Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove workaround with kube_proxy_remove #6512

Merged
merged 1 commit into from
Sep 17, 2020
Merged

Remove workaround with kube_proxy_remove #6512

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 2 additions & 15 deletions roles/kubernetes/kubeadm/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@
- inventory_hostname in groups['kube-master']
- kubeadm_config_api_fqdn is not defined
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
- not kube_proxy_remove
- kube_proxy_deployed
- loadbalancer_apiserver_localhost
tags:
- kube-proxy
Expand All @@ -144,7 +144,7 @@
- inventory_hostname in groups['kube-master']
- kubeadm_config_api_fqdn is not defined
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
- not kube_proxy_remove
- kube_proxy_deployed
tags:
- kube-proxy

Expand All @@ -159,19 +159,6 @@
- kube_network_plugin in ['calico','canal']
- calico_version is version('v3.3.0', '<')

# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
# is fixed
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
run_once: true
delegate_to: "{{ groups['kube-master']|first }}"
when:
- kube_proxy_remove
# When scaling/adding nodes in the existing k8s cluster, kube-proxy wouldn't be created, as `kubeadm init` wouldn't run.
ignore_errors: true
tags:
- kube-proxy

- name: Extract etcd certs from control plane if using etcd kubeadm mode
include_tasks: kubeadm_etcd_node.yml
when:
Expand Down
2 changes: 1 addition & 1 deletion roles/kubernetes/master/tasks/kubeadm-setup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@
{{ bin_dir }}/kubeadm init
--config={{ kube_config_dir }}/kubeadm-config.yaml
--ignore-preflight-errors=all
--skip-phases=addon/coredns
--skip-phases={{ kubeadm_init_phases_skip | join(',') }}
--upload-certs
register: kubeadm_init
# Retry is because upload config sometimes fails
Expand Down
39 changes: 0 additions & 39 deletions roles/kubernetes/node/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,45 +141,6 @@
tags:
- kube-proxy

- name: Purge proxy manifest for kubeadm or if proxy services being provided by other means, e.g. network_plugin
file:
path: "{{ kube_manifest_dir }}/kube-proxy.manifest"
state: absent
when:
- kube_proxy_remove
tags:
- kube-proxy

- name: Set command for kube-proxy cleanup
set_fact:
kube_proxy_cleanup_command: >-
{%- if container_manager in ['docker', 'crio'] %}
{{ docker_bin_dir }}/docker run --rm --privileged -v /lib/modules:/lib/modules {{ kube_proxy_image_repo }}:{{ kube_version }} kube-proxy --cleanup
{%- elif container_manager == "containerd" %}
ctr run --rm --mount type=bind,src=/lib/modules,dst=/lib/modules,options=rbind:rw {{ kube_proxy_image_repo }}:{{ kube_version }} kube-proxy --cleanup
{%- endif %}
when:
- kube_proxy_remove
tags:
- kube-proxy

- name: Ensure kube-proxy container is pulled for containerd
command: "{{ bin_dir }}/crictl pull {{ kube_proxy_image_repo }}:{{ kube_version }}"
when:
- kube_proxy_remove
- container_manager == "containerd"
tags:
- kube-proxy

- name: Cleanup kube-proxy leftovers from node
command: "{{ kube_proxy_cleanup_command }}"
# `kube-proxy --cleanup`, being Ok as per shown WARNING, still returns 255 from above run (?)
ignore_errors: true
when:
- kube_proxy_remove
tags:
- kube-proxy

- include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
when:
- cloud_provider is defined
Expand Down
9 changes: 0 additions & 9 deletions roles/kubernetes/preinstall/tasks/0040-set_facts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,15 +155,6 @@
- ../vars
skip: true

- name: override kube_proxy_mode to ipvs if kube_proxy_remove is set, as ipvs won't require kube-proxy cleanup when kube-proxy daemonset gets deleted
set_fact:
kube_proxy_mode: 'ipvs'
when:
- kube_proxy_remove
tags:
- facts
- kube-proxy

- name: set etcd vars if using kubeadm mode
set_fact:
etcd_cert_dir: "{{ kube_cert_dir }}"
Expand Down
19 changes: 12 additions & 7 deletions roles/kubespray-defaults/defaults/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,19 @@ kubeadm_use_hyperkube_image: False
## Kube Proxy mode One of ['iptables','ipvs']
kube_proxy_mode: ipvs

## Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
kube_proxy_remove: >-
{%- if kube_network_plugin == 'kube-router' -%}
{{ (kube_router_run_service_proxy is defined and kube_router_run_service_proxy)| bool }}
{%- elif kube_network_plugin == 'cilium' -%}
{{ (cilium_kube_proxy_replacement is defined and cilium_kube_proxy_replacement == 'strict')| bool }}
## List of kubeadm init phases that should be skipped during control plane setup
## By default 'addon/coredns' is skipped
## 'addon/kube-proxy' gets skipped for some network plugins
kubeadm_init_phases_skip_default: [ "addon/coredns" ]
kubeadm_init_phases_skip: >-
{%- if kube_network_plugin == 'kube-router' and (kube_router_run_service_proxy is defined and kube_router_run_service_proxy) -%}
{{ kubeadm_init_phases_skip_default }} + [ "addon/kube-proxy" ]
{%- elif kube_network_plugin == 'cilium' and (cilium_kube_proxy_replacement is defined and cilium_kube_proxy_replacement == 'strict') -%}
{{ kubeadm_init_phases_skip_default }} + [ "addon/kube-proxy" ]
{%- elif kube_proxy_remove is defined and kube_proxy_remove -%}
{{ kubeadm_init_phases_skip_default }} + [ "addon/kube-proxy" ]
{%- else -%}
false
{{ kubeadm_init_phases_skip_default }}
{%- endif -%}

# A string slice of values which specify the addresses to use for NodePorts.
Expand Down
2 changes: 2 additions & 0 deletions roles/kubespray-defaults/vars/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
---
kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}"
2 changes: 1 addition & 1 deletion roles/win_nodes/kubernetes_patch/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,4 @@
when: patch_kube_proxy_state is not skipped
tags: init
when:
- not kube_proxy_remove
- kube_proxy_deployed