diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-05-15 23:44:29 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-05-15 23:44:29 +0200 |
commit | 14824c28b863f0028822f3ab92f8b9199cda7322 (patch) | |
tree | bf6c0415146ccfe3498f2e2c16812ef2304cf9e0 | |
parent | Merge branch 'topic/k8s-containerd' (diff) |
k8s: cleanup CRI socket handling
12 files changed, 14 insertions, 24 deletions
diff --git a/inventory/group_vars/kubernetes/vars.yml b/inventory/group_vars/kubernetes/vars.yml index a0e08c5c..0df0e94f 100644 --- a/inventory/group_vars/kubernetes/vars.yml +++ b/inventory/group_vars/kubernetes/vars.yml @@ -1,6 +1,6 @@ --- kubernetes_cri_sockets: containerd: "unix:///run/containerd/containerd.sock" - docker: "" + docker: "unix:///var/run/dockershim.sock" kubernetes_cri_socket: "{{ kubernetes_cri_sockets[kubernetes_container_runtime] }}" diff --git a/roles/apps/coturn/templates/acmetool-reload.sh.j2 b/roles/apps/coturn/templates/acmetool-reload.sh.j2 index c90c296d..08530583 100644 --- a/roles/apps/coturn/templates/acmetool-reload.sh.j2 +++ b/roles/apps/coturn/templates/acmetool-reload.sh.j2 @@ -18,9 +18,6 @@ while read name; do install -m 0644 -o root -g coturn "$certdir/fullchain" "$SSL_D/cert.pem" install -m 0640 -o root -g coturn "$certdir/privkey" "$SSL_D/privkey.pem" -{% if kubernetes_cri_socket %} - export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}" -{% endif %} pod_id=$(crictl pods -q --state ready --name "^coturn-{{ coturn_realm }}-{{ ansible_nodename }}$") [ -n "$pod_id" ] || exit 42 container_id=$(crictl ps -q --name '^coturn$' -p "$pod_id") diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2 index e3b8dbb7..adef944d 100644 --- a/roles/apps/mumble/templates/acmetool-reload.sh.j2 +++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2 @@ -18,9 +18,6 @@ while read name; do install -m 0644 -o root -g mumble "$certdir/fullchain" "$SSL_D/cert.pem" install -m 0640 -o root -g mumble "$certdir/privkey" "$SSL_D/privkey.pem" -{% if kubernetes_cri_socket %} - export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}" -{% endif %} pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$") [ -n "$pod_id" ] || exit 42 container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id") diff --git a/roles/apps/nextcloud/templates/nextcloud-occ.j2 b/roles/apps/nextcloud/templates/nextcloud-occ.j2 index 7e2a51d4..f12f1259 100755 --- a/roles/apps/nextcloud/templates/nextcloud-occ.j2 +++ b/roles/apps/nextcloud/templates/nextcloud-occ.j2 @@ -9,9 +9,6 @@ if [ -z "$INST_NAME" ]; then fi set -eu -{% if kubernetes_cri_socket %} -export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}" -{% endif %} pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$") if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi diff --git a/roles/apps/nextcloud/templates/run-cron.sh.j2 b/roles/apps/nextcloud/templates/run-cron.sh.j2 index 755b7cb1..455bc3ec 100644 --- a/roles/apps/nextcloud/templates/run-cron.sh.j2 +++ b/roles/apps/nextcloud/templates/run-cron.sh.j2 @@ -1,9 +1,5 @@ #!/bin/bash -{% if kubernetes_cri_socket %} -export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}" -{% endif %} - POD_NAME="{{ item }}-$(hostname)" POD_ID=$(crictl pods --name "$POD_NAME" --state ready -q) CONTAINER_ID=$(crictl ps --pod "$POD_ID" --name nextcloud -q) diff --git a/roles/kubernetes/base/defaults/main.yml b/roles/kubernetes/base/defaults/main.yml new file mode 100644 index 00000000..d5eccc59 --- /dev/null +++ b/roles/kubernetes/base/defaults/main.yml @@ -0,0 +1,2 @@ +--- +kubernetes_cri_tools_pkg_version: "{{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1" diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index 88b35508..a9b5dec1 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -3,7 +3,7 @@ assert: msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!" that: - - not kubernetes_cri_socket + - kubernetes_cri_socket == "unix:///var/run/dockershim.sock" - name: create systemd snippet directory file: diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index a13f04fa..adbd24aa 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -21,7 +21,7 @@ apt: name: - bridge-utils - - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1" + - "cri-tools={{ kubernetes_cri_tools_pkg_version }}" - "kubelet={{ kubernetes_version }}-00" state: present force: yes @@ -35,7 +35,6 @@ selection: hold - name: configure endpoints for crictl - when: kubernetes_cri_socket copy: dest: /etc/crictl.yaml content: | diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index 432f7479..463821ff 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -27,8 +27,8 @@ - name: initialize kubernetes master and store log block: - name: initialize kubernetes master - command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" - # command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" + command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" + # command: "kubeadm init --config /etc/kubernetes/kubeadm.config --cri-socket {{ kubernetes_cri_socket }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" args: creates: /etc/kubernetes/pki/ca.crt register: kubeadm_init diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml index 610a8d3f..4759b7fd 100644 --- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml +++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml @@ -29,7 +29,7 @@ block: - name: join kubernetes secondary master node throttle: 1 - command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}" + command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml index 6b3d18ae..13937bcf 100644 --- a/roles/kubernetes/kubeadm/node/tasks/main.yml +++ b/roles/kubernetes/kubeadm/node/tasks/main.yml @@ -2,7 +2,7 @@ - name: join kubernetes node and store log block: - name: join kubernetes node - command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" + command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 index d7105856..00f2c360 100644 --- a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 +++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 @@ -1,9 +1,11 @@ [Service] ExecStart= ExecStart=/usr/bin/kubelet \ - --config=/etc/kubernetes/kubelet.yml \ -{% if kubernetes_cri_socket %} +{% if kubernetes_container_runtime != 'docker' %} --container-runtime=remote \ --container-runtime-endpoint={{ kubernetes_cri_socket }} \ -{% endif %} +{% else %} + --container-runtime=docker \ --network-plugin=cni \ +{% endif %} + --config=/etc/kubernetes/kubelet.yml |