From 8e254ec1e82377f4401775f5111353a4e0b43abb Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Tue, 10 Sep 2024 12:00:26 +0200
Subject: [PATCH] kubeadm: allow to provide patch inline in inventories
Specifying one directory for kubeadm patches is not ideal:
1. It does not allow working with multiples inventories easily
2. No ansible templating of the patch
3. Ansible path searching can sometimes be confusing
Instead, provide the patch directly in a variable, and add some quality
of life to handle components targeting and patch ordering more
explicitly (`target` and `type` which are translated to the kubeadm
scheme which is based on the file name)
---
.../control-plane/tasks/kubeadm-upgrade.yml | 4 ++--
.../templates/kubeadm-config.v1beta3.yaml.j2 | 4 ++--
.../templates/kubeadm-controlplane.v1beta3.yaml.j2 | 4 ++--
.../templates/kubeadm-client.conf.v1beta3.j2 | 4 ++--
roles/kubernetes/kubeadm_common/defaults/main.yml | 14 ++++++++++++++
roles/kubernetes/kubeadm_common/tasks/main.yml | 12 +++++++-----
6 files changed, 29 insertions(+), 13 deletions(-)
create mode 100644 roles/kubernetes/kubeadm_common/defaults/main.yml
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
index 343724c47..9609c2f3d 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
@@ -18,7 +18,7 @@
--ignore-preflight-errors=all
--allow-experimental-upgrades
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
- {% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %}
+ {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
--force
register: kubeadm_upgrade
# Retry is because upload config sometimes fails
@@ -39,7 +39,7 @@
--ignore-preflight-errors=all
--allow-experimental-upgrades
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
- {% if kubeadm_patches is defined and kubeadm_patches.enabled %}--patches={{ kubeadm_patches.dest_dir }}{% endif %}
+ {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
--force
register: kubeadm_upgrade
# Retry is because upload config sometimes fails
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
index ca48a3a91..9dd5e4376 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -28,9 +28,9 @@ nodeRegistration:
kubeletExtraArgs:
cloud-provider: external
{% endif %}
-{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
+{% if kubeadm_patches | length > 0 %}
patches:
- directory: {{ kubeadm_patches.dest_dir }}
+ directory: {{ kubeadm_patches_dir }}
{% endif %}
---
apiVersion: kubeadm.k8s.io/v1beta3
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
index cd19b5c2e..bc9f3bdf9 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
@@ -31,7 +31,7 @@ nodeRegistration:
{% else %}
taints: []
{% endif %}
-{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
+{% if kubeadm_patches | length > 0 %}
patches:
- directory: {{ kubeadm_patches.dest_dir }}
+ directory: {{ kubeadm_patches_dir }}
{% endif %}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2
index 3b3bc57de..5016df9c3 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2
@@ -38,7 +38,7 @@ nodeRegistration:
- effect: NoSchedule
key: node-role.kubernetes.io/calico-rr
{% endif %}
-{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
+{% if kubeadm_patches | length > 0 %}
patches:
- directory: {{ kubeadm_patches.dest_dir }}
+ directory: {{ kubeadm_patches_dir }}
{% endif %}
diff --git a/roles/kubernetes/kubeadm_common/defaults/main.yml b/roles/kubernetes/kubeadm_common/defaults/main.yml
new file mode 100644
index 000000000..f7d70691a
--- /dev/null
+++ b/roles/kubernetes/kubeadm_common/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
+kubeadm_patches: []
+# kubeadm_patches:
+# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
+# type: strategic(default)|json|merge
+# patch:
+# metadata:
+# annotations:
+# example.com/test: "true"
+# labels:
+# example.com/prod_level: "{{ prod_level }}"
+# - ...
+# Patches are applied in the order they are specified.
diff --git a/roles/kubernetes/kubeadm_common/tasks/main.yml b/roles/kubernetes/kubeadm_common/tasks/main.yml
index b1f316e22..0f8d3b0a0 100644
--- a/roles/kubernetes/kubeadm_common/tasks/main.yml
+++ b/roles/kubernetes/kubeadm_common/tasks/main.yml
@@ -1,15 +1,17 @@
---
- name: Kubeadm | Create directory to store kubeadm patches
file:
- path: "{{ kubeadm_patches.dest_dir }}"
+ path: "{{ kubeadm_patches_dir }}"
state: directory
mode: "0640"
- when: kubeadm_patches is defined and kubeadm_patches.enabled
+ when: kubeadm_patches | length > 0
- name: Kubeadm | Copy kubeadm patches from inventory files
copy:
- src: "{{ kubeadm_patches.source_dir }}/"
- dest: "{{ kubeadm_patches.dest_dir }}"
+ content: "{{ item.patch | to_yaml }}"
+ dest: "{{ kubeadm_patches_dir }}/{{ item.target }}{{ suffix }}+{{ item.type | d('strategic') }}.yaml"
owner: "root"
mode: "0644"
- when: kubeadm_patches is defined and kubeadm_patches.enabled
+ loop: "{{ kubeadm_patches }}"
+ loop_control:
+ index_var: suffix
--
GitLab