Merge pull request #11521 from VannTen/cleanup/deduplicate_kubeadm_control_plane
Use in inventory variables rather than patch files for kubeadm_patchespull/11540/head
commit
93ee1226eb
|
@ -337,6 +337,13 @@ in the form of dicts of key-value pairs of configuration parameters that will be
|
|||
* *kube_kubeadm_controller_extra_args*
|
||||
* *kube_kubeadm_scheduler_extra_args*
|
||||
|
||||
### Kubeadm patches
|
||||
|
||||
When extra flags are not sufficient and there is a need to further customize kubernetes components,
|
||||
[kubeadm patches](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches)
|
||||
can be used.
|
||||
You should use the [`kubeadm_patches` variable](../../roles/kubernetes/kubeadm_common/defaults/main.yml) for that purpose.
|
||||
|
||||
## App variables
|
||||
|
||||
* *helm_version* - Only supports v3.x. Existing v2 installs (with Tiller) will not be modified and need to be removed manually.
|
||||
|
|
|
@ -366,11 +366,25 @@ auto_renew_certificates: false
|
|||
# First Monday of each month
|
||||
# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
|
||||
|
||||
# kubeadm patches path
|
||||
kubeadm_patches:
|
||||
enabled: false
|
||||
source_dir: "{{ inventory_dir }}/patches"
|
||||
dest_dir: "{{ kube_config_dir }}/patches"
|
||||
kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
|
||||
kubeadm_patches: []
|
||||
# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
|
||||
# Correspondance with this link
|
||||
# patchtype = type
|
||||
# target = target
|
||||
# suffix -> managed automatically
|
||||
# extension -> always "yaml"
|
||||
# kubeadm_patches:
|
||||
# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
|
||||
# type: strategic(default)|json|merge
|
||||
# patch:
|
||||
# metadata:
|
||||
# annotations:
|
||||
# example.com/test: "true"
|
||||
# labels:
|
||||
# example.com/prod_level: "{{ prod_level }}"
|
||||
# - ...
|
||||
# Patches are applied in the order they are specified.
|
||||
|
||||
# Set to true to remove the role binding to anonymous users created by kubeadm
|
||||
remove_anonymous_access: false
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-controller-manager
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
prometheus.io/port: '10257'
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-scheduler
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
prometheus.io/port: '10259'
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: kubernetes/kubeadm_common
|
||||
- role: kubernetes/tokens
|
||||
when: kube_token_auth
|
||||
tags:
|
||||
|
|
|
@ -167,21 +167,6 @@
|
|||
- apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed
|
||||
- not kube_external_ca_mode
|
||||
|
||||
- name: Kubeadm | Create directory to store kubeadm patches
|
||||
file:
|
||||
path: "{{ kubeadm_patches.dest_dir }}"
|
||||
state: directory
|
||||
mode: "0640"
|
||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
||||
|
||||
- name: Kubeadm | Copy kubeadm patches from inventory files
|
||||
copy:
|
||||
src: "{{ kubeadm_patches.source_dir }}/"
|
||||
dest: "{{ kubeadm_patches.dest_dir }}"
|
||||
owner: "root"
|
||||
mode: "0644"
|
||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
||||
|
||||
- name: Kubeadm | Initialize first control plane node
|
||||
command: >-
|
||||
timeout -k {{ kubeadm_init_timeout }} {{ kubeadm_init_timeout }}
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
--ignore-preflight-errors=all
|
||||
--allow-experimental-upgrades
|
||||
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %}
|
||||
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
|
||||
--force
|
||||
register: kubeadm_upgrade
|
||||
# Retry is because upload config sometimes fails
|
||||
|
@ -39,7 +39,7 @@
|
|||
--ignore-preflight-errors=all
|
||||
--allow-experimental-upgrades
|
||||
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %}
|
||||
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
|
||||
--force
|
||||
register: kubeadm_upgrade
|
||||
# Retry is because upload config sometimes fails
|
||||
|
|
|
@ -28,9 +28,9 @@ nodeRegistration:
|
|||
kubeletExtraArgs:
|
||||
cloud-provider: external
|
||||
{% endif %}
|
||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
|
||||
{% if kubeadm_patches | length > 0 %}
|
||||
patches:
|
||||
directory: {{ kubeadm_patches.dest_dir }}
|
||||
directory: {{ kubeadm_patches_dir }}
|
||||
{% endif %}
|
||||
---
|
||||
apiVersion: kubeadm.k8s.io/v1beta3
|
||||
|
|
|
@ -31,7 +31,7 @@ nodeRegistration:
|
|||
{% else %}
|
||||
taints: []
|
||||
{% endif %}
|
||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
|
||||
{% if kubeadm_patches | length > 0 %}
|
||||
patches:
|
||||
directory: {{ kubeadm_patches.dest_dir }}
|
||||
directory: {{ kubeadm_patches_dir }}
|
||||
{% endif %}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: kubernetes/kubeadm_common
|
|
@ -83,21 +83,6 @@
|
|||
mode: "0640"
|
||||
when: ('kube_control_plane' not in group_names)
|
||||
|
||||
- name: Kubeadm | Create directory to store kubeadm patches
|
||||
file:
|
||||
path: "{{ kubeadm_patches.dest_dir }}"
|
||||
state: directory
|
||||
mode: "0640"
|
||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
||||
|
||||
- name: Kubeadm | Copy kubeadm patches from inventory files
|
||||
copy:
|
||||
src: "{{ kubeadm_patches.source_dir }}/"
|
||||
dest: "{{ kubeadm_patches.dest_dir }}"
|
||||
owner: "root"
|
||||
mode: "0644"
|
||||
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
||||
|
||||
- name: Join to cluster if needed
|
||||
environment:
|
||||
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
|
||||
|
|
|
@ -38,7 +38,7 @@ nodeRegistration:
|
|||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/calico-rr
|
||||
{% endif %}
|
||||
{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
|
||||
{% if kubeadm_patches | length > 0 %}
|
||||
patches:
|
||||
directory: {{ kubeadm_patches.dest_dir }}
|
||||
directory: {{ kubeadm_patches_dir }}
|
||||
{% endif %}
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
|
||||
kubeadm_patches: []
|
||||
# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
|
||||
# Correspondance with this link
|
||||
# patchtype = type
|
||||
# target = target
|
||||
# suffix -> managed automatically
|
||||
# extension -> always "yaml"
|
||||
# kubeadm_patches:
|
||||
# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
|
||||
# type: strategic(default)|json|merge
|
||||
# patch:
|
||||
# metadata:
|
||||
# annotations:
|
||||
# example.com/test: "true"
|
||||
# labels:
|
||||
# example.com/prod_level: "{{ prod_level }}"
|
||||
# - ...
|
||||
# Patches are applied in the order they are specified.
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: Kubeadm | Create directory to store kubeadm patches
|
||||
file:
|
||||
path: "{{ kubeadm_patches_dir }}"
|
||||
state: directory
|
||||
mode: "0640"
|
||||
when: kubeadm_patches | length > 0
|
||||
|
||||
- name: Kubeadm | Copy kubeadm patches from inventory files
|
||||
copy:
|
||||
content: "{{ item.patch | to_yaml }}"
|
||||
dest: "{{ kubeadm_patches_dir }}/{{ item.target }}{{ suffix }}+{{ item.type | d('strategic') }}.yaml"
|
||||
owner: "root"
|
||||
mode: "0644"
|
||||
loop: "{{ kubeadm_patches }}"
|
||||
loop_control:
|
||||
index_var: suffix
|
|
@ -27,3 +27,20 @@ containerd_registries_mirrors:
|
|||
skip_verify: true
|
||||
|
||||
calico_datastore: "etcd"
|
||||
|
||||
# Test kubeadm patches
|
||||
kubeadm_patches:
|
||||
- target: kube-apiserver
|
||||
patch:
|
||||
metadata:
|
||||
annotations:
|
||||
example.com/test: "true"
|
||||
labels:
|
||||
example.com/prod_level: "prep"
|
||||
- target: kube-controller-manager
|
||||
patch:
|
||||
metadata:
|
||||
annotations:
|
||||
example.com/test: "false"
|
||||
labels:
|
||||
example.com/prod_level: "prep"
|
||||
|
|
Loading…
Reference in New Issue