Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable (#8317)

* Add kubeadm option to etcd_deployment_type to replace the etcd_kubeadm_enabled variable Signed-off-by: necatican <necaticanyildirim@gmail.com> * Add etcd kubeadm deployment documentation Signed-off-by: necatican <necaticanyildirim@gmail.com> * Refactor warning for the deprecated 'etcd_kubeadm_enabled' variable Signed-off-by: necatican <necaticanyildirim@gmail.com>
2026-05-13 12:27:39 -02:30 · 2022-02-22 19:53:16 +03:00
parent b9a27c91da
commit e9c8913248
24 changed files with 99 additions and 60 deletions
--- a/roles/download/templates/kubeadm-images.yaml.j2
+++ b/roles/download/templates/kubeadm-images.yaml.j2
@@ -8,7 +8,7 @@ kind: ClusterConfiguration
 imageRepository: {{ kube_image_repo }}
 kubernetesVersion: {{ kube_version }}
 etcd:
-{% if etcd_kubeadm_enabled %}
+{% if etcd_deployment_type == "kubeadm" %}
  local:
    imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
    imageTag: "{{ etcd_image_tag }}"
--- a/roles/etcdctl/tasks/main.yml
+++ b/roles/etcdctl/tasks/main.yml
@@ -4,7 +4,7 @@

 - name: Check unintentional include of this role
  assert:
-    that: etcd_kubeadm_enabled
+    that: etcd_deployment_type == "kubeadm"

 - name: Check if etcdctl exist
  stat:
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -2,9 +2,6 @@
 # disable upgrade cluster
 upgrade_cluster_setup: false

-# Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
-
 # change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
 kube_apiserver_insecure_bind_address: 127.0.0.1

--- a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
@@ -15,4 +15,4 @@
 - name: Ensure etcdctl script is installed
  import_role:
    name: etcdctl
-  when: etcd_kubeadm_enabled
+  when: etcd_deployment_type == "kubeadm"
--- a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
@@ -21,4 +21,4 @@
    dest: "{{ kube_config_dir }}/manifests/kube-apiserver.yaml"
    regexp: '^    - --etcd-servers='
    line: '    - --etcd-servers={{ etcd_access_addresses }}'
-  when: not etcd_kubeadm_enabled | default(false)
+  when: etcd_deployment_type != "kubeadm"
--- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
@@ -18,7 +18,7 @@
    --config={{ kube_config_dir }}/kubeadm-config.yaml
    --ignore-preflight-errors=all
    --allow-experimental-upgrades
-    --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }}
+    --etcd-upgrade={{ etcd_deployment_type == "kubeadm" | bool | lower }}
    --force
  register: kubeadm_upgrade
  # Retry is because upload config sometimes fails
@@ -39,7 +39,7 @@
    --config={{ kube_config_dir }}/kubeadm-config.yaml
    --ignore-preflight-errors=all
    --allow-experimental-upgrades
-    --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }}
+    --etcd-upgrade={{ etcd_deployment_type == "kubeadm" | bool | lower }}
    --force
  register: kubeadm_upgrade
  when: inventory_hostname != first_kube_control_plane
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -69,7 +69,7 @@

 - name: Include kubeadm etcd extra tasks
  include_tasks: kubeadm-etcd.yml
-  when: etcd_kubeadm_enabled
+  when: etcd_deployment_type == "kubeadm"

 - name: Include kubeadm secondary server apiserver fixes
  include_tasks: kubeadm-fix-apiserver.yml
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
@@ -33,7 +33,7 @@ apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 clusterName: {{ cluster_name }}
 etcd:
-{% if not etcd_kubeadm_enabled %}
+{% if etcd_deployment_type != "kubeadm" %}
  external:
      endpoints:
 {% for endpoint in etcd_access_addresses.split(',') %}
@@ -42,7 +42,7 @@ etcd:
      caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
      certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
      keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
-{% elif etcd_kubeadm_enabled %}
+{% elif etcd_deployment_type == "kubeadm" %}
  local:
    imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
    imageTag: "{{ etcd_image_tag }}"
--- a/roles/kubernetes/kubeadm/defaults/main.yml
+++ b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -10,6 +10,3 @@ kube_override_hostname: >-
  {%- else -%}
  {{ inventory_hostname }}
  {%- endif -%}
-
-# Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -153,7 +153,7 @@
 - name: Extract etcd certs from control plane if using etcd kubeadm mode
  include_tasks: kubeadm_etcd_node.yml
  when:
-    - etcd_kubeadm_enabled
+    - etcd_deployment_type == "kubeadm"
    - inventory_hostname not in groups['kube_control_plane']
    - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -15,7 +15,7 @@
  run_once: true
  when:
    - not ignore_assert_errors
-    - not etcd_kubeadm_enabled
+    - etcd_deployment_type != "kubeadm"

 - name: Stop if non systemd OS type
  assert:
@@ -277,23 +277,41 @@
  when: resolvconf_mode is defined
  run_once: true

- name: Stop if etcd deployment type is not host or docker
+- name: Stop if etcd deployment type is not host, docker or kubeadm
  assert:
-    that: etcd_deployment_type in ['host', 'docker']
-    msg: "The etcd deployment type, 'etcd_deployment_type', must be host or docker"
+    that: etcd_deployment_type in ['host', 'docker', 'kubeadm']
+    msg: "The etcd deployment type, 'etcd_deployment_type', must be host, docker or kubeadm"
  when:
    - inventory_hostname in groups.get('etcd',[])
-    - not etcd_kubeadm_enabled

- name: Stop if etcd deployment type is not host when container_manager != docker
+- name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker
  assert:
-    that: etcd_deployment_type == 'host'
-    msg: "The etcd deployment type, 'etcd_deployment_type', must be host when container_manager is not docker"
+    that: etcd_deployment_type in ['host', 'kubeadm']
+    msg: "The etcd deployment type, 'etcd_deployment_type', must be host or kubeadm when container_manager is not docker"
  when:
    - inventory_hostname in groups.get('etcd',[])
-    - not etcd_kubeadm_enabled
    - container_manager != 'docker'

+# TODO: Clean this task up when we drop backward compatibility support for `etcd_kubeadm_enabled`
+- name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker and etcd_kubeadm_enabled is not defined
+  block:
+    - name: Warn the user if they are still using `etcd_kubeadm_enabled`
+      debug:
+        msg: >
+          "WARNING! => `etcd_kubeadm_enabled` is deprecated and will be removed in a future release.
+          You can set `etcd_deployment_type` to `kubeadm` instead of setting `etcd_kubeadm_enabled` to `true`."
+      changed_when: true
+
+    - name: Stop if `etcd_kubeadm_enabled` is defined and `etcd_deployment_type` is not `kubadm` or `host`
+      assert:
+        that: etcd_deployment_type == 'kubeadm'
+        msg: >
+          It is not possible to use `etcd_kubeadm_enabled` when `etcd_deployment_type` is set to {{ etcd_deployment_type }}.
+          Unset the `etcd_kubeadm_enabled` variable and set `etcd_deployment_type` to desired deployment type (`host`, `kubeadm`, `docker`) instead."
+      when: etcd_kubeadm_enabled
+  run_once: yes
+  when: etcd_kubeadm_enabled is defined
+
 - name: Stop if download_localhost is enabled but download_run_once is not
  assert:
    that: download_run_once
--- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
@@ -205,7 +205,7 @@
    kube_etcd_cert_file: "apiserver-etcd-client.crt"
    kube_etcd_key_file: "apiserver-etcd-client.key"
  when:
-    - etcd_kubeadm_enabled
+    - etcd_deployment_type == "kubeadm"

 - name: check /usr readonly
  stat:
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -258,7 +258,7 @@ kubelet_shutdown_grace_period: 60s
 kubelet_shutdown_grace_period_critical_pods: 20s

 # Whether to deploy the container engine
-deploy_container_engine: "{{ inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type != 'host' }}"
+deploy_container_engine: "{{ inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type == 'docker' }}"

 # Container for runtime
 container_manager: containerd
@@ -344,9 +344,6 @@ docker_registry_mirrors: []
 ## Empty by default so no plugins will be installed.
 docker_plugins: []

-# Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
-
 # Containerd options - thse are relevant when container_manager == 'containerd'
 containerd_use_systemd_cgroup: true

--- a/roles/kubespray-defaults/tasks/main.yaml
+++ b/roles/kubespray-defaults/tasks/main.yaml
@@ -22,3 +22,12 @@
    - no_proxy is not defined
  tags:
    - always
+
+# TODO: Clean this task up when we drop backward compatibility support for `etcd_kubeadm_enabled`
+- name: Set `etcd_deployment_type` to "kubeadm" if `etcd_kubeadm_enabled` is true
+  set_fact:
+    etcd_deployment_type: kubeadm
+  when:
+    - etcd_kubeadm_enabled is defined and etcd_kubeadm_enabled
+  tags:
+    - always