From 8e254ec1e82377f4401775f5111353a4e0b43abb Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Tue, 10 Sep 2024 12:00:26 +0200 Subject: [PATCH] kubeadm: allow to provide patch inline in inventories Specifying one directory for kubeadm patches is not ideal: 1. It does not allow working with multiples inventories easily 2. No ansible templating of the patch 3. Ansible path searching can sometimes be confusing Instead, provide the patch directly in a variable, and add some quality of life to handle components targeting and patch ordering more explicitly (`target` and `type` which are translated to the kubeadm scheme which is based on the file name) --- .../control-plane/tasks/kubeadm-upgrade.yml | 4 ++-- .../templates/kubeadm-config.v1beta3.yaml.j2 | 4 ++-- .../templates/kubeadm-controlplane.v1beta3.yaml.j2 | 4 ++-- .../templates/kubeadm-client.conf.v1beta3.j2 | 4 ++-- roles/kubernetes/kubeadm_common/defaults/main.yml | 14 ++++++++++++++ roles/kubernetes/kubeadm_common/tasks/main.yml | 12 +++++++----- 6 files changed, 29 insertions(+), 13 deletions(-) create mode 100644 roles/kubernetes/kubeadm_common/defaults/main.yml diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index 343724c47..9609c2f3d 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -18,7 +18,7 @@ --ignore-preflight-errors=all --allow-experimental-upgrades --etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }} - {% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %} + {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %} --force register: kubeadm_upgrade # Retry is because upload config sometimes fails @@ -39,7 +39,7 @@ --ignore-preflight-errors=all --allow-experimental-upgrades --etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }} - {% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %} + {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %} --force register: kubeadm_upgrade # Retry is because upload config sometimes fails diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 index ca48a3a91..9dd5e4376 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 @@ -28,9 +28,9 @@ nodeRegistration: kubeletExtraArgs: cloud-provider: external {% endif %} -{% if kubeadm_patches is defined and kubeadm_patches.enabled %} +{% if kubeadm_patches | length > 0 %} patches: - directory: {{ kubeadm_patches.dest_dir }} + directory: {{ kubeadm_patches_dir }} {% endif %} --- apiVersion: kubeadm.k8s.io/v1beta3 diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 index cd19b5c2e..bc9f3bdf9 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 @@ -31,7 +31,7 @@ nodeRegistration: {% else %} taints: [] {% endif %} -{% if kubeadm_patches is defined and kubeadm_patches.enabled %} +{% if kubeadm_patches | length > 0 %} patches: - directory: {{ kubeadm_patches.dest_dir }} + directory: {{ kubeadm_patches_dir }} {% endif %} diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 index 3b3bc57de..5016df9c3 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 @@ -38,7 +38,7 @@ nodeRegistration: - effect: NoSchedule key: node-role.kubernetes.io/calico-rr {% endif %} -{% if kubeadm_patches is defined and kubeadm_patches.enabled %} +{% if kubeadm_patches | length > 0 %} patches: - directory: {{ kubeadm_patches.dest_dir }} + directory: {{ kubeadm_patches_dir }} {% endif %} diff --git a/roles/kubernetes/kubeadm_common/defaults/main.yml b/roles/kubernetes/kubeadm_common/defaults/main.yml new file mode 100644 index 000000000..f7d70691a --- /dev/null +++ b/roles/kubernetes/kubeadm_common/defaults/main.yml @@ -0,0 +1,14 @@ +--- +kubeadm_patches_dir: "{{ kube_config_dir }}/patches" +kubeadm_patches: [] +# kubeadm_patches: +# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration +# type: strategic(default)|json|merge +# patch: +# metadata: +# annotations: +# example.com/test: "true" +# labels: +# example.com/prod_level: "{{ prod_level }}" +# - ... +# Patches are applied in the order they are specified. diff --git a/roles/kubernetes/kubeadm_common/tasks/main.yml b/roles/kubernetes/kubeadm_common/tasks/main.yml index b1f316e22..0f8d3b0a0 100644 --- a/roles/kubernetes/kubeadm_common/tasks/main.yml +++ b/roles/kubernetes/kubeadm_common/tasks/main.yml @@ -1,15 +1,17 @@ --- - name: Kubeadm | Create directory to store kubeadm patches file: - path: "{{ kubeadm_patches.dest_dir }}" + path: "{{ kubeadm_patches_dir }}" state: directory mode: "0640" - when: kubeadm_patches is defined and kubeadm_patches.enabled + when: kubeadm_patches | length > 0 - name: Kubeadm | Copy kubeadm patches from inventory files copy: - src: "{{ kubeadm_patches.source_dir }}/" - dest: "{{ kubeadm_patches.dest_dir }}" + content: "{{ item.patch | to_yaml }}" + dest: "{{ kubeadm_patches_dir }}/{{ item.target }}{{ suffix }}+{{ item.type | d('strategic') }}.yaml" owner: "root" mode: "0644" - when: kubeadm_patches is defined and kubeadm_patches.enabled + loop: "{{ kubeadm_patches }}" + loop_control: + index_var: suffix