diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml index dc988065c..5c706d8f3 100644 --- a/roles/download/tasks/prep_kubeadm_images.yml +++ b/roles/download/tasks/prep_kubeadm_images.yml @@ -19,7 +19,7 @@ src: "kubeadm-images.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-images.yaml" mode: "0644" - validate: "{{ bin_dir }}/kubeadm config validate --config %s" + validate: "{{ kubeadm_config_validate_enabled | ternary(bin_dir + '/kubeadm config validate --config %s', omit) }}" when: - not skip_kubeadm_images | default(false) diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml index 4aa5e8424..c797a882c 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml @@ -36,7 +36,7 @@ dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" mode: "0640" backup: true - validate: "{{ bin_dir }}/kubeadm config validate --config %s" + validate: "{{ kubeadm_config_validate_enabled | ternary(bin_dir + '/kubeadm config validate --config %s', omit) }}" when: - inventory_hostname != first_kube_control_plane - not kubeadm_already_run.stat.exists diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index 4adca6151..8e8b05332 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -94,7 +94,7 @@ src: "kubeadm-config.{{ kubeadm_config_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-config.yaml" mode: "0640" - validate: "{{ bin_dir }}/kubeadm config validate --config %s" + validate: "{{ kubeadm_config_validate_enabled | ternary(bin_dir + '/kubeadm config validate --config %s', omit) }}" - name: Kubeadm | Create directory to store admission control configurations file: diff --git a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml index 2805e192e..21ecf7fde 100644 --- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml +++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml @@ -9,7 +9,7 @@ src: "kubeadm-client.conf.j2" dest: "{{ kube_config_dir }}/kubeadm-cert-controlplane.conf" mode: "0640" - validate: "{{ bin_dir }}/kubeadm config validate --config %s" + validate: "{{ kubeadm_config_validate_enabled | ternary(bin_dir + '/kubeadm config validate --config %s', omit) }}" vars: kubeadm_cert_controlplane: true diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 2ef7376a9..a334a78c2 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -75,7 +75,7 @@ dest: "{{ kube_config_dir }}/kubeadm-client.conf" backup: true mode: "0640" - validate: "{{ bin_dir }}/kubeadm config validate --config %s" + validate: "{{ kubeadm_config_validate_enabled | ternary(bin_dir + '/kubeadm config validate --config %s', omit) }}" when: ('kube_control_plane' not in group_names) - name: Join to cluster if needed diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml index d7b03d2ab..fbbc65696 100644 --- a/roles/kubespray-defaults/defaults/main/main.yml +++ b/roles/kubespray-defaults/defaults/main/main.yml @@ -30,6 +30,10 @@ kube_proxy_mode: ipvs # If kube_version is v1.31 or higher, it will be v1beta4, otherwise it will be v1beta3. kubeadm_config_api_version: "{{ 'v1beta4' if kube_version is version('v1.31.0', '>=') else 'v1beta3' }}" +# Debugging option for the kubeadm config validate command +# Set to false only for development and testing scenarios where validation is expected to fail (pre-release Kubernetes versions, etc.) +kubeadm_config_validate_enabled: true + ## The timeout for init first control-plane kubeadm_init_timeout: 300s