'] - "item.rc != 0 and not 'NotFound' in item.stderr" diff --git a/roles/remove-node/post-remove/tasks/main.yml b/roles/remove-node/post-remove/tasks/main.yml index c4660ef87..fd4c6fc58 100644 --- a/roles/remove-node/post-remove/tasks/main.yml +++ b/roles/remove-node/post-remove/tasks/main.yml @@ -1,5 +1,5 @@ --- - name: Delete node # noqa 301 command: "{{ bin_dir }}/kubectl delete node {{ kube_override_hostname|default(inventory_hostname) }}" - delegate_to: "{{ groups['kube-master']|first }}" + delegate_to: "{{ groups['kube_control_plane']|first }}" ignore_errors: yes \ No newline at end of file diff --git a/roles/remove-node/pre-remove/tasks/main.yml b/roles/remove-node/pre-remove/tasks/main.yml index 42316e209..ba9c94531 100644 --- a/roles/remove-node/pre-remove/tasks/main.yml +++ b/roles/remove-node/pre-remove/tasks/main.yml @@ -11,7 +11,7 @@ | jq "select(. | test(\"^{{ hostvars[item]['kube_override_hostname']|default(item) }}$\"))" loop: "{{ node.split(',') | default(groups['kube-node']) }}" register: nodes - delegate_to: "{{ groups['kube-master']|first }}" + delegate_to: "{{ groups['kube_control_plane']|first }}" changed_when: false run_once: true @@ -33,7 +33,7 @@ loop: "{{ nodes_to_drain }}" register: result failed_when: result.rc != 0 and not allow_ungraceful_removal - delegate_to: "{{ groups['kube-master']|first }}" + delegate_to: "{{ groups['kube_control_plane']|first }}" run_once: true until: result.rc == 0 or allow_ungraceful_removal retries: "{{ drain_retries }}" diff --git a/roles/upgrade/post-upgrade/tasks/main.yml b/roles/upgrade/post-upgrade/tasks/main.yml index 5e6309e17..805677f86 100644 --- a/roles/upgrade/post-upgrade/tasks/main.yml +++ b/roles/upgrade/post-upgrade/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Uncordon node command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf uncordon {{ kube_override_hostname|default(inventory_hostname) }}" - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: - needs_cordoning|default(false) diff --git a/roles/upgrade/pre-upgrade/tasks/main.yml b/roles/upgrade/pre-upgrade/tasks/main.yml index bf436d360..d969175e3 100644 --- a/roles/upgrade/pre-upgrade/tasks/main.yml +++ b/roles/upgrade/pre-upgrade/tasks/main.yml @@ -21,7 +21,7 @@ {{ bin_dir }}/kubectl get node {{ kube_override_hostname|default(inventory_hostname) }} -o jsonpath='{ range .status.conditions[?(@.type == "Ready")].status }{ @ }{ end }' register: kubectl_node_ready - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" failed_when: false changed_when: false @@ -32,7 +32,7 @@ {{ bin_dir }}/kubectl get node {{ kube_override_hostname|default(inventory_hostname) }} -o jsonpath='{ .spec.unschedulable }' register: kubectl_node_schedulable - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" failed_when: false changed_when: false @@ -49,12 +49,12 @@ block: - name: Cordon node command: "{{ bin_dir }}/kubectl cordon {{ kube_override_hostname|default(inventory_hostname) }}" - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Check kubectl version command: "{{ bin_dir }}/kubectl version --client --short" register: kubectl_version - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: yes changed_when: false when: @@ -90,6 +90,6 @@ fail: msg: "Failed to drain node {{ inventory_hostname }}" when: upgrade_node_fail_if_drain_fails - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" when: - needs_cordoning diff --git a/scale.yml b/scale.yml index 3e7274837..f6a8578e7 100644 --- a/scale.yml +++ b/scale.yml @@ -2,6 +2,15 @@ - name: Check ansible version import_playbook: ansible_version.yml +- name: Add kube-master nodes to kube_control_plane + # This is for old inventory which contains kube-master instead of kube_control_plane + hosts: kube-master + gather_facts: false + tasks: + - name: add nodes to kube_control_plane group + group_by: + key: 'kube_control_plane' + - hosts: bastion[0] gather_facts: False environment: "{{ proxy_disable_env }}" @@ -32,8 +41,8 @@ - { role: kubespray-defaults } - { role: etcd, tags: etcd, etcd_cluster_setup: false } -- name: Download images to ansible host cache via first kube-master node - hosts: kube-master[0] +- name: Download images to ansible host cache via first kube_control_plane node + hosts: kube_control_plane[0] gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -64,7 +73,7 @@ - { role: kubernetes/node, tags: node } - name: Upload control plane certs and retrieve encryption key - hosts: kube-master | first + hosts: kube_control_plane | first environment: "{{ proxy_disable_env }}" gather_facts: False tags: kubeadm diff --git a/tests/cloud_playbooks/roles/packet-ci/templates/inventory.j2 b/tests/cloud_playbooks/roles/packet-ci/templates/inventory.j2 index b842c97a7..8e59e2f3c 100644 --- a/tests/cloud_playbooks/roles/packet-ci/templates/inventory.j2 +++ b/tests/cloud_playbooks/roles/packet-ci/templates/inventory.j2 @@ -4,6 +4,10 @@ instance-{{ loop.index }} ansible_ssh_host={{instance.stdout}} {% endfor %} {% if mode is defined and mode in ["separate", "separate-scale"] %} +[kube_control_plane] +instance-1 + +# TODO(oomichi): Remove all kube-master groups from this file after releasing v2.16. [kube-master] instance-1 @@ -13,6 +17,10 @@ instance-2 [etcd] instance-3 {% elif mode is defined and mode in ["ha", "ha-scale"] %} +[kube_control_plane] +instance-1 +instance-2 + [kube-master] instance-1 instance-2 @@ -25,6 +33,9 @@ instance-1 instance-2 instance-3 {% elif mode == "default" %} +[kube_control_plane] +instance-1 + [kube-master] instance-1 @@ -34,6 +45,9 @@ instance-2 [etcd] instance-1 {% elif mode == "aio" %} +[kube_control_plane] +instance-1 + [kube-master] instance-1 @@ -46,6 +60,10 @@ instance-1 [vault] instance-1 {% elif mode == "ha-recover" %} +[kube_control_plane] +instance-1 +instance-2 + [kube-master] instance-1 instance-2 @@ -64,6 +82,11 @@ instance-2 [broken_etcd] instance-2 etcd_member_name=etcd3 {% elif mode == "ha-recover-noquorum" %} +[kube_control_plane] +instance-3 +instance-1 +instance-2 + [kube-master] instance-3 instance-1 diff --git a/tests/scripts/testcases_run.sh b/tests/scripts/testcases_run.sh index 9f9870b57..5c27747ce 100755 --- a/tests/scripts/testcases_run.sh +++ b/tests/scripts/testcases_run.sh @@ -65,7 +65,7 @@ fi # Test control plane recovery if [ "${RECOVER_CONTROL_PLANE_TEST}" != "false" ]; then ansible-playbook ${ANSIBLE_LOG_LEVEL} -e @${CI_TEST_REGISTRY_MIRROR} -e @${CI_TEST_VARS} -e local_release_dir=${PWD}/downloads --limit "${RECOVER_CONTROL_PLANE_TEST_GROUPS}:!fake_hosts" -e reset_confirmation=yes reset.yml - ansible-playbook ${ANSIBLE_LOG_LEVEL} -e @${CI_TEST_REGISTRY_MIRROR} -e @${CI_TEST_VARS} -e local_release_dir=${PWD}/downloads -e etcd_retries=10 --limit etcd,kube-master:!fake_hosts recover-control-plane.yml + ansible-playbook ${ANSIBLE_LOG_LEVEL} -e @${CI_TEST_REGISTRY_MIRROR} -e @${CI_TEST_VARS} -e local_release_dir=${PWD}/downloads -e etcd_retries=10 --limit etcd,kube_control_plane:!fake_hosts recover-control-plane.yml fi # Tests Cases diff --git a/tests/templates/inventory-aws.j2 b/tests/templates/inventory-aws.j2 index 3ed86eb96..f5bba6fd7 100644 --- a/tests/templates/inventory-aws.j2 +++ b/tests/templates/inventory-aws.j2 @@ -2,7 +2,7 @@ node1 ansible_ssh_host={{ec2.instances[0].public_ip}} ansible_ssh_user={{ssh_use node2 ansible_ssh_host={{ec2.instances[1].public_ip}} ansible_ssh_user={{ssh_user}} node3 ansible_ssh_host={{ec2.instances[2].public_ip}} ansible_ssh_user={{ssh_user}} -[kube-master] +[kube_control_plane] node1 node2 @@ -21,12 +21,12 @@ node2 [k8s-cluster:children] kube-node -kube-master +kube_control_plane calico-rr [calico-rr] -[broken_kube-master] +[broken_kube_control_plane] node2 [broken_etcd] diff --git a/tests/templates/inventory-do.j2 b/tests/templates/inventory-do.j2 index ab7d95220..f11306ce3 100644 --- a/tests/templates/inventory-do.j2 +++ b/tests/templates/inventory-do.j2 @@ -3,7 +3,7 @@ {% endfor %} {% if mode is defined and mode == "separate" %} -[kube-master] +[kube_control_plane] {{droplets.results[0].droplet.name}} [kube-node] @@ -15,7 +15,7 @@ [vault] {{droplets.results[2].droplet.name}} {% elif mode is defined and mode == "ha" %} -[kube-master] +[kube_control_plane] {{droplets.results[0].droplet.name}} {{droplets.results[1].droplet.name}} @@ -30,13 +30,13 @@ {{droplets.results[1].droplet.name}} {{droplets.results[2].droplet.name}} -[broken_kube-master] +[broken_kube_control_plane] {{droplets.results[1].droplet.name}} [broken_etcd] {{droplets.results[2].droplet.name}} {% else %} -[kube-master] +[kube_control_plane] {{droplets.results[0].droplet.name}} [kube-node] @@ -53,5 +53,5 @@ [k8s-cluster:children] kube-node -kube-master +kube_control_plane calico-rr diff --git a/tests/templates/inventory-gce.j2 b/tests/templates/inventory-gce.j2 index 55f67deec..f78f5a96f 100644 --- a/tests/templates/inventory-gce.j2 +++ b/tests/templates/inventory-gce.j2 @@ -9,7 +9,7 @@ {{node3}} ansible_ssh_host={{gce.instance_data[2].public_ip}} {% endif %} {% if mode is defined and mode in ["separate", "separate-scale"] %} -[kube-master] +[kube_control_plane] {{node1}} [kube-node] @@ -21,7 +21,7 @@ [vault] {{node3}} {% elif mode is defined and mode in ["ha", "ha-scale"] %} -[kube-master] +[kube_control_plane] {{node1}} {{node2}} @@ -38,14 +38,14 @@ {{node2}} {{node3}} -[broken_kube-master] +[broken_kube_control_plane] {{node2}} [etcd] {{node2}} {{node3}} {% elif mode == "default" %} -[kube-master] +[kube_control_plane] {{node1}} [kube-node] @@ -57,7 +57,7 @@ [vault] {{node1}} {% elif mode == "aio" %} -[kube-master] +[kube_control_plane] {{node1}} [kube-node] @@ -72,7 +72,7 @@ [k8s-cluster:children] kube-node -kube-master +kube_control_plane calico-rr [calico-rr] diff --git a/tests/testcases/010_check-apiserver.yml b/tests/testcases/010_check-apiserver.yml index 330e5e6bf..adf0a35c9 100644 --- a/tests/testcases/010_check-apiserver.yml +++ b/tests/testcases/010_check-apiserver.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master +- hosts: kube_control_plane tasks: - name: Check the API servers are responding diff --git a/tests/testcases/015_check-nodes-ready.yml b/tests/testcases/015_check-nodes-ready.yml index b5bf60938..0faa1d46b 100644 --- a/tests/testcases/015_check-nodes-ready.yml +++ b/tests/testcases/015_check-nodes-ready.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] tasks: - name: Force binaries directory for Flatcar Container Linux by Kinvolk diff --git a/tests/testcases/020_check-pods-running.yml b/tests/testcases/020_check-pods-running.yml index 6af07b137..edea22a5c 100644 --- a/tests/testcases/020_check-pods-running.yml +++ b/tests/testcases/020_check-pods-running.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] tasks: - name: Force binaries directory for Flatcar Container Linux by Kinvolk diff --git a/tests/testcases/030_check-network.yml b/tests/testcases/030_check-network.yml index d2ab583db..5b18d6a8b 100644 --- a/tests/testcases/030_check-network.yml +++ b/tests/testcases/030_check-network.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] vars: test_image_repo: busybox test_image_tag: latest diff --git a/tests/testcases/040_check-network-adv.yml b/tests/testcases/040_check-network-adv.yml index a2a53b76a..174c9750c 100644 --- a/tests/testcases/040_check-network-adv.yml +++ b/tests/testcases/040_check-network-adv.yml @@ -37,7 +37,7 @@ until: ncs_pod.stdout.find('Running') != -1 retries: 3 delay: 10 - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Wait for netchecker agents shell: "set -o pipefail && {{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'" @@ -48,12 +48,12 @@ retries: 3 delay: 10 failed_when: false - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Get netchecker pods command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}" run_once: true - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" no_log: false with_items: - netchecker-agent @@ -63,14 +63,14 @@ - debug: var: nca_pod.stdout_lines failed_when: not nca_pod is success - when: inventory_hostname == groups['kube-master'][0] + when: inventory_hostname == groups['kube_control_plane'][0] - name: Get netchecker agents uri: url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/agents/" return_content: yes run_once: true - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" register: agents retries: 18 delay: "{{ agent_report_interval }}" @@ -94,7 +94,7 @@ url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/connectivity_check" status_code: 200 return_content: yes - delegate_to: "{{ groups['kube-master'][0] }}" + delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true register: result retries: 3 @@ -115,13 +115,13 @@ command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy" no_log: false when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not result is success - name: Get logs from other apps command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers" when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - not result is success no_log: false with_items: @@ -184,7 +184,7 @@ }' EOF when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - kube_network_plugin_multus|default(false)|bool - name: Annotate pod with macvlan network @@ -208,7 +208,7 @@ image: dougbtv/centos-network EOF when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - kube_network_plugin_multus|default(false)|bool - name: Check secondary macvlan interface @@ -218,5 +218,5 @@ retries: 90 changed_when: false when: - - inventory_hostname == groups['kube-master'][0] + - inventory_hostname == groups['kube_control_plane'][0] - kube_network_plugin_multus|default(false)|bool diff --git a/tests/testcases/100_check-k8s-conformance.yml b/tests/testcases/100_check-k8s-conformance.yml index 9716b3dac..3830f2ca2 100644 --- a/tests/testcases/100_check-k8s-conformance.yml +++ b/tests/testcases/100_check-k8s-conformance.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] vars: sonobuoy_version: 0.20.0 sonobuoy_arch: amd64 diff --git a/tests/testcases/roles/cluster-dump/tasks/main.yml b/tests/testcases/roles/cluster-dump/tasks/main.yml index 589a712e0..966a13c3d 100644 --- a/tests/testcases/roles/cluster-dump/tasks/main.yml +++ b/tests/testcases/roles/cluster-dump/tasks/main.yml @@ -2,17 +2,17 @@ - name: Generate dump folder command: "{{ bin_dir }}/kubectl cluster-info dump --all-namespaces --output-directory /tmp/cluster-dump" no_log: true - when: inventory_hostname in groups['kube-master'] + when: inventory_hostname in groups['kube_control_plane'] - name: Compress directory cluster-dump archive: path: /tmp/cluster-dump dest: /tmp/cluster-dump.tgz - when: inventory_hostname in groups['kube-master'] + when: inventory_hostname in groups['kube_control_plane'] - name: Fetch dump file fetch: src: /tmp/cluster-dump.tgz dest: "{{ lookup('env', 'CI_PROJECT_DIR') }}/cluster-dump/{{ inventory_hostname }}.tgz" flat: true - when: inventory_hostname in groups['kube-master'] + when: inventory_hostname in groups['kube_control_plane'] diff --git a/upgrade-cluster.yml b/upgrade-cluster.yml index b53668408..6fd30537b 100644 --- a/upgrade-cluster.yml +++ b/upgrade-cluster.yml @@ -2,6 +2,15 @@ - name: Check ansible version import_playbook: ansible_version.yml +- name: Add kube-master nodes to kube_control_plane + # This is for old inventory which contains kube-master instead of kube_control_plane + hosts: kube-master + gather_facts: false + tasks: + - name: add nodes to kube_control_plane group + group_by: + key: 'kube_control_plane' + - hosts: bastion[0] gather_facts: False environment: "{{ proxy_disable_env }}" @@ -26,8 +35,8 @@ tags: always import_playbook: facts.yml -- name: Download images to ansible host cache via first kube-master node - hosts: kube-master[0] +- name: Download images to ansible host cache via first kube_control_plane node + hosts: kube_control_plane[0] gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -84,7 +93,7 @@ - name: Handle upgrades to master components first to maintain backwards compat. gather_facts: False - hosts: kube-master + hosts: kube_control_plane any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" serial: 1 @@ -101,7 +110,7 @@ - { role: upgrade/post-upgrade, tags: post-upgrade } - name: Upgrade calico and external cloud provider on all masters, calico-rrs, and nodes - hosts: kube-master:calico-rr:kube-node + hosts: kube_control_plane:calico-rr:kube-node gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" serial: "{{ serial | default('20%') }}" @@ -114,7 +123,7 @@ - { role: kubernetes-apps/policy_controller, tags: policy-controller } - name: Finally handle worker upgrades, based on given batch size - hosts: kube-node:calico-rr:!kube-master + hosts: kube-node:calico-rr:!kube_control_plane gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -128,7 +137,7 @@ - { role: kubernetes/node-label, tags: node-label } - { role: upgrade/post-upgrade, tags: post-upgrade } -- hosts: kube-master[0] +- hosts: kube_control_plane[0] gather_facts: False any_errors_fatal: true environment: "{{ proxy_disable_env }}" @@ -144,7 +153,7 @@ - { role: kubespray-defaults } - { role: network_plugin/calico/rr, tags: network } -- hosts: kube-master +- hosts: kube_control_plane gather_facts: False any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}"