Merge pull request #2256 from mlushpenko/fix-kubeadm-safe-upgrade

Fix safe upgrade
This commit is contained in:
Antoine Legrand 2018-02-09 19:03:04 +01:00 committed by GitHub
commit 60460c025c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 9 additions and 11 deletions

View file

@ -96,10 +96,6 @@ bin_dir: /usr/local/bin
## Uncomment to enable experimental kubeadm deployment mode ## Uncomment to enable experimental kubeadm deployment mode
#kubeadm_enabled: false #kubeadm_enabled: false
#kubeadm_token_first: "{{ lookup('password', inventory_dir + '/credentials/kubeadm_token_first length=6 chars=ascii_lowercase,digits') }}"
#kubeadm_token_second: "{{ lookup('password', inventory_dir + '/credentials/kubeadm_token_second length=16 chars=ascii_lowercase,digits') }}"
#kubeadm_token: "{{ kubeadm_token_first }}.{{ kubeadm_token_second }}"
#
## Set these proxy values in order to update package manager and docker daemon to use proxies ## Set these proxy values in order to update package manager and docker daemon to use proxies
#http_proxy: "" #http_proxy: ""
#https_proxy: "" #https_proxy: ""

View file

@ -22,12 +22,20 @@
delegate_to: "{{ groups['kube-master'][0] }}" delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true run_once: true
- name: Create kubeadm token for joining nodes with 24h expiration (default)
command: "{{ bin_dir }}/kubeadm token create"
run_once: true
register: temp_token
delegate_to: "{{ groups['kube-master'][0] }}"
- name: Create kubeadm client config - name: Create kubeadm client config
template: template:
src: kubeadm-client.conf.j2 src: kubeadm-client.conf.j2
dest: "{{ kube_config_dir }}/kubeadm-client.conf" dest: "{{ kube_config_dir }}/kubeadm-client.conf"
backup: yes backup: yes
when: not is_kube_master when: not is_kube_master
vars:
kubeadm_token: "{{ temp_token.stdout }}"
register: kubeadm_client_conf register: kubeadm_client_conf
- name: Join to cluster if needed - name: Join to cluster if needed

View file

@ -82,9 +82,6 @@ controller_mgr_custom_flags: []
scheduler_custom_flags: [] scheduler_custom_flags: []
# kubeadm settings
## Value of 0 means it never expires
kubeadm_token_ttl: 0
## Extra args for k8s components passing by kubeadm ## Extra args for k8s components passing by kubeadm
kube_kubeadm_controller_extra_args: {} kube_kubeadm_controller_extra_args: {}
kube_kubeadm_scheduler_extra_args: {} kube_kubeadm_scheduler_extra_args: {}

View file

@ -29,8 +29,6 @@ authorizationModes:
{% for mode in authorization_modes %} {% for mode in authorization_modes %}
- {{ mode }} - {{ mode }}
{% endfor %} {% endfor %}
token: {{ kubeadm_token }}
tokenTTL: "{{ kubeadm_token_ttl }}"
selfHosted: false selfHosted: false
apiServerExtraArgs: apiServerExtraArgs:
bind-address: {{ kube_apiserver_bind_address }} bind-address: {{ kube_apiserver_bind_address }}

View file

@ -147,7 +147,6 @@ helm_deployment_type: host
# Enable kubeadm deployment (experimental) # Enable kubeadm deployment (experimental)
kubeadm_enabled: false kubeadm_enabled: false
kubeadm_token: "abcdef.0123456789abcdef"
# Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts # Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts
kubeconfig_localhost: false kubeconfig_localhost: false

View file

@ -2,4 +2,4 @@
- name: Uncordon node - name: Uncordon node
command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}" command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
delegate_to: "{{ groups['kube-master'][0] }}" delegate_to: "{{ groups['kube-master'][0] }}"
when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} ) when: needs_cordoning|default(false)