Run kubeadm and hyperkube outside of local_release_dir (#4098)
Addressing the discussion started in #4064, this PR moves kubeadm and hyperkube binaries to /usr/local/bin before running them on the master nodes. It is to address the case where local_release_dir points to /tmp (kubespray default) and /tmp is mounted with noexec mode, preventing any binaries to be run in that partition. In role "node", we still move kubeadm to bin_dir only on the worker nodes.
This commit is contained in:
parent
ce8ba1f170
commit
2054a98cf7
3 changed files with 44 additions and 2 deletions
|
@ -4,5 +4,21 @@
|
||||||
src: "kubeadm-images.yaml.j2"
|
src: "kubeadm-images.yaml.j2"
|
||||||
dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
|
dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
|
||||||
|
|
||||||
|
- name: kubeadm | Copy kubeadm binary from download dir
|
||||||
|
synchronize:
|
||||||
|
src: "{{ local_release_dir }}/kubeadm"
|
||||||
|
dest: "{{ bin_dir }}/kubeadm"
|
||||||
|
compress: no
|
||||||
|
perms: yes
|
||||||
|
owner: no
|
||||||
|
group: no
|
||||||
|
delegate_to: "{{ inventory_hostname }}"
|
||||||
|
|
||||||
|
- name: kubeadm | Set kubeadm binary permissions
|
||||||
|
file:
|
||||||
|
path: "{{ bin_dir }}/kubeadm"
|
||||||
|
mode: "0755"
|
||||||
|
state: file
|
||||||
|
|
||||||
- name: container_download | download images for kubeadm config images
|
- name: container_download | download images for kubeadm config images
|
||||||
command: "{{ local_release_dir }}/kubeadm config images pull --config={{ kube_config_dir }}/kubeadm-images.yaml"
|
command: "{{ bin_dir }}/kubeadm config images pull --config={{ kube_config_dir }}/kubeadm-images.yaml"
|
||||||
|
|
|
@ -10,6 +10,8 @@
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
delegate_to: "{{ inventory_hostname }}"
|
||||||
tags:
|
tags:
|
||||||
- kubeadm
|
- kubeadm
|
||||||
|
when:
|
||||||
|
- not inventory_hostname in groups['kube-master']
|
||||||
|
|
||||||
- name: install | Set kubeadm binary permissions
|
- name: install | Set kubeadm binary permissions
|
||||||
file:
|
file:
|
||||||
|
@ -18,6 +20,8 @@
|
||||||
state: file
|
state: file
|
||||||
tags:
|
tags:
|
||||||
- kubeadm
|
- kubeadm
|
||||||
|
when:
|
||||||
|
- not inventory_hostname in groups['kube-master']
|
||||||
|
|
||||||
- name: install | Copy kubelet binary from download dir
|
- name: install | Copy kubelet binary from download dir
|
||||||
synchronize:
|
synchronize:
|
||||||
|
@ -42,6 +46,28 @@
|
||||||
- hyperkube
|
- hyperkube
|
||||||
- upgrade
|
- upgrade
|
||||||
|
|
||||||
|
- name: install | Copy hyperkube binary from download dir
|
||||||
|
synchronize:
|
||||||
|
src: "{{ local_release_dir }}/hyperkube"
|
||||||
|
dest: "{{ bin_dir }}/hyperkube"
|
||||||
|
compress: no
|
||||||
|
perms: yes
|
||||||
|
owner: no
|
||||||
|
group: no
|
||||||
|
delegate_to: "{{ inventory_hostname }}"
|
||||||
|
tags:
|
||||||
|
- hyperkube
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
- name: install | Set hyperkube binary permissions
|
||||||
|
file:
|
||||||
|
path: "{{ bin_dir }}/hyperkube"
|
||||||
|
mode: "0755"
|
||||||
|
state: file
|
||||||
|
tags:
|
||||||
|
- hyperkube
|
||||||
|
- upgrade
|
||||||
|
|
||||||
- name: install | Copy socat wrapper for Container Linux
|
- name: install | Copy socat wrapper for Container Linux
|
||||||
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
|
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
|
||||||
args:
|
args:
|
||||||
|
|
|
@ -152,7 +152,7 @@
|
||||||
- kube-proxy
|
- kube-proxy
|
||||||
|
|
||||||
- name: Cleanup kube-proxy leftovers from node
|
- name: Cleanup kube-proxy leftovers from node
|
||||||
command: "{{ local_release_dir }}/hyperkube kube-proxy --cleanup"
|
command: "{{ bin_dir }}/hyperkube kube-proxy --cleanup"
|
||||||
when:
|
when:
|
||||||
- kube_proxy_remove
|
- kube_proxy_remove
|
||||||
# `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?)
|
# `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?)
|
||||||
|
|
Loading…
Reference in a new issue