[kubeadm] use v1beta3 configuration version

* extra admission controls now don't have a version in their file names
  eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2
* cri_socket variable includes the unix:// prefix to be conformat with
  upstream

roles/container-engine/crictl/templates/crictl.yaml.j2

@@ -1,4 +1,4 @@
-runtime-endpoint: unix://{{ cri_socket }}
-image-endpoint: unix://{{ cri_socket }}
+runtime-endpoint: {{ cri_socket }}
+image-endpoint: {{ cri_socket }}
 timeout: 30
 debug: false

roles/container-engine/nerdctl/templates/nerdctl.toml.j2

@@ -1,6 +1,6 @@
 debug             = false
 debug_full        = false
-address           = "unix://{{ cri_socket }}"
+address           = "{{ cri_socket }}"
 namespace         = "k8s.io"
 snapshotter       = "native"
 cni_path          = "/opt/cni/bin"

roles/download/templates/kubeadm-images.yaml.j2

@@ -1,9 +1,9 @@
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: InitConfiguration
 nodeRegistration:
   criSocket: {{ cri_socket }}
 ---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: ClusterConfiguration
 imageRepository: {{ kube_image_repo }}
 kubernetesVersion: {{ kube_version }}

roles/kubernetes/control-plane/tasks/kubeadm-setup.yml

@@ -73,9 +73,9 @@
     kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}"
   when: loadbalancer_apiserver is defined
 
-- name: Set kubeadm api version to v1beta2
+- name: Set kubeadm api version to v1beta3
   set_fact:
-    kubeadmConfig_api_version: v1beta2
+    kubeadmConfig_api_version: v1beta3
 
 - name: kubeadm | Create kubeadm config
   template:
@@ -92,14 +92,14 @@
 
 - name: kubeadm | Push admission control config file
   template:
-    src: "admission-controls.{{ kubeadmConfig_api_version }}.yaml.j2"
+    src: "admission-controls.yaml.j2"
     dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml"
     mode: 0640
   when: kube_apiserver_admission_control_config_file
 
 - name: kubeadm | Push admission control config files
   template:
-    src: "{{ item|lower }}.{{ kubeadmConfig_api_version }}.yaml.j2"
+    src: "{{ item|lower }}.yaml.j2"
     dest: "{{ kube_config_dir }}/admission-controls/{{ item|lower }}.yaml"
     mode: 0640
   when:

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 → roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -1,4 +1,4 @@
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: InitConfiguration
 {% if kubeadm_token is defined %}
 bootstrapTokens:
@@ -29,7 +29,7 @@ nodeRegistration:
     cloud-provider: external
 {% endif %}
 ---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: ClusterConfiguration
 clusterName: {{ cluster_name }}
 etcd:
@@ -86,7 +86,6 @@ etcd:
 {% endfor %}
 {% endif %}
 dns:
-  type: CoreDNS
   imageRepository: {{ coredns_image_repo | regex_replace('/coredns(?!/coredns).*$','') }}
   imageTag: {{ coredns_image_tag }}
 networking:
@@ -125,7 +124,9 @@ apiServer:
 {% if kube_apiserver_insecure_port|string != "0" %}
     insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
 {% endif %}
+{% if kube_version is version('v1.24.0','<') %}
     insecure-port: "{{ kube_apiserver_insecure_port }}"
+{% endif %}
 {% if kube_apiserver_enable_admission_plugins|length > 0 %}
     enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
 {% endif %}

roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2 → roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2

@@ -1,4 +1,4 @@
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: JoinConfiguration
 discovery:
   bootstrapToken:
@@ -25,4 +25,4 @@ nodeRegistration:
     key: node-role.kubernetes.io/master
 {% else %}
   taints: []
-{% endif %}
+{% endif %}

roles/kubernetes/kubeadm/tasks/main.yml

@@ -54,7 +54,7 @@
 
 - name: Set kubeadm api version to v1beta2
   set_fact:
-    kubeadmConfig_api_version: v1beta2
+    kubeadmConfig_api_version: v1beta3
 
 - name: Create kubeadm client config
   template:

roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta2.j2 → roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2

@@ -1,5 +1,5 @@
 ---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: JoinConfiguration
 discovery:
   bootstrapToken:

roles/kubernetes/node/templates/kubelet.env.v1beta1.j2

@@ -13,7 +13,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
 --kubeconfig={{ kube_config_dir }}/kubelet.conf \
 {# end kubeadm specific settings #}
 --container-runtime=remote \
---container-runtime-endpoint=unix://{{ cri_socket }} \
+--container-runtime-endpoint={{ cri_socket }} \
 --runtime-cgroups={{ kubelet_runtime_cgroups }} \
 {% endset %}
 

roles/kubespray-defaults/defaults/main.yaml

@@ -289,11 +289,11 @@ container_manager_on_localhost: "{{ container_manager }}"
 # CRI socket path
 cri_socket: >-
   {%- if container_manager == 'crio' -%}
-  /var/run/crio/crio.sock
+  unix:///var/run/crio/crio.sock
   {%- elif container_manager == 'containerd' -%}
-  /var/run/containerd/containerd.sock
+  unix:////var/run/containerd/containerd.sock
   {%- elif container_manager == 'docker' -%}
-  /var/run/cri-dockerd.sock
+  unix:///var/run/cri-dockerd.sock
   {%- endif -%}
 
 ## Uncomment this if you want to force overlay/overlay2 as docker storage driver