Fix kube_hostname_override inconsistencies (kubernetes-sigs#4185)

southbridgeio · Feb 18, 2019 · 4541df2 · 4541df2
1 parent 33d5291
commit 4541df2
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 30 deletions.
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -111,6 +111,13 @@ kube_proxy_nodeport_addresses: >-
   []
   {%- endif -%}
 
+# If non-empty, will use this string as identification instead of the actual hostname
+#kube_override_hostname: >-
+#  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+#  {%- else -%}
+#  {{ inventory_hostname }}
+#  {%- endif -%}
+
 ## Encrypting Secret Data at Rest (experimental)
 kube_encrypt_secret_data: false
 

diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -1,3 +1,10 @@
 ---
 # discovery_timeout modifies the discovery timeout
 discovery_timeout: 5m0s
+
+# If non-empty, will use this string as identification instead of the actual hostname
+kube_override_hostname: >-
+  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+  {%- else -%}
+  {{ inventory_hostname }}
+  {%- endif -%}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
@@ -15,7 +15,7 @@ discoveryTokenAPIServers:
 {% endif %}
 discoveryTokenUnsafeSkipCAVerification: true
 nodeRegistration:
-  name: {{ inventory_hostname  }}
+  name: {{ kube_override_hostname }}
 {% if container_manager == 'crio' %}
   criSocket: /var/run/crio/crio.sock
 {% elif container_manager == 'rkt' %}

diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
@@ -15,7 +15,7 @@ discoveryTokenAPIServers:
 {% endif %}
 discoveryTokenUnsafeSkipCAVerification: true
 nodeRegistration:
-  name: {{ inventory_hostname  }}
+  name: {{ kube_override_hostname }}
 {% if container_manager == 'crio' %}
   criSocket: /var/run/crio/crio.sock
 {% elif container_manager == 'rkt' %}

diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
@@ -13,7 +13,7 @@ discovery:
   tlsBootstrapToken: {{ kubeadm_token }}
 caCertPath: {{ kube_cert_dir }}/ca.crt
 nodeRegistration:
-  name: {{ inventory_hostname  }}
+  name: {{ kube_override_hostname }}
 {% if container_manager == 'crio' %}
   criSocket: /var/run/crio/crio.sock
 {% elif container_manager == 'rkt' %}

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -244,6 +244,7 @@ conntrack:
  tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
 enableProfiling: {{ kube_proxy_enable_profiling }}
 healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
+hostnameOverride: {{ kube_override_hostname }}
 iptables:
  masqueradeAll: {{ kube_proxy_masquerade_all }}
  masqueradeBit: {{ kube_proxy_masquerade_bit }}

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -249,6 +249,7 @@ conntrack:
  tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
 enableProfiling: {{ kube_proxy_enable_profiling }}
 healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
+hostnameOverride: {{ kube_override_hostname }}
 iptables:
  masqueradeAll: {{ kube_proxy_masquerade_all }}
  masqueradeBit: {{ kube_proxy_masquerade_bit }}

diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
@@ -157,6 +157,13 @@ kube_apiserver_port: 6443
 kube_apiserver_insecure_bind_address: 127.0.0.1
 kube_apiserver_insecure_port: 0
 
+# If non-empty, will use this string as identification instead of the actual hostname
+kube_override_hostname: >-
+  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+  {%- else -%}
+  {{ inventory_hostname }}
+  {%- endif -%}
+
 # dynamic kubelet configuration
 dynamic_kubelet_configuration: false
 

diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml
@@ -7,33 +7,6 @@
     recurse: yes
   tags: [init, cni]
 
-- name: Apply kube-proxy hostnameOverride
-  block:
-    - name: Copy kube-proxy daemonset hostnameOverride patch
-      copy:
-        src: hostnameOverride-patch.json
-        dest: "{{ kubernetes_user_manifests_path }}/hostnameOverride-patch.json"
-
-    - name: Check current command for kube-proxy daemonset
-      shell: "{{bin_dir}}/kubectl get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.containers[0].command}'"
-      register: current_kube_proxy_command
-
-    - name: Apply hostnameOverride patch for kube-proxy daemonset
-      shell: "{{bin_dir}}/kubectl patch ds kube-proxy --namespace=kube-system --type=json -p \"$(cat hostnameOverride-patch.json)\""
-      args:
-        chdir: "{{ kubernetes_user_manifests_path }}"
-      register: patch_kube_proxy_command
-      when: not current_kube_proxy_command.stdout is search("--hostname-override=\$\(NODE_NAME\)")
-
-    - debug: msg={{ patch_kube_proxy_command.stdout_lines }}
-      when: patch_kube_proxy_command is not skipped
-
-    - debug: msg={{ patch_kube_proxy_command.stderr_lines }}
-      when: patch_kube_proxy_command is not skipped
-  tags: init
-  when:
-    - not kube_proxy_remove
-
 - name: Apply kube-proxy nodeselector
   block:
     - name: Copy kube-proxy daemonset nodeselector patch