From ba70ed35f0e79c062c022e80737741b201c7a8a0 Mon Sep 17 00:00:00 2001 From: Srishti Jaiswal <96656007+Srishti-j18@users.noreply.github.com> Date: Wed, 11 Mar 2026 20:27:38 +0530 Subject: [PATCH] Remove kubeadm config api version: v1beta3 for kubeadm config template (#13027) --- .../download/templates/kubeadm-images.yaml.j2 | 4 +- .../control-plane/tasks/kubeadm-setup.yml | 2 +- .../control-plane/tasks/kubeadm-upgrade.yml | 23 - .../templates/kubeadm-config.v1beta3.yaml.j2 | 445 ------------------ .../templates/kubeadm-controlplane.yaml.j2 | 7 +- .../kubeadm/templates/kubeadm-client.conf.j2 | 7 +- .../kubespray_defaults/defaults/main/main.yml | 4 - 7 files changed, 5 insertions(+), 487 deletions(-) delete mode 100644 roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 diff --git a/roles/download/templates/kubeadm-images.yaml.j2 b/roles/download/templates/kubeadm-images.yaml.j2 index 7128c75d4..d14e1958d 100644 --- a/roles/download/templates/kubeadm-images.yaml.j2 +++ b/roles/download/templates/kubeadm-images.yaml.j2 @@ -1,9 +1,9 @@ -apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }} +apiVersion: kubeadm.k8s.io/v1beta4 kind: InitConfiguration nodeRegistration: criSocket: {{ cri_socket }} --- -apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }} +apiVersion: kubeadm.k8s.io/v1beta4 kind: ClusterConfiguration imageRepository: {{ kubeadm_image_repo }} kubernetesVersion: v{{ kube_version }} diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index 4f3a6e7c8..3c692245c 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -95,7 +95,7 @@ - name: Kubeadm | Create kubeadm config template: - src: "kubeadm-config.{{ kubeadm_config_api_version }}.yaml.j2" + src: "kubeadm-config.v1beta4.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-config.yaml" mode: "0640" validate: "{{ kubeadm_config_validate_enabled | ternary(bin_dir + '/kubeadm config validate --config %s', omit) }}" diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index 523956d1d..f075814c9 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -2,44 +2,21 @@ - name: Ensure kube-apiserver is up before upgrade import_tasks: check-api.yml - # kubeadm-config.v1beta4 with UpgradeConfiguration requires some values that were previously allowed as args to be specified in the config file - # TODO: Remove --skip-phases from command when v1beta4 UpgradeConfiguration supports skipPhases - name: Kubeadm | Upgrade first control plane node to {{ kube_version }} command: >- timeout -k 600s 600s {{ bin_dir }}/kubeadm upgrade apply -y v{{ kube_version }} - {%- if kubeadm_config_api_version == 'v1beta3' %} - --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }} - --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }} - --allow-experimental-upgrades - --etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | lower }} - {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %} - --force - {%- else %} --config={{ kube_config_dir }}/kubeadm-config.yaml - {%- endif %} - {%- if kube_version is version('1.32.0', '>=') %} - --skip-phases={{ kubeadm_init_phases_skip | join(',') }} - {%- endif %} register: kubeadm_upgrade when: inventory_hostname == first_kube_control_plane failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr environment: PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" -# TODO: When we retire kubeadm-config.v1beta3, remove --certificate-renewal, --ignore-preflight-errors, --etcd-upgrade, --patches, and --skip-phases from command, since v1beta4+ supports these in UpgradeConfiguration.node - name: Kubeadm | Upgrade other control plane nodes to {{ kube_version }} command: >- {{ bin_dir }}/kubeadm upgrade node - {%- if kubeadm_config_api_version == 'v1beta3' %} - --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }} - --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }} - --etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | lower }} - {% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %} - {%- else %} --config={{ kube_config_dir }}/kubeadm-config.yaml - {%- endif %} - --skip-phases={{ kubeadm_upgrade_node_phases_skip | join(',') }} register: kubeadm_upgrade when: inventory_hostname != first_kube_control_plane failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 deleted file mode 100644 index 0f8e52eb9..000000000 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 +++ /dev/null @@ -1,445 +0,0 @@ -apiVersion: kubeadm.k8s.io/v1beta3 -kind: InitConfiguration -{% if kubeadm_token is defined %} -bootstrapTokens: -- token: "{{ kubeadm_token }}" - description: "kubespray kubeadm bootstrap token" - ttl: "24h" -{% endif %} -localAPIEndpoint: - advertiseAddress: "{{ kube_apiserver_address }}" - bindPort: {{ kube_apiserver_port }} -{% if kubeadm_certificate_key is defined %} -certificateKey: {{ kubeadm_certificate_key }} -{% endif %} -nodeRegistration: -{% if kube_override_hostname | default('') %} - name: "{{ kube_override_hostname }}" -{% endif %} -{% if 'kube_control_plane' in group_names and 'kube_node' not in group_names %} - taints: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane -{% else %} - taints: [] -{% endif %} - criSocket: {{ cri_socket }} -{% if cloud_provider == "external" %} - kubeletExtraArgs: - cloud-provider: external -{% endif %} -{% if kubeadm_patches | length > 0 %} -patches: - directory: {{ kubeadm_patches_dir }} -{% endif %} ---- -apiVersion: kubeadm.k8s.io/v1beta3 -kind: ClusterConfiguration -clusterName: {{ cluster_name }} -etcd: -{% if etcd_deployment_type != "kubeadm" %} - external: - endpoints: -{% for endpoint in etcd_access_addresses.split(',') %} - - "{{ endpoint }}" -{% endfor %} - caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }} - certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }} - keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }} -{% elif etcd_deployment_type == "kubeadm" %} - local: - imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}" - imageTag: "{{ etcd_image_tag }}" - dataDir: "{{ etcd_data_dir }}" - extraArgs: - metrics: {{ etcd_metrics }} - election-timeout: "{{ etcd_election_timeout }}" - heartbeat-interval: "{{ etcd_heartbeat_interval }}" - auto-compaction-retention: "{{ etcd_compaction_retention }}" -{% if etcd_listen_metrics_urls is defined %} - listen-metrics-urls: "{{ etcd_listen_metrics_urls }}" -{% endif %} - snapshot-count: "{{ etcd_snapshot_count }}" - quota-backend-bytes: "{{ etcd_quota_backend_bytes }}" - max-request-bytes: "{{ etcd_max_request_bytes }}" - log-level: "{{ etcd_log_level }}" -{% for key, value in etcd_extra_vars.items() %} - {{ key }}: "{{ value }}" -{% endfor %} - serverCertSANs: -{% for san in etcd_cert_alt_names %} - - "{{ san }}" -{% endfor %} -{% for san in etcd_cert_alt_ips %} - - "{{ san }}" -{% endfor %} - peerCertSANs: -{% for san in etcd_cert_alt_names %} - - "{{ san }}" -{% endfor %} -{% for san in etcd_cert_alt_ips %} - - "{{ san }}" -{% endfor %} -{% endif %} -dns: - imageRepository: {{ coredns_image_repo | regex_replace('/coredns(?!/coredns).*$', '') }} - imageTag: {{ coredns_image_tag }} -networking: - dnsDomain: {{ dns_domain }} - serviceSubnet: "{{ kube_service_subnets }}" -{% if kube_network_plugin is defined and kube_network_plugin not in ["kube-ovn"] %} - podSubnet: "{{ kube_pods_subnets }}" -{% endif %} -{% if kubeadm_feature_gates %} -featureGates: -{% for feature in kubeadm_feature_gates %} - {{ feature | replace("=", ": ") }} -{% endfor %} -{% endif %} -kubernetesVersion: v{{ kube_version }} -{% if kubeadm_config_api_fqdn is defined %} -controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}" -{% else %} -controlPlaneEndpoint: "{{ main_ip | ansible.utils.ipwrap }}:{{ kube_apiserver_port }}" -{% endif %} -certificatesDir: {{ kube_cert_dir }} -imageRepository: {{ kubeadm_image_repo }} -apiServer: - extraArgs: - etcd-compaction-interval: "{{ kube_apiserver_etcd_compaction_interval }}" - default-not-ready-toleration-seconds: "{{ kube_apiserver_pod_eviction_not_ready_timeout_seconds }}" - default-unreachable-toleration-seconds: "{{ kube_apiserver_pod_eviction_unreachable_timeout_seconds }}" -{% if kube_api_anonymous_auth is defined %} -{# TODO: rework once suppport for structured auth lands #} - anonymous-auth: "{{ kube_api_anonymous_auth }}" -{% endif %} -{% if kube_apiserver_use_authorization_config_file %} - authorization-config: "{{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml" -{% else %} - authorization-mode: {{ authorization_modes | join(',') }} -{% endif %} - bind-address: "{{ kube_apiserver_bind_address }}" -{% if kube_apiserver_enable_admission_plugins | length > 0 %} - enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }} -{% endif %} -{% if kube_apiserver_admission_control_config_file %} - admission-control-config-file: {{ kube_config_dir }}/admission-controls.yaml -{% endif %} -{% if kube_apiserver_disable_admission_plugins | length > 0 %} - disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }} -{% endif %} - apiserver-count: "{{ kube_apiserver_count }}" - endpoint-reconciler-type: lease -{% if etcd_events_cluster_enabled %} - etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}" -{% endif %} - service-node-port-range: {{ kube_apiserver_node_port_range }} - service-cluster-ip-range: "{{ kube_service_subnets }}" - kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}" - profiling: "{{ kube_profiling }}" - request-timeout: "{{ kube_apiserver_request_timeout }}" - enable-aggregator-routing: "{{ kube_api_aggregator_routing }}" -{% if kube_token_auth %} - token-auth-file: {{ kube_token_dir }}/known_tokens.csv -{% endif %} -{% if kube_apiserver_service_account_lookup %} - service-account-lookup: "{{ kube_apiserver_service_account_lookup }}" -{% endif %} -{% if kube_oidc_auth and kube_oidc_url is defined and kube_oidc_client_id is defined %} - oidc-issuer-url: "{{ kube_oidc_url }}" - oidc-client-id: "{{ kube_oidc_client_id }}" -{% if kube_oidc_ca_file is defined %} - oidc-ca-file: "{{ kube_oidc_ca_file }}" -{% endif %} -{% if kube_oidc_username_claim is defined %} - oidc-username-claim: "{{ kube_oidc_username_claim }}" -{% endif %} -{% if kube_oidc_groups_claim is defined %} - oidc-groups-claim: "{{ kube_oidc_groups_claim }}" -{% endif %} -{% if kube_oidc_username_prefix is defined %} - oidc-username-prefix: "{{ kube_oidc_username_prefix }}" -{% endif %} -{% if kube_oidc_groups_prefix is defined %} - oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}" -{% endif %} -{% endif %} -{% if kube_webhook_token_auth %} - authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml -{% endif %} -{% if kube_webhook_authorization and not kube_apiserver_use_authorization_config_file %} - authorization-webhook-config-file: {{ kube_config_dir }}/webhook-authorization-config.yaml -{% endif %} -{% if kube_encrypt_secret_data %} - encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml -{% endif %} - storage-backend: {{ kube_apiserver_storage_backend }} -{% if kube_api_runtime_config | length > 0 %} - runtime-config: {{ kube_api_runtime_config | join(',') }} -{% endif %} - allow-privileged: "true" -{% if kubernetes_audit or kubernetes_audit_webhook %} - audit-policy-file: {{ audit_policy_file }} -{% endif %} -{% if kubernetes_audit %} - audit-log-path: "{{ audit_log_path }}" - audit-log-maxage: "{{ audit_log_maxage }}" - audit-log-maxbackup: "{{ audit_log_maxbackups }}" - audit-log-maxsize: "{{ audit_log_maxsize }}" -{% endif %} -{% if kubernetes_audit_webhook %} - audit-webhook-config-file: {{ audit_webhook_config_file }} - audit-webhook-mode: {{ audit_webhook_mode }} -{% if audit_webhook_mode == "batch" %} - audit-webhook-batch-max-size: "{{ audit_webhook_batch_max_size }}" - audit-webhook-batch-max-wait: "{{ audit_webhook_batch_max_wait }}" -{% endif %} -{% endif %} -{% for key in kube_kubeadm_apiserver_extra_args %} - {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}" -{% endfor %} -{% if kube_apiserver_feature_gates or kube_feature_gates %} - feature-gates: "{{ kube_apiserver_feature_gates | default(kube_feature_gates, true) | join(',') }}" -{% endif %} -{% if tls_min_version is defined %} - tls-min-version: {{ tls_min_version }} -{% endif %} -{% if tls_cipher_suites is defined %} - tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %} - -{% endif %} - event-ttl: {{ event_ttl_duration }} -{% if kubelet_rotate_server_certificates %} - kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt -{% endif %} -{% if kube_apiserver_tracing %} - tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml -{% endif %} -{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or apiserver_extra_volumes or ssl_ca_dirs | length %} - extraVolumes: -{% if kube_token_auth %} - - name: token-auth-config - hostPath: {{ kube_token_dir }} - mountPath: {{ kube_token_dir }} -{% endif %} -{% if kube_webhook_token_auth %} - - name: webhook-token-auth-config - hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml - mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml -{% endif %} -{% if kube_webhook_authorization %} - - name: webhook-authorization-config - hostPath: {{ kube_config_dir }}/webhook-authorization-config.yaml - mountPath: {{ kube_config_dir }}/webhook-authorization-config.yaml -{% endif %} -{% if kube_apiserver_use_authorization_config_file %} - - name: authorization-config - hostPath: {{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml - mountPath: {{ kube_config_dir }}/apiserver-authorization-config-{{ kube_apiserver_authorization_config_api_version }}.yaml -{% endif %} -{% if kubernetes_audit or kubernetes_audit_webhook %} - - name: {{ audit_policy_name }} - hostPath: {{ audit_policy_hostpath }} - mountPath: {{ audit_policy_mountpath }} -{% if audit_log_path != "-" %} - - name: {{ audit_log_name }} - hostPath: {{ audit_log_hostpath }} - mountPath: {{ audit_log_mountpath }} - readOnly: false -{% endif %} -{% endif %} -{% if kube_apiserver_admission_control_config_file %} - - name: admission-control-configs - hostPath: {{ kube_config_dir }}/admission-controls - mountPath: {{ kube_config_dir }} - readOnly: false - pathType: DirectoryOrCreate -{% endif %} -{% if kube_apiserver_tracing %} - - name: tracing - hostPath: {{ kube_config_dir }}/tracing - mountPath: {{ kube_config_dir }}/tracing - readOnly: true - pathType: DirectoryOrCreate -{% endif %} -{% for volume in apiserver_extra_volumes %} - - name: {{ volume.name }} - hostPath: {{ volume.hostPath }} - mountPath: {{ volume.mountPath }} - readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }} -{% endfor %} -{% if ssl_ca_dirs | length %} -{% for dir in ssl_ca_dirs %} - - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }} - hostPath: {{ dir }} - mountPath: {{ dir }} - readOnly: true -{% endfor %} -{% endif %} -{% endif %} - certSANs: -{% for san in apiserver_sans %} - - "{{ san }}" -{% endfor %} - timeoutForControlPlane: 5m0s -controllerManager: - extraArgs: - node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} - node-monitor-period: {{ kube_controller_node_monitor_period }} -{% if kube_network_plugin is defined and kube_network_plugin not in ["kube-ovn"] %} - cluster-cidr: "{{ kube_pods_subnets }}" -{% endif %} - service-cluster-ip-range: "{{ kube_service_subnets }}" -{% if kube_network_plugin is defined and kube_network_plugin == "calico" and not calico_ipam_host_local %} - allocate-node-cidrs: "false" -{% else %} -{% if ipv4_stack %} - node-cidr-mask-size-ipv4: "{{ kube_network_node_prefix }}" -{% endif %} -{% if ipv6_stack %} - node-cidr-mask-size-ipv6: "{{ kube_network_node_prefix_ipv6 }}" -{% endif %} -{% endif %} - profiling: "{{ kube_profiling }}" - terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}" - bind-address: "{{ kube_controller_manager_bind_address }}" - leader-elect-lease-duration: {{ kube_controller_manager_leader_elect_lease_duration }} - leader-elect-renew-deadline: {{ kube_controller_manager_leader_elect_renew_deadline }} -{% if kube_controller_feature_gates or kube_feature_gates %} - feature-gates: "{{ kube_controller_feature_gates | default(kube_feature_gates, true) | join(',') }}" -{% endif %} -{% for key in kube_kubeadm_controller_extra_args %} - {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" -{% endfor %} -{% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %} - configure-cloud-routes: "false" -{% endif %} -{% if kubelet_flexvolumes_plugins_dir is defined %} - flex-volume-plugin-dir: {{ kubelet_flexvolumes_plugins_dir }} -{% endif %} -{% if tls_min_version is defined %} - tls-min-version: {{ tls_min_version }} -{% endif %} -{% if tls_cipher_suites is defined %} - tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %} - -{% endif %} -{% if controller_manager_extra_volumes %} - extraVolumes: -{% for volume in controller_manager_extra_volumes %} - - name: {{ volume.name }} - hostPath: {{ volume.hostPath }} - mountPath: {{ volume.mountPath }} - readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }} -{% endfor %} -{% endif %} -scheduler: - extraArgs: - bind-address: "{{ kube_scheduler_bind_address }}" - config: {{ kube_config_dir }}/kubescheduler-config.yaml -{% if kube_scheduler_feature_gates or kube_feature_gates %} - feature-gates: "{{ kube_scheduler_feature_gates | default(kube_feature_gates, true) | join(',') }}" -{% endif %} - profiling: "{{ kube_profiling }}" -{% if kube_kubeadm_scheduler_extra_args | length > 0 %} -{% for key in kube_kubeadm_scheduler_extra_args %} - {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" -{% endfor %} -{% endif %} -{% if tls_min_version is defined %} - tls-min-version: {{ tls_min_version }} -{% endif %} -{% if tls_cipher_suites is defined %} - tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %} - -{% endif %} - extraVolumes: - - name: kubescheduler-config - hostPath: {{ kube_config_dir }}/kubescheduler-config.yaml - mountPath: {{ kube_config_dir }}/kubescheduler-config.yaml - readOnly: true -{% if scheduler_extra_volumes %} -{% for volume in scheduler_extra_volumes %} - - name: {{ volume.name }} - hostPath: {{ volume.hostPath }} - mountPath: {{ volume.mountPath }} - readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }} -{% endfor %} -{% endif %} ---- -apiVersion: kubeproxy.config.k8s.io/v1alpha1 -kind: KubeProxyConfiguration -bindAddress: "{{ kube_proxy_bind_address }}" -clientConnection: - acceptContentTypes: {{ kube_proxy_client_accept_content_types }} - burst: {{ kube_proxy_client_burst }} - contentType: {{ kube_proxy_client_content_type }} - kubeconfig: {{ kube_proxy_client_kubeconfig }} - qps: {{ kube_proxy_client_qps }} -{% if kube_network_plugin is defined and kube_network_plugin not in ["kube-ovn"] %} -clusterCIDR: "{{ kube_pods_subnets }}" -{% endif %} -configSyncPeriod: {{ kube_proxy_config_sync_period }} -conntrack: - maxPerCore: {{ kube_proxy_conntrack_max_per_core }} - min: {{ kube_proxy_conntrack_min }} - tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }} - tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }} -enableProfiling: {{ kube_proxy_enable_profiling }} -healthzBindAddress: "{{ kube_proxy_healthz_bind_address }}" -hostnameOverride: "{{ kube_override_hostname }}" -iptables: - masqueradeAll: {{ kube_proxy_masquerade_all }} - masqueradeBit: {{ kube_proxy_masquerade_bit }} - minSyncPeriod: {{ kube_proxy_min_sync_period }} - syncPeriod: {{ kube_proxy_sync_period }} -ipvs: - excludeCIDRs: {{ kube_proxy_exclude_cidrs }} - minSyncPeriod: {{ kube_proxy_min_sync_period }} - scheduler: {{ kube_proxy_scheduler }} - syncPeriod: {{ kube_proxy_sync_period }} - strictARP: {{ kube_proxy_strict_arp }} - tcpTimeout: {{ kube_proxy_tcp_timeout }} - tcpFinTimeout: {{ kube_proxy_tcp_fin_timeout }} - udpTimeout: {{ kube_proxy_udp_timeout }} -metricsBindAddress: "{{ kube_proxy_metrics_bind_address }}" -mode: {{ kube_proxy_mode }} -nodePortAddresses: {{ kube_proxy_nodeport_addresses }} -oomScoreAdj: {{ kube_proxy_oom_score_adj }} -portRange: {{ kube_proxy_port_range }} -{% if kube_proxy_feature_gates or kube_feature_gates %} -{% set feature_gates = ( kube_proxy_feature_gates | default(kube_feature_gates, true) ) %} -featureGates: -{% for feature in feature_gates %} - {{ feature | replace("=", ": ") }} -{% endfor %} -{% endif %} -{# DNS settings for kubelet #} -{% if enable_nodelocaldns %} -{% set kubelet_cluster_dns = [nodelocaldns_ip] %} -{% elif dns_mode in ['coredns'] %} -{% set kubelet_cluster_dns = [skydns_server] %} -{% elif dns_mode == 'coredns_dual' %} -{% set kubelet_cluster_dns = [skydns_server,skydns_server_secondary] %} -{% elif dns_mode == 'manual' %} -{% set kubelet_cluster_dns = [manual_dns_server] %} -{% else %} -{% set kubelet_cluster_dns = [] %} -{% endif %} ---- -apiVersion: kubelet.config.k8s.io/v1beta1 -kind: KubeletConfiguration -{% if kube_version is version('1.35.0', '>=') %} -failCgroupV1: {{ kubelet_fail_cgroup_v1 }} -{% endif %} -clusterDNS: -{% for dns_address in kubelet_cluster_dns %} -- {{ dns_address }} -{% endfor %} -{% if kubelet_feature_gates or kube_feature_gates %} -{% set feature_gates = ( kubelet_feature_gates | default(kube_feature_gates, true) ) %} -featureGates: -{% for feature in feature_gates %} - {{ feature | replace("=", ": ") }} -{% endfor %} -{% endif %} diff --git a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.yaml.j2 index a8e7d3204..6ce1654bc 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-controlplane.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-controlplane.yaml.j2 @@ -1,4 +1,4 @@ -apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }} +apiVersion: kubeadm.k8s.io/v1beta4 kind: JoinConfiguration discovery: {% if kubeadm_use_file_discovery %} @@ -15,13 +15,8 @@ discovery: unsafeSkipCAVerification: true {% endif %} tlsBootstrapToken: {{ kubeadm_token }} -{# TODO: drop the if when we drop support for k8s<1.31 #} -{% if kubeadm_config_api_version == 'v1beta3' %} - timeout: {{ discovery_timeout }} -{% else %} timeouts: discovery: {{ discovery_timeout }} -{% endif %} controlPlane: localAPIEndpoint: advertiseAddress: "{{ kube_apiserver_address }}" diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.j2 index e2e450b38..96157460e 100644 --- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.j2 +++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.j2 @@ -1,5 +1,5 @@ --- -apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }} +apiVersion: kubeadm.k8s.io/v1beta4 kind: JoinConfiguration discovery: {% if kubeadm_use_file_discovery %} @@ -21,13 +21,8 @@ discovery: {% endif %} {% endif %} tlsBootstrapToken: {{ kubeadm_token }} -{# TODO: drop the if when we drop support for k8s<1.31 #} -{% if kubeadm_config_api_version == 'v1beta3' %} - timeout: {{ discovery_timeout }} -{% else %} timeouts: discovery: {{ discovery_timeout }} -{% endif %} caCertPath: {{ kube_cert_dir }}/ca.crt {% if kubeadm_cert_controlplane is defined and kubeadm_cert_controlplane %} controlPlane: diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml index 79afdc57c..042c6ed4a 100644 --- a/roles/kubespray_defaults/defaults/main/main.yml +++ b/roles/kubespray_defaults/defaults/main/main.yml @@ -33,10 +33,6 @@ kube_version_min_required: "{{ (kubelet_checksums['amd64'] | dict2items)[-1].key ## Kube Proxy mode One of ['ipvs', 'iptables', 'nftables'] kube_proxy_mode: ipvs -# Kubeadm config api version -# If kube_version is v1.31 or higher, it will be v1beta4, otherwise it will be v1beta3. -kubeadm_config_api_version: "{{ 'v1beta4' if kube_version is version('1.31.0', '>=') else 'v1beta3' }}" - # Debugging option for the kubeadm config validate command # Set to false only for development and testing scenarios where validation is expected to fail (pre-release Kubernetes versions, etc.) kubeadm_config_validate_enabled: true