diff --git a/README.md b/README.md
index 7f00482..ce3191a 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ idempotent implementation of several components.
This role can be configured to enable all of these features:
-- **Single or multi master cluster implementation** with HAProxy and Keepalived
+- **Single or multi control plane cluster implementation** with HAProxy and Keepalived
for High Availability.
- **Multi network add-ons** Flannel and Calico.
@@ -137,14 +137,14 @@ all the nodes:
```ini
# Kubernetes hosts
[kubelab]
-kubernetes-1 k8s_role=master run_non_infra_pods=true
-kubernetes-2 k8s_role=master run_non_infra_pods=true
-kubernetes-3 k8s_role=master run_non_infra_pods=true
+kubernetes-1 k8s_role=control-plane run_non_infra_pods=true
+kubernetes-2 k8s_role=control-plane run_non_infra_pods=true
+kubernetes-3 k8s_role=control-plane run_non_infra_pods=true
kubernetes-4 k8s_role=worker
```
-You'll set which nodes will act as master and also whether or not those will run
-non infrastructure pods (so to make the master also a worker).
+You'll set which nodes will act as control plane and also whether or not those
+will run non infrastructure pods (so to make the control plane also a worker).
Then you can define, inside group file (i.e.
[inventory/kubelab/group_vars/kubelab.yml](https://github.com/mmul-it/kubelab/blob/master/inventory/kubelab/group_vars/kubelab.yml)),
@@ -155,17 +155,17 @@ can be overridden by declaring the `k8s_host_group` variable.
### Kubernetes cluster
-If you want to implement a multi-master, high availability cluster you'll need
-to specify these variables:
+If you want to implement a multi-control-plane, high availability cluster
+you'll need to specify these variables:
```yaml
k8s_cluster_name: kubelab
-k8s_master_node: kubernetes-1
-k8s_master_port: 6443
-k8s_master_cert_key: "91bded725a628a081d74888df8745172ed842fe30c7a3898b3c63ca98c7226fd"
+k8s_control_plane_node: kubernetes-1
+k8s_control_plane_port: 6443
+k8s_control_plane_cert_key: "91bded725a628a081d74888df8745172ed842fe30c7a3898b3c63ca98c7226fd"
-k8s_multi_master: true
+k8s_multi_control_plane: true
k8s_balancer_VIP: 192.168.122.199
k8s_balancer_interface: eth0
k8s_balancer_port: 8443
@@ -173,7 +173,7 @@ k8s_balancer_password: "d6e284576158b1"
k8s_wait_timeout: 1200
-k8s_master_ports:
+k8s_control_plane_ports:
- 2379-2380/tcp
- 6443/tcp
- 8443/tcp
@@ -183,9 +183,10 @@ k8s_master_ports:
```
This will bring up a cluster starting from node `kubernetes-1` enabling multi
-master via `k8s_multi_master` and setting the VIP address and the interface.
+control plane via `k8s_multi_control_plane` and setting the VIP address and the
+interface.
-**Note**: you'll want to change both `k8s_master_cert_key` and
+**Note**: you'll want to change both `k8s_control_plane_cert_key` and
`k8s_balancer_password` for better security.
**Note**: it is possible to have a more atomic way to configure pods
diff --git a/defaults/main.yml b/defaults/main.yml
index 8905598..cb4e3a3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -36,39 +36,39 @@ k8s_services:
- kubelet
- "{{ k8s_container_service }}"
-# The main master node from which all will be driven
-k8s_master_node: kubernetes-1
+# The main control plane node from which all will be driven
+k8s_control_plane_node: kubernetes-1
-# The master port on which Kubernetes will serve
-k8s_master_port: 6443
+# The control plane port on which Kubernetes will serve
+k8s_control_plane_port: 6443
# Define the certificate key for k8s encryption
# If you need to generate random key for k8s certificate encryption use:
# openssl rand -hex 32
-k8s_master_cert_key: "91bded725a628a081d74888df8745172ed842fe30c7a3898b3c63ca98c7226fd"
+k8s_control_plane_cert_key: "91bded725a628a081d74888df8745172ed842fe30c7a3898b3c63ca98c7226fd"
-# Multi master
-# Set to true if you want a multi master setup:
-k8s_multi_master: false
+# Multi control plane
+# Set to true if you want a multi control plane setup:
+k8s_multi_control_plane: false
-# Multi master - Define balancer VIP:
+# Multi control plane - Define balancer VIP:
# k8s_balancer_VIP: 192.168.122.199
#
-# Multi master - Define balancer port
+# Multi control plane - Define balancer port
# k8s_balancer_port: 8443
#
-# Multi master - Define balancer password
+# Multi control plane - Define balancer password
# If you need to generate password just use:
# openssl rand -hex 7
# k8s_balancer_password: "d6e284576158b1"
-k8s_master_ports:
+k8s_control_plane_ports:
- 2379-2380/tcp
- 6443/tcp
- 10250/tcp
- 10257/tcp
- 10259/tcp
- # Multi master - Remember to enable the load balancer port
+ # Multi control plane - Remember to enable the load balancer port
# - 8443/tcp
k8s_worker_ports:
diff --git a/tasks/common.yml b/tasks/common.yml
index d87558b..44134a4 100644
--- a/tasks/common.yml
+++ b/tasks/common.yml
@@ -216,7 +216,7 @@
notify:
- Restart firewalld
- - name: Enable VRRP protocol for multi master setup
+ - name: Enable VRRP protocol for multi control plane setup
ansible.posix.firewalld:
rich_rule: rule protocol value="vrrp" accept
state: enabled
@@ -224,22 +224,22 @@
immediate: true
when:
- k8s_role is defined
- - k8s_role == 'master'
- - k8s_multi_master | bool
+ - k8s_role == 'control-plane'
+ - k8s_multi_control_plane | bool
notify:
- Restart firewalld
- - name: Allow master node network ports in Firewalld
+ - name: Allow control plane node network ports in Firewalld
ansible.posix.firewalld:
port: "{{ item }}"
state: enabled
permanent: true
immediate: true
with_items:
- - "{{ k8s_master_ports }}"
+ - "{{ k8s_control_plane_ports }}"
when:
- k8s_role is defined
- - k8s_role == 'master'
+ - k8s_role == 'control-plane'
notify:
- Restart firewalld
diff --git a/tasks/master.yml b/tasks/control-plane.yml
similarity index 77%
rename from tasks/master.yml
rename to tasks/control-plane.yml
index 0802ec7..b473f0c 100644
--- a/tasks/master.yml
+++ b/tasks/control-plane.yml
@@ -1,6 +1,6 @@
---
-- name: Reset Kubernetes master node
+- name: Reset Kubernetes control plane node
ansible.builtin.command: kubeadm reset -f
args:
removes: '/etc/kubernetes/manifests/*'
@@ -13,15 +13,15 @@
- name: Set control plane endpoint for single node
ansible.builtin.set_fact:
- k8s_control_plane_endpoint: "{{ hostvars[k8s_master_node]['ansible_default_ipv4']['address'] }}"
- when: not k8s_multi_master | bool
+ k8s_control_plane_endpoint: "{{ hostvars[k8s_control_plane_node]['ansible_default_ipv4']['address'] }}"
+ when: not k8s_multi_control_plane | bool
-- name: Set control plane endpoint for multi master
+- name: Set control plane endpoint for multi control plane
ansible.builtin.set_fact:
k8s_control_plane_endpoint: "{{ k8s_balancer_VIP }}:{{ k8s_balancer_port }}"
- when: k8s_multi_master | bool
+ when: k8s_multi_control_plane | bool
-- name: Multi master directories and files
+- name: Multi control plane directories and files
block:
- name: Directories
ansible.builtin.file:
@@ -34,7 +34,7 @@
- name: Create haproxy.cfg file
ansible.builtin.template:
- src: multi-master/haproxy.cfg.j2
+ src: multi-control-plane/haproxy.cfg.j2
dest: /usr/local/etc/haproxy/haproxy.cfg
owner: root
group: root
@@ -42,7 +42,7 @@
- name: Create keepalived.conf file
ansible.builtin.template:
- src: multi-master/keepalived.conf.j2
+ src: multi-control-plane/keepalived.conf.j2
dest: /usr/local/etc/keepalived/keepalived.conf
owner: root
group: root
@@ -50,7 +50,7 @@
- name: Create pod configurations"
ansible.builtin.template:
- src: "templates/multi-master/{{ item }}_pod.yaml.j2"
+ src: "templates/multi-control-plane/{{ item }}_pod.yaml.j2"
dest: "/etc/kubernetes/manifests/{{ item }}.yaml"
owner: root
group: root
@@ -61,16 +61,16 @@
- name: Create keepalived check script
ansible.builtin.template:
- src: multi-master/check_apiserver.sh.j2
+ src: multi-control-plane/check_apiserver.sh.j2
dest: /usr/local/etc/keepalived/check_apiserver.sh
owner: root
group: root
mode: '0755'
become: true
when:
- - k8s_multi_master | bool
+ - k8s_multi_control_plane | bool
-- name: Set up the master node
+- name: Set up the control plane node
block:
- name: Pulling images required for setting up a Kubernetes cluster
ansible.builtin.command: kubeadm config images pull
@@ -91,7 +91,7 @@
become: true
when:
- k8s_node_status == "NotAvailable"
- - inventory_hostname == k8s_master_node
+ - inventory_hostname == k8s_control_plane_node
- name: Copy remote /etc/kubernetes/admin.conf on local directory
ansible.builtin.fetch:
@@ -101,7 +101,7 @@
mode: '0640'
become: true
when:
- - inventory_hostname == k8s_master_node
+ - inventory_hostname == k8s_control_plane_node
- name: Create Network Add-on local folder
ansible.builtin.file:
@@ -118,7 +118,7 @@
- name: "network-addons/{{ k8s_network_addon }}"
run_once: true
-- name: Set kubeadm join credentials from master node
+- name: Set kubeadm join credentials from control plane node
block:
- name: Get Token from Kubernetes
ansible.builtin.shell: |
@@ -152,24 +152,24 @@
ansible.builtin.set_fact:
k8s_discovery_token_ca_cert_hash: "{{ k8s_discovery_token_ca_cert_hash_output.stdout }}"
when:
- - inventory_hostname == k8s_master_node
+ - inventory_hostname == k8s_control_plane_node
-- name: Join control-plane nodes with kubernetes master
+- name: Join control-plane nodes with kubernetes control plane
ansible.builtin.command: |
kubeadm join {{ k8s_control_plane_endpoint }} \
- --token {{ hostvars[k8s_master_node]['k8s_token'] }} \
- --discovery-token-ca-cert-hash sha256:{{ hostvars[k8s_master_node]['k8s_discovery_token_ca_cert_hash'] }} \
+ --token {{ hostvars[k8s_control_plane_node]['k8s_token'] }} \
+ --discovery-token-ca-cert-hash sha256:{{ hostvars[k8s_control_plane_node]['k8s_discovery_token_ca_cert_hash'] }} \
--control-plane \
- --certificate-key {{ k8s_master_cert_key }}
+ --certificate-key {{ k8s_control_plane_cert_key }}
args:
creates: /etc/kubernetes/kubelet.conf
throttle: 1
become: true
when:
- k8s_node_status != 'Ready'
- - inventory_hostname != k8s_master_node
+ - inventory_hostname != k8s_control_plane_node
-- name: Enable master to run non infrastructure pods
+- name: Enable control plane to run non infrastructure pods
kubernetes.core.k8s_taint:
kubeconfig: "{{ k8s_kubeconfig }}"
name: "{{ inventory_hostname }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 287608a..1dd986d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -28,10 +28,10 @@
run_once: true
- name: Master tasks
- ansible.builtin.import_tasks: master.yml
+ ansible.builtin.import_tasks: control-plane.yml
when:
- k8s_role is defined
- - k8s_role == 'master'
+ - k8s_role == 'control-plane'
- name: Worker tasks
ansible.builtin.import_tasks: worker.yml
@@ -72,5 +72,5 @@
- k8s_cert_manager_enable|bool
when:
- k8s_role is defined
- - k8s_role == 'master'
- - inventory_hostname == k8s_master_node
+ - k8s_role == 'control-plane'
+ - inventory_hostname == k8s_control_plane_node
diff --git a/tasks/worker.yml b/tasks/worker.yml
index 49421ba..f579593 100644
--- a/tasks/worker.yml
+++ b/tasks/worker.yml
@@ -3,30 +3,30 @@
- name: Reset Kubernetes worker node
ansible.builtin.command: kubeadm reset -f
args:
- removes: '/etc/kubernetes/manifests/*'
+ removes: '/etc/kubernetes'
when:
- k8s_reset|bool
become: true
-- name: Check ndoe status
+- name: Check node status
ansible.builtin.import_tasks: node_status.yml
- name: Join worker nodes
block:
- - name: Joining worker kubernetes single master
- ansible.builtin.command: kubeadm join --token {{ hostvars[k8s_master_node]['k8s_token'] }} \
- --discovery-token-ca-cert-hash sha256:{{ hostvars[k8s_master_node]['k8s_discovery_token_ca_cert_hash'] }} \
- {{ k8s_master_node }}:{{ k8s_master_port }}
+ - name: Joining worker kubernetes single control plane
+ ansible.builtin.command: kubeadm join --token {{ hostvars[k8s_control_plane_node]['k8s_token'] }} \
+ --discovery-token-ca-cert-hash sha256:{{ hostvars[k8s_control_plane_node]['k8s_discovery_token_ca_cert_hash'] }} \
+ {{ k8s_control_plane_node }}:{{ k8s_control_plane_port }}
changed_when: true
- when: not k8s_multi_master | bool
+ when: not k8s_multi_control_plane | bool
- - name: Join worker kubernetes multi master
+ - name: Join worker kubernetes multi control plane
ansible.builtin.command: |
kubeadm join {{ k8s_balancer_VIP }}:{{ k8s_balancer_port }} \
- --token {{ hostvars[k8s_master_node]['k8s_token'] }} \
- --discovery-token-ca-cert-hash sha256:{{ hostvars[k8s_master_node]['k8s_discovery_token_ca_cert_hash'] }}
+ --token {{ hostvars[k8s_control_plane_node]['k8s_token'] }} \
+ --discovery-token-ca-cert-hash sha256:{{ hostvars[k8s_control_plane_node]['k8s_discovery_token_ca_cert_hash'] }}
changed_when: true
- when: k8s_multi_master | bool
+ when: k8s_multi_control_plane | bool
when:
- k8s_node_status == "NotAvailable"
become: true
diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2
index 30a30b1..43c19ae 100644
--- a/templates/config.yaml.j2
+++ b/templates/config.yaml.j2
@@ -1,6 +1,6 @@
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
-certificateKey: "{{ k8s_master_cert_key }}"
+certificateKey: "{{ k8s_control_plane_cert_key }}"
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
diff --git a/templates/dashboard/dashboard-deployment.yaml.j2 b/templates/dashboard/dashboard-deployment.yaml.j2
index bcf072c..e467919 100644
--- a/templates/dashboard/dashboard-deployment.yaml.j2
+++ b/templates/dashboard/dashboard-deployment.yaml.j2
@@ -229,9 +229,9 @@ spec:
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
- # Comment the following tolerations if Dashboard must not be deployed on master
+ # Comment the following tolerations if Dashboard must not be deployed on control plane
tolerations:
- - key: node-role.kubernetes.io/master
+ - key: node-role.kubernetes.io/control-plane
effect: NoSchedule
---
@@ -297,9 +297,9 @@ spec:
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
- # Comment the following tolerations if Dashboard must not be deployed on master
+ # Comment the following tolerations if Dashboard must not be deployed on control-plane
tolerations:
- - key: node-role.kubernetes.io/master
+ - key: node-role.kubernetes.io/control-plane
effect: NoSchedule
volumes:
- name: tmp-volume
diff --git a/templates/multi-master/check_apiserver.sh.j2 b/templates/multi-control-plane/check_apiserver.sh.j2
similarity index 100%
rename from templates/multi-master/check_apiserver.sh.j2
rename to templates/multi-control-plane/check_apiserver.sh.j2
diff --git a/templates/multi-master/haproxy.cfg.j2 b/templates/multi-control-plane/haproxy.cfg.j2
similarity index 90%
rename from templates/multi-master/haproxy.cfg.j2
rename to templates/multi-control-plane/haproxy.cfg.j2
index 6297515..a058726 100644
--- a/templates/multi-master/haproxy.cfg.j2
+++ b/templates/multi-control-plane/haproxy.cfg.j2
@@ -38,7 +38,7 @@ frontend apiserver
default_backend apiserver
#---------------------------------------------------------------------
-# round robin balancing between the various k8s masters
+# round robin balancing between the various k8s control planes
#---------------------------------------------------------------------
backend apiserver
option httpchk GET /readyz HTTP/1.0
@@ -48,7 +48,7 @@ backend apiserver
balance roundrobin
default-server verify none check-ssl inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 5000 maxqueue 5000 weight 100
{% for host in ansible_play_batch %}
-{% if hostvars[host].k8s_role == 'master' %}
- server master-{{ loop.index }} {{ host }}:{{ k8s_master_port }} check
+{% if hostvars[host].k8s_role == 'control-plane' %}
+ server control-plane-{{ loop.index }} {{ host }}:{{ k8s_control_plane_port }} check
{% endif %}
{% endfor %}
diff --git a/templates/multi-master/haproxy_pod.yaml.j2 b/templates/multi-control-plane/haproxy_pod.yaml.j2
similarity index 100%
rename from templates/multi-master/haproxy_pod.yaml.j2
rename to templates/multi-control-plane/haproxy_pod.yaml.j2
diff --git a/templates/multi-master/keepalived.conf.j2 b/templates/multi-control-plane/keepalived.conf.j2
similarity index 92%
rename from templates/multi-master/keepalived.conf.j2
rename to templates/multi-control-plane/keepalived.conf.j2
index 2b44acc..bdf5cc8 100644
--- a/templates/multi-master/keepalived.conf.j2
+++ b/templates/multi-control-plane/keepalived.conf.j2
@@ -12,7 +12,7 @@ vrrp_script check_apiserver {
}
vrrp_instance VI_1 {
-{% if inventory_hostname == k8s_master_node %}
+{% if inventory_hostname == k8s_control_plane_node %}
state MASTER
priority 101
{% else %}
diff --git a/templates/multi-master/keepalived_pod.yaml.j2 b/templates/multi-control-plane/keepalived_pod.yaml.j2
similarity index 100%
rename from templates/multi-master/keepalived_pod.yaml.j2
rename to templates/multi-control-plane/keepalived_pod.yaml.j2
diff --git a/templates/network-addons/calico.yaml.j2 b/templates/network-addons/calico.yaml.j2
index c737f3b..2612e11 100644
--- a/templates/network-addons/calico.yaml.j2
+++ b/templates/network-addons/calico.yaml.j2
@@ -4266,7 +4266,7 @@ subjects:
# Source: calico/templates/calico-node.yaml
# This manifest installs the calico-node container, as well
# as the CNI plugins and network config on
-# each master and worker node in a Kubernetes cluster.
+# each control plane and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: apps/v1
metadata:
@@ -4593,7 +4593,7 @@ spec:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- - key: node-role.kubernetes.io/master
+ - key: node-role.kubernetes.io/control-plane
effect: NoSchedule
serviceAccountName: calico-kube-controllers
priorityClassName: system-cluster-critical
diff --git a/tests/inventory/group_vars/kubelab.yml b/tests/inventory/group_vars/kubelab.yml
index 060686b..3567e64 100644
--- a/tests/inventory/group_vars/kubelab.yml
+++ b/tests/inventory/group_vars/kubelab.yml
@@ -1,10 +1,10 @@
k8s_cluster_name: kubelab
-k8s_master_node: kubernetes-1
-k8s_master_port: 6443
-k8s_master_cert_key: "91bded725a628a081d74888df8745172ed842fe30c7a3898b3c63ca98c7226fd"
+k8s_control_plane_node: kubernetes-1
+k8s_control_plane_port: 6443
+k8s_control_plane_cert_key: "91bded725a628a081d74888df8745172ed842fe30c7a3898b3c63ca98c7226fd"
-k8s_multi_master: true
+k8s_multi_control_plane: true
k8s_balancer_VIP: 192.168.122.199
k8s_balancer_interface: eth0
k8s_balancer_port: 8443
@@ -12,7 +12,7 @@ k8s_balancer_password: "d6e284576158b1"
k8s_wait_timeout: 1200
-k8s_master_ports:
+k8s_control_plane_ports:
- 2379-2380/tcp
- 6443/tcp
- 8443/tcp
diff --git a/tests/inventory/hosts b/tests/inventory/hosts
index 5f69b19..c1e8ae7 100644
--- a/tests/inventory/hosts
+++ b/tests/inventory/hosts
@@ -1,6 +1,6 @@
# Kubernetes hosts
[kubelab]
-kubernetes-1 k8s_role=master run_non_infra_pods=true
-kubernetes-2 k8s_role=master run_non_infra_pods=true
-kubernetes-3 k8s_role=master run_non_infra_pods=true
+kubernetes-1 k8s_role=control-plane run_non_infra_pods=true
+kubernetes-2 k8s_role=control-plane run_non_infra_pods=true
+kubernetes-3 k8s_role=control-plane run_non_infra_pods=true
kubernetes-4 k8s_role=worker