From 2054a98cf7d846007915c60f9709973bed104917 Mon Sep 17 00:00:00 2001
From: Florent Monbillard <f.monbillard@gmail.com>
Date: Mon, 28 Jan 2019 05:00:49 -0500
Subject: [PATCH] Run kubeadm and hyperkube outside of local_release_dir
(#4098)
Addressing the discussion started in #4064, this PR moves kubeadm and
hyperkube binaries to /usr/local/bin before running them on the master
nodes.
It is to address the case where local_release_dir points to /tmp
(kubespray default) and /tmp is mounted with noexec mode, preventing
any binaries to be run in that partition.
In role "node", we still move kubeadm to bin_dir only on the worker
nodes.
---
roles/download/tasks/kubeadm_images.yml | 18 ++++++++++++++++-
roles/kubernetes/node/tasks/install.yml | 26 +++++++++++++++++++++++++
roles/kubernetes/node/tasks/main.yml | 2 +-
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/roles/download/tasks/kubeadm_images.yml b/roles/download/tasks/kubeadm_images.yml
index 6492151d1..a166a35ab 100644
--- a/roles/download/tasks/kubeadm_images.yml
+++ b/roles/download/tasks/kubeadm_images.yml
@@ -4,5 +4,21 @@
src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
+- name: kubeadm | Copy kubeadm binary from download dir
+ synchronize:
+ src: "{{ local_release_dir }}/kubeadm"
+ dest: "{{ bin_dir }}/kubeadm"
+ compress: no
+ perms: yes
+ owner: no
+ group: no
+ delegate_to: "{{ inventory_hostname }}"
+
+- name: kubeadm | Set kubeadm binary permissions
+ file:
+ path: "{{ bin_dir }}/kubeadm"
+ mode: "0755"
+ state: file
+
- name: container_download | download images for kubeadm config images
- command: "{{ local_release_dir }}/kubeadm config images pull --config={{ kube_config_dir }}/kubeadm-images.yaml"
+ command: "{{ bin_dir }}/kubeadm config images pull --config={{ kube_config_dir }}/kubeadm-images.yaml"
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index 0cbd4bc9d..d5ef4279a 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -10,6 +10,8 @@
delegate_to: "{{ inventory_hostname }}"
tags:
- kubeadm
+ when:
+ - not inventory_hostname in groups['kube-master']
- name: install | Set kubeadm binary permissions
file:
@@ -18,6 +20,8 @@
state: file
tags:
- kubeadm
+ when:
+ - not inventory_hostname in groups['kube-master']
- name: install | Copy kubelet binary from download dir
synchronize:
@@ -42,6 +46,28 @@
- hyperkube
- upgrade
+- name: install | Copy hyperkube binary from download dir
+ synchronize:
+ src: "{{ local_release_dir }}/hyperkube"
+ dest: "{{ bin_dir }}/hyperkube"
+ compress: no
+ perms: yes
+ owner: no
+ group: no
+ delegate_to: "{{ inventory_hostname }}"
+ tags:
+ - hyperkube
+ - upgrade
+
+- name: install | Set hyperkube binary permissions
+ file:
+ path: "{{ bin_dir }}/hyperkube"
+ mode: "0755"
+ state: file
+ tags:
+ - hyperkube
+ - upgrade
+
- name: install | Copy socat wrapper for Container Linux
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args:
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index edf0b29e1..537abcd7e 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -152,7 +152,7 @@
- kube-proxy
- name: Cleanup kube-proxy leftovers from node
- command: "{{ local_release_dir }}/hyperkube kube-proxy --cleanup"
+ command: "{{ bin_dir }}/hyperkube kube-proxy --cleanup"
when:
- kube_proxy_remove
# `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?)
--
GitLab