kubernetes: multi master cluster works now

author: Christian Pointner <equinox@spreadspace.org> 2020-01-17 22:24:09 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-01-31 22:31:22 +0100
commit: 8010f57a73885f7abb5c98c1f77c49baa59a7d16 (patch)
tree: 334f5c6c0af02fe3fce098feb398808101a066d9 /roles/kubernetes/kubeadm
parent: kubernetes: node cleanup works now (diff)
4 files changed, 54 insertions, 39 deletions
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index e814e847..115c8616 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -24,35 +24,39 @@
   #   check_mode: no
   #   register: kubeadm_token_generate
 
-  - name: initialize kubernetes master
-    command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
-#    command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
-    args:
-      creates: /etc/kubernetes/pki/ca.crt
-    register: kubeadm_init
-
-  - name: dump output of kubeadm init to log file
-    when: kubeadm_init.changed
-    copy:
-      content: "{{ kubeadm_init.stdout }}\n"
-      dest: /etc/kubernetes/kubeadm-init.log
+  - name: initialize kubernetes master and store log
+    block:
+    - name: initialize kubernetes master
+      command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
+  #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
+      args:
+        creates: /etc/kubernetes/pki/ca.crt
+      register: kubeadm_init
+
+    always:
+    - name: dump output of kubeadm init to log file
+      when: kubeadm_init.changed
+      copy:
+        content: "{{ kubeadm_init.stdout }}\n"
+        dest: /etc/kubernetes/kubeadm-init.log
 
   - name: create bootstrap token for existing cluster
     command: kubeadm token create --ttl 42m
     check_mode: no
     register: kubeadm_token_generate
 
+
 ### cluster is already initialized but config has changed
 
 - name: upgrade cluster config
   when: kubeconfig_kubelet_stats.stat.exists and kubeadm_config is changed
   block:
 
-
   - name: fail for cluster upgrades
     fail:
       msg: "upgrading cluster config is currently not supported!"
 
+
 ### cluster is already initialized
 
 - name: prepare cluster for new nodes
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index 7025ace0..ffe1b4b2 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -25,18 +25,21 @@
   set_fact:
     kubeadm_upload_certs_key: "{% if kubeadm_upload_certs.stdout is defined %}{{ kubeadm_upload_certs.stdout_lines | last }}{% endif %}"
 
-- name: join kubernetes secondary master node
-  command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
-  args:
-    creates: /etc/kubernetes/kubelet.conf
-  register: kubeadm_join
-
-- name: dump output of kubeadm join to log file
-  when: kubeadm_join is changed
-  # This is not a handler by design to make sure this action runs at this point of the play.
-  copy: # noqa 503
-    content: "{{ kubeadm_join.stdout }}\n"
-    dest: /etc/kubernetes/kubeadm-join.log
+- name: join kubernetes secondary master node and store log
+  block:
+  - name: join kubernetes secondary master node
+    command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_kubelet_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_kubelet_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+    args:
+      creates: /etc/kubernetes/kubelet.conf
+    register: kubeadm_join
+
+  always:
+  - name: dump output of kubeadm join to log file
+    when: kubeadm_join is changed
+    # This is not a handler by design to make sure this action runs at this point of the play.
+    copy: # noqa 503
+      content: "{{ kubeadm_join.stdout }}\n"
+      dest: /etc/kubernetes/kubeadm-join.log
 
   # TODO: acutally check if node has registered
 - name: give the new master(s) a moment to register
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index 3c10e59b..869c809f 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -1,4 +1,4 @@
-{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #}
+{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2 #}
 {#  #}
 apiVersion: kubeadm.k8s.io/v1beta2
 kind: InitConfiguration
@@ -6,20 +6,25 @@ kind: InitConfiguration
 {# better control it's lifetime #}
 bootstrapTokens:
 - ttl: "1s"
+{% if kubernetes_kubelet_node_ip is defined %}
+localAPIEndpoint:
+  advertiseAddress: {{ kubernetes_kubelet_node_ip }}
+{% endif %}
 ---
 apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 kubernetesVersion: {{ kubernetes_version }}
 clusterName: {{ kubernetes.cluster_name }}
 imageRepository: k8s.gcr.io
+{% if kubernetes_kubelet_node_ip is defined %}
 controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443"
+{% endif %}
 networking:
   dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }}
   podSubnet: {{ kubernetes.pod_ip_range }}
   serviceSubnet: {{ kubernetes.service_ip_range }}
 apiServer:
-  extraArgs:
-    advertise-address: {{ kubernetes_kubelet_node_ip }}
+  #extraArgs:
   #   encryption-provider-config: /etc/kubernetes/encryption/config
   # extraVolumes:
   # - name: encryption-config
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index f7efdd81..61d47111 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -1,13 +1,16 @@
 ---
-- name: join kubernetes node
-  command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
-  args:
-    creates: /etc/kubernetes/kubelet.conf
-  register: kubeadm_join
+- name: join kubernetes node and store log
+  block:
+  - name: join kubernetes node
+    command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+    args:
+      creates: /etc/kubernetes/kubelet.conf
+    register: kubeadm_join
 
-- name: dump output of kubeadm join to log file
-  when: kubeadm_join is changed
-  # This is not a handler by design to make sure this action runs at this point of the play.
-  copy: # noqa 503
-    content: "{{ kubeadm_join.stdout }}\n"
-    dest: /etc/kubernetes/kubeadm-join.log
+  always:
+  - name: dump output of kubeadm join to log file
+    when: kubeadm_join is changed
+    # This is not a handler by design to make sure this action runs at this point of the play.
+    copy: # noqa 503
+      content: "{{ kubeadm_join.stdout }}\n"
+      dest: /etc/kubernetes/kubeadm-join.log
author	Christian Pointner <equinox@spreadspace.org>	2020-01-17 22:24:09 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-01-31 22:31:22 +0100
commit	8010f57a73885f7abb5c98c1f77c49baa59a7d16 (patch)
tree	334f5c6c0af02fe3fce098feb398808101a066d9 /roles/kubernetes/kubeadm
parent	kubernetes: node cleanup works now (diff)