k8s: rename masters to control-plane nodes

author: Christian Pointner <equinox@spreadspace.org> 2022-05-07 22:45:49 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2022-05-07 23:53:19 +0200
commit: c09b07327b688a6a47f523a15c1a5c29d4f476d0 (patch)
tree: 6c243d60a3fb142c582761f1baab1c00f7081342 /roles/kubernetes/kubeadm
parent: cosmetic changes (diff)
18 files changed, 42 insertions, 43 deletions
diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
index 2e0eaf5d..19118b2e 100644
--- a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
+++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
@@ -16,7 +16,7 @@ defaults
     option dontlog-normal
 
 frontend kube_api
-{% if '_kubernetes_masters_' in group_names %}
+{% if '_kubernetes_controlplane_nodes_' in group_names %}
     bind *:6443
 {% else %}
     bind 127.0.0.1:6443
@@ -25,7 +25,7 @@ frontend kube_api
     default_backend kube_api
 
 backend kube_api
-{% if '_kubernetes_masters_' in group_names %}
+{% if '_kubernetes_controlplane_nodes_' in group_names %}
     balance first
 {% else %}
     balance roundrobin
@@ -36,6 +36,6 @@ backend kube_api
     default-server inter 5s fall 3 rise 2
     timeout connect 5s
     timeout server 3h
-{% for master in groups['_kubernetes_masters_'] %}
-    server {{ master }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
+{% for node in groups['_kubernetes_controlplane_nodes_'] %}
+    server {{ node }} {{ hostvars[node].kubernetes_overlay_node_ip | default(hostvars[node].ansible_default_ipv4.address) }}:6442 {% if node == inventory_hostname %}id 1{% endif %} check check-ssl verify none
 {% endfor %}
diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
index 04df760f..d5bd378e 100644
--- a/roles/kubernetes/kubeadm/master/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
@@ -12,48 +12,47 @@
     mode: 0600
 
 
-- name: install primary master
-  include_tasks: primary-master.yml
-  when: "'_kubernetes_primary_master_' in group_names"
+- name: install primary control-plane node
+  include_tasks: primary.yml
+  when: "'_kubernetes_primary_controlplane_node_' in group_names"
 
-- name: install secondary masters
-  include_tasks: secondary-masters.yml
-  when: "'_kubernetes_primary_master_' not in group_names"
+- name: install secondary control-plane nodes
+  include_tasks: secondary.yml
+  when: "'_kubernetes_primary_controlplane_node_' not in group_names"
 
 
-- name: check if master is tainted (1/2)
+- name: check if control-plane node is tainted (1/2)
   command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ inventory_hostname }} -o json"
   check_mode: no
   register: kubectl_get_node
   changed_when: False
 
-- name: check if master is tainted (2/2)
+- name: check if control-plane node is tainted (2/2)
   set_fact:
     kube_node_taints: "{% set node_info = kubectl_get_node.stdout | from_json %}{%if node_info.spec.taints is defined %}{{ node_info.spec.taints | map(attribute='key') | list }}{% endif %}"
 
-- name: remove taint from master/control-plane node
-  when: not kubernetes.dedicated_master
+- name: remove taint from control-plane node
+  when: not kubernetes.dedicated_controlplane_nodes
   block:
-  - name: remove master taint from node
-    when: "'node-role.kubernetes.io/master' in kube_node_taints"
-    command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-"
-
   - name: remove control-plane taint from node
     when: "'node-role.kubernetes.io/control-plane' in kube_node_taints"
     command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane-"
 
-- name: add taint from master/control-plane node
-  when: kubernetes.dedicated_master
+  - name: remove deprecated master taint from node
+    when: "'node-role.kubernetes.io/master' in kube_node_taints"
+    command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-"
+
+- name: add taint from control-plane node
+  when: kubernetes.dedicated_controlplane_nodes
   block:
-  - name: add master taint from node
+  - name: add control-plane taint to node
+    when: "'node-role.kubernetes.io/control-plane' not in kube_node_taints"
+    command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane='':NoSchedule"
+
+  - name: add deprecated master taint to node
     when: "'node-role.kubernetes.io/master' not in kube_node_taints"
     command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master='':NoSchedule"
 
-  ## TODO: enable this once all needed addons and workloads have tolerations set accordingly
-  # - name: add control-plane taint from node
-  #   when: "'node-role.kubernetes.io/control-plane' not in kube_node_taints"
-  #   command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane='':NoSchedule"
-
 - name: prepare kubectl (1/2)
   file:
     name: /root/.kube
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kube-router.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
index 0a216414..0a216414 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_kube-router.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_kubeguard.yml
index a572ca89..a572ca89 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_kubeguard.yml
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_none.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_none.yml
index bf1a16d5..bf1a16d5 100644
--- a/roles/kubernetes/kubeadm/master/tasks/net_none.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_none.yml
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
index 6fb63d09..22a5af42 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
@@ -25,9 +25,9 @@
   #   check_mode: no
   #   register: kubeadm_token_generate
 
-  - name: initialize kubernetes master and store log
+  - name: initialize kubernetes primary control-plane node and store log
     block:
-    - name: initialize kubernetes master
+    - name: initialize kubernetes primary  control-plane node
       command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
   #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
       args:
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
index 4759b7fd..a2dbe081 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
@@ -1,7 +1,7 @@
 ---
-- name: fetch secrets needed for secondary master
+- name: fetch secrets needed for secondary control-plane node
   run_once: true
-  delegate_to: "{{ groups['_kubernetes_primary_master_'] | first }}"
+  delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
   block:
 
   - name: fetch list of current nodes
@@ -15,7 +15,7 @@
       kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
 
   - name: upload certs
-    when: "groups['_kubernetes_masters_'] | difference(kubernetes_current_nodes) | length > 0"
+    when: "groups['_kubernetes_controlplane_nodes_'] | difference(kubernetes_current_nodes) | length > 0"
     command: kubeadm init phase upload-certs --upload-certs
     check_mode: no
     register: kubeadm_upload_certs
@@ -25,9 +25,9 @@
   set_fact:
     kubeadm_upload_certs_key: "{% if kubeadm_upload_certs.stdout is defined %}{{ kubeadm_upload_certs.stdout_lines | last }}{% endif %}"
 
-- name: join kubernetes secondary master node and store log
+- name: join kubernetes secondary control-plane node and store log
   block:
-  - name: join kubernetes secondary master node
+  - name: join kubernetes secondary control-plane node
     throttle: 1
     command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
     args:
@@ -49,7 +49,7 @@
       dest: /etc/kubernetes/kubeadm-join.errors
 
   # TODO: acutally check if node has registered
-- name: give the new master(s) a moment to register
+- name: give the new control-plane node(s) a moment to register
   when: kubeadm_join is changed
   pause: # noqa 503
     seconds: 5
diff --git a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/encryption-config.j2
index 345c9bf9..345c9bf9 100644
--- a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/encryption-config.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2
index 2fa98ed6..2fa98ed6 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.0.4.0.yml.j2
index a2660db2..a2660db2 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.0.4.0.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.0.4.0.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.1.1.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.1.1.yml.j2
index 382164cb..382164cb 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.1.1.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.1.1.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.4.0.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.4.0.yml.j2
index 382164cb..382164cb 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kube-router/config.1.4.0.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kube-router/config.1.4.0.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.0.4.0.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.0.4.0.yml.j2
index e343f4a7..e343f4a7 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.0.4.0.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.0.4.0.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.1.1.1.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.1.1.1.yml.j2
index ec30d670..ec30d670 100644
--- a/roles/kubernetes/kubeadm/master/templates/net_kubeguard/kube-router.1.1.1.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/net_kubeguard/kube-router.1.1.1.yml.j2
diff --git a/roles/kubernetes/kubeadm/master/templates/node-local-dns.yml.j2 b/roles/kubernetes/kubeadm/control-plane/templates/node-local-dns.yml.j2
index d536d5a7..d536d5a7 100644
--- a/roles/kubernetes/kubeadm/master/templates/node-local-dns.yml.j2
+++ b/roles/kubernetes/kubeadm/control-plane/templates/node-local-dns.yml.j2
diff --git a/roles/kubernetes/kubeadm/prune/tasks/main.yml b/roles/kubernetes/kubeadm/prune/tasks/main.yml
index 71ed0d04..45020963 100644
--- a/roles/kubernetes/kubeadm/prune/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/prune/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: remove nodes from api server
   run_once: true
-  delegate_to: "{{ groups['_kubernetes_primary_master_'] | first }}"
+  delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
   loop: "{{ groups['_kubernetes_nodes_prune_'] | default([]) }}"
   command: "kubectl delete node {{ item }}"
 
diff --git a/roles/kubernetes/kubeadm/upgrade b/roles/kubernetes/kubeadm/upgrade
index c2f97d40..2cfa18cd 100644
--- a/roles/kubernetes/kubeadm/upgrade
+++ b/roles/kubernetes/kubeadm/upgrade
@@ -1,8 +1,8 @@
 Cluster Upgrades:
 =================
 
-primary master:
----------------
+primary control-plane node:
+---------------------------
 
 VERSION=1.23.1
 
@@ -26,8 +26,8 @@ apt-get update && apt-get install -y "kubelet=$VERSION-00" "kubectl=$VERSION-00"
 kubectl uncordon $(hostname)
 
 
-secondary master:
------------------
+secondary control-plane node:
+-----------------------------
 
 VERSION=1.23.1
 
@@ -55,7 +55,7 @@ apt-get update
 sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
 apt-get install -y "kubeadm=$VERSION-00"
 
-@primary master: kubectl drain <node> --ignore-daemonsets --delete-emptydir-data
+@primary control-plane node: kubectl drain <node> --ignore-daemonsets --delete-emptydir-data
 
 kubeadm upgrade node
 sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
@@ -64,4 +64,4 @@ apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
 
-@primary master: kubectl uncordon <node>
+@primary control-plane node: kubectl uncordon <node>
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/worker/tasks/main.yml
index 13937bcf..eabb7a1f 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/worker/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
-- name: join kubernetes node and store log
+- name: join kubernetes worker node and store log
   block:
-  - name: join kubernetes node
+  - name: join kubernetes worker node
     command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
     args:
       creates: /etc/kubernetes/kubelet.conf
author	Christian Pointner <equinox@spreadspace.org>	2022-05-07 22:45:49 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2022-05-07 23:53:19 +0200
commit	c09b07327b688a6a47f523a15c1a5c29d4f476d0 (patch)
tree	6c243d60a3fb142c582761f1baab1c00f7081342 /roles/kubernetes/kubeadm
parent	cosmetic changes (diff)