kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11688 from VannTen/cleanup/preinstall_package_selection 

Simplify package selection + fix openEuler package
pull/11689/head
Kubernetes Prow Robot 2024-11-05 10:33:29 +00:00 committed by GitHub
parent 107c3cc6f4 e1392c65b4
commit a469c1c955
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 62 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
roles/kubernetes/preinstall/files/pkgs-schema.json
View File

@ -1,80 +0,0 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://kubespray.io/internal/os_packages.schema.json",
"title": "Os packages",
"description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray",
"type": "object",
"patternProperties": {
".*": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja",
"type": "boolean",
"default": true
},
"groups": {
"description": "Match if the host is in one of these groups. If not specified match any host.",
"type": "array",
"minItems": 1,
"items":{
"type": "string",
"pattern": "^[0-9A-Za-z_]*$"
}
},
"os": {
"type": "object",
"description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"families": {
"description": "Match if ansible_os_family is part of the list.",
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"distributions": {
"type": "object",
"description": "Match if ansible_distribution match one of defined keys.",
"minProperties": 1,
"patternProperties": {
".*": {
"description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')",
"type": "object",
"additionalProperties": false,
"properties": {
"major_versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"releases": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
}
}

5
roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
View File

@ -338,11 +338,6 @@
- kube_apiserver_enable_admission_plugins is defined - kube_apiserver_enable_admission_plugins is defined
- kube_apiserver_enable_admission_plugins | length > 0 - kube_apiserver_enable_admission_plugins | length > 0
- name: Verify that the packages list structure is valid
ansible.utils.validate:
criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
data: "{{ pkgs }}"
- name: Verify that the packages list is sorted - name: Verify that the packages list is sorted
vars: vars:
pkgs_lists: "{{ pkgs.keys() | list }}" pkgs_lists: "{{ pkgs.keys() | list }}"

17
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
View File

@ -60,23 +60,8 @@
- bootstrap-os - bootstrap-os
- name: Install packages requirements - name: Install packages requirements
vars:
# The json_query for selecting packages name is split for readability
# see files/pkgs-schema.json for the structure of `pkgs`
# and the matching semantics
full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
dquote: !unsafe '"'
# necessary to workaround Ansible escaping
filters_distro: "distributions.{{ dquote }}{{ ansible_distribution }}{{ dquote }} |
@ == `{}` ||
contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') ||
contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') ||
contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')"
filters_family: "families && contains(families, '{{ ansible_os_family }}')"
package: package:
name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}" name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
state: present state: present
register: pkgs_task_result register: pkgs_task_result
until: pkgs_task_result is succeeded until: pkgs_task_result is succeeded

153
roles/kubernetes/preinstall/vars/main.yml
View File

@ -1,103 +1,72 @@
--- ---
pkgs: pkgs:
apparmor: &debian_family_base apparmor:
os: - "{{ ansible_os_family == 'Debian' }}"
families: apt-transport-https:
- Debian - "{{ ansible_os_family == 'Debian' }}"
apt-transport-https: *debian_family_base aufs-tools:
aufs-tools: &deb_10 - "{{ ansible_os_family == 'Debian' }}"
groups: - "{{ ansible_distribution_major_version == '10' }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os: bash-completion: []
distributions: conntrack:
Debian: - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
major_versions: - "{{ ansible_distribution != 'openEuler' }}"
- "10" - "{{ 'k8s_cluster' in group_names }}"
bash-completion: {}
conntrack: &deb_redhat
groups:
- k8s_cluster
os:
families:
- Debian
- RedHat
conntrack-tools: conntrack-tools:
groups: - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os: container-selinux:
families: - "{{ ansible_os_family == 'RedHat' }}"
- Suse - "{{ 'k8s_cluster' in group_names }}"
distributions: curl: []
Amazon: {}
container-selinux: &redhat_family
groups:
- k8s_cluster
os:
families:
- RedHat
curl: {}
device-mapper: device-mapper:
groups: - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os: device-mapper-libs:
families: - "{{ ansible_os_family == 'RedHat' }}"
- Suse - "{{ ansible_distribution != 'openEuler' }}"
device-mapper-libs: *redhat_family e2fsprogs: []
e2fsprogs: {} ebtables: []
ebtables: {} gnupg:
gnupg: &debian - "{{ ansible_distribution == 'Debian' }}"
groups: - "{{ ansible_distribution_major_version in ['11', '12'] }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os:
distributions:
Debian:
major_versions:
- "11"
- "12"
ipset: ipset:
enabled: "{{ kube_proxy_mode != 'ipvs' }}" - "{{ kube_proxy_mode != 'ipvs' }}"
groups: - "{{ 'k8s_cluster' in group_names }}"
- k8s_cluster iptables:
iptables: *deb_redhat - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
ipvsadm: ipvsadm:
enabled: "{{ kube_proxy_mode == 'ipvs' }}" - "{{ kube_proxy_mode == 'ipvs' }}"
groups: - "{{ 'k8s_cluster' in group_names }}"
- k8s_cluster libseccomp:
libseccomp: *redhat_family - "{{ ansible_os_family == 'RedHat' }}"
libseccomp2: libseccomp2:
groups: - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
- k8s_cluster - "{{ 'k8s_cluster' in group_names }}"
os:
families:
- Suse
- Debian
libselinux-python: # TODO: Handle rehat_family + major < 8 libselinux-python: # TODO: Handle rehat_family + major < 8
os: - "{{ ansible_distribution == 'Amazon' }}"
distributions:
Amazon: {}
libselinux-python3: libselinux-python3:
os: - "{{ ansible_distribution == 'Fedora' }}"
distributions:
Fedora: {}
mergerfs: mergerfs:
os: - "{{ ansible_distribution == 'Debian' }}"
distributions: - "{{ ansible_distribution_major_version == '12' }}"
Debian: nss:
major_versions: - "{{ ansible_os_family == 'RedHat' }}"
- "12" openssl: []
nss: *redhat_family python-apt:
openssl: {} - "{{ ansible_os_family == 'Debian' }}"
python-apt: *deb_10 - "{{ ansible_distribution_major_version == '10' }}"
# TODO: not for debian 10 python3-apt:
python3-apt: *debian_family_base - "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version != '10' }}"
python3-libselinux: python3-libselinux:
os: - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
distributions: rsync: []
RedHat: {} socat: []
CentOS: {} software-properties-common:
rsync: {} - "{{ ansible_os_family == 'Debian' }}"
socat: {} tar: []
software-properties-common: *debian_family_base unzip: []
tar: {} xfsprogs: []
unzip: {}
xfsprogs: {}