From 14824c28b863f0028822f3ab92f8b9199cda7322 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 15 May 2021 23:44:29 +0200
Subject: k8s: cleanup CRI socket handling

---
 roles/kubernetes/base/defaults/main.yml                           | 2 ++
 roles/kubernetes/base/tasks/cri_docker.yml                        | 2 +-
 roles/kubernetes/base/tasks/main.yml                              | 3 +--
 roles/kubernetes/kubeadm/master/tasks/primary-master.yml          | 4 ++--
 roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml       | 2 +-
 roles/kubernetes/kubeadm/node/tasks/main.yml                      | 2 +-
 .../standalone/base/templates/kubelet.service.override.j2         | 8 +++++---
 7 files changed, 13 insertions(+), 10 deletions(-)
 create mode 100644 roles/kubernetes/base/defaults/main.yml

(limited to 'roles/kubernetes')

diff --git a/roles/kubernetes/base/defaults/main.yml b/roles/kubernetes/base/defaults/main.yml
new file mode 100644
index 00000000..d5eccc59
--- /dev/null
+++ b/roles/kubernetes/base/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+kubernetes_cri_tools_pkg_version: "{{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1"
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 88b35508..a9b5dec1 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -3,7 +3,7 @@
   assert:
     msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!"
     that:
-    - not kubernetes_cri_socket
+    - kubernetes_cri_socket == "unix:///var/run/dockershim.sock"
 
 - name: create systemd snippet directory
   file:
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index a13f04fa..adbd24aa 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -21,7 +21,7 @@
   apt:
     name:
     - bridge-utils
-    - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1"
+    - "cri-tools={{ kubernetes_cri_tools_pkg_version }}"
     - "kubelet={{ kubernetes_version }}-00"
     state: present
     force: yes
@@ -35,7 +35,6 @@
     selection: hold
 
 - name: configure endpoints for crictl
-  when: kubernetes_cri_socket
   copy:
     dest: /etc/crictl.yaml
     content: |
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 432f7479..463821ff 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -27,8 +27,8 @@
   - name: initialize kubernetes master and store log
     block:
     - name: initialize kubernetes master
-      command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
-  #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
+      command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
+  #    command: "kubeadm init --config /etc/kubernetes/kubeadm.config --cri-socket {{ kubernetes_cri_socket }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
       args:
         creates: /etc/kubernetes/pki/ca.crt
       register: kubeadm_init
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index 610a8d3f..4759b7fd 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -29,7 +29,7 @@
   block:
   - name: join kubernetes secondary master node
     throttle: 1
-    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
     args:
       creates: /etc/kubernetes/kubelet.conf
     register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 6b3d18ae..13937bcf 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: join kubernetes node and store log
   block:
   - name: join kubernetes node
-    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+    command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --cri-socket {{ kubernetes_cri_socket }} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
     args:
       creates: /etc/kubernetes/kubelet.conf
     register: kubeadm_join
diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
index d7105856..00f2c360 100644
--- a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
+++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
@@ -1,9 +1,11 @@
 [Service]
 ExecStart=
 ExecStart=/usr/bin/kubelet \
-  --config=/etc/kubernetes/kubelet.yml \
-{% if kubernetes_cri_socket %}
+{% if kubernetes_container_runtime != 'docker' %}
   --container-runtime=remote \
   --container-runtime-endpoint={{ kubernetes_cri_socket }} \
-{% endif %}
+{% else %}
+  --container-runtime=docker \
   --network-plugin=cni \
+{% endif %}
+  --config=/etc/kubernetes/kubelet.yml
-- 
cgit v1.2.3