From 2cd8c51a07a3b9b6ffe697e2123abbb26117932f Mon Sep 17 00:00:00 2001 From: Calin Cristian Andrei Date: Mon, 6 Jun 2022 22:25:57 +0300 Subject: [PATCH] [kubeadm] use v1beta3 configuration version * extra admission controls now don't have a version in their file names eventratelimit.v1beta2.yaml.j2 -> eventratelimit.yaml.j2 * cri_socket variable includes the unix:// prefix to be conformat with upstream --- roles/container-engine/crictl/templates/crictl.yaml.j2 | 4 ++-- roles/container-engine/nerdctl/templates/nerdctl.toml.j2 | 2 +- roles/download/templates/kubeadm-images.yaml.j2 | 4 ++-- roles/kubernetes/control-plane/tasks/kubeadm-setup.yml | 8 ++++---- ...ontrols.v1beta2.yaml.j2 => admission-controls.yaml.j2} | 0 ...ntratelimit.v1beta2.yaml.j2 => eventratelimit.yaml.j2} | 0 ...fig.v1beta2.yaml.j2 => kubeadm-config.v1beta3.yaml.j2} | 7 ++++--- ...beta2.yaml.j2 => kubeadm-controlplane.v1beta3.yaml.j2} | 4 ++-- roles/kubernetes/kubeadm/tasks/main.yml | 2 +- ...ent.conf.v1beta2.j2 => kubeadm-client.conf.v1beta3.j2} | 2 +- roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 | 2 +- roles/kubespray-defaults/defaults/main.yaml | 6 +++--- 12 files changed, 21 insertions(+), 20 deletions(-) rename roles/kubernetes/control-plane/templates/{admission-controls.v1beta2.yaml.j2 => admission-controls.yaml.j2} (100%) rename roles/kubernetes/control-plane/templates/{eventratelimit.v1beta2.yaml.j2 => eventratelimit.yaml.j2} (100%) rename roles/kubernetes/control-plane/templates/{kubeadm-config.v1beta2.yaml.j2 => kubeadm-config.v1beta3.yaml.j2} (99%) rename roles/kubernetes/control-plane/templates/{kubeadm-controlplane.v1beta2.yaml.j2 => kubeadm-controlplane.v1beta3.yaml.j2} (95%) rename roles/kubernetes/kubeadm/templates/{kubeadm-client.conf.v1beta2.j2 => kubeadm-client.conf.v1beta3.j2} (96%) diff --git a/roles/container-engine/crictl/templates/crictl.yaml.j2 b/roles/container-engine/crictl/templates/crictl.yaml.j2 index fbf691f8a..b97dbefe6 100644 --- a/roles/container-engine/crictl/templates/crictl.yaml.j2 +++ b/roles/container-engine/crictl/templates/crictl.yaml.j2 @@ -1,4 +1,4 @@ -runtime-endpoint: unix://{{ cri_socket }} -image-endpoint: unix://{{ cri_socket }} +runtime-endpoint: {{ cri_socket }} +image-endpoint: {{ cri_socket }} timeout: 30 debug: false diff --git a/roles/container-engine/nerdctl/templates/nerdctl.toml.j2 b/roles/container-engine/nerdctl/templates/nerdctl.toml.j2 index c12d6832e..cd1b5f9e2 100644 --- a/roles/container-engine/nerdctl/templates/nerdctl.toml.j2 +++ b/roles/container-engine/nerdctl/templates/nerdctl.toml.j2 @@ -1,6 +1,6 @@ debug = false debug_full = false -address = "unix://{{ cri_socket }}" +address = "{{ cri_socket }}" namespace = "k8s.io" snapshotter = "native" cni_path = "/opt/cni/bin" diff --git a/roles/download/templates/kubeadm-images.yaml.j2 b/roles/download/templates/kubeadm-images.yaml.j2 index c2068d2fc..3a9121def 100644 --- a/roles/download/templates/kubeadm-images.yaml.j2 +++ b/roles/download/templates/kubeadm-images.yaml.j2 @@ -1,9 +1,9 @@ -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration nodeRegistration: criSocket: {{ cri_socket }} --- -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration imageRepository: {{ kube_image_repo }} kubernetesVersion: {{ kube_version }} diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index f339989c8..c960ad643 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -73,9 +73,9 @@ kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}" when: loadbalancer_apiserver is defined -- name: Set kubeadm api version to v1beta2 +- name: Set kubeadm api version to v1beta3 set_fact: - kubeadmConfig_api_version: v1beta2 + kubeadmConfig_api_version: v1beta3 - name: kubeadm | Create kubeadm config template: @@ -92,14 +92,14 @@ - name: kubeadm | Push admission control config file template: - src: "admission-controls.{{ kubeadmConfig_api_version }}.yaml.j2" + src: "admission-controls.yaml.j2" dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml" mode: 0640 when: kube_apiserver_admission_control_config_file - name: kubeadm | Push admission control config files template: - src: "{{ item|lower }}.{{ kubeadmConfig_api_version }}.yaml.j2" + src: "{{ item|lower }}.yaml.j2" dest: "{{ kube_config_dir }}/admission-controls/{{ item|lower }}.yaml" mode: 0640 when: diff --git a/roles/kubernetes/control-plane/templates/admission-controls.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/admission-controls.yaml.j2 similarity index 100% rename from roles/kubernetes/control-plane/templates/admission-controls.v1beta2.yaml.j2 rename to roles/kubernetes/control-plane/templates/admission-controls.yaml.j2 diff --git a/roles/kubernetes/control-plane/templates/eventratelimit.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/eventratelimit.yaml.j2 similarity index 100% rename from roles/kubernetes/control-plane/templates/eventratelimit.v1beta2.yaml.j2 rename to roles/kubernetes/control-plane/templates/eventratelimit.yaml.j2 diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 similarity index 99% rename from roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 rename to roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 index ba1c5be39..9415593d0 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 @@ -1,4 +1,4 @@ -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration {% if kubeadm_token is defined %} bootstrapTokens: @@ -29,7 +29,7 @@ nodeRegistration: cloud-provider: external {% endif %} --- -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration clusterName: {{ cluster_name }} etcd: @@ -86,7 +86,6 @@ etcd: {% endfor %} {% endif %} dns: - type: CoreDNS imageRepository: {{ coredns_image_repo | regex_replace('/coredns(?!/coredns).*$','') }} imageTag: {{ coredns_image_tag }} networking: @@ -125,7 +124,9 @@ apiServer: {% if kube_apiserver_insecure_port|string != "0" %} insecure-bind-address: {{ kube_apiserver_insecure_bind_address }} {% endif %} +{% if kube_version is version('v1.24.0','<') %} insecure-port: "{{ kube_apiserver_insecure_port }}" +{% endif %} {% if kube_apiserver_enable_admission_plugins|length > 0 %} enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }} {% endif %} diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 similarity index 95% rename from roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2 rename to roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 index f73a85fe9..7bf876c52 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta2.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 @@ -1,4 +1,4 @@ -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration discovery: bootstrapToken: @@ -25,4 +25,4 @@ nodeRegistration: key: node-role.kubernetes.io/master {% else %} taints: [] -{% endif %} \ No newline at end of file +{% endif %} diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 15a20cbd7..13497ffbb 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -54,7 +54,7 @@ - name: Set kubeadm api version to v1beta2 set_fact: - kubeadmConfig_api_version: v1beta2 + kubeadmConfig_api_version: v1beta3 - name: Create kubeadm client config template: diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta2.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 similarity index 96% rename from roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta2.j2 rename to roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 index 143a731ed..f9b31dc73 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta2.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 @@ -1,5 +1,5 @@ --- -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration discovery: bootstrapToken: diff --git a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 index 5c8c32df6..9397d7a2e 100644 --- a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 +++ b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 @@ -13,7 +13,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}" --kubeconfig={{ kube_config_dir }}/kubelet.conf \ {# end kubeadm specific settings #} --container-runtime=remote \ ---container-runtime-endpoint=unix://{{ cri_socket }} \ +--container-runtime-endpoint={{ cri_socket }} \ --runtime-cgroups={{ kubelet_runtime_cgroups }} \ {% endset %} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index fa99b85bf..d2b6ad239 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -289,11 +289,11 @@ container_manager_on_localhost: "{{ container_manager }}" # CRI socket path cri_socket: >- {%- if container_manager == 'crio' -%} - /var/run/crio/crio.sock + unix:///var/run/crio/crio.sock {%- elif container_manager == 'containerd' -%} - /var/run/containerd/containerd.sock + unix:////var/run/containerd/containerd.sock {%- elif container_manager == 'docker' -%} - /var/run/cri-dockerd.sock + unix:///var/run/cri-dockerd.sock {%- endif -%} ## Uncomment this if you want to force overlay/overlay2 as docker storage driver