Merge pull request #166 from vivian-hafener/master

Moves apiversions for kubeadm, kubelet, and kubeproxy from kubeadm-kubelet-config.j2 into defaults/main.yml

.ansible-lint

@@ -1,4 +1,4 @@
 skip_list:
-  - '306'
-  - '405'
-  - '106'
+  - 'yaml'
+  - 'risky-shell-pipe'
+  - 'role-name'

.github/stale.yml

@@ -1,56 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 90
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 30
-
-# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - pinned
-  - security
-  - planned
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-pulls:
-  markComment: |-
-    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
-
-  unmarkComment: >-
-    This pull request is no longer marked for closure.
-
-  closeComment: >-
-    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
-
-issues:
-  markComment: |-
-    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
-
-  unmarkComment: >-
-    This issue is no longer marked for closure.
-
-  closeComment: >-
-    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

.github/workflows/ci.yml

@@ -0,0 +1,74 @@
+---
+name: CI
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "0 4 * * 3"
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.kubernetes'
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.kubernetes'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - distro: rockylinux9
+            playbook: converge.yml
+          - distro: ubuntu2004
+            playbook: converge.yml
+          - distro: debian11
+            playbook: converge.yml
+
+          - distro: debian11
+            playbook: calico.yml
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.kubernetes'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule molecule-plugins[docker] docker
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.distro }}
+          MOLECULE_PLAYBOOK: ${{ matrix.playbook }}

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+---
+# This workflow requires a GALAXY_API_KEY secret present in the GitHub
+# repository or organization.
+#
+# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
+# See: https://github.com/ansible/galaxy/issues/46
+
+name: Release
+'on':
+  push:
+    tags:
+      - '*'
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.kubernetes'
+
+jobs:
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.kubernetes'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install Ansible.
+        run: pip3 install ansible-core
+
+      - name: Trigger a new import on Galaxy.
+        run: >-
+          ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
+          $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+---
+name: Close inactive issues
+'on':
+  schedule:
+    - cron: "55 3 * * 0"  # semi-random time
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 120
+          days-before-close: 60
+          exempt-issue-labels: bug,pinned,security,planned
+          exempt-pr-labels: bug,pinned,security,planned
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          stale-issue-message: |
+            This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-issue-message: |
+            This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          stale-pr-message: |
+            This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-pr-message: |
+            This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,3 +1,5 @@
 *.retry
 */__pycache__
 *.pyc
+.cache
+

.travis.yml

@@ -1,36 +0,0 @@
----
-language: python
-services: docker
-
-env:
-  global:
-    - ROLE_NAME: kubernetes
-  matrix:
-    - MOLECULE_DISTRO: centos8
-    - MOLECULE_DISTRO: centos7
-    - MOLECULE_DISTRO: ubuntu1804
-    - MOLECULE_DISTRO: debian10
-
-    - MOLECULE_DISTRO: debian10
-      MOLECULE_PLAYBOOK: playbook-calico.yml
-
-before_install:
-  # Upgrade Docker to work with docker-py.
-  - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash
-
-install:
-  # Install test dependencies.
-  - pip install molecule yamllint ansible-lint docker
-
-before_script:
-  # Use actual Ansible Galaxy role name for the project directory.
-  - cd ../
-  - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
-  - cd geerlingguy.$ROLE_NAME
-
-script:
-  # Run tests.
-  - molecule test
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -7,5 +7,4 @@ rules:
     level: warning
 
 ignore: |
-  .github/stale.yml
-  .travis.yml
+  .github/workflows/stale.yml

README.md

@@ -1,95 +1,171 @@
 # Ansible Role: Kubernetes
 
-[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-kubernetes.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-kubernetes)
+[![CI](https://github.com/geerlingguy/ansible-role-kubernetes/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-kubernetes/actions/workflows/ci.yml)
 
 An Ansible Role that installs [Kubernetes](https://kubernetes.io) on Linux.
 
 ## Requirements
 
-Requires Docker; recommended role for Docker installation: `geerlingguy.docker`.
+Requires a compatible [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes); recommended role for CRI installation: `geerlingguy.containerd`.
 
 ## Role Variables
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
-    kubernetes_packages:
-      - name: kubelet
-        state: present
-      - name: kubectl
-        state: present
-      - name: kubeadm
-        state: present
-      - name: kubernetes-cni
-        state: present
+```yaml
+kubernetes_packages:
+  - name: kubelet
+    state: present
+  - name: kubectl
+    state: present
+  - name: kubeadm
+    state: present
+  - name: kubernetes-cni
+    state: present
+```
 
 Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc.
 
-    kubernetes_version: '1.17'
-    kubernetes_version_rhel_package: '1.17.2'
+```yaml
+kubernetes_version: '1.32'
+kubernetes_version_rhel_package: '1.32'
+```
 
 The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers.
 
-    kubernetes_role: master
+```yaml
+kubernetes_role: control_plane
+```
 
-Whether the particular server will serve as a Kubernetes `master` (default) or `node`. The master will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `master`.
+Whether the particular server will serve as a Kubernetes `control_plane` (default) or `node`. The control plane will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `control_plane`.
 
-    kubernetes_kubelet_extra_args: ""
-    kubernetes_kubelet_extra_args_config_file: /etc/default/kubelet
+### Variables to configure kubeadm and kubelet with `kubeadm init` through a config file (recommended)
 
-Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`.
+With this role, `kubeadm init` will be run with `--config <FILE>`.
 
-    kubernetes_kubeadm_init_extra_opts: ""
+```yaml
+kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml'
+```
+
+Path for `<FILE>`. If the directory does not exist, this role will create it.
+
+The following variables are parsed as options to <FILE>. To understand its syntax, see [kubelet-integration](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration) and [kubeadm-config-file](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file) . The skeleton (`apiVersion`, `kind`) of the config file will be created by this role, so do not define them within the variables. (See `templates/kubeadm-kubelet-config.j2`).
+
+```yaml
+kubernetes_config_init_configuration:
+  localAPIEndpoint:
+    advertiseAddress: "{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}"
+```
+
+Defines the options under `kind: InitConfiguration`. Including `kubernetes_apiserver_advertise_address` here is for backward-compatibilty to older versions of this role, where `kubernetes_apiserver_advertise_address` was used with a command-line-option.
+
+```yaml
+kubernetes_config_cluster_configuration:
+  networking:
+    podSubnet: "{{ kubernetes_pod_network.cidr }}"
+  kubernetesVersion: "{{ kubernetes_version_kubeadm }}"
+```
+
+Options under `kind: ClusterConfiguration`. Including `kubernetes_pod_network.cidr` and `kubernetes_version_kubeadm` here are for backward-compatibilty to older versions of this role, where they were used with command-line-options.
+
+```yaml
+kubernetes_config_kubelet_configuration:
+  cgroupDriver: systemd
+```
+
+Options to configure kubelet on any nodes in your cluster through the `kubeadm init` process. For syntax options read the [kubelet config file](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file) and [kubelet integration](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration) documentation.
+
+NOTE: This is the recommended way to do the kubelet-configuration. Most command-line-options are deprecated.
+
+NOTE: The recommended cgroupDriver depends on your [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes). When using this role with Docker instead of containerd, this value should be changed to `cgroupfs`.
+
+```yaml
+kubernetes_config_kube_proxy_configuration: {}
+```
+
+Options to configure kubelet's proxy configuration in the `KubeProxyConfiguration` section of the kubelet configuration.
+
+### Variables to configure kubeadm and kubelet through command-line-options
+
+```yaml
+kubernetes_kubelet_extra_args: ""
+kubernetes_kubelet_extra_args_config_file: /etc/default/kubelet
+```
+
+Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. **This option is deprecated. Please use `kubernetes_config_kubelet_configuration` instead.**
+
+```yaml
+kubernetes_kubeadm_init_extra_opts: ""
+```
 
 Extra args to pass to `kubeadm init` during K8s control plane initialization. E.g. to specify extra Subject Alternative Names for API server certificate, set this to: `"--apiserver-cert-extra-sans my-custom.host"`
 
-    kubernetes_join_command_extra_opts: ""
+```yaml
+kubernetes_join_command_extra_opts: ""
+```
 
 Extra args to pass to the generated `kubeadm join` command during K8s node initialization. E.g. to ignore certain preflight errors like swap being enabled, set this to: `--ignore-preflight-errors=Swap`
 
-    kubernetes_allow_pods_on_master: true
+### Additional variables
 
-Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods.
+```yaml
+kubernetes_allow_pods_on_control_plane: true
+```
 
-    kubernetes_enable_web_ui: false
-    kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
+Whether to remove the taint that denies pods from being deployed to the Kubernetes control plane. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes control plane which doesn't run any other pods.
 
-Whether to enable the Kubernetes web dashboard UI (only accessible on the master itself, or proxied), and the file containing the web dashboard UI manifest.
-
-    kubernetes_pod_network:
-      # Flannel CNI.
-      cni: 'flannel'
-      cidr: '10.244.0.0/16'
-      #
-      # Calico CNI.
-      # cni: 'calico'
-      # cidr: '192.168.0.0/16'
-      #
-      # Weave CNI.
-      # cni: 'weave'
-      # cidr: '192.168.0.0/16'
+```yaml
+kubernetes_pod_network:
+  # Flannel CNI.
+  cni: 'flannel'
+  cidr: '10.244.0.0/16'
+  #
+  # Calico CNI.
+  # cni: 'calico'
+  # cidr: '192.168.0.0/16'
+  #
+  # Weave CNI.
+  # cni: 'weave'
+  # cidr: '192.168.0.0/16'
+```
 
 This role currently supports `flannel` (default), `calico` or `weave` for cluster pod networking. Choose only one for your cluster; converting between them is not done automatically and could result in broken networking; if you need to switch from one to another, it should be done outside of this role.
 
-    kubernetes_apiserver_advertise_address: ''
-    kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
-    kubernetes_ignore_preflight_errors: 'all'
+```yaml
+kubernetes_apiserver_advertise_address: ''`
+kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'`
+kubernetes_ignore_preflight_errors: 'all'
+```
 
-Options passed to `kubeadm init` when initializing the Kubernetes master. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.
+Options passed to `kubeadm init` when initializing the Kubernetes control plane. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.
 
-    kubernetes_apt_release_channel: main
-    kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
-    kubernetes_apt_ignore_key_error: false
+```yaml
+kubernetes_apt_release_channel: "stable"
+kubernetes_apt_repository: "https://pkgs.k8s.io/core:/{{ kubernetes_apt_release_channel }}:/v{{ kubernetes_version }}/deb/"
+```
 
 Apt repository options for Kubernetes installation.
 
-    kubernetes_yum_arch: x86_64
+```yaml
+kubernetes_yum_base_url: "https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_version }}/rpm/"
+kubernetes_yum_gpg_key: "https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_version }}/rpm/repodata/repomd.xml.key"
+kubernetes_yum_gpg_check: true
+kubernetes_yum_repo_gpg_check: true
+```
 
-Yum repository options for Kubernetes installation.
+Yum repository options for Kubernetes installation. You can change `kubernete_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `kubernetes_yum_base_url` as well.
 
-    kubernetes_flannel_manifest_file_rbac: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
-    kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
+```yaml
+kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
+```
 
-Flannel manifest files to apply to the Kubernetes cluster to enable networking. You can copy your own files to your server and apply them instead, if you need to customize the Flannel networking configuration.
+Flannel manifest file to apply to the Kubernetes cluster to enable networking. You can copy your own files to your server and apply them instead, if you need to customize the Flannel networking configuration.
+
+```yaml
+kubernetes_calico_manifest_file: https://projectcalico.docs.tigera.io/manifests/calico.yaml
+```
+
+Calico manifest file to apply to the Kubernetes cluster (if using Calico instead of Flannel).
 
 ## Dependencies
 
@@ -97,25 +173,25 @@ None.
 
 ## Example Playbooks
 
-### Single node (master-only) cluster
+### Single node (control-plane-only) cluster
 
 ```yaml
 - hosts: all
 
   vars:
-    kubernetes_allow_pods_on_master: true
+    kubernetes_allow_pods_on_control_plane: true
 
   roles:
     - geerlingguy.docker
     - geerlingguy.kubernetes
 ```
 
-### Two or more nodes (single master) cluster
+### Two or more nodes (single control-plane) cluster
 
-Master inventory vars:
+Control plane inventory vars:
 
 ```yaml
-kubernetes_role: "master"
+kubernetes_role: "control_plane"
 ```
 
 Node(s) inventory vars:
@@ -130,14 +206,14 @@ Playbook:
 - hosts: all
 
   vars:
-    kubernetes_allow_pods_on_master: true
+    kubernetes_allow_pods_on_control_plane: true
 
   roles:
     - geerlingguy.docker
     - geerlingguy.kubernetes
 ```
 
-Then, log into the Kubernetes master, and run `kubectl get nodes` as root, and you should see a list of all the servers.
+Then, log into the Kubernetes control plane, and run `kubectl get nodes` as root, and you should see a list of all the servers.
 
 ## License
 

defaults/main.yml

@@ -9,19 +9,17 @@ kubernetes_packages:
   - name: kubernetes-cni
     state: present
 
-kubernetes_version: '1.19'
-kubernetes_version_rhel_package: '1.19.0'
+kubernetes_version: '1.32'
+kubernetes_version_rhel_package: '1.32'
 
-kubernetes_role: master
+kubernetes_role: control_plane
 
+# This is deprecated. Please use kubernetes_config_kubelet_configuration instead.
 kubernetes_kubelet_extra_args: ""
+
 kubernetes_kubeadm_init_extra_opts: ""
 kubernetes_join_command_extra_opts: ""
-
-kubernetes_allow_pods_on_master: true
-kubernetes_enable_web_ui: true
-kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
-
+kubernetes_allow_pods_on_control_plane: true
 kubernetes_pod_network:
   # Flannel CNI.
   cni: 'flannel'
@@ -30,20 +28,44 @@ kubernetes_pod_network:
   # cni: 'calico'
   # cidr: '192.168.0.0/16'
 
+kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml'
+
+kubernetes_config_kubeadm_apiversion: v1beta3
+kubenetes_config_kubelet_apiversion: v1beta1
+kubernetes_config_kubeproxy_apiversion: v1alpha1
+
+kubernetes_config_kubelet_configuration:
+  cgroupDriver: "systemd"
+
+kubernetes_config_init_configuration:
+  localAPIEndpoint:
+    advertiseAddress: "{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}"
+# if you use the next lines, remove the command line argument below
+# nodeRegistration:
+#    ignorePreflightErrors:
+#      - all
+
+kubernetes_config_cluster_configuration:
+  networking:
+    podSubnet: "{{ kubernetes_pod_network.cidr }}"
+  kubernetesVersion: "{{ kubernetes_version_kubeadm }}"
+
+kubernetes_config_kube_proxy_configuration: {}
+
 kubernetes_apiserver_advertise_address: ''
 kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
 kubernetes_ignore_preflight_errors: 'all'
 
-kubernetes_apt_release_channel: main
-# Note that xenial repo is used for all Debian derivatives at this time.
-kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
-kubernetes_apt_ignore_key_error: false
+kubernetes_apt_release_channel: "stable"
+kubernetes_apt_repository: "https://pkgs.k8s.io/core:/{{ kubernetes_apt_release_channel }}:/v{{ kubernetes_version }}/deb/"
 
-kubernetes_yum_arch: x86_64
+kubernetes_yum_base_url: "https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_version }}/rpm/"
+kubernetes_yum_gpg_key: "https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_version }}/rpm/repodata/repomd.xml.key"
+kubernetes_yum_gpg_check: true
+kubernetes_yum_repo_gpg_check: true
 
-# Flannel config files.
-kubernetes_flannel_manifest_file_rbac: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
-kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
+# Flannel config file.
+kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
 
-# Calico config files
-kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.10/manifests/calico.yaml
+# Calico config file.
+kubernetes_calico_manifest_file: https://projectcalico.docs.tigera.io/manifests/calico.yaml

meta/main.yml

@@ -7,21 +7,19 @@ galaxy_info:
   description: Kubernetes for Linux.
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
-  min_ansible_version: 2.4
+  min_ansible_version: 2.10
   platforms:
-    - name: EL
-      versions:
-        - 7
-        - 8
     - name: Debian
       versions:
         - stretch
         - buster
+        - bullseye
     - name: Ubuntu
       versions:
         - xenial
         - bionic
         - focal
+        - jammy
   galaxy_tags:
     - system
     - containers

molecule/default/calico.yml

@@ -1,16 +1,20 @@
 ---
 - name: Converge
   hosts: all
-  become: true
+  #become: true
 
   vars:
     kubernetes_pod_network:
       cni: 'calico'
       cidr: '192.168.0.0/16'
 
-    # Allow swap in test environments (hard to control in some Docker envs).
-    kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs"
-    docker_install_compose: false
+    # Allow swap in test environments (hard to control in some envs).
+    kubernetes_config_kubelet_configuration:
+      cgroupDriver: "systemd"
+      failSwapOn: false
+      cgroupsPerQOS: true
+      enforceNodeAllocatable: ['pods']
+    containerd_config_cgroup_driver_systemd: true
 
   pre_tasks:
     - name: Update apt cache.
@@ -29,7 +33,7 @@
       action: setup
 
   roles:
-    - role: geerlingguy.docker
+    - role: geerlingguy.containerd
     - role: geerlingguy.kubernetes
 
   post_tasks:

molecule/default/converge.yml

@@ -1,12 +1,16 @@
 ---
 - name: Converge
   hosts: all
-  become: true
+  #become: true
 
   vars:
-    # Allow swap in test environments (hard to control in some Docker envs).
-    kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs"
-    docker_install_compose: false
+    # Allow swap in test environments (hard to control in some envs).
+    kubernetes_config_kubelet_configuration:
+      cgroupDriver: "systemd"
+      failSwapOn: false
+      cgroupsPerQOS: true
+      enforceNodeAllocatable: ['pods']
+    containerd_config_cgroup_driver_systemd: true
 
   pre_tasks:
     - name: Update apt cache.
@@ -25,7 +29,7 @@
       action: setup
 
   roles:
-    - role: geerlingguy.docker
+    - role: geerlingguy.containerd
     - role: geerlingguy.kubernetes
 
   post_tasks:

molecule/default/molecule.yml

@@ -1,19 +1,19 @@
 ---
+role_name_check: 1
 dependency:
   name: galaxy
+  options:
+    ignore-errors: true
 driver:
   name: docker
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-      - /var/lib/docker
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+      - /var/lib/containerd
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
 provisioner:

molecule/default/requirements.yml

@@ -1,2 +1,2 @@
 ---
-- src: geerlingguy.docker
+- src: geerlingguy.containerd

tasks/control-plane-setup.yml

@@ -1,14 +1,30 @@
 ---
-- name: Initialize Kubernetes master with kubeadm init.
+- name: Create the directory for the kubernetes_config_file
+  file:
+    path: "{{ kubernetes_kubeadm_kubelet_config_file_path | dirname }}"
+    state: directory
+
+- name: Deploy the config-file for kubeadm and kubelet
+  template:
+    src: "kubeadm-kubelet-config.j2"
+    dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}"
+
+- name: Initialize Kubernetes control plane with kubeadm init
   command: >
     kubeadm init
-    --pod-network-cidr={{ kubernetes_pod_network.cidr }}
-    --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
-    --kubernetes-version {{ kubernetes_version_kubeadm }}
+    --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
+    {{ kubernetes_kubeadm_init_extra_opts }}
+  register: kubeadmin_init
+  when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined)
+
+- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
+  command: >
+    kubeadm init
+    --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
     --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
     {{ kubernetes_kubeadm_init_extra_opts }}
   register: kubeadmin_init
-  when: not kubernetes_init_stat.stat.exists
+  when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined)
 
 - name: Print the init output to screen.
   debug:
@@ -30,27 +46,31 @@
     mode: 0644
 
 - name: Configure Flannel networking.
-  command: "{{ item }}"
-  with_items:
-    - kubectl apply -f {{ kubernetes_flannel_manifest_file_rbac }}
-    - kubectl apply -f {{ kubernetes_flannel_manifest_file }}
+  command: "kubectl apply -f {{ kubernetes_flannel_manifest_file }}"
   register: flannel_result
   changed_when: "'created' in flannel_result.stdout"
   when: kubernetes_pod_network.cni == 'flannel'
+  until: flannel_result is not failed
+  retries: 12
+  delay: 5
 
 - name: Configure Calico networking.
-  command: "{{ item }}"
-  with_items:
-    - kubectl apply -f {{ kubernetes_calico_manifest_file }}
+  command: "kubectl apply -f {{ kubernetes_calico_manifest_file }}"
   register: calico_result
   changed_when: "'created' in calico_result.stdout"
   when: kubernetes_pod_network.cni == 'calico'
+  until: calico_result is not failed
+  retries: 12
+  delay: 5
 
 - name: Get Kubernetes version for Weave installation.
   shell: kubectl version | base64 | tr -d '\n'
   changed_when: false
   register: kubectl_version
   when: kubernetes_pod_network.cni == 'weave'
+  until: kubectl_version is not failed
+  retries: 12
+  delay: 5
 
 - name: Configure Weave networking.
   command: "{{ item }}"
@@ -62,21 +82,8 @@
 
 # TODO: Check if taint exists with something like `kubectl describe nodes`
 # instead of using kubernetes_init_stat.stat.exists check.
-- name: Allow pods on master node (if configured).
-  command: "kubectl taint nodes --all node-role.kubernetes.io/master-"
+- name: Allow pods on control plane (if configured).
+  command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
   when:
-    - kubernetes_allow_pods_on_master | bool
+    - kubernetes_allow_pods_on_control_plane | bool
     - not kubernetes_init_stat.stat.exists
-
-- name: Check if Kubernetes Dashboard UI service already exists.
-  shell: kubectl get services --namespace kube-system | grep -q kubernetes-dashboard
-  changed_when: false
-  failed_when: false
-  register: kubernetes_dashboard_service
-  when: kubernetes_enable_web_ui | bool
-
-- name: Enable the Kubernetes Web Dashboard UI (if configured).
-  command: "kubectl create -f {{ kubernetes_web_ui_manifest_file }}"
-  when:
-    - kubernetes_enable_web_ui | bool
-    - kubernetes_dashboard_service is failed

tasks/kubelet-setup.yml

@@ -1,35 +1,42 @@
 ---
-- name: Check for existence of kubelet environment file.
+
+# ---- DEPRECATED ----------------
+#
+# Most of the kubernetes_kubelet_extra_args are deprecated. See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet for details.
+# Use the kubernetes_kubelet_config variable instead, which will be used to create the kubelet config file.
+
+- name: Check for existence of kubelet environment file. (deprecated)
   stat:
     path: '{{ kubelet_environment_file_path }}'
   register: kubelet_environment_file
 
-- name: Set facts for KUBELET_EXTRA_ARGS task if environment file exists.
+- name: Set facts for KUBELET_EXTRA_ARGS task if environment file exists. (deprecated)
   set_fact:
     kubelet_args_path: '{{ kubelet_environment_file_path }}'
     kubelet_args_line: "{{ 'KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args }}"
     kubelet_args_regexp: '^KUBELET_EXTRA_ARGS='
   when: kubelet_environment_file.stat.exists
 
-- name: Set facts for KUBELET_EXTRA_ARGS task if environment file doesn't exist.
+- name: Set facts for KUBELET_EXTRA_ARGS task if environment file doesn't exist. (deprecated)
   set_fact:
     kubelet_args_path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf'
     kubelet_args_line: "{{ 'Environment=\"KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args + '\"' }}"
     kubelet_args_regexp: '^Environment="KUBELET_EXTRA_ARGS='
   when: not kubelet_environment_file.stat.exists
 
-- name: Configure KUBELET_EXTRA_ARGS.
+- name: Configure KUBELET_EXTRA_ARGS. (deprecated)
   lineinfile:
     path: '{{ kubelet_args_path }}'
     line: '{{ kubelet_args_line }}'
     regexp: '{{ kubelet_args_regexp }}'
     state: present
     mode: 0644
-  register: kubelet_config_file
+  register: kubelet_extra_args
+  when: kubernetes_kubelet_extra_args|length > 0
 
-- name: Reload systemd unit if args were changed.
+- name: Reload systemd unit if args were changed. (deprecated)
   systemd:
     state: restarted
     daemon_reload: true
     name: kubelet
-  when: kubelet_config_file is changed
+  when: kubelet_extra_args is changed

tasks/main.yml

@@ -20,7 +20,8 @@
 
 - include_tasks: sysctl-setup.yml
 
-- include_tasks: kubelet-setup.yml
+- include_tasks: kubelet-setup.yml  # deprecated
+  when: kubernetes_kubelet_extra_args|length > 0
 
 - name: Ensure kubelet is started and enabled at boot.
   service:
@@ -33,15 +34,15 @@
     path: /etc/kubernetes/admin.conf
   register: kubernetes_init_stat
 
-# Set up master.
-- include_tasks: master-setup.yml
-  when: kubernetes_role == 'master'
+# Set up control plane.
+- include_tasks: control-plane-setup.yml
+  when: kubernetes_role == 'control_plane'
 
 # Set up nodes.
-- name: Get the kubeadm join command from the Kubernetes master.
+- name: Get the kubeadm join command from the Kubernetes control plane.
   command: kubeadm token create --print-join-command
   changed_when: false
-  when: kubernetes_role == 'master'
+  when: kubernetes_role == 'control_plane'
   register: kubernetes_join_command_result
 
 - name: Set the kubeadm join command globally.

tasks/node-setup.yml

@@ -1,5 +1,5 @@
 ---
-- name: Join node to Kubernetes master
+- name: Join node to Kubernetes control plane.
   shell: >
     {{ kubernetes_join_command }}
     creates=/etc/kubernetes/kubelet.conf

tasks/setup-Debian.yml

@@ -4,20 +4,22 @@
     name:
       - apt-transport-https
       - ca-certificates
+      - python3-debian
     state: present
 
-- name: Add Kubernetes apt key.
-  apt_key:
-    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-    state: present
-  register: add_repository_key
-  ignore_errors: "{{ kubernetes_apt_ignore_key_error }}"
-
 - name: Add Kubernetes repository.
-  apt_repository:
-    repo: "{{ kubernetes_apt_repository }}"
-    state: present
+  deb822_repository:
+    name: kubernetes
+    types: deb
+    uris: "{{ kubernetes_apt_repository }}"
+    suites: /
+    signed_by: "{{ kubernetes_apt_repository }}/Release.key"
+  register: kubernetes_repository
+
+- name: Update Apt cache.
+  apt:
     update_cache: true
+  when: kubernetes_repository.changed
 
 - name: Add Kubernetes apt preferences file to pin a version.
   template:

tasks/setup-RedHat.yml

@@ -4,24 +4,17 @@
     name: kubernetes
     description: Kubernetes
     enabled: true
-    gpgcheck: true
-    repo_gpgcheck: true
-    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ kubernetes_yum_arch }}
-    gpgkey:
-      - https://packages.cloud.google.com/yum/doc/yum-key.gpg
-      - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+    gpgcheck: "{{ kubernetes_yum_gpg_check }}"
+    repo_gpgcheck: "{{ kubernetes_yum_repo_gpg_check }}"
+    baseurl: "{{ kubernetes_yum_base_url }}"
+    gpgkey: "{{ kubernetes_yum_gpg_key }}"
 
 - name: Add Kubernetes GPG keys.
   rpm_key:
-    key: "{{ item }}"
+    key: "{{ kubernetes_yum_gpg_key }}"
     state: present
   register: kubernetes_rpm_key
-  with_items:
-    - https://packages.cloud.google.com/yum/doc/yum-key.gpg
-    - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
 
 - name: Make cache if Kubernetes GPG key changed.
   command: "yum -q makecache -y --disablerepo='*' --enablerepo='kubernetes'"
   when: kubernetes_rpm_key is changed
-  args:
-    warn: false

templates/kubeadm-kubelet-config.j2

@@ -0,0 +1,20 @@
+---
+apiVersion: kubeadm.k8s.io/{{ kubernetes_config_kubeadm_apiversion }}
+kind: InitConfiguration
+{{ kubernetes_config_init_configuration | to_nice_yaml }}
+---
+apiVersion: kubeadm.k8s.io/{{ kubernetes_config_kubeadm_apiversion }}
+kind: ClusterConfiguration
+{{ kubernetes_config_cluster_configuration | to_nice_yaml }}
+{% if kubernetes_config_kubelet_configuration|length > 0 %}
+---
+apiVersion: kubelet.config.k8s.io/{{ kubenetes_config_kubelet_apiversion }}
+kind: KubeletConfiguration
+{{ kubernetes_config_kubelet_configuration | to_nice_yaml }}
+{% endif %}
+{% if kubernetes_config_kube_proxy_configuration|length > 0 %}
+---
+apiVersion: kubeproxy.config.k8s.io/{{ kubernetes_config_kubeproxy_apiversion }}
+kind: KubeProxyConfiguration
+{{ kubernetes_config_kube_proxy_configuration | to_nice_yaml }}
+{% endif %}

vars/RedHat.yml

@@ -1,12 +1,3 @@
 ---
 procps_package: procps-ng
 kubelet_environment_file_path: /etc/sysconfig/kubelet
-kubernetes_packages:
-  - name: kubelet-{{ kubernetes_version_rhel_package }}-0
-    state: present
-  - name: kubectl-{{ kubernetes_version_rhel_package }}-0
-    state: present
-  - name: kubeadm-{{ kubernetes_version_rhel_package }}-0
-    state: present
-  - name: kubernetes-cni
-    state: present