Merge pull request #11700 from VannTen/feat/kubectl_stdin

Convert kubernetes-apps to use kubectl directly

roles/kubernetes-apps/ansible/tasks/coredns.yml

@@ -1,50 +0,0 @@
----
-- name: Kubernetes Apps | Lay Down CoreDNS templates
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  loop:
-    - { name: coredns, file: coredns-clusterrole.yml, type: clusterrole }
-    - { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding }
-    - { name: coredns, file: coredns-config.yml, type: configmap }
-    - { name: coredns, file: coredns-deployment.yml, type: deployment }
-    - { name: coredns, file: coredns-sa.yml, type: sa }
-    - { name: coredns, file: coredns-svc.yml, type: svc }
-    - { name: dns-autoscaler, file: dns-autoscaler.yml, type: deployment }
-    - { name: dns-autoscaler, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
-    - { name: dns-autoscaler, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
-    - { name: coredns, file: coredns-poddisruptionbudget.yml, type: poddisruptionbudget, condition: coredns_pod_disruption_budget }
-    - { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }
-  register: coredns_manifests
-  vars:
-    clusterIP: "{{ skydns_server }}"
-  when:
-    - dns_mode in ['coredns', 'coredns_dual']
-    - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dns_autoscaler or item.name != 'dns-autoscaler'
-    - item.condition | default(True)
-  tags:
-    - coredns
-
-- name: Kubernetes Apps | Lay Down Secondary CoreDNS Template
-  template:
-    src: "{{ item.src }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items:
-    - { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
-    - { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
-    - { name: dns-autoscaler, src: dns-autoscaler.yml, file: coredns-autoscaler-secondary.yml, type: deployment }
-    - { name: coredns, src: coredns-poddisruptionbudget.yml, file: coredns-poddisruptionbudget-secondary.yml, type: poddisruptionbudget, condition: coredns_pod_disruption_budget }
-  register: coredns_secondary_manifests
-  vars:
-    clusterIP: "{{ skydns_server_secondary }}"
-    coredns_ordinal_suffix: "-secondary"
-  when:
-    - dns_mode == 'coredns_dual'
-    - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dns_autoscaler or item.name != 'dns-autoscaler'
-    - item.condition | default(True)
-  tags:
-    - coredns

roles/kubernetes-apps/ansible/tasks/dashboard.yml

@@ -1,21 +0,0 @@
----
-- name: Kubernetes Apps | Lay down dashboard template
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items:
-    - { file: dashboard.yml, type: deploy, name: kubernetes-dashboard }
-  register: manifests
-  when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Apps | Start dashboard
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "{{ dashboard_namespace }}"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items: "{{ manifests.results }}"
-  when: inventory_hostname == groups['kube_control_plane'][0]

roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml

@@ -1,22 +0,0 @@
----
-- name: Kubernetes Apps | Lay down etcd_metrics templates
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items:
-    - { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics }
-    - { file: etcd_metrics-service.yml, type: service, name: etcd-metrics }
-  register: manifests
-  when: inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Apps | Start etcd_metrics
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: kube-system
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items: "{{ manifests.results }}"
-  when: inventory_hostname == groups['kube_control_plane'][0]

roles/kubernetes-apps/ansible/tasks/main.yml

@@ -12,62 +12,109 @@
   when: inventory_hostname == groups['kube_control_plane'][0]
 
 - name: Kubernetes Apps | CoreDNS
-  import_tasks: "coredns.yml"
+  command:
-  when:
+    cmd: "{{ kubectl_apply_stdin }}"
-    - dns_mode in ['coredns', 'coredns_dual']
+    stdin: "{{ lookup('template', item) }}"
-    - inventory_hostname == groups['kube_control_plane'][0]
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  loop: "{{ coredns_manifests | flatten }}"
   tags:
     - coredns
+  vars:
+    clusterIP: "{{ skydns_server }}"
+  when: dns_mode in ['coredns', 'coredns_dual']
+
+- name: Kubernetes Apps | CoreDNS Secondary
+  command:
+    cmd: "{{ kubectl_apply_stdin }}"
+    stdin: "{{ lookup('template', item) }}"
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  loop: "{{ coredns_manifests | flatten }}"
+  tags:
+    - coredns
+  vars:
+    clusterIP: "{{ skydns_server_secondary }}"
+    coredns_ordinal_suffix: "-secondary"
+  when:
+    - dns_mode == 'coredns_dual'
 
 - name: Kubernetes Apps | nodelocalDNS
-  import_tasks: "nodelocaldns.yml"
+  command:
+    cmd: "{{ kubectl_apply_stdin }}"
+    stdin: "{{ lookup('template', item) }}"
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  loop: "{{ nodelocaldns_manifests | flatten }}"
   when:
     - enable_nodelocaldns
-    - inventory_hostname == groups['kube_control_plane'] | first
   tags:
     - nodelocaldns
-
-- name: Kubernetes Apps | Start Resources
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "kube-system"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items:
-    - "{{ coredns_manifests.results | default({}) }}"
-    - "{{ coredns_secondary_manifests.results | default({}) }}"
-    - "{{ nodelocaldns_manifests.results | default({}) }}"
-    - "{{ nodelocaldns_second_manifests.results | default({}) }}"
-  when:
-    - dns_mode != 'none'
-    - inventory_hostname == groups['kube_control_plane'][0]
-    - not item is skipped
-  register: resource_result
-  until: resource_result is succeeded
-  retries: 4
-  delay: 5
-  tags:
     - coredns
-    - nodelocaldns
+  vars:
-  loop_control:
+    primaryClusterIP: >-
-    label: "{{ item.item.file }}"
+      {%- if dns_mode in ['coredns', 'coredns_dual'] -%}
+      {{ skydns_server }}
+      {%- elif dns_mode == 'manual' -%}
+      {{ manual_dns_server }}
+      {%- endif -%}
+    secondaryclusterIP: "{{ skydns_server_secondary }}"
+    forwardTarget: >-
+      {%- if secondaryclusterIP is defined and dns_mode == 'coredns_dual' -%}
+      {{ primaryClusterIP }} {{ secondaryclusterIP }}
+      {%- else -%}
+      {{ primaryClusterIP }}
+      {%- endif -%}
+    upstreamForwardTarget: >-
+      {%- if upstream_dns_servers is defined and upstream_dns_servers | length > 0 -%}
+      {{ upstream_dns_servers | join(' ') }}
+      {%- else -%}
+      /etc/resolv.conf
+      {%- endif -%}
 
 - name: Kubernetes Apps | Etcd metrics endpoints
-  import_tasks: etcd_metrics.yml
+  command:
+    cmd: "{{ kubectl_apply_stdin }}"
+    stdin: "{{ lookup('template', item) }}"
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  loop:
+    - etcd_metrics-endpoints.yml.j2
+    - etcd_metrics-service.yml.j2
   when: etcd_metrics_port is defined and etcd_metrics_service_labels is defined
   tags:
     - etcd_metrics
 
 - name: Kubernetes Apps | Netchecker
-  import_tasks: netchecker.yml
+  command:
+    cmd: "{{ kubectl_apply_stdin }}"
+    stdin: "{{ lookup('template', item) }}"
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  vars:
+    namespace: "{{ netcheck_namespace }}"
   when: deploy_netchecker
   tags:
     - netchecker
+  loop:
+    - netchecker-ns.yml.j2
+    - netchecker-agent-sa.yml.j2
+    - netchecker-agent-ds.yml.j2
+    - netchecker-agent-hostnet-ds.yml.j2
+    - netchecker-server-sa.yml.j2
+    - netchecker-server-clusterrole.yml.j2
+    - netchecker-server-clusterrolebinding.yml.j2
+    - netchecker-server-deployment.yml.j2
+    - netchecker-server-svc.yml.j2
 
 - name: Kubernetes Apps | Dashboard
-  import_tasks: dashboard.yml
+  command:
+    cmd: "{{ kubectl_apply_stdin }}"
+    stdin: "{{ lookup('template', 'dashboard.yml.j2') }}"
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+  run_once: true
+  vars:
+    namespace: "{{ dashboard_namespace }}"
   when: dashboard_enabled
   tags:
     - dashboard

roles/kubernetes-apps/ansible/tasks/netchecker.yml

@@ -1,47 +0,0 @@
----
-- name: Kubernetes Apps | Check AppArmor status
-  command: which apparmor_parser
-  register: apparmor_status
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-  failed_when: false
-
-- name: Kubernetes Apps | Set apparmor_enabled
-  set_fact:
-    apparmor_enabled: "{{ apparmor_status.rc == 0 }}"
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Apps | Netchecker Templates list
-  set_fact:
-    netchecker_templates:
-      - {file: netchecker-ns.yml, type: ns, name: netchecker-namespace}
-      - {file: netchecker-agent-sa.yml, type: sa, name: netchecker-agent}
-      - {file: netchecker-agent-ds.yml, type: ds, name: netchecker-agent}
-      - {file: netchecker-agent-hostnet-ds.yml, type: ds, name: netchecker-agent-hostnet}
-      - {file: netchecker-server-sa.yml, type: sa, name: netchecker-server}
-      - {file: netchecker-server-clusterrole.yml, type: clusterrole, name: netchecker-server}
-      - {file: netchecker-server-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-server}
-      - {file: netchecker-server-deployment.yml, type: deployment, name: netchecker-server}
-      - {file: netchecker-server-svc.yml, type: svc, name: netchecker-service}
-
-- name: Kubernetes Apps | Lay Down Netchecker Template
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items: "{{ netchecker_templates }}"
-  register: manifests
-  when:
-    - inventory_hostname == groups['kube_control_plane'][0]
-
-- name: Kubernetes Apps | Start Netchecker Resources
-  kube:
-    name: "{{ item.item.name }}"
-    namespace: "{{ netcheck_namespace }}"
-    kubectl: "{{ bin_dir }}/kubectl"
-    resource: "{{ item.item.type }}"
-    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
-    state: "latest"
-  with_items: "{{ manifests.results }}"
-  when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped

roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml

@@ -1,79 +0,0 @@
----
-- name: Kubernetes Apps | set up necessary nodelocaldns parameters
-  set_fact:
-    # noqa: jinja[spacing]
-    primaryClusterIP: >-
-      {%- if dns_mode in ['coredns', 'coredns_dual'] -%}
-      {{ skydns_server }}
-      {%- elif dns_mode == 'manual' -%}
-      {{ manual_dns_server }}
-      {%- endif -%}
-    secondaryclusterIP: "{{ skydns_server_secondary }}"
-  when:
-    - enable_nodelocaldns
-    - inventory_hostname == groups['kube_control_plane'] | first
-  tags:
-    - nodelocaldns
-    - coredns
-
-- name: Kubernetes Apps | Lay Down nodelocaldns Template
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items:
-    - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
-    - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
-    - { name: nodelocaldns, file: nodelocaldns-daemonset.yml, type: daemonset }
-  register: nodelocaldns_manifests
-  vars:
-    # noqa: jinja[spacing]
-    forwardTarget: >-
-      {%- if secondaryclusterIP is defined and dns_mode == 'coredns_dual' -%}
-      {{ primaryClusterIP }} {{ secondaryclusterIP }}
-      {%- else -%}
-      {{ primaryClusterIP }}
-      {%- endif -%}
-    upstreamForwardTarget: >-
-      {%- if upstream_dns_servers is defined and upstream_dns_servers | length > 0 -%}
-      {{ upstream_dns_servers | join(' ') }}
-      {%- else -%}
-      /etc/resolv.conf
-      {%- endif -%}
-  when:
-    - enable_nodelocaldns
-    - inventory_hostname == groups['kube_control_plane'] | first
-  tags:
-    - nodelocaldns
-    - coredns
-
-- name: Kubernetes Apps | Lay Down nodelocaldns-secondary Template
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-    mode: "0644"
-  with_items:
-    - { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
-  register: nodelocaldns_second_manifests
-  vars:
-    # noqa: jinja[spacing]
-    forwardTarget: >-
-      {%- if secondaryclusterIP is defined and dns_mode == 'coredns_dual' -%}
-      {{ primaryClusterIP }} {{ secondaryclusterIP }}
-      {%- else -%}
-      {{ primaryClusterIP }}
-      {%- endif -%}
-    # noqa: jinja[spacing]
-    upstreamForwardTarget: >-
-      {%- if upstream_dns_servers is defined and upstream_dns_servers | length > 0 -%}
-      {{ upstream_dns_servers | join(' ') }}
-      {%- else -%}
-      /etc/resolv.conf
-      {%- endif -%}
-  when:
-    - enable_nodelocaldns
-    - enable_nodelocaldns_secondary
-    - inventory_hostname == groups['kube_control_plane'] | first
-  tags:
-    - nodelocaldns
-    - coredns

roles/kubernetes-apps/ansible/templates/dashboard.yml.j2

@@ -17,16 +17,15 @@
 #
 # Example usage: kubectl create -f <this_file>
 
-{% if dashboard_namespace != "kube-system" %}
+{% if namespace != 'kube-system' %}
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: {{ dashboard_namespace }}
+  name: {{ namespace }}
   labels:
-    name: {{ dashboard_namespace }}
+    name: {{ namespace }}
 {% endif %}
-
 ---
 # ------------------- Dashboard Secrets ------------------- #
 apiVersion: v1
@@ -35,7 +34,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard-certs
-  namespace: {{ dashboard_namespace }}
 type: Opaque
 
 ---
@@ -45,7 +43,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard-csrf
-  namespace: {{ dashboard_namespace }}
 type: Opaque
 data:
   csrf: ""
@@ -57,7 +54,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard-key-holder
-  namespace: {{ dashboard_namespace }}
 type: Opaque
 
 ---
@@ -68,7 +64,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard-settings
-  namespace: {{ dashboard_namespace }}
 
 ---
 # ------------------- Dashboard Service Account ------------------- #
@@ -79,7 +74,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ dashboard_namespace }}
 
 ---
 # ------------------- Dashboard Role & Role Binding ------------------- #
@@ -89,7 +83,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ dashboard_namespace }}
 rules:
   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
   - apiGroups: [""]
@@ -118,7 +111,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ dashboard_namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -126,7 +118,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kubernetes-dashboard
-    namespace: {{ dashboard_namespace }}
+    namespace: {{ namespace }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -140,7 +132,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kubernetes-dashboard
-    namespace: {{ dashboard_namespace }}
+    namespace: {{ namespace }}
 
 ---
 # ------------------- Dashboard Deployment ------------------- #
@@ -151,7 +143,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ dashboard_namespace }}
 spec:
   replicas: {{ dashboard_replicas }}
   revisionHistoryLimit: 10
@@ -182,7 +173,7 @@ spec:
             - containerPort: 8443
               protocol: TCP
           args:
-            - --namespace={{ dashboard_namespace }}
+            - --namespace={{ namespace }}
 {% if dashboard_use_custom_certs %}
             - --tls-key-file={{ dashboard_tls_key_file }}
             - --tls-cert-file={{ dashboard_tls_cert_file }}
@@ -238,7 +229,6 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ dashboard_namespace }}
 spec:
   ports:
     - port: 443
@@ -270,7 +260,6 @@ metadata:
   labels:
     k8s-app: kubernetes-metrics-scraper
   name: dashboard-metrics-scraper
-  namespace: {{ dashboard_namespace }}
 spec:
   ports:
     - port: 8000
@@ -287,7 +276,6 @@ metadata:
   labels:
     k8s-app: kubernetes-metrics-scraper
   name: kubernetes-metrics-scraper
-  namespace: {{ dashboard_namespace }}
 spec:
   replicas: 1
   revisionHistoryLimit: 10

roles/kubernetes-apps/ansible/vars/main.yml

@@ -0,0 +1,22 @@
+---
+dns_autoscaler_manifests:
+- dns-autoscaler-sa.yml.j2
+- dns-autoscaler.yml.j2
+- dns-autoscaler-clusterrole.yml.j2
+- dns-autoscaler-clusterrolebinding.yml.j2
+
+coredns_manifests:
+- coredns-clusterrole.yml.j2
+- coredns-clusterrolebinding.yml.j2
+- coredns-config.yml.j2
+- coredns-deployment.yml.j2
+- coredns-sa.yml.j2
+- coredns-svc.yml.j2
+- "{{ dns_autoscaler_manifests if enable_dns_autoscaler else [] }}"
+- "{{ coredns-poddisruptionbudget.yml.j2 if coredns_pod_disruption_budget else [] }}"
+
+nodelocaldns_manifests:
+- nodelocaldns-config.yml.j2
+- nodelocaldns-daemonset.yml.j2
+- nodelocaldns-sa.yml.j2
+- "{{ nodelocaldns-second-daemonset.yml.j2 if enable_nodelocaldns_secondary else [] }}"

roles/kubernetes-apps/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+namespace: kube-system

roles/kubernetes-apps/vars/main.yml

@@ -0,0 +1,2 @@
+---
+kubectl_apply_stdin: "{{ kubectl }} apply -f - -n {{ namespace }}"