From 6878c2af4e0bbc3ae135c31c68d05d47c0dd84ca Mon Sep 17 00:00:00 2001
From: Chad Swenson <chadswen@gmail.com>
Date: Thu, 7 Feb 2019 00:20:11 -0600
Subject: [PATCH] Fix kube_hostname_override inconsistencies (#4185)
---
.../group_vars/k8s-cluster/k8s-cluster.yml | 7 +++++
roles/kubernetes/kubeadm/defaults/main.yml | 7 +++++
.../templates/kubeadm-client.conf.v1alpha2.j2 | 2 +-
.../templates/kubeadm-client.conf.v1alpha3.j2 | 2 +-
.../templates/kubeadm-client.conf.v1beta1.j2 | 2 +-
.../templates/kubeadm-config.v1alpha3.yaml.j2 | 1 +
.../templates/kubeadm-config.v1beta1.yaml.j2 | 1 +
roles/kubespray-defaults/defaults/main.yaml | 7 +++++
.../files/hostnameOverride-patch.json | 22 ---------------
.../win_nodes/kubernetes_patch/tasks/main.yml | 27 -------------------
10 files changed, 26 insertions(+), 52 deletions(-)
delete mode 100644 roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 4e8ae57c5..cf1fb1776 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -111,6 +111,13 @@ kube_proxy_nodeport_addresses: >-
[]
{%- endif -%}
+# If non-empty, will use this string as identification instead of the actual hostname
+#kube_override_hostname: >-
+# {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+# {%- else -%}
+# {{ inventory_hostname }}
+# {%- endif -%}
+
## Encrypting Secret Data at Rest (experimental)
kube_encrypt_secret_data: false
diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml
index d9ed537c2..be13b682b 100644
--- a/roles/kubernetes/kubeadm/defaults/main.yml
+++ b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -1,3 +1,10 @@
---
# discovery_timeout modifies the discovery timeout
discovery_timeout: 5m0s
+
+# If non-empty, will use this string as identification instead of the actual hostname
+kube_override_hostname: >-
+ {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+ {%- else -%}
+ {{ inventory_hostname }}
+ {%- endif -%}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
index 8bc0a78f0..18420a5ac 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
@@ -15,7 +15,7 @@ discoveryTokenAPIServers:
{% endif %}
discoveryTokenUnsafeSkipCAVerification: true
nodeRegistration:
- name: {{ inventory_hostname }}
+ name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
index bc60b6134..dfcdfa6b0 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
@@ -15,7 +15,7 @@ discoveryTokenAPIServers:
{% endif %}
discoveryTokenUnsafeSkipCAVerification: true
nodeRegistration:
- name: {{ inventory_hostname }}
+ name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
index f5123204c..36cc01f31 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
@@ -13,7 +13,7 @@ discovery:
tlsBootstrapToken: {{ kubeadm_token }}
caCertPath: {{ kube_cert_dir }}/ca.crt
nodeRegistration:
- name: {{ inventory_hostname }}
+ name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
index 89719d08d..948c2c60c 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -254,6 +254,7 @@ conntrack:
tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
enableProfiling: {{ kube_proxy_enable_profiling }}
healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
+hostnameOverride: {{ kube_override_hostname }}
iptables:
masqueradeAll: {{ kube_proxy_masquerade_all }}
masqueradeBit: {{ kube_proxy_masquerade_bit }}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
index 045a13e0c..103389da4 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -259,6 +259,7 @@ conntrack:
tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
enableProfiling: {{ kube_proxy_enable_profiling }}
healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
+hostnameOverride: {{ kube_override_hostname }}
iptables:
masqueradeAll: {{ kube_proxy_masquerade_all }}
masqueradeBit: {{ kube_proxy_masquerade_bit }}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 09092ef30..05e7ec96a 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -157,6 +157,13 @@ kube_apiserver_port: 6443
kube_apiserver_insecure_bind_address: 127.0.0.1
kube_apiserver_insecure_port: 0
+# If non-empty, will use this string as identification instead of the actual hostname
+kube_override_hostname: >-
+ {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+ {%- else -%}
+ {{ inventory_hostname }}
+ {%- endif -%}
+
# dynamic kubelet configuration
dynamic_kubelet_configuration: false
diff --git a/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json b/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json
deleted file mode 100644
index 0e99a5af9..000000000
--- a/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json
+++ /dev/null
@@ -1,22 +0,0 @@
-[
- {
- "op": "add",
- "path": "/spec/template/spec/containers/0/env",
- "value": [
- {
- "name": "NODE_NAME",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": "v1",
- "fieldPath": "spec.nodeName"
- }
- }
- }
- ]
- },
- {
- "op": "add",
- "path": "/spec/template/spec/containers/0/command/-",
- "value": "--hostname-override=${NODE_NAME}"
- }
-]
diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml
index 368ff890c..b2a3ad897 100644
--- a/roles/win_nodes/kubernetes_patch/tasks/main.yml
+++ b/roles/win_nodes/kubernetes_patch/tasks/main.yml
@@ -7,33 +7,6 @@
recurse: yes
tags: [init, cni]
-- name: Apply kube-proxy hostnameOverride
- block:
- - name: Copy kube-proxy daemonset hostnameOverride patch
- copy:
- src: hostnameOverride-patch.json
- dest: "{{ kubernetes_user_manifests_path }}/hostnameOverride-patch.json"
-
- - name: Check current command for kube-proxy daemonset
- shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.containers[0].command}'"
- register: current_kube_proxy_command
-
- - name: Apply hostnameOverride patch for kube-proxy daemonset
- shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=json -p \"$(cat hostnameOverride-patch.json)\""
- args:
- chdir: "{{ kubernetes_user_manifests_path }}"
- register: patch_kube_proxy_command
- when: not current_kube_proxy_command.stdout is search("--hostname-override=${NODE_NAME}")
-
- - debug: msg={{ patch_kube_proxy_command.stdout_lines }}
- when: patch_kube_proxy_command is not skipped
-
- - debug: msg={{ patch_kube_proxy_command.stderr_lines }}
- when: patch_kube_proxy_command is not skipped
- tags: init
- when:
- - not kube_proxy_remove
-
- name: Apply kube-proxy nodeselector
block:
- name: Copy kube-proxy daemonset nodeselector patch
--
GitLab