diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml index 0daeccd1b..0db20cb3c 100644 --- a/roles/container-engine/containerd/defaults/main.yml +++ b/roles/container-engine/containerd/defaults/main.yml @@ -10,3 +10,35 @@ containerd_config: registries: "docker.io": "https://registry-1.docker.io" max_container_log_line_size: -1 + +containerd_version: '1.2.6' +containerd_package: 'containerd.io' + +containerd_cfg_dir: /etc/containerd + +# Path to runc binray +runc_binary: /usr/sbin/runc + + +yum_repo_dir: /etc/yum.repos.d +yum_conf: /etc/yum.conf +containerd_yum_conf: /etc/yum_containerd.conf + +# Optional values for containerd apt repo +containerd_package_info: + pkgs: + +containerd_repo_key_info: + repo_keys: + +containerd_repo_info: + repos: + +extras_rh_repo_base_url: "http://mirror.centos.org/centos/$releasever/extras/$basearch/" +extras_rh_repo_gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7" + +# Ubuntu docker-ce repo +containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu" +containerd_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg' +containerd_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' +containerd_ubuntu_repo_component: 'stable' diff --git a/roles/container-engine/containerd/handlers/main.yml b/roles/container-engine/containerd/handlers/main.yml index f7aba44db..bd483bc8e 100644 --- a/roles/container-engine/containerd/handlers/main.yml +++ b/roles/container-engine/containerd/handlers/main.yml @@ -2,23 +2,19 @@ - name: restart containerd command: /bin/true notify: - - Containerd | reload containerd - - Containerd | pause while containerd restarts + - Containerd | restart containerd - Containerd | wait for containerd -- name: Containerd | reload containerd - service: +- name: Containerd | restart containerd + systemd: name: containerd state: restarted - -- name: Containerd | pause while containerd restarts - pause: - seconds: 5 - prompt: "Waiting for containerd restart" + enabled: yes + daemon-reload: yes - name: Containerd | wait for containerd command: "{{ containerd_bin_dir }}/ctr images ls -q" register: containerd_ready - retries: 10 - delay: 5 + retries: 8 + delay: 4 until: containerd_ready.rc == 0 diff --git a/roles/container-engine/containerd/tasks/containerd_repo.yml b/roles/container-engine/containerd/tasks/containerd_repo.yml new file mode 100644 index 000000000..8294f0e0e --- /dev/null +++ b/roles/container-engine/containerd/tasks/containerd_repo.yml @@ -0,0 +1,106 @@ +--- +- name: ensure containerd repository public key is installed + action: "{{ containerd_repo_key_info.pkg_key }}" + args: + id: "{{ item }}" + url: "{{ containerd_repo_key_info.url }}" + state: present + register: keyserver_task_result + until: keyserver_task_result is succeeded + retries: 4 + delay: "{{ retry_stagger | d(3) }}" + with_items: "{{ containerd_repo_key_info.repo_keys }}" + when: + - ansible_os_family in ['Ubuntu', 'Debian'] + - not is_atomic + +- name: ensure containerd repository is enabled + action: "{{ containerd_repo_info.pkg_repo }}" + args: + repo: "{{ item }}" + state: present + with_items: "{{ containerd_repo_info.repos }}" + when: + - ansible_os_family in ['Ubuntu', 'Debian'] + - not is_atomic + - containerd_repo_info.repos|length > 0 + +# This is required to ensure any apt upgrade will not break kubernetes +- name: Set containerd pin priority to apt_preferences on Debian family + template: + src: "apt_preferences.d/debian_containerd.j2" + dest: "/etc/apt/preferences.d/containerd" + owner: "root" + mode: 0644 + when: + - ansible_os_family in ['Ubuntu', 'Debian'] + - not is_atomic + +- name: ensure containerd repository public key is installed + action: "{{ containerd_repo_key_info.pkg_key }}" + args: + id: "{{ item }}" + url: "{{ containerd_repo_key_info.url }}" + state: present + register: keyserver_task_result + until: keyserver_task_result is succeeded + retries: 4 + delay: "{{ retry_stagger | d(3) }}" + with_items: "{{ containerd_repo_key_info.repo_keys }}" + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) + +- name: ensure containerd repository is enabled + action: "{{ containerd_repo_info.pkg_repo }}" + args: + repo: "{{ item }}" + state: present + with_items: "{{ containerd_repo_info.repos }}" + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (containerd_repo_info.repos|length > 0) + +- name: Configure containerd repository on Fedora + template: + src: "fedora_containerd.repo.j2" + dest: "{{ yum_repo_dir }}/containerd.repo" + when: ansible_distribution == "Fedora" and not is_atomic + +- name: Configure containerd repository on RedHat/CentOS + template: + src: "rh_containerd.repo.j2" + dest: "{{ yum_repo_dir }}/containerd.repo" + when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic + +- name: check if container-selinux is available + yum: + list: "container-selinux" + register: yum_result + when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic + +- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos + yum_repository: + name: extras + description: "CentOS-7 - Extras" + state: present + baseurl: "{{ extras_rh_repo_base_url }}" + file: "extras" + gpgcheck: yes + gpgkey: "{{ extras_rh_repo_gpgkey }}" + keepcache: "{{ containerd_rpm_keepcache | default('1') }}" + proxy: " {{ http_proxy | default('_none_') }}" + when: + - ansible_distribution in ["CentOS","RedHat"] and not is_atomic + - yum_result.results | length == 0 + +- name: Copy yum.conf for editing + copy: + src: "{{ yum_conf }}" + dest: "{{ containerd_yum_conf }}" + remote_src: yes + when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic + +- name: Edit copy of yum.conf to set obsoletes=0 + lineinfile: + path: "{{ containerd_yum_conf }}" + state: present + regexp: '^obsoletes=' + line: 'obsoletes=0' + when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic diff --git a/roles/container-engine/containerd/tasks/crictl.yml b/roles/container-engine/containerd/tasks/crictl.yml index 02678f66d..05f37205c 100644 --- a/roles/container-engine/containerd/tasks/crictl.yml +++ b/roles/container-engine/containerd/tasks/crictl.yml @@ -1,6 +1,6 @@ --- - name: crictl | Download crictl - include_tasks: "roles/download/tasks/download_file.yml" + include_tasks: "../../../download/tasks/download_file.yml" vars: download: "{{ download_defaults | combine(downloads.crictl) }}" diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index c552cbebf..f148b6959 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -5,27 +5,119 @@ when: - not ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"] -- name: Install Docker - include_role: - name: container-engine/docker +- name: gather os specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" + - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml" + - "{{ ansible_distribution|lower }}.yml" + - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml" + - "{{ ansible_os_family|lower }}.yml" + - defaults.yml + paths: + - ../vars + skip: true + tags: + - facts -- name: Install config.toml +- include_tasks: containerd_repo.yml + +- name: ensure containerd config directory + file: + dest: "{{ containerd_cfg_dir }}" + state: directory + mode: 0755 + owner: root + group: root + +- name: Copy containerd config file template: src: config.toml.j2 - dest: /etc/containerd/config.toml - owner: bin + dest: "{{ containerd_cfg_dir }}/config.toml" + owner: "root" mode: 0644 + notify: restart containerd -- name: Stop and disabled Docker - systemd: - name: docker - state: stopped - enabled: no -- name: Restart containerd - systemd: - name: containerd - state: restarted +- name: ensure containerd repository public key is installed + action: "{{ containerd_repo_key_info.pkg_key }}" + args: + id: "{{ item }}" + url: "{{ containerd_repo_key_info.url }}" + state: present + register: keyserver_task_result + until: keyserver_task_result is succeeded + retries: 4 + delay: "{{ retry_stagger | d(3) }}" + with_items: "{{ containerd_repo_key_info.repo_keys }}" + when: + - ansible_os_family in ['Ubuntu', 'Debian'] + - not is_atomic + +- name: ensure containerd repository is enabled + action: "{{ containerd_repo_info.pkg_repo }}" + args: + repo: "{{ item }}" + state: present + with_items: "{{ containerd_repo_info.repos }}" + when: + - ansible_os_family in ['Ubuntu', 'Debian'] + - not is_atomic + - containerd_repo_info.repos|length > 0 + +# This is required to ensure any apt upgrade will not break kubernetes +- name: Set containerd pin priority to apt_preferences on Debian family + template: + src: "apt_preferences.d/debian_containerd.j2" + dest: "/etc/apt/preferences.d/containerd" + owner: "root" + mode: 0644 + when: + - ansible_os_family in ['Ubuntu', 'Debian'] + - not is_atomic + +- name: ensure containerd packages are installed + action: "{{ containerd_package_info.pkg_mgr }}" + args: + pkg: "{{ item.name }}" + force: "{{ item.force | default(omit) }}" + conf_file: "{{ item.yum_conf | default(omit) }}" + state: present + update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}" + register: containerd_task_result + until: containerd_task_result is succeeded + retries: 4 + delay: "{{ retry_stagger | d(3) }}" + with_items: "{{ containerd_package_info.pkgs }}" + notify: restart containerd + when: + - not is_atomic + - containerd_package_info.pkgs|length > 0 + ignore_errors: true + +- name: Check if runc is installed + stat: + path: /usr/sbin/runc + register: runc_stat + +- name: Install runc package if necessary + action: "{{ containerd_package_info.pkg_mgr }}" + args: + pkg: runc + state: present + update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}" + register: runc_task_result + until: runc_task_result is succeeded + retries: 4 + delay: "{{ retry_stagger | d(3) }}" + notify: restart containerd + when: + - not is_atomic + - not runc_stat.stat.exists - name: Install crictl config template: @@ -35,16 +127,6 @@ mode: 0644 - name: Install crictl completion - shell: /usr/local/bin/crictl completion >/etc/bash_completion.d/crictl + shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl" ignore_errors: True when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"] - -- name: Enable containerd - systemd: - name: containerd.service - state: started - enabled: yes - daemon-reload: yes - -- name: flush handlers so we can wait for containerd to come up - meta: flush_handlers diff --git a/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 b/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 new file mode 100644 index 000000000..8d59a562d --- /dev/null +++ b/roles/container-engine/containerd/templates/apt_preferences.d/debian_containerd.j2 @@ -0,0 +1,3 @@ +Package: {{ containerd_package }} +Pin: version {{ containerd_version }}.* +Pin-Priority: 1001 diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2 index 6c3dccb0a..14413462a 100644 --- a/roles/container-engine/containerd/templates/config.toml.j2 +++ b/roles/container-engine/containerd/templates/config.toml.j2 @@ -13,7 +13,7 @@ disabled_plugins = ["restart"] [plugins.linux] shim = "/usr/bin/containerd-shim" - runtime = "/usr/sbin/runc" + runtime = "{{ runc_binary }}" [plugins.cri] stream_server_address = "127.0.0.1" diff --git a/roles/container-engine/containerd/templates/rh_containerd.repo.j2 b/roles/container-engine/containerd/templates/rh_containerd.repo.j2 new file mode 100644 index 000000000..98936a66a --- /dev/null +++ b/roles/container-engine/containerd/templates/rh_containerd.repo.j2 @@ -0,0 +1,17 @@ +[docker-ce] +name=Docker-CE Repository +baseurl={{ docker_rh_repo_base_url }} +enabled=1 +gpgcheck=1 +keepcache={{ docker_rpm_keepcache | default('1') }} +gpgkey={{ docker_rh_repo_gpgkey }} +{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %} + +[docker-engine] +name=Docker-Engine Repository +baseurl={{ dockerproject_rh_repo_base_url }} +enabled=1 +gpgcheck=1 +keepcache={{ docker_rpm_keepcache | default('1') }} +gpgkey={{ dockerproject_rh_repo_gpgkey }} +{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %} diff --git a/roles/container-engine/containerd/vars/redhat.yml b/roles/container-engine/containerd/vars/redhat.yml new file mode 100644 index 000000000..199dc35ec --- /dev/null +++ b/roles/container-engine/containerd/vars/redhat.yml @@ -0,0 +1,28 @@ +--- + +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.2.4': "{{ containerd_package }}-1.2.4-3.1.el7" + '1.2.5': "{{ containerd_package }}-1.2.5-3.1.el7" + '1.2.6': "{{ containerd_package }}-1.2.6-3.3.el7" + 'stable': "{{ containerd_package }}-1.2.6-3.3.el7" + 'edge': "{{ containerd_package }}-1.2.6-3.3.el7" + +containerd_package_info: + pkg_mgr: yum + pkgs: + - name: "{{ containerd_versioned_pkg[containerd_version | string] }}" + +containerd_pkgs: + - name: "{{ containerd_versioned_pkg[containerd_version | string] }}" + yum_conf: "{{ containerd_yum_conf }}" + +containerd_repo_key_info: + pkg_key: '' + repo_keys: [] + +containerd_repo_info: + pkg_repo: '' + repos: [] + +runc_binary: /bin/runc diff --git a/roles/container-engine/containerd/vars/suse.yml b/roles/container-engine/containerd/vars/suse.yml new file mode 100644 index 000000000..a2639193c --- /dev/null +++ b/roles/container-engine/containerd/vars/suse.yml @@ -0,0 +1,17 @@ +--- +# docker-ce containerd.io does not contain daemon +containerd_package: containerd + +containerd_package_info: + pkg_mgr: zypper + pkgs: + - name: "{{ containerd_package }}" + state: latest + +containerd_repo_key_info: + pkg_key: '' + repo_keys: [] + +containerd_repo_info: + pkg_repo: '' + repos: [] diff --git a/roles/container-engine/containerd/vars/ubuntu-amd64.yml b/roles/container-engine/containerd/vars/ubuntu-amd64.yml new file mode 100644 index 000000000..1614eeea9 --- /dev/null +++ b/roles/container-engine/containerd/vars/ubuntu-amd64.yml @@ -0,0 +1,27 @@ +--- + +containerd_versioned_pkg: + 'latest': "{{ containerd_package }}" + '1.2.4': "{{ containerd_package }}=1.2.4-1" + 'stable': "{{ containerd_package }}=1.2.4-1" + 'edge': "{{ containerd_package }}=1.2.4-1" + +containerd_package_info: + pkg_mgr: apt + pkgs: + - name: "{{ containerd_versioned_pkg[containerd_version | string] }}" + force: true + +containerd_repo_key_info: + pkg_key: apt_key + url: '{{ containerd_ubuntu_repo_gpgkey }}' + repo_keys: + - '{{ containerd_ubuntu_repo_repokey }}' + +containerd_repo_info: + pkg_repo: apt_repository + repos: + - > + deb {{ containerd_ubuntu_repo_base_url }} + {{ ansible_distribution_release|lower }} + {{ containerd_ubuntu_repo_component }} diff --git a/roles/container-engine/meta/main.yml b/roles/container-engine/meta/main.yml index e58eb9692..587574111 100644 --- a/roles/container-engine/meta/main.yml +++ b/roles/container-engine/meta/main.yml @@ -20,10 +20,3 @@ dependencies: tags: - container-engine - docker - - - role: container-engine/containerd - when: - - container_manager == 'containerd' - tags: - - container-engine - - containerd diff --git a/roles/download/tasks/check_pull_required.yml b/roles/download/tasks/check_pull_required.yml index 04a6b71b3..50fd0933c 100644 --- a/roles/download/tasks/check_pull_required.yml +++ b/roles/download/tasks/check_pull_required.yml @@ -5,8 +5,7 @@ # It will output something like the following: # nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc... - name: check_pull_required | Generate a list of information about the images on a node - shell: >- - {{ docker_bin_dir }}/docker images -q | xargs -r {{ docker_bin_dir }}/docker inspect -f "{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (index .RepoTags) {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (index .RepoDigests) {{ '}}' }}{{ '{{' }} end {{ '}}' }}" | sed -e 's/^ *\[//g' -e 's/\] *$//g' -e 's/ /\n/g' | tr '\n' ',' + shell: "{{ image_info_command }}" delegate_to: "{{ download_delegate if download_run_once or inventory_hostname }}" no_log: true register: docker_images diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml index 8fe3aee22..cdd27fd52 100644 --- a/roles/download/tasks/download_container.yml +++ b/roles/download/tasks/download_container.yml @@ -65,7 +65,7 @@ - ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"] - name: download_container | Prepare container download - import_tasks: check_pull_required.yml + include_tasks: check_pull_required.yml run_once: "{{ download_run_once }}" when: - not download_always_pull diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 30b4ced1c..a05a3ab7c 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -24,10 +24,11 @@ - include_tasks: ../../container-engine/containerd/tasks/crictl.yml when: + - not skip_downloads|default(false) - container_manager in ['containerd', 'crio'] - name: download | Get kubeadm binary and list of required images - import_tasks: prep_kubeadm_images.yml + include_tasks: prep_kubeadm_images.yml when: - kube_version is version('v1.11.0', '>=') - not skip_downloads|default(false) diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index 081859d3b..c35634115 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -5,6 +5,20 @@ tags: - facts +- name: Set image info command for containerd + set_fact: + image_info_command: "{{ containerd_bin_dir }}/ctr images ls | tail -n +2 | awk -F '[ :]+' '{print $1\":\"$2\",\"$1\":\"$4\"@\"$5}' | tr '\n' ','" + when: container_manager == 'containerd' + +- name: Register docker images info + shell: "{{ image_info_command }}" + no_log: true + register: docker_images + failed_when: false + changed_when: false + check_mode: no + when: download_container + - name: prep_download | Create staging directory on remote node file: path: "{{ local_release_dir }}/images" diff --git a/roles/download/templates/kubeadm-images.yaml.j2 b/roles/download/templates/kubeadm-images.yaml.j2 index f49a4ca82..b237fd7ae 100644 --- a/roles/download/templates/kubeadm-images.yaml.j2 +++ b/roles/download/templates/kubeadm-images.yaml.j2 @@ -13,3 +13,9 @@ etcd: {% for endpoint in etcd_access_addresses.split(',') %} - {{ endpoint }} {% endfor %} +{% if dns_mode in ['coredns', 'coredns_dual'] %} +dns: + type: CoreDNS + imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }} + imageTag: {{ coredns_image_tag }} +{% endif %} diff --git a/roles/kubernetes-apps/helm/tasks/install_host.yml b/roles/kubernetes-apps/helm/tasks/install_host.yml index 13c376a8c..4d883ea77 100644 --- a/roles/kubernetes-apps/helm/tasks/install_host.yml +++ b/roles/kubernetes-apps/helm/tasks/install_host.yml @@ -1,6 +1,25 @@ --- +- name: Helm | Set commands for helm host tasks + set_fact: + helm_compare_command: >- + {%- if container_manager in ['docker', 'crio'] %} + {{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /usr/bin/cmp {{ helm_image_repo }}:{{ helm_image_tag }} /usr/local/bin/helm /systembindir/helm + {%- elif container_manager == "containerd" %} + ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/systembindir,options=rbind:rw {{ helm_image_repo }}:{{ helm_image_tag }} helm-compare sh -c 'cmp /usr/local/bin/helm /systembindir/helm' + {%- endif %} + helm_copy_command: >- + {%- if container_manager in ['docker', 'crio'] %} + {{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /bin/cp {{ helm_image_repo }}:{{ helm_image_tag }} -f /usr/local/bin/helm /systembindir/helm + {%- elif container_manager == "containerd" %} + ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/systembindir,options=rbind:rw {{ helm_image_repo }}:{{ helm_image_tag }} helm-copy sh -c '/bin/cp -f /usr/local/bin/helm /systembindir/helm' + {%- endif %} + +- name: Helm | ensure helm container is pulled for containerd + command: "ctr i pull {{ helm_image_repo }}:{{ helm_image_tag }}" + when: container_manager == "containerd" + - name: Helm | Compare host helm with hyperkube container - command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /usr/bin/cmp {{ helm_image_repo }}:{{ helm_image_tag }} /usr/local/bin/helm /systembindir/helm" + command: "{{ helm_compare_command }}" register: helm_task_compare_result until: helm_task_compare_result.rc in [0,1,2] retries: 4 @@ -9,7 +28,7 @@ failed_when: "helm_task_compare_result.rc not in [0,1,2]" - name: Helm | Copy helm from helm container - command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /bin/cp {{ helm_image_repo }}:{{ helm_image_tag }} -f /usr/local/bin/helm /systembindir/helm" + command: "{{ helm_copy_command }}" when: helm_task_compare_result.rc != 0 register: helm_task_result until: helm_task_result.rc == 0 diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index 11fb62693..3877998f1 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -40,6 +40,12 @@ run_once: yes when: kubeconfig_localhost|default(false) +- name: Wait for k8s apiserver + wait_for: + host: "{{ kube_apiserver_access_address }}" + port: "{{ kube_apiserver_port }}" + timeout: 180 + # NOTE(mattymo): Please forgive this workaround - name: Generate admin kubeconfig with external api endpoint shell: >- diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 index 25638e142..7414460c1 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 @@ -17,11 +17,7 @@ nodeRegistration: {% else %} taints: [] {% endif %} -{% if container_manager == 'crio' %} - criSocket: /var/run/crio/crio.sock -{% else %} - criSocket: /var/run/dockershim.sock -{% endif %} + criSocket: {{ cri_socket }} --- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration diff --git a/roles/kubernetes/master/templates/kubeadm-controlplane.v1beta2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-controlplane.v1beta2.yaml.j2 index 3c9cf9280..a03aa5f96 100644 --- a/roles/kubernetes/master/templates/kubeadm-controlplane.v1beta2.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-controlplane.v1beta2.yaml.j2 @@ -5,7 +5,7 @@ discovery: {% if kubeadm_config_api_fqdn is defined %} apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} {% else %} - apiServerEndpoint: {{ kubeadm_discovery_address | replace("https://", "")}} + apiServerEndpoint: {{ kubeadm_discovery_address }} {% endif %} token: {{ kubeadm_token }} unsafeSkipCAVerification: true @@ -18,8 +18,4 @@ controlPlane: certificateKey: {{ kubeadm_certificate_key }} nodeRegistration: name: {{ kube_override_hostname|default(inventory_hostname) }} -{% if container_manager == 'crio' %} - criSocket: /var/run/crio/crio.sock -{% else %} - criSocket: /var/run/dockershim.sock -{% endif %} + criSocket: {{ cri_socket }} diff --git a/tests/files/gce_centos7-flannel-addons.yml b/tests/files/gce_centos7-flannel-addons.yml index d48b4a79e..79232f577 100644 --- a/tests/files/gce_centos7-flannel-addons.yml +++ b/tests/files/gce_centos7-flannel-addons.yml @@ -5,25 +5,25 @@ cloud_region: us-central1-c cloud_machine_type: "n1-standard-2" mode: ha -# Deployment settings +# Kubespray settings kubeadm_control_plane: true kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085 +kube_proxy_mode: iptables kube_network_plugin: flannel helm_enabled: true kubernetes_audit: true +container_manager: containerd etcd_events_cluster_enabled: true local_volume_provisioner_enabled: true etcd_deployment_type: host deploy_netchecker: true dns_min_replicas: 1 -cloud_provider: gce kube_encrypt_secret_data: true -# ingress_nginx_enabled: true +ingress_nginx_enabled: true cert_manager_enabled: true -# Disabled temporarily +# Disable as health checks are still unstable and slow to respond. metrics_server_enabled: false metrics_server_kubelet_insecure_tls: true kube_token_auth: true kube_basic_auth: true enable_nodelocaldns: false -local_path_provisioner_enabled: true diff --git a/tests/files/packet_centos7-flannel-addons.yml b/tests/files/packet_centos7-flannel-addons.yml index 4be172c56..8131700a5 100644 --- a/tests/files/packet_centos7-flannel-addons.yml +++ b/tests/files/packet_centos7-flannel-addons.yml @@ -10,6 +10,7 @@ kube_proxy_mode: iptables kube_network_plugin: flannel helm_enabled: true kubernetes_audit: true +container_manager: containerd etcd_events_cluster_enabled: true local_volume_provisioner_enabled: true etcd_deployment_type: host diff --git a/tests/files/packet_opensuse-canal.yml b/tests/files/packet_opensuse-canal.yml index a735d77e8..e6c6f02f0 100644 --- a/tests/files/packet_opensuse-canal.yml +++ b/tests/files/packet_opensuse-canal.yml @@ -5,5 +5,6 @@ mode: default # Kubespray settings kube_network_plugin: canal +container_manager: containerd deploy_netchecker: true dns_min_replicas: 1