From 6da385de9d2878650ba049f02d7ea12eb22e21d4 Mon Sep 17 00:00:00 2001 From: Hans Feldt <2808287+hafe@users.noreply.github.com> Date: Thu, 17 Sep 2020 13:34:45 +0200 Subject: [PATCH] Use "kubeadm join" to join masters to control plane (#6661) Remove configuration variable kubeadm_control_plane --- .../group_vars/k8s-cluster/k8s-cluster.yml | 2 - roles/kubernetes/kubeadm/tasks/main.yml | 1 - .../kubernetes/master/defaults/main/main.yml | 3 -- .../master/tasks/kubeadm-secondary-legacy.yml | 44 ------------------- ...experimental.yml => kubeadm-secondary.yml} | 0 .../kubernetes/master/tasks/kubeadm-setup.yml | 9 +--- .../preinstall/tasks/0020-verify-settings.yml | 6 --- roles/kubespray-defaults/defaults/main.yaml | 3 -- ...t_centos7-flannel-containerd-addons-ha.yml | 1 - tests/files/packet_ubuntu16-flannel-ha.yml | 1 - ...et_ubuntu18-flannel-containerd-ha-once.yml | 1 - .../packet_ubuntu18-flannel-containerd-ha.yml | 1 - 12 files changed, 2 insertions(+), 70 deletions(-) delete mode 100644 roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml rename roles/kubernetes/master/tasks/{kubeadm-secondary-experimental.yml => kubeadm-secondary.yml} (100%) diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml index a52834af8..eadae61b5 100644 --- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml @@ -211,8 +211,6 @@ kata_containers_enabled: false kubelet_deployment_type: host helm_deployment_type: host -# Enable kubeadm experimental control plane -kubeadm_control_plane: false kubeadm_certificate_key: "{{ lookup('password', credentials_dir + '/kubeadm_certificate_key.creds length=64 chars=hexdigits') | lower }}" # K8s image pull policy (imagePullPolicy) diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index ae2c0484e..71b3933be 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -163,7 +163,6 @@ include_tasks: kubeadm_etcd_node.yml when: - etcd_kubeadm_enabled - - kubeadm_control_plane - inventory_hostname not in groups['kube-master'] - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin != "calico" or calico_datastore == "etcd" diff --git a/roles/kubernetes/master/defaults/main/main.yml b/roles/kubernetes/master/defaults/main/main.yml index 01fdd2946..0ca43ef36 100644 --- a/roles/kubernetes/master/defaults/main/main.yml +++ b/roles/kubernetes/master/defaults/main/main.yml @@ -2,9 +2,6 @@ # disable upgrade cluster upgrade_cluster_setup: false -# Enable kubeadm experimental control plane -kubeadm_control_plane: false - # Experimental kubeadm etcd deployment mode. Available only for new deployment etcd_kubeadm_enabled: false diff --git a/roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml b/roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml deleted file mode 100644 index 07e0c1a88..000000000 --- a/roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: slurp kubeadm certs - slurp: - src: "{{ item }}" - with_items: - - "{{ kube_cert_dir }}/apiserver.crt" - - "{{ kube_cert_dir }}/apiserver.key" - - "{{ kube_cert_dir }}/apiserver-kubelet-client.crt" - - "{{ kube_cert_dir }}/apiserver-kubelet-client.key" - - "{{ kube_cert_dir }}/ca.crt" - - "{{ kube_cert_dir }}/ca.key" - - "{{ kube_cert_dir }}/front-proxy-ca.crt" - - "{{ kube_cert_dir }}/front-proxy-ca.key" - - "{{ kube_cert_dir }}/front-proxy-client.crt" - - "{{ kube_cert_dir }}/front-proxy-client.key" - - "{{ kube_cert_dir }}/sa.key" - - "{{ kube_cert_dir }}/sa.pub" - register: kubeadm_certs - delegate_to: "{{ groups['kube-master']|first }}" - -- name: kubeadm | write out kubeadm certs - copy: - dest: "{{ item.item }}" - content: "{{ item.content | b64decode }}" - owner: root - group: root - mode: 0640 - no_log: true - register: copy_kubeadm_certs - with_items: "{{ kubeadm_certs.results }}" - when: inventory_hostname != groups['kube-master']|first - -- name: kubeadm | Init other uninitialized masters - command: timeout -k 600s 600s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all --skip-phases=addon/coredns - register: kubeadm_init - retries: 10 - until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr - when: - - inventory_hostname != groups['kube-master']|first - - not kubeadm_already_run.stat.exists - failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr - environment: - PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" - notify: Master | restart kubelet diff --git a/roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml b/roles/kubernetes/master/tasks/kubeadm-secondary.yml similarity index 100% rename from roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml rename to roles/kubernetes/master/tasks/kubeadm-secondary.yml diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml index fc442b3be..cecdad27d 100644 --- a/roles/kubernetes/master/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml @@ -199,13 +199,8 @@ tags: - kubeadm_token -- name: kubeadm | Initialize other masters (experimental control plane) - include_tasks: kubeadm-secondary-experimental.yml - when: kubeadm_control_plane - -- name: kubeadm | Initialize other masters (legacy not control plane) - include_tasks: kubeadm-secondary-legacy.yml - when: not kubeadm_control_plane +- name: kubeadm | Join other masters + include_tasks: kubeadm-secondary.yml - name: kubeadm | upgrade kubernetes cluster include_tasks: kubeadm-upgrade.yml diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 07c53965d..98e80e15c 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -258,12 +258,6 @@ when: resolvconf_mode is defined run_once: true -- name: Stop if kubeadm etcd mode is enabled but experimental control plane is not - assert: - that: kubeadm_control_plane - msg: "kubeadm etcd mode requires experimental control plane" - when: etcd_kubeadm_enabled - - name: Stop if etcd deployment type is not host or docker assert: that: etcd_deployment_type in ['host', 'docker'] diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index fcfa6d53c..6aa3b99c5 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -402,9 +402,6 @@ kubelet_protect_kernel_defaults: true ## the k8s cluster. kube_feature_gates: [] -# Enable kubeadm experimental control plane -kubeadm_control_plane: false - # Local volume provisioner storage classes # Levarages Ansibles string to Python datatype casting. Otherwise the dict_key isn't substituted # see https://github.com/ansible/ansible/issues/17324 diff --git a/tests/files/packet_centos7-flannel-containerd-addons-ha.yml b/tests/files/packet_centos7-flannel-containerd-addons-ha.yml index 59a4dcaef..9dfcf6b0d 100644 --- a/tests/files/packet_centos7-flannel-containerd-addons-ha.yml +++ b/tests/files/packet_centos7-flannel-containerd-addons-ha.yml @@ -4,7 +4,6 @@ cloud_image: centos-7 mode: ha # Kubespray settings -kubeadm_control_plane: true kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085 kube_proxy_mode: iptables kube_network_plugin: flannel diff --git a/tests/files/packet_ubuntu16-flannel-ha.yml b/tests/files/packet_ubuntu16-flannel-ha.yml index 47d643af2..8253ca8fa 100644 --- a/tests/files/packet_ubuntu16-flannel-ha.yml +++ b/tests/files/packet_ubuntu16-flannel-ha.yml @@ -6,7 +6,6 @@ mode: ha # Kubespray settings kube_network_plugin: flannel etcd_kubeadm_enabled: true -kubeadm_control_plane: true kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085 skip_non_kubeadm_warning: true deploy_netchecker: true diff --git a/tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml b/tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml index 3b26f4290..67b0ff963 100644 --- a/tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml +++ b/tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml @@ -5,7 +5,6 @@ mode: ha vm_memory: 1600Mi # Kubespray settings -kubeadm_control_plane: true kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085 kube_proxy_mode: iptables kube_network_plugin: flannel diff --git a/tests/files/packet_ubuntu18-flannel-containerd-ha.yml b/tests/files/packet_ubuntu18-flannel-containerd-ha.yml index 3b26f4290..67b0ff963 100644 --- a/tests/files/packet_ubuntu18-flannel-containerd-ha.yml +++ b/tests/files/packet_ubuntu18-flannel-containerd-ha.yml @@ -5,7 +5,6 @@ mode: ha vm_memory: 1600Mi # Kubespray settings -kubeadm_control_plane: true kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085 kube_proxy_mode: iptables kube_network_plugin: flannel