Remove non-kubeadm deployment (#3811)

* Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
2026-03-17 08:57:36 -02:30 · 2018-12-06 11:33:38 +01:00
parent 0d1be39a97
commit ddffdb63bf
65 changed files with 111 additions and 2042 deletions
--- a/roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml
@@ -1,7 +1,7 @@
 ---
 - name: kubeadm | Retrieve files to purge
  find:
-    paths: "{{kube_cert_dir }}"
+    paths: "{{ kube_cert_dir }}"
    patterns: '*.pem'
  register: files_to_purge_for_kubeadm

--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -26,19 +26,22 @@
  file:
    path: "{{ kube_config_dir }}/admin.conf"
    state: absent
-  when: not kubeadm_already_run.stat.exists
+  when:
+    - not kubeadm_already_run.stat.exists

 - name: kubeadm | Delete old static pods
  file:
    path: "{{ kube_config_dir }}/manifests/{{item}}.manifest"
    state: absent
  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
-  when: old_apiserver_cert.stat.exists
+  when:
+    - old_apiserver_cert.stat.exists

 - name: kubeadm | Forcefully delete old static pods
  shell: "docker ps -f name=k8s_{{item}} -q | xargs --no-run-if-empty docker rm -f"
  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
-  when: old_apiserver_cert.stat.exists
+  when:
+    - old_apiserver_cert.stat.exists

 - name: kubeadm | aggregate all SANs
  set_fact:
@@ -220,7 +223,8 @@

 - name: kubeadm | cleanup old certs if necessary
  import_tasks: kubeadm-cleanup-old-certs.yml
-  when: old_apiserver_cert.stat.exists
+  when:
+    - old_apiserver_cert.stat.exists

 - name: kubeadm | Remove taint for master with node role
  command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -4,12 +4,14 @@
    - k8s-pre-upgrade

 - import_tasks: users-file.yml
-  when: kube_basic_auth|default(true)
+  when:
+    - kube_basic_auth|default(true)

 - import_tasks: encrypt-at-rest.yml
-  when: kube_encrypt_secret_data
+  when:
+    - kube_encrypt_secret_data

- name: install | Copy kubectl binary from download dir
+- name: Install | Copy kubectl binary from download dir
  synchronize:
    src: "{{ local_release_dir }}/hyperkube"
    dest: "{{ bin_dir }}/kubectl"
@@ -57,10 +59,5 @@
    kube_apiserver_enable_admission_plugins: "{{ kube_apiserver_enable_admission_plugins | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"
  when: podsecuritypolicy_enabled

- name: Include kubeadm setup if enabled
+- name: Include kubeadm setup
  import_tasks: kubeadm-setup.yml
-  when: kubeadm_enabled|bool|default(false)
-
- name: Include static pod setup if not using kubeadm
-  import_tasks: static-pod-setup.yml
-  when: not kubeadm_enabled|bool|default(false)
--- a/roles/kubernetes/master/tasks/static-pod-setup.yml
+++ b/roles/kubernetes/master/tasks/static-pod-setup.yml
@@ -1,59 +0,0 @@
---
- name: Create audit-policy directory
-  file:
-    path: "{{ audit_policy_file | dirname }}"
-    state: directory
-  tags:
-    - kube-apiserver
-  when: kubernetes_audit|default(false)
-
- name: Write api audit policy yaml
-  template:
-    src: apiserver-audit-policy.yaml.j2
-    dest: "{{ audit_policy_file }}"
-  notify: Master | Restart apiserver
-  tags:
-    - kube-apiserver
-  when: kubernetes_audit|default(false)
-
- name: Write kube-apiserver manifest
-  template:
-    src: manifests/kube-apiserver.manifest.j2
-    dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
-  notify: Master | Restart apiserver
-  tags:
-    - kube-apiserver
-
- meta: flush_handlers
-
- name: Write kube-scheduler kubeconfig
-  template:
-    src: kube-scheduler-kubeconfig.yaml.j2
-    dest: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
-  tags:
-    - kube-scheduler
-
- name: Write kube-scheduler manifest
-  template:
-    src: manifests/kube-scheduler.manifest.j2
-    dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
-  notify: Master | Restart kube-scheduler
-  tags:
-    - kube-scheduler
-
- name: Write kube-controller-manager kubeconfig
-  template:
-    src: kube-controller-manager-kubeconfig.yaml.j2
-    dest: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
-  tags:
-    - kube-controller-manager
-
- name: Write kube-controller-manager manifest
-  template:
-    src: manifests/kube-controller-manager.manifest.j2
-    dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
-  notify: Master | Restart kube-controller-manager
-  tags:
-    - kube-controller-manager
-
- meta: flush_handlers
--- a/roles/kubernetes/master/tasks/users-file.yml
+++ b/roles/kubernetes/master/tasks/users-file.yml
@@ -12,4 +12,3 @@
    dest: "{{ kube_users_dir }}/known_users.csv"
    mode: 0640
    backup: yes
-  notify: Master | set secret_changed