kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

preinstall: simplify OS packages selection 

Since a2019c1c2 (Add a JSON schema describing the packages install
structure, 2024-04-25), we use a custom structure to select which
packages should be installed on a particular host OS.

This has proven too rigid in practice, and the query is pretty
complicated.

Replace this by simply using an array of jinja conditions for the
packages, which should be easier to understand for everyone and more
flexible.

Also remove the associated schema and validation which are no longer
needed.
pull/11688/head
Max Gautier 2024-11-04 16:56:17 +01:00
parent d0f1d520ec
commit 8ff4ad2d8e
No known key found for this signature in database
4 changed files with 60 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
roles/kubernetes/preinstall/files/pkgs-schema.json
View File

@ -1,80 +0,0 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://kubespray.io/internal/os_packages.schema.json",
"title": "Os packages",
"description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray",
"type": "object",
"patternProperties": {
".*": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja",
"type": "boolean",
"default": true
},
"groups": {
"description": "Match if the host is in one of these groups. If not specified match any host.",
"type": "array",
"minItems": 1,
"items":{
"type": "string",
"pattern": "^[0-9A-Za-z_]*$"
}
},
"os": {
"type": "object",
"description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"families": {
"description": "Match if ansible_os_family is part of the list.",
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"distributions": {
"type": "object",
"description": "Match if ansible_distribution match one of defined keys.",
"minProperties": 1,
"patternProperties": {
".*": {
"description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')",
"type": "object",
"additionalProperties": false,
"properties": {
"major_versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"releases": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
}
}

5
roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
View File

@ -321,11 +321,6 @@
- kube_apiserver_enable_admission_plugins is defined - kube_apiserver_enable_admission_plugins is defined
- kube_apiserver_enable_admission_plugins | length > 0 - kube_apiserver_enable_admission_plugins | length > 0
- name: Verify that the packages list structure is valid
ansible.utils.validate:
criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
data: "{{ pkgs }}"
- name: Verify that the packages list is sorted - name: Verify that the packages list is sorted
vars: vars:
pkgs_lists: "{{ pkgs.keys() | list }}" pkgs_lists: "{{ pkgs.keys() | list }}"

17
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
View File

@ -60,23 +60,8 @@
- bootstrap-os - bootstrap-os
- name: Install packages requirements - name: Install packages requirements
vars:
# The json_query for selecting packages name is split for readability
# see files/pkgs-schema.json for the structure of `pkgs`
# and the matching semantics
full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
dquote: !unsafe '"'
# necessary to workaround Ansible escaping
filters_distro: "distributions.{{ dquote }}{{ ansible_distribution }}{{ dquote }} |
@ == `{}` ||
contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') ||
contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') ||
contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')"
filters_family: "families && contains(families, '{{ ansible_os_family }}')"
package: package:
name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}" name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
state: present state: present
register: pkgs_task_result register: pkgs_task_result
until: pkgs_task_result is succeeded until: pkgs_task_result is succeeded

151
roles/kubernetes/preinstall/vars/main.yml
View File

@ -1,103 +1,70 @@
--- ---
pkgs: pkgs:
apparmor: &debian_family_base apparmor:
os: - "{{ ansible_os_family == 'Debian' }}"
families: apt-transport-https:
- Debian - "{{ ansible_os_family == 'Debian' }}"
apt-transport-https: *debian_family_base aufs-tools:
aufs-tools: &deb_10 - "{{ ansible_os_family == 'Debian' }}"
groups: - "{{ ansible_distribution_major_version == '10' }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os: bash-completion: []
distributions: conntrack:
Debian: - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
major_versions: - "{{ 'k8s_cluster' in group_names }}"
- "10"
bash-completion: {}
conntrack: &deb_redhat
groups:
- k8s_cluster
os:
families:
- Debian
- RedHat
conntrack-tools: conntrack-tools:
groups: - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'Amazon' }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os: container-selinux:
families: - "{{ ansible_os_family == 'RedHat' }}"
- Suse - "{{ 'k8s_cluster' in group_names }}"
distributions: curl: []
Amazon: {}
container-selinux: &redhat_family
groups:
- k8s_cluster
os:
families:
- RedHat
curl: {}
device-mapper: device-mapper:
groups: - "{{ ansible_os_family == 'Suse' }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os: device-mapper-libs:
families: - "{{ ansible_os_family == 'RedHat' }}"
- Suse e2fsprogs: []
device-mapper-libs: *redhat_family ebtables: []
e2fsprogs: {} gnupg:
ebtables: {} - "{{ ansible_distribution == 'Debian' }}"
gnupg: &debian - "{{ ansible_distribution_major_version in ['11', '12'] }}"
groups: - "{{ 'k8s_cluster' in group_names }}"
- k8s_cluster
os:
distributions:
Debian:
major_versions:
- "11"
- "12"
ipset: ipset:
enabled: "{{ kube_proxy_mode != 'ipvs' }}" - "{{ kube_proxy_mode != 'ipvs' }}"
groups: - "{{ 'k8s_cluster' in group_names }}"
- k8s_cluster iptables:
iptables: *deb_redhat - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
ipvsadm: ipvsadm:
enabled: "{{ kube_proxy_mode == 'ipvs' }}" - "{{ kube_proxy_mode == 'ipvs' }}"
groups: - "{{ 'k8s_cluster' in group_names }}"
- k8s_cluster libseccomp:
libseccomp: *redhat_family - "{{ ansible_os_family == 'RedHat' }}"
libseccomp2: libseccomp2:
groups: - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os:
families:
- Suse
- Debian
libselinux-python: # TODO: Handle rehat_family + major < 8 libselinux-python: # TODO: Handle rehat_family + major < 8
os: - "{{ ansible_distribution == 'Amazon' }}"
distributions:
Amazon: {}
libselinux-python3: libselinux-python3:
os: - "{{ ansible_distribution == 'Fedora' }}"
distributions:
Fedora: {}
mergerfs: mergerfs:
os: - "{{ ansible_distribution == 'Debian' }}"
distributions: - "{{ ansible_distribution_major_version == '12' }}"
Debian: nss:
major_versions: - "{{ ansible_os_family == 'RedHat' }}"
- "12" openssl: []
nss: *redhat_family python-apt:
openssl: {} - "{{ ansible_os_family == 'Debian' }}"
python-apt: *deb_10 - "{{ ansible_distribution_major_version == '10' }}"
# TODO: not for debian 10 python3-apt:
python3-apt: *debian_family_base - "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version != '10' }}"
python3-libselinux: python3-libselinux:
os: - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
distributions: rsync: []
RedHat: {} socat: []
CentOS: {} software-properties-common:
rsync: {} - "{{ ansible_os_family == 'Debian' }}"
socat: {} tar: []
software-properties-common: *debian_family_base unzip: []
tar: {} xfsprogs: []
unzip: {}
xfsprogs: {}