Remove workaround with kube_proxy_remove (#6512)

* kube-proxy never gets deployed so need to remove it
This commit is contained in:
Hans Feldt 2020-09-17 13:30:45 +02:00 committed by GitHub
parent 47194c1fe4
commit 0cc5e3ef03
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 18 additions and 72 deletions

View file

@ -123,7 +123,7 @@
- inventory_hostname in groups['kube-master'] - inventory_hostname in groups['kube-master']
- kubeadm_config_api_fqdn is not defined - kubeadm_config_api_fqdn is not defined
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "") - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
- not kube_proxy_remove - kube_proxy_deployed
- loadbalancer_apiserver_localhost - loadbalancer_apiserver_localhost
tags: tags:
- kube-proxy - kube-proxy
@ -144,7 +144,7 @@
- inventory_hostname in groups['kube-master'] - inventory_hostname in groups['kube-master']
- kubeadm_config_api_fqdn is not defined - kubeadm_config_api_fqdn is not defined
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "") - kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
- not kube_proxy_remove - kube_proxy_deployed
tags: tags:
- kube-proxy - kube-proxy
@ -159,19 +159,6 @@
- kube_network_plugin in ['calico','canal'] - kube_network_plugin in ['calico','canal']
- calico_version is version('v3.3.0', '<') - calico_version is version('v3.3.0', '<')
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
# is fixed
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
run_once: true
delegate_to: "{{ groups['kube-master']|first }}"
when:
- kube_proxy_remove
# When scaling/adding nodes in the existing k8s cluster, kube-proxy wouldn't be created, as `kubeadm init` wouldn't run.
ignore_errors: true
tags:
- kube-proxy
- name: Extract etcd certs from control plane if using etcd kubeadm mode - name: Extract etcd certs from control plane if using etcd kubeadm mode
include_tasks: kubeadm_etcd_node.yml include_tasks: kubeadm_etcd_node.yml
when: when:

View file

@ -148,7 +148,7 @@
{{ bin_dir }}/kubeadm init {{ bin_dir }}/kubeadm init
--config={{ kube_config_dir }}/kubeadm-config.yaml --config={{ kube_config_dir }}/kubeadm-config.yaml
--ignore-preflight-errors=all --ignore-preflight-errors=all
--skip-phases=addon/coredns --skip-phases={{ kubeadm_init_phases_skip | join(',') }}
--upload-certs --upload-certs
register: kubeadm_init register: kubeadm_init
# Retry is because upload config sometimes fails # Retry is because upload config sometimes fails

View file

@ -141,45 +141,6 @@
tags: tags:
- kube-proxy - kube-proxy
- name: Purge proxy manifest for kubeadm or if proxy services being provided by other means, e.g. network_plugin
file:
path: "{{ kube_manifest_dir }}/kube-proxy.manifest"
state: absent
when:
- kube_proxy_remove
tags:
- kube-proxy
- name: Set command for kube-proxy cleanup
set_fact:
kube_proxy_cleanup_command: >-
{%- if container_manager in ['docker', 'crio'] %}
{{ docker_bin_dir }}/docker run --rm --privileged -v /lib/modules:/lib/modules {{ kube_proxy_image_repo }}:{{ kube_version }} kube-proxy --cleanup
{%- elif container_manager == "containerd" %}
ctr run --rm --mount type=bind,src=/lib/modules,dst=/lib/modules,options=rbind:rw {{ kube_proxy_image_repo }}:{{ kube_version }} kube-proxy --cleanup
{%- endif %}
when:
- kube_proxy_remove
tags:
- kube-proxy
- name: Ensure kube-proxy container is pulled for containerd
command: "{{ bin_dir }}/crictl pull {{ kube_proxy_image_repo }}:{{ kube_version }}"
when:
- kube_proxy_remove
- container_manager == "containerd"
tags:
- kube-proxy
- name: Cleanup kube-proxy leftovers from node
command: "{{ kube_proxy_cleanup_command }}"
# `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?)
ignore_errors: true
when:
- kube_proxy_remove
tags:
- kube-proxy
- include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml" - include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
when: when:
- cloud_provider is defined - cloud_provider is defined

View file

@ -156,15 +156,6 @@
- ../vars - ../vars
skip: true skip: true
- name: override kube_proxy_mode to ipvs if kube_proxy_remove is set, as ipvs won't require kube-proxy cleanup when kube-proxy daemonset gets deleted
set_fact:
kube_proxy_mode: 'ipvs'
when:
- kube_proxy_remove
tags:
- facts
- kube-proxy
- name: set etcd vars if using kubeadm mode - name: set etcd vars if using kubeadm mode
set_fact: set_fact:
etcd_cert_dir: "{{ kube_cert_dir }}" etcd_cert_dir: "{{ kube_cert_dir }}"

View file

@ -26,14 +26,19 @@ kubeadm_use_hyperkube_image: False
## Kube Proxy mode One of ['iptables','ipvs'] ## Kube Proxy mode One of ['iptables','ipvs']
kube_proxy_mode: ipvs kube_proxy_mode: ipvs
## Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services ## List of kubeadm init phases that should be skipped during control plane setup
kube_proxy_remove: >- ## By default 'addon/coredns' is skipped
{%- if kube_network_plugin == 'kube-router' -%} ## 'addon/kube-proxy' gets skipped for some network plugins
{{ (kube_router_run_service_proxy is defined and kube_router_run_service_proxy)| bool }} kubeadm_init_phases_skip_default: [ "addon/coredns" ]
{%- elif kube_network_plugin == 'cilium' -%} kubeadm_init_phases_skip: >-
{{ (cilium_kube_proxy_replacement is defined and cilium_kube_proxy_replacement == 'strict')| bool }} {%- if kube_network_plugin == 'kube-router' and (kube_router_run_service_proxy is defined and kube_router_run_service_proxy) -%}
{{ kubeadm_init_phases_skip_default }} + [ "addon/kube-proxy" ]
{%- elif kube_network_plugin == 'cilium' and (cilium_kube_proxy_replacement is defined and cilium_kube_proxy_replacement == 'strict') -%}
{{ kubeadm_init_phases_skip_default }} + [ "addon/kube-proxy" ]
{%- elif kube_proxy_remove is defined and kube_proxy_remove -%}
{{ kubeadm_init_phases_skip_default }} + [ "addon/kube-proxy" ]
{%- else -%} {%- else -%}
false {{ kubeadm_init_phases_skip_default }}
{%- endif -%} {%- endif -%}
# A string slice of values which specify the addresses to use for NodePorts. # A string slice of values which specify the addresses to use for NodePorts.

View file

@ -0,0 +1,2 @@
---
kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"

View file

@ -36,4 +36,4 @@
when: patch_kube_proxy_state is not skipped when: patch_kube_proxy_state is not skipped
tags: init tags: init
when: when:
- not kube_proxy_remove - kube_proxy_deployed