From d56ac216f47f5598553f547d59b961c8b9c73ff9 Mon Sep 17 00:00:00 2001
From: emiran-orange <71817149+emiran-orange@users.noreply.github.com>
Date: Mon, 12 Apr 2021 10:05:59 +0200
Subject: [PATCH] Use kubeadm_feature_gates instead of kube_feature_gates to
leverage kubeadm feature gates and not to interfere with k8s components
feature gates (#7447)
---
docs/vars.md | 2 ++
.../templates/kubeadm-config.v1beta2.yaml.j2 | 4 ++--
.../preinstall/tasks/0040-set_facts.yml | 16 ++++++++++++----
roles/kubespray-defaults/defaults/main.yaml | 1 +
4 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/docs/vars.md b/docs/vars.md
index c3120be53..784cb30b3 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -79,6 +79,8 @@ following default cluster parameters:
OpenStack (default is unset)
* *kube_feature_gates* - A list of key=value pairs that describe feature gates for
alpha/experimental Kubernetes features. (defaults is `[]`)
+* *kubeadm_feature_gates* - A list of key=value pairs that describe feature gates for
+ alpha/experimental Kubeadm features. (defaults is `[]`)
* *authorization_modes* - A list of [authorization mode](
https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module)
that the cluster should be configured for. Defaults to `['Node', 'RBAC']`
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
index 784e9e7de..29f24878c 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
@@ -90,9 +90,9 @@ networking:
dnsDomain: {{ dns_domain }}
serviceSubnet: "{{ kube_service_addresses }}{{ ',' + kube_service_addresses_ipv6 if enable_dual_stack_networks else '' }}"
podSubnet: "{{ kube_pods_subnet }}{{ ',' + kube_pods_subnet_ipv6 if enable_dual_stack_networks else '' }}"
-{% if kube_feature_gates %}
+{% if kubeadm_feature_gates %}
featureGates:
-{% for feature in kube_feature_gates %}
+{% for feature in kubeadm_feature_gates %}
{{ feature|replace("=", ": ") }}
{% endfor %}
{% endif %}
diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
index c0fb05605..75d7bd184 100644
--- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
@@ -192,9 +192,17 @@
kubelet_flexvolumes_plugins_dir: /var/lib/kubelet/volumeplugins
when: not usr.stat.writeable
-- name: Ensure IPv6DualStack featureGate is set when enable_dual_stack_networks is true
- set_fact:
- kube_feature_gates: "{{ kube_feature_gates + [ 'IPv6DualStack=true' ] }}"
+- block:
+ - name: Ensure IPv6DualStack featureGate is set when enable_dual_stack_networks is true
+ set_fact:
+ kube_feature_gates: "{{ kube_feature_gates + [ 'IPv6DualStack=true' ] }}"
+ when:
+ - not 'IPv6DualStack=true' in kube_feature_gates
+
+ - name: Ensure IPv6DualStack kubeadm featureGate is set when enable_dual_stack_networks is true
+ set_fact:
+ kubeadm_feature_gates: "{{ kubeadm_feature_gates + [ 'IPv6DualStack=true' ] }}"
+ when:
+ - not 'IPv6DualStack=true' in kubeadm_feature_gates
when:
- enable_dual_stack_networks
- - not 'IPv6DualStack=true' in kube_feature_gates
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 55bc69832..5723b5ad2 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -420,6 +420,7 @@ kubelet_protect_kernel_defaults: true
## List of key=value pairs that describe feature gates for
## the k8s cluster.
kube_feature_gates: []
+kubeadm_feature_gates: []
# Local volume provisioner storage classes
# Levarages Ansibles string to Python datatype casting. Otherwise the dict_key isn't substituted
--
GitLab