kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

preinstall: simplify OS packages selection 

Since a2019c1c2 (Add a JSON schema describing the packages install
structure, 2024-04-25), we use a custom structure to select which
packages should be installed on a particular host OS.

This has proven too rigid in practice, and the query is pretty
complicated.

Replace this by simply using an array of jinja conditions for the
packages, which should be easier to understand for everyone and more
flexible.

Also remove the associated schema and validation which are no longer
needed.
pull/11688/head
Max Gautier 2024-11-04 16:56:17 +01:00
parent d0f1d520ec
commit 8ff4ad2d8e
No known key found for this signature in database
4 changed files with 60 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
roles/kubernetes/preinstall/files/pkgs-schema.json
View File

@ -1,80 +0,0 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://kubespray.io/internal/os_packages.schema.json",
"title": "Os packages",
"description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray",
"type": "object",
"patternProperties": {
".*": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja",
"type": "boolean",
"default": true
},
"groups": {
"description": "Match if the host is in one of these groups. If not specified match any host.",
"type": "array",
"minItems": 1,
"items":{
"type": "string",
"pattern": "^[0-9A-Za-z_]*$"
}
},
"os": {
"type": "object",
"description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"families": {
"description": "Match if ansible_os_family is part of the list.",
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"distributions": {
"type": "object",
"description": "Match if ansible_distribution match one of defined keys.",
"minProperties": 1,
"patternProperties": {
".*": {
"description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')",
"type": "object",
"additionalProperties": false,
"properties": {
"major_versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"releases": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
}
}

5
roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
View File

@ -321,11 +321,6 @@
- kube_apiserver_enable_admission_plugins is defined
- kube_apiserver_enable_admission_plugins | length > 0
- name: Verify that the packages list structure is valid
ansible.utils.validate:
criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
data: "{{ pkgs }}"
- name: Verify that the packages list is sorted
vars:
pkgs_lists: "{{ pkgs.keys() | list }}"

17
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
View File

@ -60,23 +60,8 @@
- bootstrap-os
- name: Install packages requirements
vars:
# The json_query for selecting packages name is split for readability
# see files/pkgs-schema.json for the structure of `pkgs`
# and the matching semantics
full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
dquote: !unsafe '"'
# necessary to workaround Ansible escaping
filters_distro: "distributions.{{ dquote }}{{ ansible_distribution }}{{ dquote }} |
@ == `{}` ||
contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') ||
contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') ||
contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')"
filters_family: "families && contains(families, '{{ ansible_os_family }}')"
package:
name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}"
name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
state: present
register: pkgs_task_result
until: pkgs_task_result is succeeded

151
roles/kubernetes/preinstall/vars/main.yml
View File

@ -1,103 +1,70 @@
---
pkgs:
apparmor: &debian_family_base
os:
families:
- Debian
apt-transport-https: *debian_family_base
aufs-tools: &deb_10
groups:
- k8s_cluster
os:
distributions:
Debian:
major_versions:
- "10"
bash-completion: {}
conntrack: &deb_redhat
groups:
- k8s_cluster
os:
families:
- Debian
- RedHat
apparmor:
- "{{ ansible_os_family == 'Debian' }}"
apt-transport-https:
- "{{ ansible_os_family == 'Debian' }}"
aufs-tools:
- "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version == '10' }}"
- "{{ 'k8s_cluster' in group_names }}"
bash-completion: []
conntrack:
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
- "{{ 'k8s_cluster' in group_names }}"
conntrack-tools:
groups:
- k8s_cluster
os:
families:
- Suse
distributions:
Amazon: {}
container-selinux: &redhat_family
groups:
- k8s_cluster
os:
families:
- RedHat
curl: {}
- "{{ ansible_os_family == 'Suse' or ansible_distribution == 'Amazon' }}"
- "{{ 'k8s_cluster' in group_names }}"
container-selinux:
- "{{ ansible_os_family == 'RedHat' }}"
- "{{ 'k8s_cluster' in group_names }}"
curl: []
device-mapper:
groups:
- k8s_cluster
os:
families:
- Suse
device-mapper-libs: *redhat_family
e2fsprogs: {}
ebtables: {}
gnupg: &debian
groups:
- k8s_cluster
os:
distributions:
Debian:
major_versions:
- "11"
- "12"
- "{{ ansible_os_family == 'Suse' }}"
- "{{ 'k8s_cluster' in group_names }}"
device-mapper-libs:
- "{{ ansible_os_family == 'RedHat' }}"
e2fsprogs: []
ebtables: []
gnupg:
- "{{ ansible_distribution == 'Debian' }}"
- "{{ ansible_distribution_major_version in ['11', '12'] }}"
- "{{ 'k8s_cluster' in group_names }}"
ipset:
enabled: "{{ kube_proxy_mode != 'ipvs' }}"
groups:
- k8s_cluster
iptables: *deb_redhat
- "{{ kube_proxy_mode != 'ipvs' }}"
- "{{ 'k8s_cluster' in group_names }}"
iptables:
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
ipvsadm:
enabled: "{{ kube_proxy_mode == 'ipvs' }}"
groups:
- k8s_cluster
libseccomp: *redhat_family
- "{{ kube_proxy_mode == 'ipvs' }}"
- "{{ 'k8s_cluster' in group_names }}"
libseccomp:
- "{{ ansible_os_family == 'RedHat' }}"
libseccomp2:
groups:
- k8s_cluster
os:
families:
- Suse
- Debian
- "{{ ansible_os_family in ['Debian', 'Suse'] }}"
- "{{ 'k8s_cluster' in group_names }}"
libselinux-python: # TODO: Handle rehat_family + major < 8
os:
distributions:
Amazon: {}
- "{{ ansible_distribution == 'Amazon' }}"
libselinux-python3:
os:
distributions:
Fedora: {}
- "{{ ansible_distribution == 'Fedora' }}"
mergerfs:
os:
distributions:
Debian:
major_versions:
- "12"
nss: *redhat_family
openssl: {}
python-apt: *deb_10
# TODO: not for debian 10
python3-apt: *debian_family_base
- "{{ ansible_distribution == 'Debian' }}"
- "{{ ansible_distribution_major_version == '12' }}"
nss:
- "{{ ansible_os_family == 'RedHat' }}"
openssl: []
python-apt:
- "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version == '10' }}"
python3-apt:
- "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version != '10' }}"
python3-libselinux:
os:
distributions:
RedHat: {}
CentOS: {}
rsync: {}
socat: {}
software-properties-common: *debian_family_base
tar: {}
unzip: {}
xfsprogs: {}
- "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
rsync: []
socat: []
software-properties-common:
- "{{ ansible_os_family == 'Debian' }}"
tar: []
unzip: []
xfsprogs: []