Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 (#4952)

* Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 Change-Id: If42c2c75c4d278ba9475ebf76c243f3e6ee4d02e * undo renaming cloud config file Change-Id: Iafbd27c3887d6a2a6d0819c711f150ecf70c515d
2026-05-22 16:27:51 -02:30 · 2019-07-09 15:41:59 +03:00
parent a67a50f9c0
commit 352297cf8d
8 changed files with 79 additions and 16 deletions
--- a/roles/kubernetes/kubeadm/defaults/main.yml
+++ b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -1,6 +1,9 @@
 ---
 # discovery_timeout modifies the discovery timeout
-discovery_timeout: 5m0s
+# This value must be smaller than kubeadm_join_timeout
+discovery_timeout: 60s
+kubeadm_join_timeout: 120s
+
 # Optionally remove kube_proxy installed by kubeadm
 kube_proxy_remove: false

--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -10,15 +10,24 @@
  tags:
    - facts

-
 - name: Check if kubelet.conf exists
  stat:
    path: "{{ kube_config_dir }}/kubelet.conf"
  register: kubelet_conf

+- name: Check if kubeadm CA cert is accessible
+  stat:
+    path: "{{ kube_cert_dir }}/ca.crt"
+  register: kubeadm_ca_stat
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
+
 - name: Calculate kubeadm CA cert hash
  shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  register: kubeadm_ca_hash
+  when:
+    - kubeadm_ca_stat.stat is defined
+    - kubeadm_ca_stat.stat.exists
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

@@ -58,23 +67,21 @@

    - name: Join to cluster
      command: >-
+        timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
        {{ bin_dir }}/kubeadm join
        --config {{ kube_config_dir }}/kubeadm-client.conf
        --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
      register: kubeadm_join
-      async: 120
-      poll: 15

  rescue:

    - name: Join to cluster with ignores
      command: >-
+        timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
        {{ bin_dir }}/kubeadm join
        --config {{ kube_config_dir }}/kubeadm-client.conf
        --ignore-preflight-errors=all
      register: kubeadm_join
-      async: 180
-      poll: 15

  always:

@@ -85,12 +92,6 @@
          Joined with warnings
          {{ kubeadm_join.stderr_lines }}

- name: Wait for kubelet bootstrap to create config
-  wait_for:
-    path: "{{ kube_config_dir }}/kubelet.conf"
-    delay: 1
-    timeout: 60
-
 - name: Update server field in kubelet kubeconfig
  lineinfile:
    dest: "{{ kube_config_dir }}/kubelet.conf"
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
@@ -9,8 +9,12 @@ discovery:
    apiServerEndpoint: {{ kubeadm_discovery_address }}
 {% endif %}
    token: {{ kubeadm_token }}
+{% if kubeadm_ca_hash.stdout is defined %}
    caCertHashes:
    - sha256:{{ kubeadm_ca_hash.stdout }}
+{% else %}
+    unsafeSkipCAVerification: true
+{% endif %}
  timeout: {{ discovery_timeout }}
  tlsBootstrapToken: {{ kubeadm_token }}
 caCertPath: {{ kube_cert_dir }}/ca.crt