Switch to kubeadm deployment mode (#3461)

* Switch to kubeadm deployment mode Discuss:https://github.com/kubernetes-incubator/kubespray/issues/3301 * Add non-kubeadm upgrage to kubeadm cluster
2026-02-01 17:48:12 -03:30 · 2018-11-21 17:35:40 +08:00
parent 7875c38023
commit 0cfcd39d55
15 changed files with 64 additions and 39 deletions
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -87,9 +87,9 @@

 - name: Update server field in kube-proxy kubeconfig
  shell: >-
-    {{ bin_dir }}/kubectl get configmap kube-proxy -n kube-system -o yaml
+    {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
    | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
-    | {{ bin_dir }}/kubectl replace -f -
+    | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when:
@@ -110,7 +110,7 @@
  when: kube_network_plugin in ['calico','canal']

 - name: Restart all kube-proxy pods to ensure that they load the new configmap
-  shell: "{{ bin_dir }}/kubectl delete pod -n kube-system -l k8s-app=kube-proxy"
+  shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy"
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when:
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
@@ -18,4 +18,8 @@ nodeRegistration:
  name: {{ inventory_hostname  }}
 {% if container_manager == 'crio' %}
  criSocket: /var/run/crio/crio.sock
+{% elif container_manager == 'rkt' %}
+  criSocket: /var/run/rkt.sock
+{% else %}
+  criSocket: /var/run/dockershim.sock
 {% endif %}
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
@@ -18,6 +18,8 @@ nodeRegistration:
  name: {{ inventory_hostname  }}
 {% if container_manager == 'crio' %}
  criSocket: /var/run/crio/crio.sock
+{% elif container_manager == 'rkt' %}
+  criSocket: /var/run/rkt.sock
 {% else %}
  criSocket: /var/run/dockershim.sock
 {% endif %}
--- a/roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
@@ -15,4 +15,6 @@
    - {src: front-proxy-client-key.pem, dest: front-proxy-client.key}
    - {src: service-account-key.pem, dest: sa.pub}
    - {src: service-account-key.pem, dest: sa.key}
+    - {src: "node-{{ inventory_hostname }}.pem", dest: apiserver-kubelet-client.crt }
+    - {src: "node-{{ inventory_hostname }}-key.pem", dest: apiserver-kubelet-client.key }
  register: kubeadm_copy_old_certs
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -6,6 +6,10 @@
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true

+- name: kubeadm | Migrate old certs if necessary
+  import_tasks: kubeadm-migrate-certs.yml
+  when: old_apiserver_cert.stat.exists
+
 - name: kubeadm | Check service account key
  stat:
    path: "{{ kube_cert_dir }}/sa.key"
@@ -219,7 +223,7 @@
  when: old_apiserver_cert.stat.exists

 - name: kubeadm | Remove taint for master with node role
-  command: "{{ bin_dir }}/kubectl taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
+  command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
  delegate_to: "{{groups['kube-master']|first}}"
  when: inventory_hostname in groups['kube-node']
  failed_when: false
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -171,11 +171,17 @@ nodeRegistration:
 {% if kube_override_hostname|default('') %}
  name: {{ kube_override_hostname }}
 {% endif %}
+{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
+{% endif %}
 {% if container_manager == 'crio' %}
  criSocket: /var/run/crio/crio.sock
+{% elif container_manager == 'rkt' %}
+  criSocket: /var/run/rkt.sock
+{% else %}
+  criSocket: /var/run/dockershim.sock
 {% endif %}
 {% if dynamic_kubelet_configuration %}
 featureGates:
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -7,11 +7,15 @@ nodeRegistration:
 {% if kube_override_hostname|default('') %}
  name: {{ kube_override_hostname }}
 {% endif %}
+{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
+{% endif %}
 {% if container_manager == 'crio' %}
  criSocket: /var/run/crio/crio.sock
+{% elif container_manager == 'rkt' %}
+  criSocket: /var/run/rkt.sock
 {% else %}
  criSocket: /var/run/dockershim.sock
 {% endif %}
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -231,8 +231,8 @@ cert_management: script

 helm_deployment_type: host

-# Enable kubeadm deployment (experimental)
-kubeadm_enabled: false
+# Enable kubeadm deployment
+kubeadm_enabled: true

 # Make a copy of kubeconfig on the host that runs Ansible in {{ inventory_dir }}/artifacts
 kubeconfig_localhost: false