summaryrefslogtreecommitdiff
path: root/roles/kubernetes/kubeadm
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-05-07 22:45:49 +0200
committerChristian Pointner <equinox@spreadspace.org>2022-05-07 23:53:19 +0200
commitc09b07327b688a6a47f523a15c1a5c29d4f476d0 (patch)
tree6c243d60a3fb142c582761f1baab1c00f7081342 /roles/kubernetes/kubeadm
parentcosmetic changes (diff)
k8s: rename masters to control-plane nodes
Diffstat (limited to 'roles/kubernetes/kubeadm')
-rw-r--r--roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j28
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/main.yml (renamed from roles/kubernetes/kubeadm/master/tasks/main.yml)43
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml (renamed from roles/kubernetes/kubeadm/master/tasks/net_kube-router.yml)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/net_kubeguard.yml (renamed from roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/net_none.yml (renamed from roles/kubernetes/kubeadm/master/tasks/net_none.yml)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/primary.yml (renamed from roles/kubernetes/kubeadm/master/tasks/primary-master.yml)4
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml (renamed from roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml)12
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/encryption-config.j2 (renamed from roles/kubernetes/kubeadm/master/templates/encryption-config.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 (renamed from roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.0.4.0.yml.j2 (renamed from roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.1.1.yml.j2 (renamed from roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.1.1.yml.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.4.0.yml.j2 (renamed from roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.4.0.yml.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.0.4.0.yml.j2 (renamed from roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.0.4.0.yml.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.1.1.1.yml.j2 (renamed from roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.1.1.1.yml.j2)0
-rw-r--r--roles/kubernetes/kubeadm/control-plane/templates/node-local-dns.yml.j2 (renamed from roles/kubernetes/kubeadm/master/templates/node-local-dns.yml.j2)0
-rw-r--r--roles/kubernetes/kubeadm/prune/tasks/main.yml2
-rw-r--r--roles/kubernetes/kubeadm/upgrade12
-rw-r--r--roles/kubernetes/kubeadm/worker/tasks/main.yml (renamed from roles/kubernetes/kubeadm/node/tasks/main.yml)4
18 files changed, 42 insertions, 43 deletions
diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
index 2e0eaf5d..19118b2e 100644
--- a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
+++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
@@ -16,7 +16,7 @@ defaults
option dontlog-normal
frontend kube_api
-{% if '_kubernetes_masters_' in group_names %}
+{% if '_kubernetes_controlplane_nodes_' in group_names %}
bind *:6443
{% else %}
bind 127.0.0.1:6443
@@ -25,7 +25,7 @@ frontend kube_api
default_backend kube_api
backend kube_api
-{% if '_kubernetes_masters_' in group_names %}
+{% if '_kubernetes_controlplane_nodes_' in group_names %}
balance first
{% else %}
balance roundrobin
@@ -36,6 +36,6 @@ backend kube_api
default-server inter 5s fall 3 rise 2
timeout connect 5s
timeout server 3h
-{% for master in groups['_kubernetes_masters_'] %}
- server {{ master }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
+{% for node in groups['_kubernetes_controlplane_nodes_'] %}
+ server {{ node }} {{ hostvars[node].kubernetes_overlay_node_ip | default(hostvars[node].ansible_default_ipv4.address) }}:6442 {% if node == inventory_hostname %}id 1{% endif %} check check-ssl verify none
{% endfor %}
diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
index 04df760f..d5bd378e 100644
--- a/roles/kubernetes/kubeadm/master/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
@@ -12,48 +12,47 @@
mode: 0600
-- name: install primary master
- include_tasks: primary-master.yml
- when: "'_kubernetes_primary_master_' in group_names"
+- name: install primary control-plane node
+ include_tasks: primary.yml
+ when: "'_kubernetes_primary_controlplane_node_' in group_names"
-- name: install secondary masters
- include_tasks: secondary-masters.yml
- when: "'_kubernetes_primary_master_' not in group_names"
+- name: install secondary control-plane nodes
+ include_tasks: secondary.yml
+ when: "'_kubernetes_primary_controlplane_node_' not in group_names"
-- name: check if master is tainted (1/2)
+- name: check if control-plane node is tainted (1/2)
command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ inventory_hostname }} -o json"
check_mode: no
register: kubectl_get_node
changed_when: False
-- name: check if master is tainted (2/2)
+- name: check if control-plane node is tainted (2/2)
set_fact:
kube_node_taints: "{% set node_info = kubectl_get_node.stdout | from_json %}{%if node_info.spec.taints is defined %}{{ node_info.spec.taints | map(attribute='key') | list }}{% endif %}"
-- name: remove taint from master/control-plane node
- when: not kubernetes.dedicated_master
+- name: remove taint from control-plane node
+ when: not kubernetes.dedicated_controlplane_nodes
block:
- - name: remove master taint from node
- when: "'node-role.kubernetes.io/master' in kube_node_taints"
- command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-"
-
- name: remove control-plane taint from node
when: "'node-role.kubernetes.io/control-plane' in kube_node_taints"
command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane-"
-- name: add taint from master/control-plane node
- when: kubernetes.dedicated_master
+ - name: remove deprecated master taint from node
+ when: "'node-role.kubernetes.io/master' in kube_node_taints"
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-"
+
+- name: add taint from control-plane node
+ when: kubernetes.dedicated_controlplane_nodes
block:
- - name: add master taint from node
+ - name: add control-plane taint to node
+ when: "'node-role.kubernetes.io/control-plane' not in kube_node_taints"
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane='':NoSchedule"
+
+ - name: add deprecated master taint to node
when: "'node-role.kubernetes.io/master' not in kube_node_taints"
command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master='':NoSchedule"
- ## TODO: enable this once all needed addons and workloads have tolerations set accordingly
- # - name: add control-plane taint from node
- # when: "'node-role.kubernetes.io/control-plane' not in kube_node_taints"
- # command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane='':NoSchedule"
-
- name: prepare kubectl (1/2)
file:
name: /root/.kube
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kube-router.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
index 0a216414..0a216414 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_kube-router.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_kubeguard.yml
index a572ca89..a572ca89 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_kubeguard.yml
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_none.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_none.yml
index bf1a16d5..bf1a16d5 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_none.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_none.yml
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
index 6fb63d09..22a5af42 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
@@ -25,9 +25,9 @@
# check_mode: no
# register: kubeadm_token_generate
- - name: initialize kubernetes master and store log
+ - name: initialize kubernetes primary control-plane node and store log
block:
- - name: initialize kubernetes master
+ - name: initialize kubernetes primary control-plane node
command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
# command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
args:
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
index 4759b7fd..a2dbe081 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
@@ -1,7 +1,7 @@
---
-- name: fetch secrets needed for secondary master
+- name: fetch secrets needed for secondary control-plane node
run_once: true
- delegate_to: "{{ groups['_kubernetes_primary_master_'] | first }}"
+ delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
block:
- name: fetch list of current nodes
@@ -15,7 +15,7 @@
kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
- name: upload certs
- when: "groups['_kubernetes_masters_'] | difference(kubernetes_current_nodes) | length > 0"
+ when: "groups['_kubernetes_controlplane_nodes_'] | difference(kubernetes_current_nodes) | length > 0"
command: kubeadm init phase upload-certs --upload-certs
check_mode: no
register: kubeadm_upload_certs
@@ -25,9 +25,9 @@
set_fact:
kubeadm_upload_certs_key: "{% if kubeadm_upload_certs.stdout is defined %}{{ kubeadm_upload_certs.stdout_lines | last }}{% endif %}"
-- name: join kubernetes secondary master node and store log
+- name: join kubernetes secondary control-plane node and store log
block:
- - name: join kubernetes secondary master node
+ - name: join kubernetes secondary control-plane node
throttle: 1
command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
args:
@@ -49,7 +49,7 @@
dest: /etc/kubernetes/kubeadm-join.errors
# TODO: acutally check if node has registered
-- name: give the new master(s) a moment to register
+- name: give the new control-plane node(s) a moment to register
when: kubeadm_join is changed
pause: # noqa 503
seconds: 5
diff --git a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/encryption-config.j2
index 345c9bf9..345c9bf9 100644
--- a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/encryption-config.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2
index 2fa98ed6..2fa98ed6 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.0.4.0.yml.j2
index a2660db2..a2660db2 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.0.4.0.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.1.1.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.1.1.yml.j2
index 382164cb..382164cb 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.1.1.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.1.1.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.4.0.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.4.0.yml.j2
index 382164cb..382164cb 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.4.0.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.4.0.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.0.4.0.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.0.4.0.yml.j2
index e343f4a7..e343f4a7 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.0.4.0.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.0.4.0.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.1.1.1.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.1.1.1.yml.j2
index ec30d670..ec30d670 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.1.1.1.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.1.1.1.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/node-local-dns.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/node-local-dns.yml.j2
index d536d5a7..d536d5a7 100644
--- a/roles/kubernetes/kubeadm/master/templates/node-local-dns.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/node-local-dns.yml.j2
diff --git a/roles/kubernetes/kubeadm/prune/tasks/main.yml b/roles/kubernetes/kubeadm/prune/tasks/main.yml
index 71ed0d04..45020963 100644
--- a/roles/kubernetes/kubeadm/prune/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/prune/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: remove nodes from api server
run_once: true
- delegate_to: "{{ groups['_kubernetes_primary_master_'] | first }}"
+ delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
loop: "{{ groups['_kubernetes_nodes_prune_'] | default([]) }}"
command: "kubectl delete node {{ item }}"
diff --git a/roles/kubernetes/kubeadm/upgrade b/roles/kubernetes/kubeadm/upgrade
index c2f97d40..2cfa18cd 100644
--- a/roles/kubernetes/kubeadm/upgrade
+++ b/roles/kubernetes/kubeadm/upgrade
@@ -1,8 +1,8 @@
Cluster Upgrades:
=================
-primary master:
----------------
+primary control-plane node:
+---------------------------
VERSION=1.23.1
@@ -26,8 +26,8 @@ apt-get update && apt-get install -y "kubelet=$VERSION-00" "kubectl=$VERSION-00"
kubectl uncordon $(hostname)
-secondary master:
------------------
+secondary control-plane node:
+-----------------------------
VERSION=1.23.1
@@ -55,7 +55,7 @@ apt-get update
sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
apt-get install -y "kubeadm=$VERSION-00"
-@primary master: kubectl drain <node> --ignore-daemonsets --delete-emptydir-data
+@primary control-plane node: kubectl drain <node> --ignore-daemonsets --delete-emptydir-data
kubeadm upgrade node
sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
@@ -64,4 +64,4 @@ apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00"
// security updates + reboot ?
-@primary master: kubectl uncordon <node>
+@primary control-plane node: kubectl uncordon <node>
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/worker/tasks/main.yml
index 13937bcf..eabb7a1f 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/worker/tasks/main.yml
@@ -1,7 +1,7 @@
---
-- name: join kubernetes node and store log
+- name: join kubernetes worker node and store log
block:
- - name: join kubernetes node
+ - name: join kubernetes worker node
command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
args:
creates: /etc/kubernetes/kubelet.conf