From 5789dc839c8301415b1763593194aa1bd65f4fe8 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Tue, 25 Nov 2025 17:10:38 +0100 Subject: [PATCH] control-plane: fix first_kube_control_plane delegation with kube_override_hostname (#12636) * control-plane: fix first_kube_control_plane delegation with kube_override_hostname When kube_override_hostname is configured, the node names reported by `kubectl get nodes` differ from the inventory_hostname known to Ansible. This causes delegation failures in subsequent tasks since Ansible cannot resolve the hostname from kubectl output to an inventory host. Signed-off-by: Seena Fallah * control-plane: remove fragile first_control_plane selection logic Current implementation breaks with kube_override_hostname and has multiple edge cases. Drop until proper kubectl-based node lookup can be implemented. Signed-off-by: Seena Fallah --------- Signed-off-by: Seena Fallah --- docs/operations/nodes.md | 2 ++ .../tasks/define-first-kube-control.yml | 19 ------------------- roles/kubernetes/control-plane/tasks/main.yml | 3 --- .../kubespray_defaults/defaults/main/main.yml | 2 ++ 4 files changed, 4 insertions(+), 22 deletions(-) delete mode 100644 roles/kubernetes/control-plane/tasks/define-first-kube-control.yml diff --git a/docs/operations/nodes.md b/docs/operations/nodes.md index 1c21d6c46..5e6941f5f 100644 --- a/docs/operations/nodes.md +++ b/docs/operations/nodes.md @@ -31,6 +31,8 @@ That's it. Append the new host to the inventory and run `cluster.yml`. You can NOT use `scale.yml` for that. +**Note:** When adding new control plane nodes, always append them to the end of the `kube_control_plane` group in your inventory. Adding control plane nodes in the first position is not supported and will cause the playbook to fail. + ### 2) Restart kube-system/nginx-proxy In all hosts, restart nginx-proxy pod. This pod is a local proxy for the apiserver. Kubespray will update its static config, but it needs to be restarted in order to reload. diff --git a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml b/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml deleted file mode 100644 index 5faa18485..000000000 --- a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Check which kube-control nodes are already members of the cluster - command: "{{ bin_dir }}/kubectl get nodes --selector=node-role.kubernetes.io/control-plane -o json" - register: kube_control_planes_raw - ignore_errors: true - changed_when: false - -- name: Set fact joined_control_planes - set_fact: - joined_control_planes: "{{ ((kube_control_planes_raw.stdout | from_json)['items']) | default([]) | map(attribute='metadata') | map(attribute='name') | list }}" - delegate_to: "{{ item }}" - loop: "{{ groups['kube_control_plane'] }}" - when: kube_control_planes_raw is succeeded - run_once: true - -- name: Set fact first_kube_control_plane - set_fact: - first_kube_control_plane: "{{ joined_control_planes | default([]) | first | default(groups['kube_control_plane'] | first) }}" diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index a10ad9b8e..a2af046c2 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -92,9 +92,6 @@ - upgrade ignore_errors: true # noqa ignore-errors -- name: Define nodes already joined to existing cluster and first_kube_control_plane - import_tasks: define-first-kube-control.yml - - name: Include kubeadm setup import_tasks: kubeadm-setup.yml diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml index cd318180c..17289f0db 100644 --- a/roles/kubespray_defaults/defaults/main/main.yml +++ b/roles/kubespray_defaults/defaults/main/main.yml @@ -632,6 +632,8 @@ ssl_ca_dirs: |- {% endif -%} ] +# used for delegating tasks on a working control plane node +first_kube_control_plane: "{{ groups['kube_control_plane'] | first }}" # Vars for pointing to kubernetes api endpoints kube_apiserver_count: "{{ groups['kube_control_plane'] | length }}" kube_apiserver_address: "{{ hostvars[inventory_hostname]['main_ip'] }}"