Run kubeadm and hyperkube outside of local_release_dir (#4098)

Addressing the discussion started in #4064, this PR moves kubeadm and
hyperkube binaries to /usr/local/bin before running them on the master
nodes.

It is to address the case where local_release_dir points to /tmp
(kubespray default) and /tmp is mounted with noexec mode, preventing
any binaries to be run in that partition.

In role "node", we still move kubeadm to bin_dir only on the worker
nodes.
This commit is contained in:
Florent Monbillard 2019-01-28 05:00:49 -05:00 committed by Kubernetes Prow Robot
parent ce8ba1f170
commit 2054a98cf7
3 changed files with 44 additions and 2 deletions

View file

@ -4,5 +4,21 @@
src: "kubeadm-images.yaml.j2" src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml" dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
- name: kubeadm | Copy kubeadm binary from download dir
synchronize:
src: "{{ local_release_dir }}/kubeadm"
dest: "{{ bin_dir }}/kubeadm"
compress: no
perms: yes
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
- name: kubeadm | Set kubeadm binary permissions
file:
path: "{{ bin_dir }}/kubeadm"
mode: "0755"
state: file
- name: container_download | download images for kubeadm config images - name: container_download | download images for kubeadm config images
command: "{{ local_release_dir }}/kubeadm config images pull --config={{ kube_config_dir }}/kubeadm-images.yaml" command: "{{ bin_dir }}/kubeadm config images pull --config={{ kube_config_dir }}/kubeadm-images.yaml"

View file

@ -10,6 +10,8 @@
delegate_to: "{{ inventory_hostname }}" delegate_to: "{{ inventory_hostname }}"
tags: tags:
- kubeadm - kubeadm
when:
- not inventory_hostname in groups['kube-master']
- name: install | Set kubeadm binary permissions - name: install | Set kubeadm binary permissions
file: file:
@ -18,6 +20,8 @@
state: file state: file
tags: tags:
- kubeadm - kubeadm
when:
- not inventory_hostname in groups['kube-master']
- name: install | Copy kubelet binary from download dir - name: install | Copy kubelet binary from download dir
synchronize: synchronize:
@ -42,6 +46,28 @@
- hyperkube - hyperkube
- upgrade - upgrade
- name: install | Copy hyperkube binary from download dir
synchronize:
src: "{{ local_release_dir }}/hyperkube"
dest: "{{ bin_dir }}/hyperkube"
compress: no
perms: yes
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
tags:
- hyperkube
- upgrade
- name: install | Set hyperkube binary permissions
file:
path: "{{ bin_dir }}/hyperkube"
mode: "0755"
state: file
tags:
- hyperkube
- upgrade
- name: install | Copy socat wrapper for Container Linux - name: install | Copy socat wrapper for Container Linux
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args: args:

View file

@ -152,7 +152,7 @@
- kube-proxy - kube-proxy
- name: Cleanup kube-proxy leftovers from node - name: Cleanup kube-proxy leftovers from node
command: "{{ local_release_dir }}/hyperkube kube-proxy --cleanup" command: "{{ bin_dir }}/hyperkube kube-proxy --cleanup"
when: when:
- kube_proxy_remove - kube_proxy_remove
# `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?) # `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?)