diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml index 4e8ae57c5..cf1fb1776 100644 --- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml @@ -111,6 +111,13 @@ kube_proxy_nodeport_addresses: >- [] {%- endif -%} +# If non-empty, will use this string as identification instead of the actual hostname +#kube_override_hostname: >- +# {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%} +# {%- else -%} +# {{ inventory_hostname }} +# {%- endif -%} + ## Encrypting Secret Data at Rest (experimental) kube_encrypt_secret_data: false diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml index d9ed537c2..be13b682b 100644 --- a/roles/kubernetes/kubeadm/defaults/main.yml +++ b/roles/kubernetes/kubeadm/defaults/main.yml @@ -1,3 +1,10 @@ --- # discovery_timeout modifies the discovery timeout discovery_timeout: 5m0s + +# If non-empty, will use this string as identification instead of the actual hostname +kube_override_hostname: >- + {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%} + {%- else -%} + {{ inventory_hostname }} + {%- endif -%} diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 index 8bc0a78f0..18420a5ac 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 @@ -15,7 +15,7 @@ discoveryTokenAPIServers: {% endif %} discoveryTokenUnsafeSkipCAVerification: true nodeRegistration: - name: {{ inventory_hostname }} + name: {{ kube_override_hostname }} {% if container_manager == 'crio' %} criSocket: /var/run/crio/crio.sock {% elif container_manager == 'rkt' %} diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 index bc60b6134..dfcdfa6b0 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 @@ -15,7 +15,7 @@ discoveryTokenAPIServers: {% endif %} discoveryTokenUnsafeSkipCAVerification: true nodeRegistration: - name: {{ inventory_hostname }} + name: {{ kube_override_hostname }} {% if container_manager == 'crio' %} criSocket: /var/run/crio/crio.sock {% elif container_manager == 'rkt' %} diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 index f5123204c..36cc01f31 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 @@ -13,7 +13,7 @@ discovery: tlsBootstrapToken: {{ kubeadm_token }} caCertPath: {{ kube_cert_dir }}/ca.crt nodeRegistration: - name: {{ inventory_hostname }} + name: {{ kube_override_hostname }} {% if container_manager == 'crio' %} criSocket: /var/run/crio/crio.sock {% elif container_manager == 'rkt' %} diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 index 89719d08d..948c2c60c 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 @@ -254,6 +254,7 @@ conntrack: tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }} enableProfiling: {{ kube_proxy_enable_profiling }} healthzBindAddress: {{ kube_proxy_healthz_bind_address }} +hostnameOverride: {{ kube_override_hostname }} iptables: masqueradeAll: {{ kube_proxy_masquerade_all }} masqueradeBit: {{ kube_proxy_masquerade_bit }} diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 index 045a13e0c..103389da4 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 @@ -259,6 +259,7 @@ conntrack: tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }} enableProfiling: {{ kube_proxy_enable_profiling }} healthzBindAddress: {{ kube_proxy_healthz_bind_address }} +hostnameOverride: {{ kube_override_hostname }} iptables: masqueradeAll: {{ kube_proxy_masquerade_all }} masqueradeBit: {{ kube_proxy_masquerade_bit }} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 09092ef30..05e7ec96a 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -157,6 +157,13 @@ kube_apiserver_port: 6443 kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_port: 0 +# If non-empty, will use this string as identification instead of the actual hostname +kube_override_hostname: >- + {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%} + {%- else -%} + {{ inventory_hostname }} + {%- endif -%} + # dynamic kubelet configuration dynamic_kubelet_configuration: false diff --git a/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json b/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json deleted file mode 100644 index 0e99a5af9..000000000 --- a/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json +++ /dev/null @@ -1,22 +0,0 @@ -[ - { - "op": "add", - "path": "/spec/template/spec/containers/0/env", - "value": [ - { - "name": "NODE_NAME", - "valueFrom": { - "fieldRef": { - "apiVersion": "v1", - "fieldPath": "spec.nodeName" - } - } - } - ] - }, - { - "op": "add", - "path": "/spec/template/spec/containers/0/command/-", - "value": "--hostname-override=${NODE_NAME}" - } -] diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml index 368ff890c..b2a3ad897 100644 --- a/roles/win_nodes/kubernetes_patch/tasks/main.yml +++ b/roles/win_nodes/kubernetes_patch/tasks/main.yml @@ -7,33 +7,6 @@ recurse: yes tags: [init, cni] -- name: Apply kube-proxy hostnameOverride - block: - - name: Copy kube-proxy daemonset hostnameOverride patch - copy: - src: hostnameOverride-patch.json - dest: "{{ kubernetes_user_manifests_path }}/hostnameOverride-patch.json" - - - name: Check current command for kube-proxy daemonset - shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.containers[0].command}'" - register: current_kube_proxy_command - - - name: Apply hostnameOverride patch for kube-proxy daemonset - shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=json -p \"$(cat hostnameOverride-patch.json)\"" - args: - chdir: "{{ kubernetes_user_manifests_path }}" - register: patch_kube_proxy_command - when: not current_kube_proxy_command.stdout is search("--hostname-override=${NODE_NAME}") - - - debug: msg={{ patch_kube_proxy_command.stdout_lines }} - when: patch_kube_proxy_command is not skipped - - - debug: msg={{ patch_kube_proxy_command.stderr_lines }} - when: patch_kube_proxy_command is not skipped - tags: init - when: - - not kube_proxy_remove - - name: Apply kube-proxy nodeselector block: - name: Copy kube-proxy daemonset nodeselector patch