12 files changed, 14 insertions, 24 deletions

diff --git a/inventory/group_vars/kubernetes/vars.yml b/inventory/group_vars/kubernetes/vars.yml
index a0e08c5c..0df0e94f 100644
--- a/inventory/group_vars/kubernetes/vars.yml
+++ b/inventory/group_vars/kubernetes/vars.yml
@@ -1,6 +1,6 @@
 ---
 kubernetes_cri_sockets:
   containerd: "unix:///run/containerd/containerd.sock"
-  docker: ""
+  docker: "unix:///var/run/dockershim.sock"
 
 kubernetes_cri_socket: "{{ kubernetes_cri_sockets[kubernetes_container_runtime] }}"
diff --git a/roles/apps/coturn/templates/acmetool-reload.sh.j2 b/roles/apps/coturn/templates/acmetool-reload.sh.j2
index c90c296d..08530583 100644
--- a/roles/apps/coturn/templates/acmetool-reload.sh.j2
+++ b/roles/apps/coturn/templates/acmetool-reload.sh.j2
@@ -18,9 +18,6 @@ while read name; do
   install -m 0644 -o root -g coturn "$certdir/fullchain" "$SSL_D/cert.pem"
   install -m 0640 -o root -g coturn "$certdir/privkey" "$SSL_D/privkey.pem"
 
-{% if kubernetes_cri_socket %}
-  export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}"
-{% endif %}
   pod_id=$(crictl pods -q --state ready --name "^coturn-{{ coturn_realm }}-{{ ansible_nodename }}$")
   [ -n "$pod_id" ] || exit 42
   container_id=$(crictl ps -q --name '^coturn$' -p "$pod_id")
diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2
index e3b8dbb7..adef944d 100644
--- a/roles/apps/mumble/templates/acmetool-reload.sh.j2
+++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2
@@ -18,9 +18,6 @@ while read name; do
   install -m 0644 -o root -g mumble "$certdir/fullchain" "$SSL_D/cert.pem"
   install -m 0640 -o root -g mumble "$certdir/privkey" "$SSL_D/privkey.pem"
 
-{% if kubernetes_cri_socket %}
-  export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}"
-{% endif %}
   pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$")
   [ -n "$pod_id" ] || exit 42
   container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id")
diff --git a/roles/apps/nextcloud/templates/nextcloud-occ.j2 b/roles/apps/nextcloud/templates/nextcloud-occ.j2
index 7e2a51d4..f12f1259 100755
--- a/roles/apps/nextcloud/templates/nextcloud-occ.j2
+++ b/roles/apps/nextcloud/templates/nextcloud-occ.j2
@@ -9,9 +9,6 @@ if [ -z "$INST_NAME" ]; then
 fi
 
 set -eu
-{% if kubernetes_cri_socket %}
-export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}"
-{% endif %}
 
 pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
 if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
diff --git a/roles/apps/nextcloud/templates/run-cron.sh.j2 b/roles/apps/nextcloud/templates/run-cron.sh.j2
index 755b7cb1..455bc3ec 100644
--- a/roles/apps/nextcloud/templates/run-cron.sh.j2
+++ b/roles/apps/nextcloud/templates/run-cron.sh.j2
@@ -1,9 +1,5 @@
 #!/bin/bash
 
-{% if kubernetes_cri_socket %}
-export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}"
-{% endif %}
-
 POD_NAME="{{ item }}-$(hostname)"
 POD_ID=$(crictl pods --name "$POD_NAME" --state ready -q)
 CONTAINER_ID=$(crictl ps --pod "$POD_ID" --name nextcloud -q)
diff --git a/roles/kubernetes/base/defaults/main.yml b/roles/kubernetes/base/defaults/main.yml
new file mode 100644
index 00000000..d5eccc59
--- /dev/null
+++ b/roles/kubernetes/base/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+kubernetes_cri_tools_pkg_version: "{{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1"
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 88b35508..a9b5dec1 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -3,7 +3,7 @@
   assert:
     msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!"
     that:
-    - not kubernetes_cri_socket
+    - kubernetes_cri_socket == "unix:///var/run/dockershim.sock"
 
 - name: create systemd snippet directory
   file:
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index a13f04fa..adbd24aa 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -21,7 +21,7 @@
   apt:
     name:
     - bridge-utils
-    - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1"
+    - "cri-tools={{ kubernetes_cri_tools_pkg_version }}"
     - "kubelet={{ kubernetes_version }}-00"
     state: present
     force: yes
@@ -35,7 +35,6 @@
     selection: hold
 
 - name: configure endpoints for crictl
-  when: kubernetes_cri_socket
   copy:
     dest: /etc/crictl.yaml
     content: |
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 432f7479..463821ff 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -27,8 +27,8 @@
   - name: initialize kubernetes master and store log
     block:
     - name: initialize kubernetes master
-      command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
-  #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
+      command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
+  #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config --cri-socket {{ kubernetes_cri_socket }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
       args:
         creates: /etc/kubernetes/pki/ca.crt
       register: kubeadm_init
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index 610a8d3f..4759b7fd 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -29,7 +29,7 @@
   block:
   - name: join kubernetes secondary master node
     throttle: 1
-    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
     args:
       creates: /etc/kubernetes/kubelet.conf
     register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 6b3d18ae..13937bcf 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: join kubernetes node and store log
   block:
   - name: join kubernetes node
-    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
     args:
       creates: /etc/kubernetes/kubelet.conf
     register: kubeadm_join
diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
index d7105856..00f2c360 100644
--- a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
+++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
@@ -1,9 +1,11 @@
 [Service]
 ExecStart=
 ExecStart=/usr/bin/kubelet \
-  --config=/etc/kubernetes/kubelet.yml \
-{% if kubernetes_cri_socket %}
+{% if kubernetes_container_runtime != 'docker' %}
   --container-runtime=remote \
   --container-runtime-endpoint={{ kubernetes_cri_socket }} \
-{% endif %}
+{% else %}
+  --container-runtime=docker \
   --network-plugin=cni \
+{% endif %}
+  --config=/etc/kubernetes/kubelet.yml