diff --git a/cluster.yml b/cluster.yml index 35c6fdbeabb..e13575e9c1d 100644 --- a/cluster.yml +++ b/cluster.yml @@ -46,7 +46,7 @@ vars: etcd_cluster_setup: true etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}" - when: not etcd_kubeadm_enabled| default(false) + when: etcd_deployment_type != "kubeadm" - hosts: k8s_cluster gather_facts: False @@ -59,7 +59,7 @@ vars: etcd_cluster_setup: false etcd_events_cluster_setup: false - when: not etcd_kubeadm_enabled| default(false) + when: etcd_deployment_type != "kubeadm" - hosts: k8s_cluster gather_facts: False diff --git a/docs/cri-o.md b/docs/cri-o.md index ab7bdc1cf79..d5044f609db 100644 --- a/docs/cri-o.md +++ b/docs/cri-o.md @@ -13,7 +13,7 @@ _To use the CRI-O container runtime set the following variables:_ ```yaml download_container: false skip_downloads: false -etcd_kubeadm_enabled: true +etcd_deployment_type: host # optionally kubeadm ``` ## k8s_cluster/k8s_cluster.yml @@ -22,12 +22,6 @@ etcd_kubeadm_enabled: true container_manager: crio ``` -## etcd.yml - -```yaml -etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled -``` - ## all/crio.yml Enable docker hub registry mirrors diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index 10479c8e052..c47dd85a664 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -2,8 +2,11 @@ ## Directory where etcd data stored etcd_data_dir: /var/lib/etcd -## Experimental kubeadm etcd deployment mode. Available only for new deployment -etcd_kubeadm_enabled: false +## Settings for etcd deployment type +# Set this to docker if you are using container_manager: docker +# Set this to kubeadm if you want to install etcd using kubeadm +# Kubeadm etcd deployment is experimental and only available for new deployments +etcd_deployment_type: host ## Directory where the binaries will be installed bin_dir: /usr/local/bin diff --git a/inventory/sample/group_vars/etcd.yml b/inventory/sample/group_vars/etcd.yml index ae22d827981..cc09942fc84 100644 --- a/inventory/sample/group_vars/etcd.yml +++ b/inventory/sample/group_vars/etcd.yml @@ -17,7 +17,3 @@ ### ETCD: disable peer client cert authentication. # This affects ETCD_PEER_CLIENT_CERT_AUTH variable # etcd_peer_client_auth: true - -## Settings for etcd deployment type -# Set this to docker if you are using container_manager: docker -etcd_deployment_type: host diff --git a/roles/download/templates/kubeadm-images.yaml.j2 b/roles/download/templates/kubeadm-images.yaml.j2 index 7cca0e05828..565533087eb 100644 --- a/roles/download/templates/kubeadm-images.yaml.j2 +++ b/roles/download/templates/kubeadm-images.yaml.j2 @@ -8,7 +8,7 @@ kind: ClusterConfiguration imageRepository: {{ kube_image_repo }} kubernetesVersion: {{ kube_version }} etcd: -{% if etcd_kubeadm_enabled %} +{% if etcd_deployment_type == "kubeadm" %} local: imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}" imageTag: "{{ etcd_image_tag }}" diff --git a/roles/etcdctl/tasks/main.yml b/roles/etcdctl/tasks/main.yml index a37603ade2b..fca078c4ef1 100644 --- a/roles/etcdctl/tasks/main.yml +++ b/roles/etcdctl/tasks/main.yml @@ -4,7 +4,7 @@ - name: Check unintentional include of this role assert: - that: etcd_kubeadm_enabled + that: etcd_deployment_type == "kubeadm" - name: Check if etcdctl exist stat: diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index 38b3c1e3ecd..65ba43a4692 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -2,9 +2,6 @@ # disable upgrade cluster upgrade_cluster_setup: false -# Experimental kubeadm etcd deployment mode. Available only for new deployment -etcd_kubeadm_enabled: false - # change to 0.0.0.0 to enable insecure access from anywhere (not recommended) kube_apiserver_insecure_bind_address: 127.0.0.1 diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml index ebba677cc75..8c0c47bb75d 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml @@ -15,4 +15,4 @@ - name: Ensure etcdctl script is installed import_role: name: etcdctl - when: etcd_kubeadm_enabled + when: etcd_deployment_type == "kubeadm" diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml index 038a193c991..8f2f38e26b5 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml @@ -21,4 +21,4 @@ dest: "{{ kube_config_dir }}/manifests/kube-apiserver.yaml" regexp: '^ - --etcd-servers=' line: ' - --etcd-servers={{ etcd_access_addresses }}' - when: not etcd_kubeadm_enabled | default(false) + when: etcd_deployment_type != "kubeadm" diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index fe690fc3f61..eed95e28f08 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -18,7 +18,7 @@ --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all --allow-experimental-upgrades - --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }} + --etcd-upgrade={{ etcd_deployment_type == "kubeadm" | bool | lower }} --force register: kubeadm_upgrade # Retry is because upload config sometimes fails @@ -39,7 +39,7 @@ --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all --allow-experimental-upgrades - --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }} + --etcd-upgrade={{ etcd_deployment_type == "kubeadm" | bool | lower }} --force register: kubeadm_upgrade when: inventory_hostname != first_kube_control_plane diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index 3f2f3b403db..6a69cafb617 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -69,7 +69,7 @@ - name: Include kubeadm etcd extra tasks include_tasks: kubeadm-etcd.yml - when: etcd_kubeadm_enabled + when: etcd_deployment_type == "kubeadm" - name: Include kubeadm secondary server apiserver fixes include_tasks: kubeadm-fix-apiserver.yml diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 index 387f7610f99..96fe04e922b 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 @@ -33,7 +33,7 @@ apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration clusterName: {{ cluster_name }} etcd: -{% if not etcd_kubeadm_enabled %} +{% if etcd_deployment_type != "kubeadm" %} external: endpoints: {% for endpoint in etcd_access_addresses.split(',') %} @@ -42,7 +42,7 @@ etcd: caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }} certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }} keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }} -{% elif etcd_kubeadm_enabled %} +{% elif etcd_deployment_type == "kubeadm" %} local: imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}" imageTag: "{{ etcd_image_tag }}" diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml index b6ff3fc7faa..0449b8ae740 100644 --- a/roles/kubernetes/kubeadm/defaults/main.yml +++ b/roles/kubernetes/kubeadm/defaults/main.yml @@ -10,6 +10,3 @@ kube_override_hostname: >- {%- else -%} {{ inventory_hostname }} {%- endif -%} - -# Experimental kubeadm etcd deployment mode. Available only for new deployment -etcd_kubeadm_enabled: false diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 8db58d34f6b..0f0d6bb99d8 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -153,7 +153,7 @@ - name: Extract etcd certs from control plane if using etcd kubeadm mode include_tasks: kubeadm_etcd_node.yml when: - - etcd_kubeadm_enabled + - etcd_deployment_type == "kubeadm" - inventory_hostname not in groups['kube_control_plane'] - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin != "calico" or calico_datastore == "etcd" diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 1d68f7e0bcc..1b5babf1ba7 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -15,7 +15,7 @@ run_once: true when: - not ignore_assert_errors - - not etcd_kubeadm_enabled + - etcd_deployment_type != "kubeadm" - name: Stop if non systemd OS type assert: @@ -277,21 +277,19 @@ when: resolvconf_mode is defined run_once: true -- name: Stop if etcd deployment type is not host or docker +- name: Stop if etcd deployment type is not host, docker or kubeadm assert: - that: etcd_deployment_type in ['host', 'docker'] - msg: "The etcd deployment type, 'etcd_deployment_type', must be host or docker" + that: etcd_deployment_type in ['host', 'docker', 'kubeadm'] + msg: "The etcd deployment type, 'etcd_deployment_type', must be host, docker or kubeadm" when: - inventory_hostname in groups.get('etcd',[]) - - not etcd_kubeadm_enabled -- name: Stop if etcd deployment type is not host when container_manager != docker +- name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker assert: - that: etcd_deployment_type == 'host' - msg: "The etcd deployment type, 'etcd_deployment_type', must be host when container_manager is not docker" + that: etcd_deployment_type in ['host', 'kubeadm'] + msg: "The etcd deployment type, 'etcd_deployment_type', must be host or kubeadm when container_manager is not docker" when: - inventory_hostname in groups.get('etcd',[]) - - not etcd_kubeadm_enabled - container_manager != 'docker' - name: Stop if download_localhost is enabled but download_run_once is not diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml index 1cfd477774b..fce7c485ce3 100644 --- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml @@ -205,7 +205,7 @@ kube_etcd_cert_file: "apiserver-etcd-client.crt" kube_etcd_key_file: "apiserver-etcd-client.key" when: - - etcd_kubeadm_enabled + - etcd_deployment_type == "kubeadm" - name: check /usr readonly stat: diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index ef9d4d21c2f..c7ec2d97ac2 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -254,7 +254,7 @@ kubelet_shutdown_grace_period: 60s kubelet_shutdown_grace_period_critical_pods: 20s # Whether to deploy the container engine -deploy_container_engine: inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type != 'host' +deploy_container_engine: inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type == 'docker' # Container for runtime container_manager: containerd @@ -336,9 +336,6 @@ docker_registry_mirrors: [] ## Empty by default so no plugins will be installed. docker_plugins: [] -# Experimental kubeadm etcd deployment mode. Available only for new deployment -etcd_kubeadm_enabled: false - # Containerd options - thse are relevant when container_manager == 'containerd' containerd_version: 1.5.8 containerd_use_systemd_cgroup: true diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml index fe268e9533c..2de8e0c0792 100644 --- a/roles/kubespray-defaults/tasks/main.yaml +++ b/roles/kubespray-defaults/tasks/main.yaml @@ -22,3 +22,19 @@ - no_proxy is not defined tags: - always + +- name: Check if `etcd_kubeadm_enabled` is still in use + block: + - name: Warn the user if they are still using `etcd_kubeadm_enabled` + debug: + msg: "WARNING! => `etcd_kubeadm_enabled` is deprecated and will be removed in a future release. You can set `etcd_deployment_type` to `kubeadm`" + failed_when: true + + - name: Set `etcd_deployment_type` to "kubeadm" if `etcd_kubeadm_enabled` is true + set_fact: + etcd_deployment_type: kubeadm + when: + - etcd_kubeadm_enabled is defined and etcd_kubeadm_enabled + ignore_errors: true + tags: + - always \ No newline at end of file diff --git a/scale.yml b/scale.yml index df8a4798e5b..9dce8cf5954 100644 --- a/scale.yml +++ b/scale.yml @@ -55,7 +55,7 @@ - { role: kubernetes/preinstall, tags: preinstall } - { role: container-engine, tags: "container-engine", when: deploy_container_engine } - { role: download, tags: download, when: "not skip_downloads" } - - { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "not etcd_kubeadm_enabled|default(false)" } + - { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "etcd_deployment_type != 'kubeadm'" } - name: Target only workers to get kubelet installed and checking in on any new nodes(node) hosts: kube_node diff --git a/tests/files/packet_ubuntu16-flannel-ha.yml b/tests/files/packet_ubuntu16-flannel-ha.yml index 6b683343fb5..8df48e35a1a 100644 --- a/tests/files/packet_ubuntu16-flannel-ha.yml +++ b/tests/files/packet_ubuntu16-flannel-ha.yml @@ -5,6 +5,6 @@ mode: ha # Kubespray settings kube_network_plugin: flannel -etcd_kubeadm_enabled: true +etcd_deployment_type: kubeadm kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085 skip_non_kubeadm_warning: true diff --git a/upgrade-cluster.yml b/upgrade-cluster.yml index 08cd9ca6d00..ff76af80875 100644 --- a/upgrade-cluster.yml +++ b/upgrade-cluster.yml @@ -70,7 +70,7 @@ vars: etcd_cluster_setup: true etcd_events_cluster_setup: false - when: not etcd_kubeadm_enabled | default(false) + when: etcd_deployment_type != "kubeadm" - hosts: k8s_cluster gather_facts: False @@ -83,7 +83,7 @@ vars: etcd_cluster_setup: false etcd_events_cluster_setup: false - when: not etcd_kubeadm_enabled | default(false) + when: etcd_deployment_type != "kubeadm" - name: Handle upgrades to master components first to maintain backwards compat. gather_facts: False