diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 61c6b8e..0000000 --- a/.travis.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: kubernetes - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian10 - - - MOLECULE_DISTRO: debian10 - MOLECULE_PLAYBOOK: playbook-calico.yml - -before_install: - # Upgrade Docker to work with docker-py. - - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash - -install: - # Install test dependencies. - - pip install molecule[docker] yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/README.md b/README.md index af41a8f..6fb94f4 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ An Ansible Role that installs [Kubernetes](https://kubernetes.io) on Linux. ## Requirements -Requires Docker or another [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes) ; recommended role for Docker installation: `geerlingguy.docker`. +Requires a compatible [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes); recommended role for CRI installation: `geerlingguy.containerd`. ## Role Variables @@ -27,17 +27,17 @@ kubernetes_packages: Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc. ```yaml -kubernetes_version: '1.20' -kubernetes_version_rhel_package: '1.20.4' +kubernetes_version: '1.25' +kubernetes_version_rhel_package: '1.25.1' ``` The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers. ```yaml -kubernetes_role: master +kubernetes_role: control_plane ``` -Whether the particular server will serve as a Kubernetes `master` (default) or `node`. The master will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `master`. +Whether the particular server will serve as a Kubernetes `control_plane` (default) or `node`. The control plane will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `control_plane`. ### Variables to configure kubeadm and kubelet with `kubeadm init` through a config file (recommended) @@ -49,7 +49,7 @@ kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-co Path for ``. If the directory does not exist, this role will create it. -The following variables are parsed as options to . To understand its syntax, see https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration and https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file . The skeleton (`apiVersion`, `kind`) of the config file will be created by this role, so do not define them within the variables. (See `templates/kubeadm-kubelet-config.j2`). +The following variables are parsed as options to . To understand its syntax, see [kubelet-integration](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration) and [kubeadm-config-file](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file) . The skeleton (`apiVersion`, `kind`) of the config file will be created by this role, so do not define them within the variables. (See `templates/kubeadm-kubelet-config.j2`). ```yaml kubernetes_config_init_configuration: @@ -70,14 +70,14 @@ Options under `kind: ClusterConfiguration`. Including `kubernetes_pod_network.ci ```yaml kubernetes_config_kubelet_configuration: - cgroupDriver: cgroupfs + cgroupDriver: systemd ``` -Options to configure kubelet on any nodes in your cluster through the `kubeadm init` process. To get the syntax of this options see https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file and https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration. +Options to configure kubelet on any nodes in your cluster through the `kubeadm init` process. For syntax options read the [kubelet config file](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file) and [kubelet integration](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration) documentation. NOTE: This is the recommended way to do the kubelet-configuration. Most command-line-options are deprecated. -NOTE: The recommended cgroupDriver depends on your [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes). When using this role with containerd instead of docker, this value should be changed to `systemd`. +NOTE: The recommended cgroupDriver depends on your [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes). When using this role with Docker instead of containerd, this value should be changed to `cgroupfs`. ```yaml kubernetes_config_kube_proxy_configuration: {} @@ -92,7 +92,7 @@ kubernetes_kubelet_extra_args: "" kubernetes_kubelet_extra_args_config_file: /etc/default/kubelet ``` -Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. *This is deprecated. Please use `kubernetes_config_kubelet_configuration` instead.* +Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. **This option is deprecated. Please use `kubernetes_config_kubelet_configuration` instead.** ```yaml kubernetes_kubeadm_init_extra_opts: "" @@ -109,10 +109,10 @@ Extra args to pass to the generated `kubeadm join` command during K8s node initi ### Additional variables ```yaml -kubernetes_allow_pods_on_master: true +kubernetes_allow_pods_on_control_plane: true ``` -Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods. +Whether to remove the taint that denies pods from being deployed to the Kubernetes control plane. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes control plane which doesn't run any other pods. ```yaml kubernetes_pod_network: @@ -137,7 +137,7 @@ kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'` kubernetes_ignore_preflight_errors: 'all' ``` -Options passed to `kubeadm init` when initializing the Kubernetes master. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty. +Options passed to `kubeadm init` when initializing the Kubernetes control plane. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty. ```yaml kubernetes_apt_release_channel: main @@ -177,25 +177,25 @@ None. ## Example Playbooks -### Single node (master-only) cluster +### Single node (control-plane-only) cluster ```yaml - hosts: all vars: - kubernetes_allow_pods_on_master: true + kubernetes_allow_pods_on_control_plane: true roles: - geerlingguy.docker - geerlingguy.kubernetes ``` -### Two or more nodes (single master) cluster +### Two or more nodes (single control-plane) cluster -Master inventory vars: +Control plane inventory vars: ```yaml -kubernetes_role: "master" +kubernetes_role: "control_plane" ``` Node(s) inventory vars: @@ -210,14 +210,14 @@ Playbook: - hosts: all vars: - kubernetes_allow_pods_on_master: true + kubernetes_allow_pods_on_control_plane: true roles: - geerlingguy.docker - geerlingguy.kubernetes ``` -Then, log into the Kubernetes master, and run `kubectl get nodes` as root, and you should see a list of all the servers. +Then, log into the Kubernetes control plane, and run `kubectl get nodes` as root, and you should see a list of all the servers. ## License diff --git a/defaults/main.yml b/defaults/main.yml index 9434768..9827631 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,17 +9,17 @@ kubernetes_packages: - name: kubernetes-cni state: present -kubernetes_version: '1.20' -kubernetes_version_rhel_package: '1.20.4' +kubernetes_version: '1.25' +kubernetes_version_rhel_package: '1.25.1' -kubernetes_role: master +kubernetes_role: control_plane # This is deprecated. Please use kubernetes_config_kubelet_configuration instead. kubernetes_kubelet_extra_args: "" kubernetes_kubeadm_init_extra_opts: "" kubernetes_join_command_extra_opts: "" -kubernetes_allow_pods_on_master: true +kubernetes_allow_pods_on_control_plane: true kubernetes_pod_network: # Flannel CNI. cni: 'flannel' @@ -30,7 +30,7 @@ kubernetes_pod_network: kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml' kubernetes_config_kubelet_configuration: - cgroupDriver: "cgroupfs" + cgroupDriver: "systemd" kubernetes_config_init_configuration: localAPIEndpoint: diff --git a/meta/main.yml b/meta/main.yml index 82729f8..4ecdc5b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,12 +7,13 @@ galaxy_info: description: Kubernetes for Linux. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 2.4 + min_ansible_version: 2.10 platforms: - name: EL versions: - 7 - 8 + - 9 - name: Debian versions: - stretch @@ -23,6 +24,7 @@ galaxy_info: - xenial - bionic - focal + - jammy galaxy_tags: - system - containers diff --git a/molecule/default/calico.yml b/molecule/default/calico.yml index 2e2258e..74998b2 100644 --- a/molecule/default/calico.yml +++ b/molecule/default/calico.yml @@ -8,9 +8,13 @@ cni: 'calico' cidr: '192.168.0.0/16' - # Allow swap in test environments (hard to control in some Docker envs). - kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs" - docker_install_compose: false + # Allow swap in test environments (hard to control in some envs). + kubernetes_config_kubelet_configuration: + cgroupDriver: "systemd" + failSwapOn: false + cgroupsPerQOS: true + enforceNodeAllocatable: ['pods'] + containerd_config_cgroup_driver_systemd: true pre_tasks: - name: Update apt cache. @@ -29,7 +33,7 @@ action: setup roles: - - role: geerlingguy.docker + - role: geerlingguy.containerd - role: geerlingguy.kubernetes post_tasks: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f93c7d7..1e953b6 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,9 +4,13 @@ become: true vars: - # Allow swap in test environments (hard to control in some Docker envs). - kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs" - docker_install_compose: false + # Allow swap in test environments (hard to control in some envs). + kubernetes_config_kubelet_configuration: + cgroupDriver: "systemd" + failSwapOn: false + cgroupsPerQOS: true + enforceNodeAllocatable: ['pods'] + containerd_config_cgroup_driver_systemd: true pre_tasks: - name: Update apt cache. @@ -25,7 +29,7 @@ action: setup roles: - - role: geerlingguy.docker + - role: geerlingguy.containerd - role: geerlingguy.kubernetes post_tasks: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 3f1b2b5..518aa05 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -9,8 +9,9 @@ platforms: image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - /var/lib/docker + - /sys/fs/cgroup:/sys/fs/cgroup:rw + - /var/lib/containerd + cgroupns_mode: host privileged: true pre_build_image: true provisioner: diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index 3a013f3..8f7dff5 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,2 +1,2 @@ --- -- src: geerlingguy.docker +- src: geerlingguy.containerd diff --git a/tasks/master-setup.yml b/tasks/control-plane-setup.yml similarity index 79% rename from tasks/master-setup.yml rename to tasks/control-plane-setup.yml index 49feb78..96c20da 100644 --- a/tasks/master-setup.yml +++ b/tasks/control-plane-setup.yml @@ -9,7 +9,7 @@ src: "kubeadm-kubelet-config.j2" dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}" -- name: Initialize Kubernetes master with kubeadm init +- name: Initialize Kubernetes control plane with kubeadm init command: > kubeadm init --config {{ kubernetes_kubeadm_kubelet_config_file_path }} @@ -17,15 +17,30 @@ register: kubeadmin_init when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) -- name: Initialize Kubernetes master with kubeadm init and ignore_preflight_errors +- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors command: > kubeadm init --config {{ kubernetes_kubeadm_kubelet_config_file_path }} --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }} {{ kubernetes_kubeadm_init_extra_opts }} register: kubeadmin_init + failed_when: false # TODO REMOVE when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) +# TODO REMOVE +- name: Print kubeadm init output + debug: var=kubeadmin_init + +# TODO REMOVE +- name: Get kubelet status + command: journalctl --no-pager -xeu kubelet + register: journalctl + changed_when: false + +# TODO REMOVE +- name: Print kubelet status + debug: var=journalctl + - name: Print the init output to screen. debug: var: kubeadmin_init.stdout @@ -73,8 +88,8 @@ # TODO: Check if taint exists with something like `kubectl describe nodes` # instead of using kubernetes_init_stat.stat.exists check. -- name: Allow pods on master node (if configured). - command: "kubectl taint nodes --all node-role.kubernetes.io/master-" +- name: Allow pods on control plane (if configured). + command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-" when: - - kubernetes_allow_pods_on_master | bool + - kubernetes_allow_pods_on_control_plane | bool - not kubernetes_init_stat.stat.exists diff --git a/tasks/main.yml b/tasks/main.yml index 1b57179..3fa409a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -34,15 +34,15 @@ path: /etc/kubernetes/admin.conf register: kubernetes_init_stat -# Set up master. -- include_tasks: master-setup.yml - when: kubernetes_role == 'master' +# Set up control plane. +- include_tasks: control-plane-setup.yml + when: kubernetes_role == 'control_plane' # Set up nodes. -- name: Get the kubeadm join command from the Kubernetes master. +- name: Get the kubeadm join command from the Kubernetes control plane. command: kubeadm token create --print-join-command changed_when: false - when: kubernetes_role == 'master' + when: kubernetes_role == 'control_plane' register: kubernetes_join_command_result - name: Set the kubeadm join command globally. diff --git a/tasks/node-setup.yml b/tasks/node-setup.yml index 304cbf1..be684ee 100644 --- a/tasks/node-setup.yml +++ b/tasks/node-setup.yml @@ -1,5 +1,5 @@ --- -- name: Join node to Kubernetes master +- name: Join node to Kubernetes control plane. shell: > {{ kubernetes_join_command }} creates=/etc/kubernetes/kubelet.conf diff --git a/templates/kubeadm-kubelet-config.j2 b/templates/kubeadm-kubelet-config.j2 index 7c4318b..3c49c2e 100644 --- a/templates/kubeadm-kubelet-config.j2 +++ b/templates/kubeadm-kubelet-config.j2 @@ -1,10 +1,10 @@ --- -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration {{ kubernetes_config_init_configuration | to_nice_yaml }} --- +apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration -apiVersion: kubeadm.k8s.io/v1beta2 {{ kubernetes_config_cluster_configuration | to_nice_yaml }} {% if kubernetes_config_kubelet_configuration|length > 0 %} ---