From e4c8c7188e642ee4ea50db0cd6a3c02a8167a244 Mon Sep 17 00:00:00 2001
From: Max Gautier <max.gautier@objectif-libre.com>
Date: Tue, 12 Oct 2021 09:31:47 +0200
Subject: [PATCH] etcd: deploy container engine if needed (#7532)

If the etcd cluster is separate and the etcd_deployment_type is "host",
there is no need for a container engine on the etcd nodes

Do not rely on a 'default(true)' filter, but define a proper default in
kubespray-defaults depending on etcd deployment method and if internal
or external etcd is used
---
 cluster.yml                                 | 2 +-
 roles/kubespray-defaults/defaults/main.yaml | 3 +++
 roles/reset/tasks/main.yml                  | 2 +-
 scale.yml                                   | 2 +-
 upgrade-cluster.yml                         | 6 +++---
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/cluster.yml b/cluster.yml
index a7b360c17..35c6fdbea 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -32,7 +32,7 @@
   roles:
     - { role: kubespray-defaults }
     - { role: kubernetes/preinstall, tags: preinstall }
-    - { role: "container-engine", tags: "container-engine", when: deploy_container_engine|default(true) }
+    - { role: "container-engine", tags: "container-engine", when: deploy_container_engine }
     - { role: download, tags: download, when: "not skip_downloads" }
 
 - hosts: etcd
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index bf7330441..0da30058c 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -244,6 +244,9 @@ kubelet_shutdown_grace_period: 60s
 # to give normal pods time to be gracefully evacuated
 kubelet_shutdown_grace_period_critical_pods: 20s
 
+# Whether to deploy the container engine
+deploy_container_engine: inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type != 'host'
+
 # Container for runtime
 container_manager: docker
 
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 5a20e5331..11f6a8165 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -100,7 +100,7 @@
   when:
     - crictl.stat.exists
     - container_manager in ["crio", "containerd"]
-    - deploy_container_engine|default(true)
+    - deploy_container_engine
 
 - name: reset | stop and disable crio service
   service:
diff --git a/scale.yml b/scale.yml
index 33b9eeb0c..df8a4798e 100644
--- a/scale.yml
+++ b/scale.yml
@@ -53,7 +53,7 @@
   roles:
     - { role: kubespray-defaults }
     - { role: kubernetes/preinstall, tags: preinstall }
-    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
     - { role: download, tags: download, when: "not skip_downloads" }
     - { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "not etcd_kubeadm_enabled|default(false)" }
 
diff --git a/upgrade-cluster.yml b/upgrade-cluster.yml
index 5b6d7b207..08cd9ca6d 100644
--- a/upgrade-cluster.yml
+++ b/upgrade-cluster.yml
@@ -57,7 +57,7 @@
   serial: "{{ serial | default('20%') }}"
   roles:
     - { role: kubespray-defaults }
-    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
 
 - hosts: etcd
   gather_facts: False
@@ -94,7 +94,7 @@
   roles:
     - { role: kubespray-defaults }
     - { role: upgrade/pre-upgrade, tags: pre-upgrade }
-    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
     - { role: kubernetes/node, tags: node }
     - { role: kubernetes/control-plane, tags: master, upgrade_cluster_setup: true }
     - { role: kubernetes/client, tags: client }
@@ -125,7 +125,7 @@
   roles:
     - { role: kubespray-defaults }
     - { role: upgrade/pre-upgrade, tags: pre-upgrade }
-    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
     - { role: kubernetes/node, tags: node }
     - { role: kubernetes/kubeadm, tags: kubeadm }
     - { role: kubernetes/node-label, tags: node-label }
-- 
GitLab