C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 (#4952)

Browse source 
* Fixup deploy of kubeadm etcd for Kubernetes v1.15.0

Change-Id: If42c2c75c4d278ba9475ebf76c243f3e6ee4d02e

* undo renaming cloud config file

Change-Id: Iafbd27c3887d6a2a6d0819c711f150ecf70c515d
This commit is contained in:
Matthew Mosesohn 2019-07-09 15:41:59 +03:00 committed by GitHub
parent a67a50f9c0
commit 352297cf8d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 79 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
roles/kubernetes/kubeadm/defaults/main.yml
View file

@ -1,6 +1,9 @@
--- ---
# discovery_timeout modifies the discovery timeout # discovery_timeout modifies the discovery timeout
discovery_timeout: 5m0s # This value must be smaller than kubeadm_join_timeout
discovery_timeout: 60s
kubeadm_join_timeout: 120s
# Optionally remove kube_proxy installed by kubeadm # Optionally remove kube_proxy installed by kubeadm
kube_proxy_remove: false kube_proxy_remove: false

23
roles/kubernetes/kubeadm/tasks/main.yml
View file

@ -10,15 +10,24 @@
tags: tags:
- facts - facts
- name: Check if kubelet.conf exists - name: Check if kubelet.conf exists
stat: stat:
path: "{{ kube_config_dir }}/kubelet.conf" path: "{{ kube_config_dir }}/kubelet.conf"
register: kubelet_conf register: kubelet_conf
- name: Check if kubeadm CA cert is accessible
stat:
path: "{{ kube_cert_dir }}/ca.crt"
register: kubeadm_ca_stat
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
- name: Calculate kubeadm CA cert hash - name: Calculate kubeadm CA cert hash
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
register: kubeadm_ca_hash register: kubeadm_ca_hash
when:
- kubeadm_ca_stat.stat is defined
- kubeadm_ca_stat.stat.exists
delegate_to: "{{ groups['kube-master'][0] }}" delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true run_once: true
@ -58,23 +67,21 @@
- name: Join to cluster - name: Join to cluster
command: >- command: >-
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
{{ bin_dir }}/kubeadm join {{ bin_dir }}/kubeadm join
--config {{ kube_config_dir }}/kubeadm-client.conf --config {{ kube_config_dir }}/kubeadm-client.conf
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
register: kubeadm_join register: kubeadm_join
async: 120
poll: 15
rescue: rescue:
- name: Join to cluster with ignores - name: Join to cluster with ignores
command: >- command: >-
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
{{ bin_dir }}/kubeadm join {{ bin_dir }}/kubeadm join
--config {{ kube_config_dir }}/kubeadm-client.conf --config {{ kube_config_dir }}/kubeadm-client.conf
--ignore-preflight-errors=all --ignore-preflight-errors=all
register: kubeadm_join register: kubeadm_join
async: 180
poll: 15
always: always:
@ -85,12 +92,6 @@
Joined with warnings Joined with warnings
{{ kubeadm_join.stderr_lines }} {{ kubeadm_join.stderr_lines }}
- name: Wait for kubelet bootstrap to create config
wait_for:
path: "{{ kube_config_dir }}/kubelet.conf"
delay: 1
timeout: 60
- name: Update server field in kubelet kubeconfig - name: Update server field in kubelet kubeconfig
lineinfile: lineinfile:
dest: "{{ kube_config_dir }}/kubelet.conf" dest: "{{ kube_config_dir }}/kubelet.conf"

4
roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
View file

@ -9,8 +9,12 @@ discovery:
apiServerEndpoint: {{ kubeadm_discovery_address }} apiServerEndpoint: {{ kubeadm_discovery_address }}
{% endif %} {% endif %}
token: {{ kubeadm_token }} token: {{ kubeadm_token }}
{% if kubeadm_ca_hash.stdout is defined %}
caCertHashes: caCertHashes:
- sha256:{{ kubeadm_ca_hash.stdout }} - sha256:{{ kubeadm_ca_hash.stdout }}
{% else %}
unsafeSkipCAVerification: true
{% endif %}
timeout: {{ discovery_timeout }} timeout: {{ discovery_timeout }}
tlsBootstrapToken: {{ kubeadm_token }} tlsBootstrapToken: {{ kubeadm_token }}
caCertPath: {{ kube_cert_dir }}/ca.crt caCertPath: {{ kube_cert_dir }}/ca.crt

2
roles/kubernetes/master/tasks/kubeadm-setup.yml
View file

@ -103,7 +103,7 @@
- name: kubeadm | Initialize first master - name: kubeadm | Initialize first master
command: >- command: >-
timeout -k 600s 600s timeout -k 300s 300s
{{ bin_dir }}/kubeadm init {{ bin_dir }}/kubeadm init
--config={{ kube_config_dir }}/kubeadm-config.yaml --config={{ kube_config_dir }}/kubeadm-config.yaml
--ignore-preflight-errors=all --ignore-preflight-errors=all

1
roles/kubernetes/master/tasks/kubeadm-upgrade.yml
View file

@ -29,6 +29,7 @@
--allow-experimental-upgrades --allow-experimental-upgrades
--allow-release-candidate-upgrades --allow-release-candidate-upgrades
--etcd-upgrade=false --etcd-upgrade=false
--force
register: kubeadm_upgrade register: kubeadm_upgrade
when: inventory_hostname != groups['kube-master']|first when: inventory_hostname != groups['kube-master']|first
failed_when: failed_when:

6
roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
View file

@ -69,6 +69,12 @@ etcd:
- {{ san }} - {{ san }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if dns_mode in ['coredns', 'coredns_dual'] %}
dns:
type: CoreDNS
imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
imageTag: {{ coredns_image_tag }}
{% endif %}
networking: networking:
dnsDomain: {{ dns_domain }} dnsDomain: {{ dns_domain }}
serviceSubnet: {{ kube_service_addresses }} serviceSubnet: {{ kube_service_addresses }}

48
roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
View file

@ -27,6 +27,7 @@ apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration kind: ClusterConfiguration
clusterName: {{ cluster_name }} clusterName: {{ cluster_name }}
etcd: etcd:
{% if not etcd_kubeadm_enabled %}
external: external:
endpoints: endpoints:
{% for endpoint in etcd_access_addresses.split(',') %} {% for endpoint in etcd_access_addresses.split(',') %}
@ -35,6 +36,53 @@ etcd:
caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }} caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }} certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }} keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
{% elif etcd_kubeadm_enabled %}
local:
imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
imageTag: "{{ etcd_image_tag }}"
dataDir: "/var/lib/etcd"
extraArgs:
metrics: {{ etcd_metrics }}
election-timeout: "{{ etcd_election_timeout }}"
heartbeat-interval: "{{ etcd_heartbeat_interval }}"
auto-compaction-retention: "{{ etcd_compaction_retention }}"
{% if etcd_snapshot_count is defined %}
snapshot-count: "{{ etcd_snapshot_count }}"
{% endif %}
{% if etcd_quota_backend_bytes is defined %}
quota-backend-bytes: "{{ etcd_quota_backend_bytes }}"
{% endif %}
{% if etcd_log_package_levels is defined %}
log-package_levels: "{{ etcd_log_package_levels }}"
{% endif %}
{% for key, value in etcd_extra_vars.items() %}
{{ key }}: "{{ value }}"
{% endfor %}
{% if host_architecture != "amd64" -%}
etcd-unsupported-arch: {{host_architecture}}
{% endif %}
serverCertSANs:
{% for san in etcd_cert_alt_names %}
- {{ san }}
{% endfor %}
{% for san in etcd_cert_alt_ips %}
- {{ san }}
{% endfor %}
peerCertSANs:
{% for san in etcd_cert_alt_names %}
- {{ san }}
{% endfor %}
{% for san in etcd_cert_alt_ips %}
- {{ san }}
{% endfor %}
{% endif %}
{% if dns_mode in ['coredns', 'coredns_dual'] %}
dns:
type: CoreDNS
imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
imageTag: {{ coredns_image_tag }}
{% endif %}
networking: networking:
dnsDomain: {{ dns_domain }} dnsDomain: {{ dns_domain }}
serviceSubnet: {{ kube_service_addresses }} serviceSubnet: {{ kube_service_addresses }}

2
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
View file

@ -44,7 +44,7 @@
- name: Update common_required_pkgs with ipvsadm when kube_proxy_mode is ipvs - name: Update common_required_pkgs with ipvsadm when kube_proxy_mode is ipvs
set_fact: set_fact:
common_required_pkgs: "{{ common_required_pkgs|default([]) + ['ipvsadm'] }}" common_required_pkgs: "{{ common_required_pkgs|default([]) + ['ipvsadm', 'ipset'] }}"
when: kube_proxy_mode == 'ipvs' when: kube_proxy_mode == 'ipvs'
- name: Install packages requirements - name: Install packages requirements