Merge pull request #11521 from VannTen/cleanup/deduplicate_kubeadm_control_plane
Use in inventory variables rather than patch files for kubeadm_patchespull/11540/head
commit
93ee1226eb
|
@ -337,6 +337,13 @@ in the form of dicts of key-value pairs of configuration parameters that will be
|
||||||
* *kube_kubeadm_controller_extra_args*
|
* *kube_kubeadm_controller_extra_args*
|
||||||
* *kube_kubeadm_scheduler_extra_args*
|
* *kube_kubeadm_scheduler_extra_args*
|
||||||
|
|
||||||
|
### Kubeadm patches
|
||||||
|
|
||||||
|
When extra flags are not sufficient and there is a need to further customize kubernetes components,
|
||||||
|
[kubeadm patches](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches)
|
||||||
|
can be used.
|
||||||
|
You should use the [`kubeadm_patches` variable](../../roles/kubernetes/kubeadm_common/defaults/main.yml) for that purpose.
|
||||||
|
|
||||||
## App variables
|
## App variables
|
||||||
|
|
||||||
* *helm_version* - Only supports v3.x. Existing v2 installs (with Tiller) will not be modified and need to be removed manually.
|
* *helm_version* - Only supports v3.x. Existing v2 installs (with Tiller) will not be modified and need to be removed manually.
|
||||||
|
|
|
@ -366,11 +366,25 @@ auto_renew_certificates: false
|
||||||
# First Monday of each month
|
# First Monday of each month
|
||||||
# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
|
# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
|
||||||
|
|
||||||
# kubeadm patches path
|
kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
|
||||||
kubeadm_patches:
|
kubeadm_patches: []
|
||||||
enabled: false
|
# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
|
||||||
source_dir: "{{ inventory_dir }}/patches"
|
# Correspondance with this link
|
||||||
dest_dir: "{{ kube_config_dir }}/patches"
|
# patchtype = type
|
||||||
|
# target = target
|
||||||
|
# suffix -> managed automatically
|
||||||
|
# extension -> always "yaml"
|
||||||
|
# kubeadm_patches:
|
||||||
|
# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
|
||||||
|
# type: strategic(default)|json|merge
|
||||||
|
# patch:
|
||||||
|
# metadata:
|
||||||
|
# annotations:
|
||||||
|
# example.com/test: "true"
|
||||||
|
# labels:
|
||||||
|
# example.com/prod_level: "{{ prod_level }}"
|
||||||
|
# - ...
|
||||||
|
# Patches are applied in the order they are specified.
|
||||||
|
|
||||||
# Set to true to remove the role binding to anonymous users created by kubeadm
|
# Set to true to remove the role binding to anonymous users created by kubeadm
|
||||||
remove_anonymous_access: false
|
remove_anonymous_access: false
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: kube-controller-manager
|
|
||||||
annotations:
|
|
||||||
prometheus.io/scrape: 'true'
|
|
||||||
prometheus.io/port: '10257'
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: kube-scheduler
|
|
||||||
annotations:
|
|
||||||
prometheus.io/scrape: 'true'
|
|
||||||
prometheus.io/port: '10259'
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
|
- role: kubernetes/kubeadm_common
|
||||||
- role: kubernetes/tokens
|
- role: kubernetes/tokens
|
||||||
when: kube_token_auth
|
when: kube_token_auth
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -167,21 +167,6 @@
|
||||||
- apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed
|
- apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed
|
||||||
- not kube_external_ca_mode
|
- not kube_external_ca_mode
|
||||||
|
|
||||||
- name: Kubeadm | Create directory to store kubeadm patches
|
|
||||||
file:
|
|
||||||
path: "{{ kubeadm_patches.dest_dir }}"
|
|
||||||
state: directory
|
|
||||||
mode: "0640"
|
|
||||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
|
||||||
|
|
||||||
- name: Kubeadm | Copy kubeadm patches from inventory files
|
|
||||||
copy:
|
|
||||||
src: "{{ kubeadm_patches.source_dir }}/"
|
|
||||||
dest: "{{ kubeadm_patches.dest_dir }}"
|
|
||||||
owner: "root"
|
|
||||||
mode: "0644"
|
|
||||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
|
||||||
|
|
||||||
- name: Kubeadm | Initialize first control plane node
|
- name: Kubeadm | Initialize first control plane node
|
||||||
command: >-
|
command: >-
|
||||||
timeout -k {{ kubeadm_init_timeout }} {{ kubeadm_init_timeout }}
|
timeout -k {{ kubeadm_init_timeout }} {{ kubeadm_init_timeout }}
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
--ignore-preflight-errors=all
|
--ignore-preflight-errors=all
|
||||||
--allow-experimental-upgrades
|
--allow-experimental-upgrades
|
||||||
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
||||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %}
|
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
|
||||||
--force
|
--force
|
||||||
register: kubeadm_upgrade
|
register: kubeadm_upgrade
|
||||||
# Retry is because upload config sometimes fails
|
# Retry is because upload config sometimes fails
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
--ignore-preflight-errors=all
|
--ignore-preflight-errors=all
|
||||||
--allow-experimental-upgrades
|
--allow-experimental-upgrades
|
||||||
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
||||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %}
|
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
|
||||||
--force
|
--force
|
||||||
register: kubeadm_upgrade
|
register: kubeadm_upgrade
|
||||||
# Retry is because upload config sometimes fails
|
# Retry is because upload config sometimes fails
|
||||||
|
|
|
@ -28,9 +28,9 @@ nodeRegistration:
|
||||||
kubeletExtraArgs:
|
kubeletExtraArgs:
|
||||||
cloud-provider: external
|
cloud-provider: external
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
|
{% if kubeadm_patches | length > 0 %}
|
||||||
patches:
|
patches:
|
||||||
directory: {{ kubeadm_patches.dest_dir }}
|
directory: {{ kubeadm_patches_dir }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
---
|
---
|
||||||
apiVersion: kubeadm.k8s.io/v1beta3
|
apiVersion: kubeadm.k8s.io/v1beta3
|
||||||
|
|
|
@ -31,7 +31,7 @@ nodeRegistration:
|
||||||
{% else %}
|
{% else %}
|
||||||
taints: []
|
taints: []
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
|
{% if kubeadm_patches | length > 0 %}
|
||||||
patches:
|
patches:
|
||||||
directory: {{ kubeadm_patches.dest_dir }}
|
directory: {{ kubeadm_patches_dir }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: kubernetes/kubeadm_common
|
|
@ -83,21 +83,6 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
when: ('kube_control_plane' not in group_names)
|
when: ('kube_control_plane' not in group_names)
|
||||||
|
|
||||||
- name: Kubeadm | Create directory to store kubeadm patches
|
|
||||||
file:
|
|
||||||
path: "{{ kubeadm_patches.dest_dir }}"
|
|
||||||
state: directory
|
|
||||||
mode: "0640"
|
|
||||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
|
||||||
|
|
||||||
- name: Kubeadm | Copy kubeadm patches from inventory files
|
|
||||||
copy:
|
|
||||||
src: "{{ kubeadm_patches.source_dir }}/"
|
|
||||||
dest: "{{ kubeadm_patches.dest_dir }}"
|
|
||||||
owner: "root"
|
|
||||||
mode: "0644"
|
|
||||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
|
||||||
|
|
||||||
- name: Join to cluster if needed
|
- name: Join to cluster if needed
|
||||||
environment:
|
environment:
|
||||||
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
|
||||||
|
|
|
@ -38,7 +38,7 @@ nodeRegistration:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/calico-rr
|
key: node-role.kubernetes.io/calico-rr
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
|
{% if kubeadm_patches | length > 0 %}
|
||||||
patches:
|
patches:
|
||||||
directory: {{ kubeadm_patches.dest_dir }}
|
directory: {{ kubeadm_patches_dir }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
|
||||||
|
kubeadm_patches: []
|
||||||
|
# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
|
||||||
|
# Correspondance with this link
|
||||||
|
# patchtype = type
|
||||||
|
# target = target
|
||||||
|
# suffix -> managed automatically
|
||||||
|
# extension -> always "yaml"
|
||||||
|
# kubeadm_patches:
|
||||||
|
# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
|
||||||
|
# type: strategic(default)|json|merge
|
||||||
|
# patch:
|
||||||
|
# metadata:
|
||||||
|
# annotations:
|
||||||
|
# example.com/test: "true"
|
||||||
|
# labels:
|
||||||
|
# example.com/prod_level: "{{ prod_level }}"
|
||||||
|
# - ...
|
||||||
|
# Patches are applied in the order they are specified.
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: Kubeadm | Create directory to store kubeadm patches
|
||||||
|
file:
|
||||||
|
path: "{{ kubeadm_patches_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: "0640"
|
||||||
|
when: kubeadm_patches | length > 0
|
||||||
|
|
||||||
|
- name: Kubeadm | Copy kubeadm patches from inventory files
|
||||||
|
copy:
|
||||||
|
content: "{{ item.patch | to_yaml }}"
|
||||||
|
dest: "{{ kubeadm_patches_dir }}/{{ item.target }}{{ suffix }}+{{ item.type | d('strategic') }}.yaml"
|
||||||
|
owner: "root"
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ kubeadm_patches }}"
|
||||||
|
loop_control:
|
||||||
|
index_var: suffix
|
|
@ -27,3 +27,20 @@ containerd_registries_mirrors:
|
||||||
skip_verify: true
|
skip_verify: true
|
||||||
|
|
||||||
calico_datastore: "etcd"
|
calico_datastore: "etcd"
|
||||||
|
|
||||||
|
# Test kubeadm patches
|
||||||
|
kubeadm_patches:
|
||||||
|
- target: kube-apiserver
|
||||||
|
patch:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
example.com/test: "true"
|
||||||
|
labels:
|
||||||
|
example.com/prod_level: "prep"
|
||||||
|
- target: kube-controller-manager
|
||||||
|
patch:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
example.com/test: "false"
|
||||||
|
labels:
|
||||||
|
example.com/prod_level: "prep"
|
||||||
|
|
Loading…
Reference in New Issue