From d689f57c94b1e1d7e7205c0c2a20e3b3e82762e9 Mon Sep 17 00:00:00 2001
From: Huang Chen-Yi <chenyihuang001@gmail.com>
Date: Thu, 6 Oct 2022 15:39:52 +0800
Subject: [PATCH] Features/support kubeadm patches v1beta3 (#9326)
* Support kubeadm patches in v1beta3
* Update kubeadm patches sample files in inventory
* Fix pre-commit syntax
* Set kubeadm_patches enabled to false in sample inventory
---
.../group_vars/k8s_cluster/k8s-cluster.yml | 6 ++++++
.../patches/kube-controller-manager+merge.yaml | 8 ++++++++
.../sample/patches/kube-scheduler+merge.yaml | 8 ++++++++
.../control-plane/defaults/main/main.yml | 6 ++++++
.../control-plane/tasks/kubeadm-setup.yml | 15 +++++++++++++++
.../templates/kubeadm-config.v1beta3.yaml.j2 | 4 ++++
.../kubeadm-controlplane.v1beta3.yaml.j2 | 4 ++++
roles/kubernetes/kubeadm/defaults/main.yml | 6 ++++++
roles/kubernetes/kubeadm/tasks/main.yml | 17 ++++++++++++++++-
.../templates/kubeadm-client.conf.v1beta3.j2 | 4 ++++
10 files changed, 77 insertions(+), 1 deletion(-)
create mode 100644 inventory/sample/patches/kube-controller-manager+merge.yaml
create mode 100644 inventory/sample/patches/kube-scheduler+merge.yaml
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
index ee26992b6..af17a2ccc 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -339,3 +339,9 @@ event_ttl_duration: "1h0m0s"
auto_renew_certificates: false
# First Monday of each month
# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
+
+# kubeadm patches path
+kubeadm_patches:
+ enabled: false
+ source_dir: "{{ inventory_dir }}/patches"
+ dest_dir: "{{ kube_config_dir }}/patches"
diff --git a/inventory/sample/patches/kube-controller-manager+merge.yaml b/inventory/sample/patches/kube-controller-manager+merge.yaml
new file mode 100644
index 000000000..a8aa5a785
--- /dev/null
+++ b/inventory/sample/patches/kube-controller-manager+merge.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kube-controller-manager
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '10257'
\ No newline at end of file
diff --git a/inventory/sample/patches/kube-scheduler+merge.yaml b/inventory/sample/patches/kube-scheduler+merge.yaml
new file mode 100644
index 000000000..0bb39509d
--- /dev/null
+++ b/inventory/sample/patches/kube-scheduler+merge.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kube-scheduler
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '10259'
\ No newline at end of file
diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml
index 32cabb91e..c26d1d639 100644
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -228,3 +228,9 @@ auto_renew_certificates_systemd_calendar: "{{ 'Mon *-*-1,2,3,4,5,6,7 03:' ~
# If we have requirement like without renewing certs upgrade the cluster,
# we can opt out from the default behavior by setting kubeadm_upgrade_auto_cert_renewal to false
kubeadm_upgrade_auto_cert_renewal: true
+
+# kubeadm patches path
+kubeadm_patches:
+ enabled: true
+ source_dir: "{{ inventory_dir }}/patches"
+ dest_dir: "{{ kube_config_dir }}/patches"
\ No newline at end of file
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index dc1352060..5f8c78445 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -150,6 +150,21 @@
- apiserver_sans_check.changed
- not kube_external_ca_mode
+- name: kubeadm | Create directory to store kubeadm patches
+ file:
+ path: "{{ kubeadm_patches.dest_dir }}"
+ state: directory
+ mode: 0640
+ when: kubeadm_patches is defined and kubeadm_patches.enabled
+
+- name: kubeadm | Copy kubeadm patches from inventory files
+ copy:
+ src: "{{ kubeadm_patches.source_dir }}/"
+ dest: "{{ kubeadm_patches.dest_dir }}"
+ owner: "root"
+ mode: 0644
+ when: kubeadm_patches is defined and kubeadm_patches.enabled
+
- name: kubeadm | Initialize first master
command: >-
timeout -k 300s 300s
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
index d44a24849..9f4168cf6 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -28,6 +28,10 @@ nodeRegistration:
kubeletExtraArgs:
cloud-provider: external
{% endif %}
+{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
+patches:
+ directory: {{ kubeadm_patches.dest_dir }}
+{% endif %}
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
index 7bf876c52..b41b2dbc7 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.v1beta3.yaml.j2
@@ -26,3 +26,7 @@ nodeRegistration:
{% else %}
taints: []
{% endif %}
+{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
+patches:
+ directory: {{ kubeadm_patches.dest_dir }}
+{% endif %}
\ No newline at end of file
diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml
index 0449b8ae7..1277684ae 100644
--- a/roles/kubernetes/kubeadm/defaults/main.yml
+++ b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -10,3 +10,9 @@ kube_override_hostname: >-
{%- else -%}
{{ inventory_hostname }}
{%- endif -%}
+
+# kubeadm patches path
+kubeadm_patches:
+ enabled: true
+ source_dir: "{{ inventory_dir }}/patches"
+ dest_dir: "{{ kube_config_dir }}/patches"
\ No newline at end of file
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index 13497ffbb..a3cc8620f 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -52,7 +52,7 @@
kubeadm_token: "{{ temp_token.stdout }}"
when: kubeadm_token is not defined
-- name: Set kubeadm api version to v1beta2
+- name: Set kubeadm api version to v1beta3
set_fact:
kubeadmConfig_api_version: v1beta3
@@ -64,6 +64,21 @@
mode: 0640
when: not is_kube_master
+- name: kubeadm | Create directory to store kubeadm patches
+ file:
+ path: "{{ kubeadm_patches.dest_dir }}"
+ state: directory
+ mode: 0640
+ when: kubeadm_patches is defined and kubeadm_patches.enabled
+
+- name: kubeadm | Copy kubeadm patches from inventory files
+ copy:
+ src: "{{ kubeadm_patches.source_dir }}/"
+ dest: "{{ kubeadm_patches.dest_dir }}"
+ owner: "root"
+ mode: 0644
+ when: kubeadm_patches is defined and kubeadm_patches.enabled
+
- name: Join to cluster if needed
environment:
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2
index d35409b13..64c3db99a 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta3.j2
@@ -26,3 +26,7 @@ nodeRegistration:
- effect: NoSchedule
key: node-role.kubernetes.io/calico-rr
{% endif %}
+{% if kubeadm_patches is defined and kubeadm_patches.enabled %}
+patches:
+ directory: {{ kubeadm_patches.dest_dir }}
+{% endif %}
--
GitLab