From be61637a4d06973625a87fdddb2fe68029dcdf7c Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Thu, 25 Mar 2021 14:59:44 +0100 Subject: [PATCH 1/7] configure kubeadm and kubelet through config-files fix lint Update README.md Co-authored-by: Jeff Geerling Update defaults/main.yml Co-authored-by: Jeff Geerling Update main.yml --- README.md | 44 ++++++++++++++++++++++++--- defaults/main.yml | 24 +++++++++++++-- tasks/kubelet-setup.yml | 21 ++++++++----- tasks/main.yml | 3 +- tasks/master-setup.yml | 26 +++++++++++++--- templates/kubeadm-kubelet-config.yaml | 14 +++++++++ 6 files changed, 112 insertions(+), 20 deletions(-) create mode 100644 templates/kubeadm-kubelet-config.yaml diff --git a/README.md b/README.md index 4d540c4..24caa86 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ An Ansible Role that installs [Kubernetes](https://kubernetes.io) on Linux. ## Requirements -Requires Docker; recommended role for Docker installation: `geerlingguy.docker`. +Requires Docker or another [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes) ; recommended role for Docker installation: `geerlingguy.docker`. ## Role Variables @@ -24,8 +24,8 @@ Available variables are listed below, along with default values (see `defaults/m Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc. - kubernetes_version: '1.17' - kubernetes_version_rhel_package: '1.17.2' + kubernetes_version: '1.20' + kubernetes_version_rhel_package: '1.20.4' The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers. @@ -33,10 +33,44 @@ The minor version of Kubernetes to install. The plain `kubernetes_version` is us Whether the particular server will serve as a Kubernetes `master` (default) or `node`. The master will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `master`. +### Variables to configure kubeadm and kubelet with `kubeadm init` through a config file (recommended) + +With this role, `kubeadm init` will be run with `--config `. + + kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml' + +Path for ``. If the directory does not exist, this role will create it. + +The following variables are parsed as options to . To understand its syntax, see https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration and https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file . The skeleton (`apiVersion`, `kind`) of the config file will be created by this role, so do not define them within the variables. (See `templates/kubeadm-kubelet-config.yaml`). + + kubernetes_config_init_configuration: + localAPIEndpoint: + advertiseAddress: "{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}" + +Defines the options under `kind: InitConfiguration`. Including `kubernetes_apiserver_advertise_address` here is for backward-compatibilty to older versions of this role, where `kubernetes_apiserver_advertise_address` was used with a command-line-option. + + kubernetes_config_cluster_configuration: + networking: + podSubnet: "{{ kubernetes_pod_network.cidr }}" + kubernetesVersion: "{{ kubernetes_version_kubeadm }}" + +Options under `kind: ClusterConfiguration`. Including `kubernetes_pod_network.cidr` and `kubernetes_version_kubeadm` here are for backward-compatibilty to older versions of this role, where they were used with command-line-options. + + kubernetes_config_kubelet_configuration: + cgroupDriver: cgroupfs + +Options to configure kubelet on any nodes in your cluster through the `kubeadm init` process. To get the syntax of this options see https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file and https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration. + +NOTE: This is the recommended way to do the kubelet-configuration. Most command-line-options are deprecated. + +NOTE: The recommended cgroupDriver depends on your [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes). When using this role with containerd instead of docker, this value should be changed to `systemd`. + +### Variables to configure kubeadm and kubelet through command-line-options + kubernetes_kubelet_extra_args: "" kubernetes_kubelet_extra_args_config_file: /etc/default/kubelet -Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. +Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. *This is deprecated. Please use `kubernetes_config_kubelet_configuration` instead.* kubernetes_kubeadm_init_extra_opts: "" @@ -46,6 +80,8 @@ Extra args to pass to `kubeadm init` during K8s control plane initialization. E. Extra args to pass to the generated `kubeadm join` command during K8s node initialization. E.g. to ignore certain preflight errors like swap being enabled, set this to: `--ignore-preflight-errors=Swap` +### Additional variables + kubernetes_allow_pods_on_master: true Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods. diff --git a/defaults/main.yml b/defaults/main.yml index 67816a9..7e78bf0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,15 +9,16 @@ kubernetes_packages: - name: kubernetes-cni state: present -kubernetes_version: '1.19' -kubernetes_version_rhel_package: '1.19.0' +kubernetes_version: '1.20' +kubernetes_version_rhel_package: '1.20.4' kubernetes_role: master +# This is deprecated. Please use kubernetes_config_kubelet_configuration instead. kubernetes_kubelet_extra_args: "" + kubernetes_kubeadm_init_extra_opts: "" kubernetes_join_command_extra_opts: "" - kubernetes_allow_pods_on_master: true kubernetes_enable_web_ui: true kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml @@ -30,6 +31,23 @@ kubernetes_pod_network: # cni: 'calico' # cidr: '192.168.0.0/16' +kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml' +kubernetes_config_kubelet_configuration: + cgroupDriver: "cgroupfs" + +kubernetes_config_init_configuration: + localAPIEndpoint: + advertiseAddress: "{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}" +# if you use the next lines, remove the command line argument below +# nodeRegistration: +# ignorePreflightErrors: +# - all + +kubernetes_config_cluster_configuration: + networking: + podSubnet: "{{ kubernetes_pod_network.cidr }}" + kubernetesVersion: "{{ kubernetes_version_kubeadm }}" + kubernetes_apiserver_advertise_address: '' kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}' kubernetes_ignore_preflight_errors: 'all' diff --git a/tasks/kubelet-setup.yml b/tasks/kubelet-setup.yml index be6f57e..155d6c4 100644 --- a/tasks/kubelet-setup.yml +++ b/tasks/kubelet-setup.yml @@ -1,35 +1,42 @@ --- -- name: Check for existence of kubelet environment file. + +# ---- DEPRECATED ---------------- +# +# Most of the kubernetes_kubelet_extra_args are deprecated. See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet for details. +# Use the kubernetes_kubelet_config variable instead, which will be used to create the kubelet config file. + +- name: Check for existence of kubelet environment file. (deprecated) stat: path: '{{ kubelet_environment_file_path }}' register: kubelet_environment_file -- name: Set facts for KUBELET_EXTRA_ARGS task if environment file exists. +- name: Set facts for KUBELET_EXTRA_ARGS task if environment file exists. (deprecated) set_fact: kubelet_args_path: '{{ kubelet_environment_file_path }}' kubelet_args_line: "{{ 'KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args }}" kubelet_args_regexp: '^KUBELET_EXTRA_ARGS=' when: kubelet_environment_file.stat.exists -- name: Set facts for KUBELET_EXTRA_ARGS task if environment file doesn't exist. +- name: Set facts for KUBELET_EXTRA_ARGS task if environment file doesn't exist. (deprecated) set_fact: kubelet_args_path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf' kubelet_args_line: "{{ 'Environment=\"KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args + '\"' }}" kubelet_args_regexp: '^Environment="KUBELET_EXTRA_ARGS=' when: not kubelet_environment_file.stat.exists -- name: Configure KUBELET_EXTRA_ARGS. +- name: Configure KUBELET_EXTRA_ARGS. (deprecated) lineinfile: path: '{{ kubelet_args_path }}' line: '{{ kubelet_args_line }}' regexp: '{{ kubelet_args_regexp }}' state: present mode: 0644 - register: kubelet_config_file + register: kubelet_extra_args + when: kubernetes_kubelet_extra_args|length > 0 -- name: Reload systemd unit if args were changed. +- name: Reload systemd unit if args were changed. (deprecated) systemd: state: restarted daemon_reload: true name: kubelet - when: kubelet_config_file is changed + when: kubelet_extra_args is changed diff --git a/tasks/main.yml b/tasks/main.yml index 1227585..1b57179 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,7 +20,8 @@ - include_tasks: sysctl-setup.yml -- include_tasks: kubelet-setup.yml +- include_tasks: kubelet-setup.yml # deprecated + when: kubernetes_kubelet_extra_args|length > 0 - name: Ensure kubelet is started and enabled at boot. service: diff --git a/tasks/master-setup.yml b/tasks/master-setup.yml index 80aa346..f4bc593 100644 --- a/tasks/master-setup.yml +++ b/tasks/master-setup.yml @@ -1,14 +1,30 @@ --- -- name: Initialize Kubernetes master with kubeadm init. +- name: Create the directory for the kubernetes_config_file + file: + path: "{{ kubernetes_kubeadm_kubelet_config_file_path | dirname }}" + state: directory + +- name: Deploy the config-file for kubeadm and kubelet + template: + src: "kubeadm-kubelet-config.yaml" + dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}" + +- name: Initialize Kubernetes master with kubeadm init command: > kubeadm init - --pod-network-cidr={{ kubernetes_pod_network.cidr }} - --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }} - --kubernetes-version {{ kubernetes_version_kubeadm }} + --config {{ kubernetes_kubeadm_kubelet_config_file_path }} + {{ kubernetes_kubeadm_init_extra_opts }} + register: kubeadmin_init + when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) + +- name: Initialize Kubernetes master with kubeadm init and ignore_preflight_errors + command: > + kubeadm init + --config {{ kubernetes_kubeadm_kubelet_config_file_path }} --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }} {{ kubernetes_kubeadm_init_extra_opts }} register: kubeadmin_init - when: not kubernetes_init_stat.stat.exists + when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) - name: Print the init output to screen. debug: diff --git a/templates/kubeadm-kubelet-config.yaml b/templates/kubeadm-kubelet-config.yaml new file mode 100644 index 0000000..3fc30fd --- /dev/null +++ b/templates/kubeadm-kubelet-config.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +{{ kubernetes_config_init_configuration | to_nice_yaml }} +--- +kind: ClusterConfiguration +apiVersion: kubeadm.k8s.io/v1beta2 +{{ kubernetes_config_cluster_configuration | to_nice_yaml }} +--- +{% if kubernetes_config_kubelet_configuration|length > 0 %} +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +{{ kubernetes_config_kubelet_configuration | to_nice_yaml }} +{% endif %} From 10eed5fb795fbeceb8f5b399ea986e54751e3ac5 Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Tue, 6 Apr 2021 15:53:00 +0200 Subject: [PATCH 2/7] remove yamllint, add ansible-lint --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f05d17..92130dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,11 +29,11 @@ jobs: python-version: '3.x' - name: Install test dependencies. - run: pip3 install yamllint + run: pip3 install ansible ansible-lint - name: Lint code. run: | - yamllint . + ansible-lint . molecule: name: Molecule From 0e124a541f0ab2bb89751dfae575acffc42987ad Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Tue, 6 Apr 2021 15:54:49 +0200 Subject: [PATCH 3/7] remove lint --- .github/workflows/ci.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 92130dc..141b245 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,26 +14,26 @@ defaults: jobs: - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.kubernetes' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible ansible-lint - - - name: Lint code. - run: | - ansible-lint . + # lint: + # name: Lint + # runs-on: ubuntu-latest + # steps: + # - name: Check out the codebase. + # uses: actions/checkout@v2 + # with: + # path: 'geerlingguy.kubernetes' + # + # - name: Set up Python 3. + # uses: actions/setup-python@v2 + # with: + # python-version: '3.x' + # + # - name: Install test dependencies. + # run: pip3 install ansible ansible-lint + # + # - name: Lint code. + # run: | + # ansible-lint . molecule: name: Molecule From c0c36eab5a45a3f084a7fd16b842aeb53db999bc Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Tue, 6 Apr 2021 17:01:51 +0200 Subject: [PATCH 4/7] remove all lint jobs --- .github/workflows/ci.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 141b245..21b2983 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,27 +14,6 @@ defaults: jobs: - # lint: - # name: Lint - # runs-on: ubuntu-latest - # steps: - # - name: Check out the codebase. - # uses: actions/checkout@v2 - # with: - # path: 'geerlingguy.kubernetes' - # - # - name: Set up Python 3. - # uses: actions/setup-python@v2 - # with: - # python-version: '3.x' - # - # - name: Install test dependencies. - # run: pip3 install ansible ansible-lint - # - # - name: Lint code. - # run: | - # ansible-lint . - molecule: name: Molecule runs-on: ubuntu-latest From e620266198802e6bfb499413fcb2388c117afa0d Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Wed, 7 Apr 2021 20:16:45 +0200 Subject: [PATCH 5/7] add yamllint again --- .github/workflows/ci.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 21b2983..4d0fe55 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,27 @@ defaults: jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.kubernetes' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + molecule: name: Molecule runs-on: ubuntu-latest From 271c4e8a71be5d7628d42852a8303cc7aebb07b6 Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Wed, 7 Apr 2021 20:18:51 +0200 Subject: [PATCH 6/7] fix indents --- .github/workflows/ci.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d0fe55..4f05d17 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,26 +14,26 @@ defaults: jobs: - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.kubernetes' + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.kubernetes' - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' - - name: Install test dependencies. - run: pip3 install yamllint + - name: Install test dependencies. + run: pip3 install yamllint - - name: Lint code. - run: | - yamllint . + - name: Lint code. + run: | + yamllint . molecule: name: Molecule From 47d97ffd07e2697a4db8f8cc04d9665443624865 Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Wed, 7 Apr 2021 20:32:25 +0200 Subject: [PATCH 7/7] fix jinja-extension --- tasks/master-setup.yml | 2 +- .../{kubeadm-kubelet-config.yaml => kubeadm-kubelet-config.j2} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename templates/{kubeadm-kubelet-config.yaml => kubeadm-kubelet-config.j2} (100%) diff --git a/tasks/master-setup.yml b/tasks/master-setup.yml index f4bc593..6913a9e 100644 --- a/tasks/master-setup.yml +++ b/tasks/master-setup.yml @@ -6,7 +6,7 @@ - name: Deploy the config-file for kubeadm and kubelet template: - src: "kubeadm-kubelet-config.yaml" + src: "kubeadm-kubelet-config.j2" dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}" - name: Initialize Kubernetes master with kubeadm init diff --git a/templates/kubeadm-kubelet-config.yaml b/templates/kubeadm-kubelet-config.j2 similarity index 100% rename from templates/kubeadm-kubelet-config.yaml rename to templates/kubeadm-kubelet-config.j2