From bb9a03e136bd8d1029bfb2c1cf0be22d28df1576 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 17 Jan 2020 19:53:12 +0100
Subject: kubernetes: node cleanup works now

---
 common/kubernetes-cleanup.yml                               |  7 ++-----
 common/kubernetes.yml                                       |  2 --
 roles/kubernetes/kubeadm/master/tasks/main.yml              |  6 +++---
 roles/kubernetes/kubeadm/master/tasks/primary-master.yml    |  4 ++--
 roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml |  4 ++--
 roles/kubernetes/kubeadm/node/tasks/main.yml                |  2 +-
 roles/kubernetes/kubeadm/reset/tasks/main.yml               | 10 ++++++++++
 spreadspace/k8s-test.yml                                    |  5 ++++-
 8 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/common/kubernetes-cleanup.yml b/common/kubernetes-cleanup.yml
index a320e0f8..be55d11e 100644
--- a/common/kubernetes-cleanup.yml
+++ b/common/kubernetes-cleanup.yml
@@ -1,7 +1,4 @@
 ---
-- import_playbook: kubernetes-cluster-layout.yml
-
-########
 - name: check for nodes to be removed
   hosts: _kubernetes_primary_master_
   tasks:
@@ -15,7 +12,7 @@
     loop: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list | difference(groups['_kubernetes_nodes_']) }}"
     add_host:
       name: "{{ item }}"
-      inventory_dir: "{{ inventory_dir }}"
+      inventory_dir: "{{ hostvars[item].inventory_dir }}"
       group: _kubernetes_nodes_remove_
     changed_when: False
 
@@ -28,7 +25,7 @@
   roles:
   - role: kubernetes/kubeadm/reset
   - role: kubernetes/net/kubeguard
-    when: kubernetes_network_plugin == 'kubeguard'
+    when: hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_network_plugin == 'kubeguard'
     vars:
       kubeguard_action: remove
 
diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index aaf23219..4fc8cef2 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -1,6 +1,4 @@
 ---
-- import_playbook: kubernetes-cluster-layout.yml
-
 - name: prepare variables and do some sanity checks
   hosts: _kubernetes_nodes_
   gather_facts: no
diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/master/tasks/main.yml
index 7f96ff6a..9af041b2 100644
--- a/roles/kubernetes/kubeadm/master/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/main.yml
@@ -22,7 +22,7 @@
 
 
 - name: check if master is tainted (1/2)
-  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ host_name }} -o json"
+  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ inventory_hostname }} -o json"
   check_mode: no
   register: kubectl_get_node
   changed_when: False
@@ -33,11 +33,11 @@
 
 - name: remove taint from master node
   when: not kubernetes.dedicated_master and 'node-role.kubernetes.io/master' in kube_node_taints
-  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ host_name }} node-role.kubernetes.io/master-"
+  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-"
 
 - name: add taint for master node
   when: kubernetes.dedicated_master and 'node-role.kubernetes.io/master' not in kube_node_taints
-  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ host_name }} node-role.kubernetes.io/master='':NoSchedule"
+  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master='':NoSchedule"
 
 
 - name: prepare kubectl (1/2)
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 5efc91b5..e814e847 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -25,7 +25,7 @@
   #   register: kubeadm_token_generate
 
   - name: initialize kubernetes master
-    command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
+    command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
 #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
     args:
       creates: /etc/kubernetes/pki/ca.crt
@@ -70,7 +70,7 @@
       kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
 
   - name: create bootstrap token for existing cluster
-    when: "groups['_kubernetes_nodes_'] | map('extract', hostvars) | map(attribute='host_name') | difference(kubernetes_current_nodes) | length > 0"
+    when: "groups['_kubernetes_nodes_'] | difference(kubernetes_current_nodes) | length > 0"
     command: kubeadm token create --ttl 42m
     check_mode: no
     register: kubeadm_token_create
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index fc85a37d..7025ace0 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -15,7 +15,7 @@
       kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
 
   - name: upload certs
-    when: "groups['_kubernetes_masters_'] | map('extract', hostvars) | map(attribute='host_name') | difference(kubernetes_current_nodes) | length > 0"
+    when: "groups['_kubernetes_masters_'] | difference(kubernetes_current_nodes) | length > 0"
     command: kubeadm init phase upload-certs --upload-certs
     check_mode: no
     register: kubeadm_upload_certs
@@ -26,7 +26,7 @@
     kubeadm_upload_certs_key: "{% if kubeadm_upload_certs.stdout is defined %}{{ kubeadm_upload_certs.stdout_lines | last }}{% endif %}"
 
 - name: join kubernetes secondary master node
-  command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+  command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
   args:
     creates: /etc/kubernetes/kubelet.conf
   register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index dba2ce30..f7efdd81 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: join kubernetes node
-  command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+  command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
   args:
     creates: /etc/kubernetes/kubelet.conf
   register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/reset/tasks/main.yml b/roles/kubernetes/kubeadm/reset/tasks/main.yml
index a6d64c7d..f0e88e53 100644
--- a/roles/kubernetes/kubeadm/reset/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/reset/tasks/main.yml
@@ -1,3 +1,13 @@
 ---
 - name: clean up settings and files created by kubeadm
   command: kubeadm reset -f
+
+- name: clean up extra configs and logs
+  loop:
+    - /etc/kubernetes/kubeadm.config
+    - /etc/kubernetes/kubeadm-init.log
+    - /etc/kubernetes/kubeadm-join.log
+    - /etc/kubernetes/pki
+  file:
+    path: "{{ item }}"
+    state: absent
diff --git a/spreadspace/k8s-test.yml b/spreadspace/k8s-test.yml
index ed56cb78..97daa5b0 100644
--- a/spreadspace/k8s-test.yml
+++ b/spreadspace/k8s-test.yml
@@ -6,9 +6,12 @@
 #   - role: sshd
 #   - role: zsh
 
-- import_playbook: ../common/kubernetes.yml
+- import_playbook: ../common/kubernetes-cluster-layout.yml
   vars:
     kubernetes_cluster_layout:
       nodes_group: k8s-test
       masters:
       - s2-k8s-test0
+
+- import_playbook: ../common/kubernetes.yml
+- import_playbook: ../common/kubernetes-cleanup.yml
-- 
cgit v1.2.3