Add kubeadm option to etcd_deployment_type to replace the etcd_kubead…

…m_enabled variable

Signed-off-by: necatican <[email protected]>

cluster.yml

@@ -46,7 +46,7 @@
       vars:
         etcd_cluster_setup: true
         etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
-      when: not etcd_kubeadm_enabled| default(false)
+      when: etcd_deployment_type != "kubeadm"
 
 - hosts: k8s_cluster
   gather_facts: False
@@ -59,7 +59,7 @@
       vars:
         etcd_cluster_setup: false
         etcd_events_cluster_setup: false
-      when: not etcd_kubeadm_enabled| default(false)
+      when: etcd_deployment_type != "kubeadm"
 
 - hosts: k8s_cluster
   gather_facts: False

docs/cri-o.md

@@ -13,7 +13,7 @@ _To use the CRI-O container runtime set the following variables:_
 ```yaml
 download_container: false
 skip_downloads: false
-etcd_kubeadm_enabled: true
+etcd_deployment_type: host # optionally kubeadm
 ```
 
 ## k8s_cluster/k8s_cluster.yml
@@ -22,12 +22,6 @@ etcd_kubeadm_enabled: true
 container_manager: crio
 ```
 
-## etcd.yml
-
-```yaml
-etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled
-```
-
 ## all/crio.yml
 
 Enable docker hub registry mirrors

inventory/sample/group_vars/all/all.yml

@@ -2,8 +2,11 @@
 ## Directory where etcd data stored
 etcd_data_dir: /var/lib/etcd
 
-## Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
+## Settings for etcd deployment type
+# Set this to docker if you are using container_manager: docker 
+# Set this to kubeadm if you want to install etcd using kubeadm
+# Kubeadm etcd deployment is experimental and only available for new deployments
+etcd_deployment_type: host
 
 ## Directory where the binaries will be installed
 bin_dir: /usr/local/bin

inventory/sample/group_vars/etcd.yml

@@ -17,7 +17,3 @@
 ### ETCD: disable peer client cert authentication.
 # This affects ETCD_PEER_CLIENT_CERT_AUTH variable
 # etcd_peer_client_auth: true
-
-## Settings for etcd deployment type
-# Set this to docker if you are using container_manager: docker
-etcd_deployment_type: host

roles/download/templates/kubeadm-images.yaml.j2

@@ -8,7 +8,7 @@ kind: ClusterConfiguration
 imageRepository: {{ kube_image_repo }}
 kubernetesVersion: {{ kube_version }}
 etcd:
-{% if etcd_kubeadm_enabled %}
+{% if etcd_deployment_type == "kubeadm" %}
   local:
     imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
     imageTag: "{{ etcd_image_tag }}"

roles/etcdctl/tasks/main.yml

@@ -4,7 +4,7 @@
 
 - name: Check unintentional include of this role
   assert:
-    that: etcd_kubeadm_enabled
+    that: etcd_deployment_type == "kubeadm"
 
 - name: Check if etcdctl exist
   stat:

roles/kubernetes/control-plane/defaults/main/main.yml

@@ -2,9 +2,6 @@
 # disable upgrade cluster
 upgrade_cluster_setup: false
 
-# Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
-
 # change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
 kube_apiserver_insecure_bind_address: 127.0.0.1
 

roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml

@@ -15,4 +15,4 @@
 - name: Ensure etcdctl script is installed
   import_role:
     name: etcdctl
-  when: etcd_kubeadm_enabled
+  when: etcd_deployment_type == "kubeadm"

roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml

@@ -21,4 +21,4 @@
     dest: "{{ kube_config_dir }}/manifests/kube-apiserver.yaml"
     regexp: '^    - --etcd-servers='
     line: '    - --etcd-servers={{ etcd_access_addresses }}'
-  when: not etcd_kubeadm_enabled | default(false)
+  when: etcd_deployment_type != "kubeadm"

roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml

@@ -18,7 +18,7 @@
     --config={{ kube_config_dir }}/kubeadm-config.yaml
     --ignore-preflight-errors=all
     --allow-experimental-upgrades
-    --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }}
+    --etcd-upgrade={{ etcd_deployment_type == "kubeadm" | bool | lower }}
     --force
   register: kubeadm_upgrade
   # Retry is because upload config sometimes fails
@@ -39,7 +39,7 @@
     --config={{ kube_config_dir }}/kubeadm-config.yaml
     --ignore-preflight-errors=all
     --allow-experimental-upgrades
-    --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }}
+    --etcd-upgrade={{ etcd_deployment_type == "kubeadm" | bool | lower }}
     --force
   register: kubeadm_upgrade
   when: inventory_hostname != first_kube_control_plane

roles/kubernetes/control-plane/tasks/main.yml

@@ -69,7 +69,7 @@
 
 - name: Include kubeadm etcd extra tasks
   include_tasks: kubeadm-etcd.yml
-  when: etcd_kubeadm_enabled
+  when: etcd_deployment_type == "kubeadm"
 
 - name: Include kubeadm secondary server apiserver fixes
   include_tasks: kubeadm-fix-apiserver.yml

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2

@@ -33,7 +33,7 @@ apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 clusterName: {{ cluster_name }}
 etcd:
-{% if not etcd_kubeadm_enabled %}
+{% if etcd_deployment_type != "kubeadm" %}
   external:
       endpoints:
 {% for endpoint in etcd_access_addresses.split(',') %}
@@ -42,7 +42,7 @@ etcd:
       caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
       certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
       keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
-{% elif etcd_kubeadm_enabled %}
+{% elif etcd_deployment_type == "kubeadm" %}
   local:
     imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
     imageTag: "{{ etcd_image_tag }}"

roles/kubernetes/kubeadm/defaults/main.yml

@@ -10,6 +10,3 @@ kube_override_hostname: >-
   {%- else -%}
   {{ inventory_hostname }}
   {%- endif -%}
-
-# Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false

roles/kubernetes/kubeadm/tasks/main.yml

@@ -153,7 +153,7 @@
 - name: Extract etcd certs from control plane if using etcd kubeadm mode
   include_tasks: kubeadm_etcd_node.yml
   when:
-    - etcd_kubeadm_enabled
+    - etcd_deployment_type == "kubeadm"
     - inventory_hostname not in groups['kube_control_plane']
     - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
     - kube_network_plugin != "calico" or calico_datastore == "etcd"

roles/kubernetes/preinstall/tasks/0020-verify-settings.yml

@@ -15,7 +15,7 @@
   run_once: true
   when:
     - not ignore_assert_errors
-    - not etcd_kubeadm_enabled
+    - etcd_deployment_type != "kubeadm"
 
 - name: Stop if non systemd OS type
   assert:
@@ -277,21 +277,19 @@
   when: resolvconf_mode is defined
   run_once: true
 
-- name: Stop if etcd deployment type is not host or docker
+- name: Stop if etcd deployment type is not host, docker or kubeadm
   assert:
-    that: etcd_deployment_type in ['host', 'docker']
-    msg: "The etcd deployment type, 'etcd_deployment_type', must be host or docker"
+    that: etcd_deployment_type in ['host', 'docker', 'kubeadm']
+    msg: "The etcd deployment type, 'etcd_deployment_type', must be host, docker or kubeadm"
   when:
     - inventory_hostname in groups.get('etcd',[])
-    - not etcd_kubeadm_enabled
 
-- name: Stop if etcd deployment type is not host when container_manager != docker
+- name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker
   assert:
-    that: etcd_deployment_type == 'host'
-    msg: "The etcd deployment type, 'etcd_deployment_type', must be host when container_manager is not docker"
+    that: etcd_deployment_type in ['host', 'kubeadm']
+    msg: "The etcd deployment type, 'etcd_deployment_type', must be host or kubeadm when container_manager is not docker"
   when:
     - inventory_hostname in groups.get('etcd',[])
-    - not etcd_kubeadm_enabled
     - container_manager != 'docker'
 
 - name: Stop if download_localhost is enabled but download_run_once is not

roles/kubernetes/preinstall/tasks/0040-set_facts.yml

@@ -205,7 +205,7 @@
     kube_etcd_cert_file: "apiserver-etcd-client.crt"
     kube_etcd_key_file: "apiserver-etcd-client.key"
   when:
-    - etcd_kubeadm_enabled
+    - etcd_deployment_type == "kubeadm"
 
 - name: check /usr readonly
   stat:

roles/kubespray-defaults/defaults/main.yaml

@@ -254,7 +254,7 @@ kubelet_shutdown_grace_period: 60s
 kubelet_shutdown_grace_period_critical_pods: 20s
 
 # Whether to deploy the container engine
-deploy_container_engine: inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type != 'host'
+deploy_container_engine: inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type == 'docker'
 
 # Container for runtime
 container_manager: containerd
@@ -336,9 +336,6 @@ docker_registry_mirrors: []
 ## Empty by default so no plugins will be installed.
 docker_plugins: []
 
-# Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
-
 # Containerd options - thse are relevant when container_manager == 'containerd'
 containerd_version: 1.5.8
 containerd_use_systemd_cgroup: true

roles/kubespray-defaults/tasks/main.yaml

@@ -22,3 +22,19 @@
     - no_proxy is not defined
   tags:
     - always
+
+- name: Check if `etcd_kubeadm_enabled` is still in use
+  block:
+    - name: Warn the user if they are still using `etcd_kubeadm_enabled`
+      debug:
+        msg: "WARNING! => `etcd_kubeadm_enabled` is deprecated and will be removed in a future release. You can set `etcd_deployment_type` to `kubeadm`"
+      failed_when: true
+
+    - name: Set `etcd_deployment_type` to "kubeadm" if `etcd_kubeadm_enabled` is true
+      set_fact:
+        etcd_deployment_type: kubeadm
+  when:
+    - etcd_kubeadm_enabled is defined and etcd_kubeadm_enabled
+  ignore_errors: true
+  tags:
+    - always

scale.yml

@@ -55,7 +55,7 @@
     - { role: kubernetes/preinstall, tags: preinstall }
     - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
     - { role: download, tags: download, when: "not skip_downloads" }
-    - { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "not etcd_kubeadm_enabled|default(false)" }
+    - { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "etcd_deployment_type != 'kubeadm'" }
 
 - name: Target only workers to get kubelet installed and checking in on any new nodes(node)
   hosts: kube_node

tests/files/packet_ubuntu16-flannel-ha.yml

@@ -5,6 +5,6 @@ mode: ha
 
 # Kubespray settings
 kube_network_plugin: flannel
-etcd_kubeadm_enabled: true
+etcd_deployment_type: kubeadm
 kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
 skip_non_kubeadm_warning: true

upgrade-cluster.yml

@@ -70,7 +70,7 @@
       vars:
         etcd_cluster_setup: true
         etcd_events_cluster_setup: false
-      when: not etcd_kubeadm_enabled | default(false)
+      when: etcd_deployment_type != "kubeadm"
 
 - hosts: k8s_cluster
   gather_facts: False
@@ -83,7 +83,7 @@
       vars:
         etcd_cluster_setup: false
         etcd_events_cluster_setup: false
-      when: not etcd_kubeadm_enabled | default(false)
+      when: etcd_deployment_type != "kubeadm"
 
 - name: Handle upgrades to master components first to maintain backwards compat.
   gather_facts: False