From d56ac216f47f5598553f547d59b961c8b9c73ff9 Mon Sep 17 00:00:00 2001 From: emiran-orange <71817149+emiran-orange@users.noreply.github.com> Date: Mon, 12 Apr 2021 10:05:59 +0200 Subject: [PATCH] Use kubeadm_feature_gates instead of kube_feature_gates to leverage kubeadm feature gates and not to interfere with k8s components feature gates (#7447) --- docs/vars.md | 2 ++ .../templates/kubeadm-config.v1beta2.yaml.j2 | 4 ++-- .../preinstall/tasks/0040-set_facts.yml | 16 ++++++++++++---- roles/kubespray-defaults/defaults/main.yaml | 1 + 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/docs/vars.md b/docs/vars.md index c3120be53..784cb30b3 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -79,6 +79,8 @@ following default cluster parameters: OpenStack (default is unset) * *kube_feature_gates* - A list of key=value pairs that describe feature gates for alpha/experimental Kubernetes features. (defaults is `[]`) +* *kubeadm_feature_gates* - A list of key=value pairs that describe feature gates for + alpha/experimental Kubeadm features. (defaults is `[]`) * *authorization_modes* - A list of [authorization mode]( https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module) that the cluster should be configured for. Defaults to `['Node', 'RBAC']` diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 index 784e9e7de..29f24878c 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 @@ -90,9 +90,9 @@ networking: dnsDomain: {{ dns_domain }} serviceSubnet: "{{ kube_service_addresses }}{{ ',' + kube_service_addresses_ipv6 if enable_dual_stack_networks else '' }}" podSubnet: "{{ kube_pods_subnet }}{{ ',' + kube_pods_subnet_ipv6 if enable_dual_stack_networks else '' }}" -{% if kube_feature_gates %} +{% if kubeadm_feature_gates %} featureGates: -{% for feature in kube_feature_gates %} +{% for feature in kubeadm_feature_gates %} {{ feature|replace("=", ": ") }} {% endfor %} {% endif %} diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml index c0fb05605..75d7bd184 100644 --- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml @@ -192,9 +192,17 @@ kubelet_flexvolumes_plugins_dir: /var/lib/kubelet/volumeplugins when: not usr.stat.writeable -- name: Ensure IPv6DualStack featureGate is set when enable_dual_stack_networks is true - set_fact: - kube_feature_gates: "{{ kube_feature_gates + [ 'IPv6DualStack=true' ] }}" +- block: + - name: Ensure IPv6DualStack featureGate is set when enable_dual_stack_networks is true + set_fact: + kube_feature_gates: "{{ kube_feature_gates + [ 'IPv6DualStack=true' ] }}" + when: + - not 'IPv6DualStack=true' in kube_feature_gates + + - name: Ensure IPv6DualStack kubeadm featureGate is set when enable_dual_stack_networks is true + set_fact: + kubeadm_feature_gates: "{{ kubeadm_feature_gates + [ 'IPv6DualStack=true' ] }}" + when: + - not 'IPv6DualStack=true' in kubeadm_feature_gates when: - enable_dual_stack_networks - - not 'IPv6DualStack=true' in kube_feature_gates diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 55bc69832..5723b5ad2 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -420,6 +420,7 @@ kubelet_protect_kernel_defaults: true ## List of key=value pairs that describe feature gates for ## the k8s cluster. kube_feature_gates: [] +kubeadm_feature_gates: [] # Local volume provisioner storage classes # Levarages Ansibles string to Python datatype casting. Otherwise the dict_key isn't substituted