From 09e391dec270759359d3ec4ed7edd56d62911cc9 Mon Sep 17 00:00:00 2001
From: Kay Yan <kay.yan@daocloud.io>
Date: Sat, 14 May 2022 14:12:59 +0000
Subject: [PATCH 1/2] add Feature synchronized time checking

---
 roles/kubernetes/preinstall/defaults/main.yml     |  3 +++
 .../preinstall/tasks/0020-verify-settings.yml     | 15 +++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index fc17b79d491..bb0eb9aa177 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -61,3 +61,6 @@ pkg_install_retries: 4
 
 # Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
 ping_access_ip: true
+
+# Check time synchronization. The number is the max allowed time between servers in ms.
+max_allowed_time_sync_diff: 60000
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 108da926170..f52a7a3c519 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -314,3 +314,18 @@
   when:
     - kube_external_ca_mode
     - not ignore_assert_errors
+
+- name: Get current state of time synchronization
+  shell: "echo $(($(date +%s%N)/1000000))"
+  args:
+    executable: /bin/bash
+  changed_when: false
+  register: cur_time_ms_string
+
+- name: Stop if time is not synchronized
+  assert:
+    that: ((hostvars[item]['cur_time_ms_string'].stdout|int - cur_time_ms_string.stdout|int) | abs) < max_allowed_time_sync_diff
+    msg: "Do not allow more than {{ max_allowed_time_sync_diff }} ms diff between servers. {{ ((hostvars[item]['cur_time_ms_string'].stdout|int - cur_time_ms_string.stdout|int) | abs) }}ms is different between the two servers."
+  when:
+    - not ignore_assert_errors
+  with_items: "{{ play_hosts }}"

From 0e6c8cdee7b79f0c968e7d7fc2115f780762f7d5 Mon Sep 17 00:00:00 2001
From: Kay Yan <kay.yan@daocloud.io>
Date: Mon, 16 May 2022 06:41:55 +0000
Subject: [PATCH 2/2] fix-invalid-kube-vip-manifest

---
 .../templates/manifests/kube-vip.manifest.j2  | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
index 16246156bb0..d6789b15628 100644
--- a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
@@ -14,31 +14,31 @@ spec:
       value: {{ kube_vip_arp_enabled | string | to_json }}
     - name: port
       value: "6443"
-    {% if kube_vip_interface %}
+{% if kube_vip_interface %}
     - name: vip_interface
-      value: "{{ kube_vip_interface | string | to_json }}"
-    {% endif %}
-    {% if kube_vip_services_interface %}
+      value: {{ kube_vip_interface | string | to_json }}
+{% endif %}
+{% if kube_vip_services_interface %}
     - name: vip_servicesinterface
       value: {{ kube_vip_services_interface | string | to_json }}
-    {% endif %}
-    {% if kube_vip_cidr %}
+{% endif %}
+{% if kube_vip_cidr %}
     - name: vip_cidr
       value: {{ kube_vip_cidr | string | to_json }}
-    {% endif %}
-    {% if kube_vip_controlplane_enabled %}
+{% endif %}
+{% if kube_vip_controlplane_enabled %}
     - name: cp_enable
       value: "true"
     - name: cp_namespace
       value: kube-system
     - name: vip_ddns
       value: {{ kube_vip_ddns_enabled | string | to_json }}
-    {% endif %}
-    {% if kube_vip_services_enabled %}
+{% endif %}
+{% if kube_vip_services_enabled %}
     - name: svc_enable
       value: "true"
-    {% endif %}
-    {% if kube_vip_leader_election_enabled %}
+{% endif %}
+{% if kube_vip_leader_election_enabled %}
     - name: vip_leaderelection
       value: "true"
     - name: vip_leaseduration
@@ -47,8 +47,8 @@ spec:
       value: "3"
     - name: vip_retryperiod
       value: "1"
-    {% endif %}
-    {% if kube_vip_bgp_enabled %}
+{% endif %}
+{% if kube_vip_bgp_enabled %}
     - name: bgp_enable
       value: "true"
     - name: bgp_routerid
@@ -61,11 +61,11 @@ spec:
       value: {{ kube_vip_bgp_peerpass | to_json }}
     - name: bgp_peeras
       value: {{ kube_vip_bgp_peeras | to_json }}
-    {% if kube_vip_bgppeers %}
+{% if kube_vip_bgppeers %}
     - name: bgp_peers
       value: {{ kube_vip_bgp_peeras | join(',')  | to_json }}
-    {% endif %}
-    {% endif %}
+{% endif %}
+{% endif %}
     - name: address
       value: {{ kube_vip_address | to_json }}
     image: {{ kube_vip_image_repo }}:{{ kube_vip_image_tag }}