From 5a510affa4cddefecbc9a79ad2301d3ad4829a5a Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 11:41:29 +0200 Subject: [PATCH 01/16] WN join with config file --- defaults/main.yml | 5 ++++- tasks/wn.yaml | 9 +++++++-- templates/kubeadm-config-join.j2 | 18 ++++++++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 templates/kubeadm-config-join.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 561b3768..98a57ee1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,7 +17,10 @@ kube_pod_network_cidr: 10.244.0.0/16 # Type of network to install: currently supported: flannel, kube-router, calico, weave kube_network: flannel # Kubelet extra args -kubelet_extra_args: '' +kubelet_extra_args: '' # deprecated move to kubelet_extra_args_dict +# dict of kubelet extra args, if set kubelet_extra_args is ignored +# A key in this map is the flag name as it appears on the command line except without leading dash(es). +kubelet_extra_args_dict: {} # Kube API server options kube_apiserver_options: [] # CRI runtime diff --git a/tasks/wn.yaml b/tasks/wn.yaml index 0846bc3d..a43f8d7f 100644 --- a/tasks/wn.yaml +++ b/tasks/wn.yaml @@ -42,10 +42,11 @@ - block: + # to deprecate and move to kubelet_extra_args_dict - name: Add KUBELET_EXTRA_ARGS lineinfile: dest: "{{item}}/kubelet" - line: 'KUBELET_EXTRA_ARGS=--cgroup-driver=systemd {{kubelet_extra_args}}' + line: 'KUBELET_EXTRA_ARGS={{kubelet_extra_args}}' regexp: 'KUBELET_EXTRA_ARGS=' create: yes notify: restart kubelet @@ -54,9 +55,13 @@ - /etc/sysconfig/ - /etc/default/ ignore_errors: true + when: kubelet_extra_args != "" and kubelet_extra_args_dict == {} + + - name: Create kubeadm-config file + template: src=kubeadm-config-join.j2 dest=/tmp/kubeadm-config.yml - name: Add node to kube cluster - command: kubeadm join --token {{kube_token}} {{kube_server}}:6443 --discovery-token-unsafe-skip-ca-verification creates=/etc/kubernetes/kubelet.conf + command: kubeadm join --config /tmp/kubeadm-config.yml creates=/etc/kubernetes/kubelet.conf when: kube_install_method == "kubeadm" diff --git a/templates/kubeadm-config-join.j2 b/templates/kubeadm-config-join.j2 new file mode 100644 index 00000000..d350e03a --- /dev/null +++ b/templates/kubeadm-config-join.j2 @@ -0,0 +1,18 @@ +--- +kind: JoinConfiguration +{% if kube_version is version_compare('1.22.0', '<') %} +apiVersion: kubeadm.k8s.io/v1beta2 +{% else %} +apiVersion: kubeadm.k8s.io/v1beta3 +{% endif %} +nodeRegistration: + kubeletExtraArgs: + cgroup-driver: systemd +{% for key, value in kubelet_extra_args_dict.items() %} + {{key}}: {{value}} +{% endfor %} +discovery: + bootstrapToken: + token: "{{kube_token}}" + apiServerEndpoint: {{kube_server}}:6443 + unsafeSkipCAVerification: true From b8f7f92ba40e7652d784d831ea51226e826db2e1 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 11:50:03 +0200 Subject: [PATCH 02/16] WN join with config file --- tests/test-crio.yml | 3 ++- tests/test.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/test-crio.yml b/tests/test-crio.yml index f10d4eec..252f9ed3 100644 --- a/tests/test-crio.yml +++ b/tests/test-crio.yml @@ -11,4 +11,5 @@ kube_public_dns_name: test.domain.com kube_version: 1.25.3 kube_cri_runtime: crio - kubelet_extra_args: '-node-labels=somelabel' + kubelet_extra_args: + node-labels: somelabel diff --git a/tests/test.yml b/tests/test.yml index 23d23e24..c3e0b0f6 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -14,4 +14,5 @@ kube_version: 1.25.3 kube_cri_runtime: containerd kube_install_docker_pip: true - kubelet_extra_args: '-node-labels=somelabel' + kubelet_extra_args_dict: + node-labels: somelabel From ddd6267362ac7fe528720f441829ceea99d21fe2 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 12:46:55 +0200 Subject: [PATCH 03/16] Add support to cri-dockerd #168 --- README.md | 3 --- defaults/main.yml | 5 ++--- meta/main.yml | 2 -- tasks/cri-dockerd.yaml | 36 ++++++++++++++++++++++++++++++++++++ tasks/main.yaml | 4 ++++ 5 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 tasks/cri-dockerd.yaml diff --git a/README.md b/README.md index 250ff1c8..6cfdf6ff 100644 --- a/README.md +++ b/README.md @@ -61,12 +61,9 @@ The variables that can be passed to this role and a brief description about them # Email to be used in the Let's Encrypt issuer kube_cert_user_email: jhondoe@server.com # Override default docker version - # (installed when not in kube_docker_compatible_versions) kube_docker_version: "" # Options to add in the docker.json file kube_docker_options: {} - # Compatible docker versions - kube_docker_compatible_versions: ['17.03.', '18.06.', '18.09.', '19.03.'] # Install docker with pip kube_install_docker_pip # Command flags to use for launching k3s in the systemd service diff --git a/defaults/main.yml b/defaults/main.yml index 98a57ee1..5cd1a706 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,6 +25,8 @@ kubelet_extra_args_dict: {} kube_apiserver_options: [] # CRI runtime kube_cri_runtime: docker # docker, containerd or crio +# CRI dockerd version +kube_cri_dockerd_version: "0.3.4" # Flag to set HELM to be installed kube_install_helm: true # Helm version @@ -82,12 +84,9 @@ kube_cert_manager_challenge_dns01_sk: '' # Optionally a wildcard dns certificate name can be set kube_cert_manager_wildcard_cert_dns_name: '' # Override default docker version -# (installed when not in kube_docker_compatible_versions) kube_docker_version: "" # Options to add in the docker.json file kube_docker_options: {} -# Compatible docker versions -kube_docker_compatible_versions: ['17.03.', '18.06.', '18.09.', '19.03.'] # Nvidia docker options to add in the docker.json file docker_nvidia_options: default-runtime: nvidia diff --git a/meta/main.yml b/meta/main.yml index a416683e..ec42554b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -21,7 +21,6 @@ dependencies: when: kube_ntp_servers != [] - role: 'grycap.docker' docker_version: "{{ kube_docker_version | default('19.03.15', true) }}" - docker_compatible_versions: "{{kube_docker_compatible_versions}}" docker_config_values: "{{ {'exec-opts': ['native.cgroupdriver=systemd'], 'log-driver': 'json-file', 'log-opts': {'max-size': '100m'}, 'storage-driver': 'devicemapper'} | combine(kube_docker_options) }}" docker_nvidia_support: '{{ kube_nvidia_support and kube_type_of_node == "wn" }}' docker_install_criu: false @@ -32,7 +31,6 @@ dependencies: when: ansible_os_family == "RedHat" and kube_install_method == 'kubeadm' and kube_cri_runtime != 'crio' - role: 'grycap.docker' docker_version: "{{ kube_docker_version | default('5:19.03.11~3-0~' + (ansible_distribution | lower) + '-' + ansible_distribution_release, true) }}" - docker_compatible_versions: "{{kube_docker_compatible_versions}}" docker_config_values: "{{ {'exec-opts': ['native.cgroupdriver=systemd'], 'log-driver': 'json-file', 'log-opts': {'max-size': '100m'}, 'storage-driver': 'overlay2'} | combine(kube_docker_options) }}" docker_nvidia_support: '{{ kube_nvidia_support and kube_type_of_node == "wn" }}' docker_install_criu: false diff --git a/tasks/cri-dockerd.yaml b/tasks/cri-dockerd.yaml new file mode 100644 index 00000000..fa3c19cd --- /dev/null +++ b/tasks/cri-dockerd.yaml @@ -0,0 +1,36 @@ +--- +- name: Download cri-dockerd tarball + get_url: + url: https://github.com/Mirantis/cri-dockerd/releases/download/v{{ kube_cri_dockerd_version }}/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64.tar.gz + dest: /tmp/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64.tar.gz + +- name: Extract cri-dockerd tarball + unarchive: + src: /tmp/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64.tar.gz + dest: /tmp + remote_src: yes + +- name: Copy cri-dockerd binary + copy: + src: /tmp/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64/cri-dockerd + dest: /usr/bin/cri-dockerd + mode: '0755' + +- name: Download cri-docker service and socket + get_url: + url: https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/{{ item }} + dest: /etc/systemd/system/{{ item }} + mode: '0644' + loop: + - cri-docker.service + - cri-docker.socket + +- name: Enable cri-dockerd service + systemd: + name: "{{ item }}" + enabled: yes + daemon_reload: yes + state: started + loop: + - cri-docker.service + - cri-docker.socket diff --git a/tasks/main.yaml b/tasks/main.yaml index ed1e8e1e..85826bcb 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -8,6 +8,10 @@ regexp: '^([^#].*?\sswap\s+sw.*)$' replace: '# \1' +- name: Include cri-docker tasks + include_tasks: "cri-docker.yaml" + when: kube_cri_runtime == "docker" + - name: Include "{{kube_install_method}}" tasks include_tasks: "{{kube_install_method}}.yaml" From 8257ba34d28c00023381439af6f26c224a9e8d40 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 12:49:29 +0200 Subject: [PATCH 04/16] Move cri-dockerd to kubeadm install --- tasks/kubeadm.yaml | 4 ++++ tasks/main.yaml | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/kubeadm.yaml b/tasks/kubeadm.yaml index ba236e0d..7de34b09 100644 --- a/tasks/kubeadm.yaml +++ b/tasks/kubeadm.yaml @@ -1,3 +1,7 @@ +- name: Include cri-docker tasks + include_tasks: "cri-docker.yaml" + when: kube_cri_runtime == "docker" + - name: Check kube version shell: kubeadm version -o short | cut -d 'v' -f 2 register: kubeadm_output diff --git a/tasks/main.yaml b/tasks/main.yaml index 85826bcb..ed1e8e1e 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -8,10 +8,6 @@ regexp: '^([^#].*?\sswap\s+sw.*)$' replace: '# \1' -- name: Include cri-docker tasks - include_tasks: "cri-docker.yaml" - when: kube_cri_runtime == "docker" - - name: Include "{{kube_install_method}}" tasks include_tasks: "{{kube_install_method}}.yaml" From 86768867fb3676e59240e15fb5405a625e8de93b Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 12:57:44 +0200 Subject: [PATCH 05/16] Add docker test --- .github/workflows/main.yaml | 35 +++++++++++++++++++++++++++++++++++ tests/test-docker.yml | 18 ++++++++++++++++++ tests/test.yml | 2 -- 3 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 tests/test-docker.yml diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index b76e5dfc..4092e96b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -117,5 +117,40 @@ jobs: - name: Basic role check in wn run: sudo ansible-playbook tests/test-crio.yml -i tests/inventory -e kube_type_of_node=wn -e kube_server=localhost + - name: Test nodes + run: sudo kubectl -s https://localhost:6443 --insecure-skip-tls-verify --kubeconfig /etc/kubernetes/admin.conf get nodes + + test-docker: + + runs-on: ubuntu-latest + + steps: + - name: checkout + uses: actions/checkout@v3 + + - name: Install python + run: sudo apt update && sudo apt install -y python3 python3-pip python3-setuptools + + - name: Remove pre-installed kubectl to avoid errors + run: sudo apt remove buildah podman -y + + - name: Install Ansible + run: sudo pip3 install dnspython ansible==2.9.22 + + - name: Create ansible.cfg with correct roles_path + run: sudo printf '[defaults]\nhost_key_checking = False\nroles_path=../' > ansible.cfg + + - name: Install geerlingguy.ntp + run: sudo ansible-galaxy install geerlingguy.ntp grycap.docker grycap.cri_o + + - name: Basic role syntax check + run: sudo ansible-playbook tests/test-docker.yml -i tests/inventory --syntax-check + + - name: Basic role check in front + run: sudo ansible-playbook tests/test-docker.yml -i tests/inventory + + - name: Basic role check in wn + run: sudo ansible-playbook tests/test-docker.yml -i tests/inventory -e kube_type_of_node=wn -e kube_server=localhost + - name: Test nodes run: sudo kubectl -s https://localhost:6443 --insecure-skip-tls-verify --kubeconfig /etc/kubernetes/admin.conf get nodes \ No newline at end of file diff --git a/tests/test-docker.yml b/tests/test-docker.yml new file mode 100644 index 00000000..d788f461 --- /dev/null +++ b/tests/test-docker.yml @@ -0,0 +1,18 @@ +--- +- hosts: localhost + roles: + - role: ansible-role-kubernetes + kube_install_metrics: true + kube_cert_manager: true + kube_install_kubeapps: false + kube_install_kyverno: false + kube_deploy_dashboard: true + kube_install_ingress: true + kube_public_dns_name: test.domain.com + kube_docker_options: + data-root: /var/lib/docker + kube_version: 1.25.3 + kube_cri_runtime: docker + kube_install_docker_pip: true + kubelet_extra_args_dict: + node-labels: somelabel diff --git a/tests/test.yml b/tests/test.yml index c3e0b0f6..0459d3e1 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -9,8 +9,6 @@ kube_deploy_dashboard: true kube_install_ingress: true kube_public_dns_name: test.domain.com - kube_docker_options: - data-root: /var/lib/docker kube_version: 1.25.3 kube_cri_runtime: containerd kube_install_docker_pip: true From 9a71b6e61e1ed71ca0b3fedbc9846c72b847dc07 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:03:02 +0200 Subject: [PATCH 06/16] fix --- meta/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index ec42554b..8e14e7df 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -20,7 +20,7 @@ dependencies: ntp_servers: "{{ kube_ntp_servers }}" when: kube_ntp_servers != [] - role: 'grycap.docker' - docker_version: "{{ kube_docker_version | default('19.03.15', true) }}" + docker_version: "{{ kube_docker_version | default('latest', true) }}" docker_config_values: "{{ {'exec-opts': ['native.cgroupdriver=systemd'], 'log-driver': 'json-file', 'log-opts': {'max-size': '100m'}, 'storage-driver': 'devicemapper'} | combine(kube_docker_options) }}" docker_nvidia_support: '{{ kube_nvidia_support and kube_type_of_node == "wn" }}' docker_install_criu: false @@ -30,7 +30,7 @@ dependencies: docker_nvidia_driver_version: "{{ kube_nvidia_driver_version }}" when: ansible_os_family == "RedHat" and kube_install_method == 'kubeadm' and kube_cri_runtime != 'crio' - role: 'grycap.docker' - docker_version: "{{ kube_docker_version | default('5:19.03.11~3-0~' + (ansible_distribution | lower) + '-' + ansible_distribution_release, true) }}" + docker_version: "{{ kube_docker_version | default('latest', true) }}" docker_config_values: "{{ {'exec-opts': ['native.cgroupdriver=systemd'], 'log-driver': 'json-file', 'log-opts': {'max-size': '100m'}, 'storage-driver': 'overlay2'} | combine(kube_docker_options) }}" docker_nvidia_support: '{{ kube_nvidia_support and kube_type_of_node == "wn" }}' docker_install_criu: false From 6dcb551c83a8054c38550a47cfe7a961a125b04d Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:10:45 +0200 Subject: [PATCH 07/16] fix test --- .github/workflows/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 4092e96b..4336e9e1 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -132,7 +132,7 @@ jobs: run: sudo apt update && sudo apt install -y python3 python3-pip python3-setuptools - name: Remove pre-installed kubectl to avoid errors - run: sudo apt remove buildah podman -y + run: sudo apt remove buildah podman docker -y - name: Install Ansible run: sudo pip3 install dnspython ansible==2.9.22 From 1a553f0a0f7494d9919972faf72e7e21c20a77a3 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:21:48 +0200 Subject: [PATCH 08/16] Add kube_cri_runtime_install var --- .github/workflows/main.yaml | 2 +- defaults/main.yml | 2 ++ meta/main.yml | 6 +++--- tests/test-docker.yml | 3 +-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 4336e9e1..4092e96b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -132,7 +132,7 @@ jobs: run: sudo apt update && sudo apt install -y python3 python3-pip python3-setuptools - name: Remove pre-installed kubectl to avoid errors - run: sudo apt remove buildah podman docker -y + run: sudo apt remove buildah podman -y - name: Install Ansible run: sudo pip3 install dnspython ansible==2.9.22 diff --git a/defaults/main.yml b/defaults/main.yml index 5cd1a706..4b441f2a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,6 +25,8 @@ kubelet_extra_args_dict: {} kube_apiserver_options: [] # CRI runtime kube_cri_runtime: docker # docker, containerd or crio +# Install CRI runtime +kube_cri_runtime_install: true # CRI dockerd version kube_cri_dockerd_version: "0.3.4" # Flag to set HELM to be installed diff --git a/meta/main.yml b/meta/main.yml index 8e14e7df..18ce24cd 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -28,7 +28,7 @@ dependencies: docker_compose_version: "" docker_containerd_only: "{{ (kube_cri_runtime == 'containerd') | bool }}" docker_nvidia_driver_version: "{{ kube_nvidia_driver_version }}" - when: ansible_os_family == "RedHat" and kube_install_method == 'kubeadm' and kube_cri_runtime != 'crio' + when: ansible_os_family == "RedHat" and kube_install_method == 'kubeadm' and kube_cri_runtime != 'crio' and kube_cri_runtime_install - role: 'grycap.docker' docker_version: "{{ kube_docker_version | default('latest', true) }}" docker_config_values: "{{ {'exec-opts': ['native.cgroupdriver=systemd'], 'log-driver': 'json-file', 'log-opts': {'max-size': '100m'}, 'storage-driver': 'overlay2'} | combine(kube_docker_options) }}" @@ -38,7 +38,7 @@ dependencies: docker_compose_version: "" docker_containerd_only: "{{ (kube_cri_runtime == 'containerd') | bool }}" docker_nvidia_driver_version: "{{ kube_nvidia_driver_version }}" - when: ansible_os_family == "Debian" and kube_install_method == 'kubeadm' and kube_cri_runtime != 'crio' + when: ansible_os_family == "Debian" and kube_install_method == 'kubeadm' and kube_cri_runtime != 'crio' and kube_cri_runtime_install - role: 'grycap.cri_o' - when: ansible_os_family == "Debian" and kube_install_method == 'kubeadm' and kube_cri_runtime == 'crio' + when: ansible_os_family == "Debian" and kube_install_method == 'kubeadm' and kube_cri_runtime == 'crio' and kube_cri_runtime_install \ No newline at end of file diff --git a/tests/test-docker.yml b/tests/test-docker.yml index d788f461..77866b72 100644 --- a/tests/test-docker.yml +++ b/tests/test-docker.yml @@ -9,10 +9,9 @@ kube_deploy_dashboard: true kube_install_ingress: true kube_public_dns_name: test.domain.com - kube_docker_options: - data-root: /var/lib/docker kube_version: 1.25.3 kube_cri_runtime: docker + kube_cri_runtime_install: false kube_install_docker_pip: true kubelet_extra_args_dict: node-labels: somelabel From a69b3f53755375357ad84a29fab04053e14e75d7 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:25:23 +0200 Subject: [PATCH 09/16] fix typo --- tasks/kubeadm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/kubeadm.yaml b/tasks/kubeadm.yaml index 7de34b09..2281c947 100644 --- a/tasks/kubeadm.yaml +++ b/tasks/kubeadm.yaml @@ -1,5 +1,5 @@ - name: Include cri-docker tasks - include_tasks: "cri-docker.yaml" + include_tasks: "cri-dockerd.yaml" when: kube_cri_runtime == "docker" - name: Check kube version From ace56f6cb40e9197f429c5b926276ceccb1cbd69 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:30:11 +0200 Subject: [PATCH 10/16] fix filename --- tasks/cri-dockerd.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/cri-dockerd.yaml b/tasks/cri-dockerd.yaml index fa3c19cd..443a4f7d 100644 --- a/tasks/cri-dockerd.yaml +++ b/tasks/cri-dockerd.yaml @@ -1,18 +1,18 @@ --- - name: Download cri-dockerd tarball get_url: - url: https://github.com/Mirantis/cri-dockerd/releases/download/v{{ kube_cri_dockerd_version }}/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64.tar.gz - dest: /tmp/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64.tar.gz + utl: https://github.com/Mirantis/cri-dockerd/releases/download/v{{ kube_cri_dockerd_version }}/cri-dockerd-{{ kube_cri_dockerd_version }}.amd64.tgz + dest: /tmp/cri-dockerd-{{ kube_cri_dockerd_version }}.amd64.tgz - name: Extract cri-dockerd tarball unarchive: - src: /tmp/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64.tar.gz + src: /tmp/cri-dockerd-{{ kube_cri_dockerd_version }}.amd64.tgz dest: /tmp remote_src: yes - name: Copy cri-dockerd binary copy: - src: /tmp/cri-dockerd-v{{ kube_cri_dockerd_version }}-linux-amd64/cri-dockerd + src: /tmp/cri-dockerd/cri-dockerd dest: /usr/bin/cri-dockerd mode: '0755' From a2fa580f64b7b2af0ee3670ed9a976e32cd00ea3 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:33:06 +0200 Subject: [PATCH 11/16] fix typo --- tasks/cri-dockerd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/cri-dockerd.yaml b/tasks/cri-dockerd.yaml index 443a4f7d..24696176 100644 --- a/tasks/cri-dockerd.yaml +++ b/tasks/cri-dockerd.yaml @@ -1,7 +1,7 @@ --- - name: Download cri-dockerd tarball get_url: - utl: https://github.com/Mirantis/cri-dockerd/releases/download/v{{ kube_cri_dockerd_version }}/cri-dockerd-{{ kube_cri_dockerd_version }}.amd64.tgz + url: https://github.com/Mirantis/cri-dockerd/releases/download/v{{ kube_cri_dockerd_version }}/cri-dockerd-{{ kube_cri_dockerd_version }}.amd64.tgz dest: /tmp/cri-dockerd-{{ kube_cri_dockerd_version }}.amd64.tgz - name: Extract cri-dockerd tarball From 80fe52bdc563216abfac4095513bbc1dd952c93d Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 31 Jul 2023 13:39:53 +0200 Subject: [PATCH 12/16] set criSocket --- templates/kubeadm-config-join.j2 | 3 +++ templates/kubeadm-config.j2 | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/templates/kubeadm-config-join.j2 b/templates/kubeadm-config-join.j2 index d350e03a..f0a5b295 100644 --- a/templates/kubeadm-config-join.j2 +++ b/templates/kubeadm-config-join.j2 @@ -11,6 +11,9 @@ nodeRegistration: {% for key, value in kubelet_extra_args_dict.items() %} {{key}}: {{value}} {% endfor %} +{% if kube_cri_runtime == "docker" %} + criSocket: "/run/cri-dockerd.sock" +{% endif %} discovery: bootstrapToken: token: "{{kube_token}}" diff --git a/templates/kubeadm-config.j2 b/templates/kubeadm-config.j2 index a1b38835..2091559c 100644 --- a/templates/kubeadm-config.j2 +++ b/templates/kubeadm-config.j2 @@ -41,3 +41,7 @@ bootstrapTokens: - token: "{{kube_token}}" # --token description: "kubeadm bootstrap token" ttl: "{{kube_token_ttl}}" # --token-ttl +{% if kube_cri_runtime == "docker" %} +nodeRegistration: + criSocket: "/run/cri-dockerd.sock" +{% endif %} \ No newline at end of file From aa41b57573b867789d42939a71c27d812d2a4a9a Mon Sep 17 00:00:00 2001 From: Miguel Caballer Fernandez Date: Mon, 4 Sep 2023 10:09:02 +0200 Subject: [PATCH 13/16] Fix typo --- tests/test-crio.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test-crio.yml b/tests/test-crio.yml index 252f9ed3..2169949b 100644 --- a/tests/test-crio.yml +++ b/tests/test-crio.yml @@ -11,5 +11,5 @@ kube_public_dns_name: test.domain.com kube_version: 1.25.3 kube_cri_runtime: crio - kubelet_extra_args: + kubelet_extra_args_dict: node-labels: somelabel From 351bb973f5616702462a517a33eb47a9721c80d7 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Fernandez Date: Mon, 4 Sep 2023 10:10:12 +0200 Subject: [PATCH 14/16] mantain cgroup-driver param --- tasks/wn.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/wn.yaml b/tasks/wn.yaml index a43f8d7f..58f83769 100644 --- a/tasks/wn.yaml +++ b/tasks/wn.yaml @@ -46,7 +46,7 @@ - name: Add KUBELET_EXTRA_ARGS lineinfile: dest: "{{item}}/kubelet" - line: 'KUBELET_EXTRA_ARGS={{kubelet_extra_args}}' + line: 'KUBELET_EXTRA_ARGS=--cgroup-driver=systemd {{kubelet_extra_args}}' regexp: 'KUBELET_EXTRA_ARGS=' create: yes notify: restart kubelet From 69519d454f36f08dc506348701da7b26ab3e639b Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 4 Sep 2023 13:11:00 +0200 Subject: [PATCH 15/16] minor change --- tasks/cert-manager.yaml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tasks/cert-manager.yaml b/tasks/cert-manager.yaml index d11071cb..a3ee85ad 100644 --- a/tasks/cert-manager.yaml +++ b/tasks/cert-manager.yaml @@ -37,11 +37,12 @@ - cert-manager-cainjector - cert-manager-webhook - - template: src=dns01_secret.j2 dest=/tmp/dns01_secret.yaml - - name: Create DNS01 secret - command: kubectl apply -f /tmp/dns01_secret.yaml - environment: - KUBECONFIG: "{{KUBECONFIG}}" + - block: + - template: src=dns01_secret.j2 dest=/tmp/dns01_secret.yaml + - name: Create DNS01 secret + command: kubectl apply -f /tmp/dns01_secret.yaml + environment: + KUBECONFIG: "{{KUBECONFIG}}" when: kube_cert_manager_challenge == "dns01" - template: src=prod_issuer.j2 dest=/tmp/prod_issuer.yaml @@ -50,11 +51,12 @@ environment: KUBECONFIG: "{{KUBECONFIG}}" - - template: src=wildcard_cert.j2 dest=/tmp/wildcard_cert.yaml - - name: Create Let's encrypt Wildcard Certificate for '{{ kube_cert_manager_wildcard_cert_dns_name }}' - command: kubectl apply -f /tmp/wildcard_cert.yaml - environment: - KUBECONFIG: "{{KUBECONFIG}}" + - block: + - template: src=wildcard_cert.j2 dest=/tmp/wildcard_cert.yaml + - name: Create Let's encrypt Wildcard Certificate for '{{ kube_cert_manager_wildcard_cert_dns_name }}' + command: kubectl apply -f /tmp/wildcard_cert.yaml + environment: + KUBECONFIG: "{{KUBECONFIG}}" when: kube_cert_manager_wildcard_cert_dns_name != '' and kube_cert_manager_challenge == 'dns01' when: kube_cert_manager | bool From 5f844c71c74a1d8d57bf6c1068a4b3c2e191b5d6 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Mon, 4 Sep 2023 13:22:25 +0200 Subject: [PATCH 16/16] fix cert-manager test --- tasks/cert-manager.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tasks/cert-manager.yaml b/tasks/cert-manager.yaml index a3ee85ad..d98b7804 100644 --- a/tasks/cert-manager.yaml +++ b/tasks/cert-manager.yaml @@ -27,6 +27,7 @@ command: kubectl apply -f /tmp/cert-manager.yaml environment: KUBECONFIG: "{{KUBECONFIG}}" + register: cert_manager - name: Wait for cert-manager ready status command: kubectl rollout status deployment/{{ item }} -n cert-manager @@ -37,6 +38,11 @@ - cert-manager-cainjector - cert-manager-webhook + - name: Pause for 5 seconds to wait cert-manager to fully start + pause: + seconds: 5 + when: cert_manager is changed + - block: - template: src=dns01_secret.j2 dest=/tmp/dns01_secret.yaml - name: Create DNS01 secret