Skip to content

Commit

Permalink
Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 (kubernetes-sigs#…
Browse files Browse the repository at this point in the history
…4952)

* Fixup deploy of kubeadm etcd for Kubernetes v1.15.0

Change-Id: If42c2c75c4d278ba9475ebf76c243f3e6ee4d02e

* undo renaming cloud config file

Change-Id: Iafbd27c3887d6a2a6d0819c711f150ecf70c515d
  • Loading branch information
mattymo authored Jul 9, 2019
1 parent a67a50f commit 352297c
Show file tree
Hide file tree
Showing 8 changed files with 79 additions and 16 deletions.
5 changes: 4 additions & 1 deletion roles/kubernetes/kubeadm/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
---
# discovery_timeout modifies the discovery timeout
discovery_timeout: 5m0s
# This value must be smaller than kubeadm_join_timeout
discovery_timeout: 60s
kubeadm_join_timeout: 120s

# Optionally remove kube_proxy installed by kubeadm
kube_proxy_remove: false

Expand Down
23 changes: 12 additions & 11 deletions roles/kubernetes/kubeadm/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,24 @@
tags:
- facts


- name: Check if kubelet.conf exists
stat:
path: "{{ kube_config_dir }}/kubelet.conf"
register: kubelet_conf

- name: Check if kubeadm CA cert is accessible
stat:
path: "{{ kube_cert_dir }}/ca.crt"
register: kubeadm_ca_stat
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true

- name: Calculate kubeadm CA cert hash
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
register: kubeadm_ca_hash
when:
- kubeadm_ca_stat.stat is defined
- kubeadm_ca_stat.stat.exists
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true

Expand Down Expand Up @@ -58,23 +67,21 @@

- name: Join to cluster
command: >-
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
{{ bin_dir }}/kubeadm join
--config {{ kube_config_dir }}/kubeadm-client.conf
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
register: kubeadm_join
async: 120
poll: 15

rescue:

- name: Join to cluster with ignores
command: >-
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
{{ bin_dir }}/kubeadm join
--config {{ kube_config_dir }}/kubeadm-client.conf
--ignore-preflight-errors=all
register: kubeadm_join
async: 180
poll: 15

always:

Expand All @@ -85,12 +92,6 @@
Joined with warnings
{{ kubeadm_join.stderr_lines }}
- name: Wait for kubelet bootstrap to create config
wait_for:
path: "{{ kube_config_dir }}/kubelet.conf"
delay: 1
timeout: 60

- name: Update server field in kubelet kubeconfig
lineinfile:
dest: "{{ kube_config_dir }}/kubelet.conf"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@ discovery:
apiServerEndpoint: {{ kubeadm_discovery_address }}
{% endif %}
token: {{ kubeadm_token }}
{% if kubeadm_ca_hash.stdout is defined %}
caCertHashes:
- sha256:{{ kubeadm_ca_hash.stdout }}
{% else %}
unsafeSkipCAVerification: true
{% endif %}
timeout: {{ discovery_timeout }}
tlsBootstrapToken: {{ kubeadm_token }}
caCertPath: {{ kube_cert_dir }}/ca.crt
Expand Down
2 changes: 1 addition & 1 deletion roles/kubernetes/master/tasks/kubeadm-setup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@

- name: kubeadm | Initialize first master
command: >-
timeout -k 600s 600s
timeout -k 300s 300s
{{ bin_dir }}/kubeadm init
--config={{ kube_config_dir }}/kubeadm-config.yaml
--ignore-preflight-errors=all
Expand Down
1 change: 1 addition & 0 deletions roles/kubernetes/master/tasks/kubeadm-upgrade.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
--allow-experimental-upgrades
--allow-release-candidate-upgrades
--etcd-upgrade=false
--force
register: kubeadm_upgrade
when: inventory_hostname != groups['kube-master']|first
failed_when:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ etcd:
- {{ san }}
{% endfor %}
{% endif %}
{% if dns_mode in ['coredns', 'coredns_dual'] %}
dns:
type: CoreDNS
imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
imageTag: {{ coredns_image_tag }}
{% endif %}
networking:
dnsDomain: {{ dns_domain }}
serviceSubnet: {{ kube_service_addresses }}
Expand Down
52 changes: 50 additions & 2 deletions roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
clusterName: {{ cluster_name }}
etcd:
{% if not etcd_kubeadm_enabled %}
external:
endpoints:
{% for endpoint in etcd_access_addresses.split(',') %}
Expand All @@ -35,6 +36,53 @@ etcd:
caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
{% elif etcd_kubeadm_enabled %}
local:
imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
imageTag: "{{ etcd_image_tag }}"
dataDir: "/var/lib/etcd"
extraArgs:
metrics: {{ etcd_metrics }}
election-timeout: "{{ etcd_election_timeout }}"
heartbeat-interval: "{{ etcd_heartbeat_interval }}"
auto-compaction-retention: "{{ etcd_compaction_retention }}"
{% if etcd_snapshot_count is defined %}
snapshot-count: "{{ etcd_snapshot_count }}"
{% endif %}
{% if etcd_quota_backend_bytes is defined %}
quota-backend-bytes: "{{ etcd_quota_backend_bytes }}"
{% endif %}
{% if etcd_log_package_levels is defined %}
log-package_levels: "{{ etcd_log_package_levels }}"
{% endif %}
{% for key, value in etcd_extra_vars.items() %}
{{ key }}: "{{ value }}"
{% endfor %}
{% if host_architecture != "amd64" -%}
etcd-unsupported-arch: {{host_architecture}}
{% endif %}
serverCertSANs:
{% for san in etcd_cert_alt_names %}
- {{ san }}
{% endfor %}
{% for san in etcd_cert_alt_ips %}
- {{ san }}
{% endfor %}
peerCertSANs:
{% for san in etcd_cert_alt_names %}
- {{ san }}
{% endfor %}
{% for san in etcd_cert_alt_ips %}
- {{ san }}
{% endfor %}
{% endif %}

{% if dns_mode in ['coredns', 'coredns_dual'] %}
dns:
type: CoreDNS
imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
imageTag: {{ coredns_image_tag }}
{% endif %}
networking:
dnsDomain: {{ dns_domain }}
serviceSubnet: {{ kube_service_addresses }}
Expand Down Expand Up @@ -127,7 +175,7 @@ apiServer:
feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
cloud-provider: {{cloud_provider}}
cloud-provider: {{ cloud_provider }}
cloud-config: {{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloud-config: {{ kube_config_dir }}/cloud_config
Expand Down Expand Up @@ -201,7 +249,7 @@ controllerManager:
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
{% endfor %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
cloud-provider: {{cloud_provider}}
cloud-provider: {{ cloud_provider }}
cloud-config: {{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloud-config: {{ kube_config_dir }}/cloud_config
Expand Down
2 changes: 1 addition & 1 deletion roles/kubernetes/preinstall/tasks/0070-system-packages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@

- name: Update common_required_pkgs with ipvsadm when kube_proxy_mode is ipvs
set_fact:
common_required_pkgs: "{{ common_required_pkgs|default([]) + ['ipvsadm'] }}"
common_required_pkgs: "{{ common_required_pkgs|default([]) + ['ipvsadm', 'ipset'] }}"
when: kube_proxy_mode == 'ipvs'

- name: Install packages requirements
Expand Down

0 comments on commit 352297c

Please sign in to comment.