From 58620622724a50f58e1e488d8cb549812f97363a Mon Sep 17 00:00:00 2001 From: ChengHao Yang <17496418+tico88612@users.noreply.github.com> Date: Tue, 15 Oct 2024 01:08:03 +0800 Subject: [PATCH] Cleanup: remove all cloud_provider related tasks & files Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com> --- .../group_vars/k8s_cluster/k8s-cluster.yml | 2 +- .../cloud_controller/oci/defaults/main.yml | 6 - .../oci/tasks/credentials-check.yml | 67 ---------- .../cloud_controller/oci/tasks/main.yml | 35 ----- .../controller-manager-config.yml.j2 | 89 ------------- .../oci/templates/oci-cloud-provider.yml.j2 | 69 ---------- .../cluster_roles/files/oci-rbac.yml | 124 ------------------ .../cluster_roles/tasks/main.yml | 7 - .../cluster_roles/tasks/oci.yml | 19 --- roles/kubernetes-apps/meta/main.yml | 8 -- .../persistent_volumes/meta/main.yml | 7 - .../openstack/defaults/main.yml | 7 - .../openstack/tasks/main.yml | 20 --- .../templates/openstack-storage-class.yml.j2 | 27 ---- .../control-plane/defaults/main/main.yml | 2 +- .../templates/kubeadm-config.v1beta3.yaml.j2 | 27 +--- roles/kubernetes/kubeadm/defaults/main.yml | 2 +- roles/kubernetes/node/defaults/main.yml | 2 +- .../azure-credential-check.yml | 82 ------------ .../openstack-credential-check.yml | 34 ----- .../vsphere-credential-check.yml | 22 ---- roles/kubernetes/node/tasks/main.yml | 47 ------- .../node/templates/kubelet.env.v1beta1.j2 | 4 +- .../preinstall/tasks/0020-set_facts.yml | 4 +- .../preinstall/tasks/0040-verify-settings.yml | 11 +- .../kubespray-defaults/defaults/main/main.yml | 2 +- roles/network_plugin/calico/tasks/check.yml | 11 -- 27 files changed, 11 insertions(+), 726 deletions(-) delete mode 100644 roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml delete mode 100644 roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml delete mode 100644 roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml delete mode 100644 roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 delete mode 100644 roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2 delete mode 100644 roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml delete mode 100644 roles/kubernetes-apps/cluster_roles/tasks/oci.yml delete mode 100644 roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml delete mode 100644 roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml delete mode 100644 roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2 delete mode 100644 roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml delete mode 100644 roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml delete mode 100644 roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml index 5a6f6375a53..d24a1eb0b89 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml @@ -141,7 +141,7 @@ kube_proxy_nodeport_addresses: >- # If non-empty, will use this string as identification instead of the actual hostname # kube_override_hostname: >- -# {%- if cloud_provider is defined and cloud_provider in ['aws'] -%} +# {%- if cloud_provider is defined -%} # {%- else -%} # {{ inventory_hostname }} # {%- endif -%} diff --git a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml b/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml deleted file mode 100644 index 9d7ddf01d1a..00000000000 --- a/roles/kubernetes-apps/cloud_controller/oci/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -oci_security_list_management: All -oci_use_instance_principals: false -oci_cloud_controller_version: 0.7.0 -oci_cloud_controller_pull_source: iad.ocir.io/oracle/cloud-provider-oci diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml deleted file mode 100644 index 9eb87949d05..00000000000 --- a/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- - -- name: "OCI Cloud Controller | Credentials Check | oci_private_key" - fail: - msg: "oci_private_key is missing" - when: - - not oci_use_instance_principals - - oci_private_key is not defined or not oci_private_key - -- name: "OCI Cloud Controller | Credentials Check | oci_region_id" - fail: - msg: "oci_region_id is missing" - when: - - not oci_use_instance_principals - - oci_region_id is not defined or not oci_region_id - -- name: "OCI Cloud Controller | Credentials Check | oci_tenancy_id" - fail: - msg: "oci_tenancy_id is missing" - when: - - not oci_use_instance_principals - - oci_tenancy_id is not defined or not oci_tenancy_id - -- name: "OCI Cloud Controller | Credentials Check | oci_user_id" - fail: - msg: "oci_user_id is missing" - when: - - not oci_use_instance_principals - - oci_user_id is not defined or not oci_user_id - -- name: "OCI Cloud Controller | Credentials Check | oci_user_fingerprint" - fail: - msg: "oci_user_fingerprint is missing" - when: - - not oci_use_instance_principals - - oci_user_fingerprint is not defined or not oci_user_fingerprint - -- name: "OCI Cloud Controller | Credentials Check | oci_compartment_id" - fail: - msg: "oci_compartment_id is missing. This is the compartment in which the cluster resides" - when: - - oci_compartment_id is not defined or not oci_compartment_id - -- name: "OCI Cloud Controller | Credentials Check | oci_vnc_id" - fail: - msg: "oci_vnc_id is missing. This is the Virtual Cloud Network in which the cluster resides" - when: - - oci_vnc_id is not defined or not oci_vnc_id - -- name: "OCI Cloud Controller | Credentials Check | oci_subnet1_id" - fail: - msg: "oci_subnet1_id is missingg. This is the first subnet to which loadbalancers will be added" - when: - - oci_subnet1_id is not defined or not oci_subnet1_id - -- name: "OCI Cloud Controller | Credentials Check | oci_subnet2_id" - fail: - msg: "oci_subnet2_id is missing. Two subnets are required for load balancer high availability" - when: - - oci_cloud_controller_version is version_compare('0.7.0', '<') - - oci_subnet2_id is not defined or not oci_subnet2_id - -- name: "OCI Cloud Controller | Credentials Check | oci_security_list_management" - fail: - msg: "oci_security_list_management is missing, or not defined correctly. Valid options are (All, Frontend, None)." - when: - - oci_security_list_management is not defined or oci_security_list_management not in ["All", "Frontend", "None"] diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml deleted file mode 100644 index a5913ecc78b..00000000000 --- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: OCI Cloud Controller | Check Oracle Cloud credentials - import_tasks: credentials-check.yml - -- name: "OCI Cloud Controller | Generate Cloud Provider Configuration" - template: - src: controller-manager-config.yml.j2 - dest: "{{ kube_config_dir }}/controller-manager-config.yml" - mode: "0644" - when: inventory_hostname == groups['kube_control_plane'][0] - -- name: "OCI Cloud Controller | Slurp Configuration" - slurp: - src: "{{ kube_config_dir }}/controller-manager-config.yml" - register: controller_manager_config - -- name: "OCI Cloud Controller | Encode Configuration" - set_fact: - controller_manager_config_base64: "{{ controller_manager_config.content }}" - when: inventory_hostname == groups['kube_control_plane'][0] - -- name: "OCI Cloud Controller | Generate Manifests" - template: - src: oci-cloud-provider.yml.j2 - dest: "{{ kube_config_dir }}/oci-cloud-provider.yml" - mode: "0644" - when: inventory_hostname == groups['kube_control_plane'][0] - -- name: "OCI Cloud Controller | Apply Manifests" - kube: - kubectl: "{{ bin_dir }}/kubectl" - filename: "{{ kube_config_dir }}/oci-cloud-provider.yml" - state: latest - when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 deleted file mode 100644 index d585de1f014..00000000000 --- a/roles/kubernetes-apps/cloud_controller/oci/templates/controller-manager-config.yml.j2 +++ /dev/null @@ -1,89 +0,0 @@ -{% macro private_key() %}{{ oci_private_key }}{% endmacro %} - -{% if oci_use_instance_principals %} - # (https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/callingservicesfrominstances.htm). - # Ensure you have setup the following OCI policies and your kubernetes nodes are running within them - # allow dynamic-group [your dynamic group name] to read instance-family in compartment [your compartment name] - # allow dynamic-group [your dynamic group name] to use virtual-network-family in compartment [your compartment name] - # allow dynamic-group [your dynamic group name] to manage load-balancers in compartment [your compartment name] -useInstancePrincipals: true -{% else %} -useInstancePrincipals: false -{% endif %} - -auth: - -{% if oci_use_instance_principals %} - # This key is put here too for backwards compatibility - useInstancePrincipals: true -{% else %} - useInstancePrincipals: false - - region: {{ oci_region_id }} - tenancy: {{ oci_tenancy_id }} - user: {{ oci_user_id }} - key: | - {{ oci_private_key }} - - {% if oci_private_key_passphrase is defined %} - passphrase: {{ oci_private_key_passphrase }} - {% endif %} - - - fingerprint: {{ oci_user_fingerprint }} -{% endif %} - -# compartment configures Compartment within which the cluster resides. -compartment: {{ oci_compartment_id }} - -# vcn configures the Virtual Cloud Network (VCN) within which the cluster resides. -vcn: {{ oci_vnc_id }} - -loadBalancer: - # subnet1 configures one of two subnets to which load balancers will be added. - # OCI load balancers require two subnets to ensure high availability. - subnet1: {{ oci_subnet1_id }} -{% if oci_subnet2_id is defined %} - # subnet2 configures the second of two subnets to which load balancers will be - # added. OCI load balancers require two subnets to ensure high availability. - subnet2: {{ oci_subnet2_id }} -{% endif %} - # SecurityListManagementMode configures how security lists are managed by the CCM. - # "All" (default): Manage all required security list rules for load balancer services. - # "Frontend": Manage only security list rules for ingress to the load - # balancer. Requires that the user has setup a rule that - # allows inbound traffic to the appropriate ports for kube - # proxy health port, node port ranges, and health check port ranges. - # E.g. 10.82.0.0/16 30000-32000. - # "None": Disables all security list management. Requires that the - # user has setup a rule that allows inbound traffic to the - # appropriate ports for kube proxy health port, node port - # ranges, and health check port ranges. E.g. 10.82.0.0/16 30000-32000. - # Additionally requires the user to mange rules to allow - # inbound traffic to load balancers. - securityListManagementMode: {{ oci_security_list_management }} - -{% if oci_security_lists is defined and oci_security_lists | length > 0 %} - # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off. - securityLists: -{% for subnet_ocid, list_ocid in oci_security_lists.items() %} - {{ subnet_ocid }}: {{ list_ocid }} -{% endfor %} -{% endif %} - -{% if oci_rate_limit is defined and oci_rate_limit | length > 0 %} -# Optional rate limit controls for accessing OCI API -rateLimiter: -{% if oci_rate_limit.rate_limit_qps_read %} - rateLimitQPSRead: {{ oci_rate_limit.rate_limit_qps_read }} -{% endif %} -{% if oci_rate_limit.rate_limit_qps_write %} - rateLimitQPSWrite: {{ oci_rate_limit.rate_limit_qps_write }} -{% endif %} -{% if oci_rate_limit.rate_limit_bucket_read %} - rateLimitBucketRead: {{ oci_rate_limit.rate_limit_bucket_read }} -{% endif %} -{% if oci_rate_limit.rate_limit_bucket_write %} - rateLimitBucketWrite: {{ oci_rate_limit.rate_limit_bucket_write }} -{% endif %} -{% endif %} diff --git a/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2 b/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2 deleted file mode 100644 index e1fc11d21a1..00000000000 --- a/roles/kubernetes-apps/cloud_controller/oci/templates/oci-cloud-provider.yml.j2 +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: v1 -data: - cloud-provider.yaml: {{ controller_manager_config_base64 }} -kind: Secret -metadata: - name: oci-cloud-controller-manager - namespace: kube-system -type: Opaque - ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: oci-cloud-controller-manager - namespace: kube-system - labels: - k8s-app: oci-cloud-controller-manager -spec: - selector: - matchLabels: - component: oci-cloud-controller-manager - tier: control-plane - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - component: oci-cloud-controller-manager - tier: control-plane - spec: -{% if oci_cloud_controller_pull_secret is defined %} - imagePullSecrets: - - name: {{ oci_cloud_controller_pull_secret }} -{% endif %} - serviceAccountName: cloud-controller-manager - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - volumes: - - name: cfg - secret: - secretName: oci-cloud-controller-manager - - name: kubernetes - hostPath: - path: /etc/kubernetes - containers: - - name: oci-cloud-controller-manager - image: {{ oci_cloud_controller_pull_source }}:{{ oci_cloud_controller_version }} - command: ["/usr/local/bin/oci-cloud-controller-manager"] - args: - - --cloud-config=/etc/oci/cloud-provider.yaml - - --cloud-provider=oci - - --leader-elect-resource-lock=configmaps - - -v=2 - volumeMounts: - - name: cfg - mountPath: /etc/oci - readOnly: true - - name: kubernetes - mountPath: /etc/kubernetes - readOnly: true diff --git a/roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml b/roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml deleted file mode 100644 index 5e3b82bfb2e..00000000000 --- a/roles/kubernetes-apps/cluster_roles/files/oci-rbac.yml +++ /dev/null @@ -1,124 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cloud-controller-manager - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:cloud-controller-manager -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - '*' - -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch - -- apiGroups: - - "" - resources: - - services - verbs: - - list - - watch - - patch - -- apiGroups: - - "" - resources: - - services/status - verbs: - - update - -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - -# For leader election -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - -- apiGroups: - - "" - resources: - - endpoints - resourceNames: - - "cloud-controller-manager" - verbs: - - get - - list - - watch - - update - -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - "cloud-controller-manager" - verbs: - - get - - update - -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - -# For the PVL -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - list - - watch - - patch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: oci-cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml index ef4737eac4f..bbb53a399e9 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml @@ -59,13 +59,6 @@ - inventory_hostname == groups['kube_control_plane'][0] tags: node-webhook -- name: Configure Oracle Cloud provider - include_tasks: oci.yml - tags: oci - when: - - cloud_provider is defined - - cloud_provider == 'oci' - - name: PriorityClass | Copy k8s-cluster-critical-pc.yml file copy: src: k8s-cluster-critical-pc.yml diff --git a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml deleted file mode 100644 index e5bef6701db..00000000000 --- a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Copy OCI RBAC Manifest - copy: - src: "oci-rbac.yml" - dest: "{{ kube_config_dir }}/oci-rbac.yml" - mode: "0640" - when: - - cloud_provider is defined - - cloud_provider == 'oci' - - inventory_hostname == groups['kube_control_plane'][0] - -- name: Apply OCI RBAC - kube: - kubectl: "{{ bin_dir }}/kubectl" - filename: "{{ kube_config_dir }}/oci-rbac.yml" - when: - - cloud_provider is defined - - cloud_provider == 'oci' - - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml index 37bd109216c..af69da4157d 100644 --- a/roles/kubernetes-apps/meta/main.yml +++ b/roles/kubernetes-apps/meta/main.yml @@ -103,14 +103,6 @@ dependencies: tags: - container_engine_accelerator - - role: kubernetes-apps/cloud_controller/oci - when: - - cloud_provider is defined - - cloud_provider == "oci" - - inventory_hostname == groups['kube_control_plane'][0] - tags: - - oci - - role: kubernetes-apps/gateway_api when: - gateway_api_enabled diff --git a/roles/kubernetes-apps/persistent_volumes/meta/main.yml b/roles/kubernetes-apps/persistent_volumes/meta/main.yml index e3066bb62a9..8cc9e69f2cd 100644 --- a/roles/kubernetes-apps/persistent_volumes/meta/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/meta/main.yml @@ -1,12 +1,5 @@ --- dependencies: - - role: kubernetes-apps/persistent_volumes/openstack - when: - - cloud_provider is defined - - cloud_provider in [ 'openstack' ] - tags: - - persistent_volumes_openstack - - role: kubernetes-apps/persistent_volumes/cinder-csi when: - cinder_csi_enabled diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml deleted file mode 100644 index 05a3d944e97..00000000000 --- a/roles/kubernetes-apps/persistent_volumes/openstack/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -persistent_volumes_enabled: false -storage_classes: - - name: standard - is_default: true - parameters: - availability: nova diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml deleted file mode 100644 index 90b3ad7f4b7..00000000000 --- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Kubernetes Persistent Volumes | Lay down OpenStack Cinder Storage Class template - template: - src: "openstack-storage-class.yml.j2" - dest: "{{ kube_config_dir }}/openstack-storage-class.yml" - mode: "0644" - register: manifests - when: - - inventory_hostname == groups['kube_control_plane'][0] - -- name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class - kube: - name: storage-class - kubectl: "{{ bin_dir }}/kubectl" - resource: StorageClass - filename: "{{ kube_config_dir }}/openstack-storage-class.yml" - state: "latest" - when: - - inventory_hostname == groups['kube_control_plane'][0] - - manifests.changed diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2 b/roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2 deleted file mode 100644 index 973353c4ce6..00000000000 --- a/roles/kubernetes-apps/persistent_volumes/openstack/templates/openstack-storage-class.yml.j2 +++ /dev/null @@ -1,27 +0,0 @@ -{% for class in storage_classes %} ---- -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: "{{ class.name }}" - annotations: - storageclass.kubernetes.io/is-default-class: "{{ class.is_default | default(false) | ternary("true","false") }}" -provisioner: kubernetes.io/cinder -{% if class.mount_options is defined %} -mountOptions: -{% for option in class.mount_options | default([]) %} - - "{{ option }}" -{% endfor %} -{% endif %} -parameters: -{% for key, value in (class.parameters | default({})).items() %} - "{{ key }}": "{{ value }}" -{% endfor %} -{% if class.reclaim_policy is defined %} -reclaimPolicy: "{{ class.reclaim_policy }}" -{% endif %} -{% if class.volume_binding_mode is defined %} -volumeBindingMode: "{{ class.volume_binding_mode }}" -{% endif %} -allowVolumeExpansion: {{ expand_persistent_volumes }} -{% endfor %} diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index 30b71b14971..3b1834d55b3 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -186,7 +186,7 @@ kube_encryption_resources: [secrets] # If non-empty, will use this string as identification instead of the actual hostname kube_override_hostname: >- - {%- if cloud_provider is defined and cloud_provider in ['aws'] -%} + {%- if cloud_provider is defined -%} {%- else -%} {{ inventory_hostname }} {%- endif -%} diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 index 1a919082928..d7288621773 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 @@ -210,10 +210,6 @@ apiServer: {% if kube_apiserver_feature_gates or kube_feature_gates %} feature-gates: "{{ kube_apiserver_feature_gates | default(kube_feature_gates, true) | join(',') }}" {% endif %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} - cloud-provider: {{ cloud_provider }} - cloud-config: {{ kube_config_dir }}/cloud_config -{% endif %} {% if tls_min_version is defined %} tls-min-version: {{ tls_min_version }} {% endif %} @@ -230,13 +226,8 @@ apiServer: {% if kube_apiserver_tracing %} tracing-config-file: {{ kube_config_dir }}/tracing/apiserver-tracing.yaml {% endif %} -{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs | length %} +{% if kubernetes_audit or kube_token_auth or kube_webhook_token_auth or apiserver_extra_volumes or ssl_ca_dirs | length %} extraVolumes: -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} - - name: cloud-config - hostPath: {{ kube_config_dir }}/cloud_config - mountPath: {{ kube_config_dir }}/cloud_config -{% endif %} {% if kube_token_auth %} - name: token-auth-config hostPath: {{ kube_token_dir }} @@ -326,10 +317,6 @@ controllerManager: {% for key in kube_kubeadm_controller_extra_args %} {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" {% endfor %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} - cloud-provider: {{ cloud_provider }} - cloud-config: {{ kube_config_dir }}/cloud_config -{% endif %} {% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %} configure-cloud-routes: "false" {% endif %} @@ -343,18 +330,8 @@ controllerManager: tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %} {% endif %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] or controller_manager_extra_volumes %} +{% if controller_manager_extra_volumes %} extraVolumes: -{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %} - - name: openstackcacert - hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" - mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" -{% endif %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} - - name: cloud-config - hostPath: {{ kube_config_dir }}/cloud_config - mountPath: {{ kube_config_dir }}/cloud_config -{% endif %} {% for volume in controller_manager_extra_volumes %} - name: {{ volume.name }} hostPath: {{ volume.hostPath }} diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml index 5047de5094a..789b87624ca 100644 --- a/roles/kubernetes/kubeadm/defaults/main.yml +++ b/roles/kubernetes/kubeadm/defaults/main.yml @@ -9,7 +9,7 @@ kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" # If non-empty, will use this string as identification instead of the actual hostname kube_override_hostname: >- - {%- if cloud_provider is defined and cloud_provider in ['aws'] -%} + {%- if cloud_provider is defined -%} {%- else -%} {{ inventory_hostname }} {%- endif -%} diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index a0ab2085497..7d0fbe4a530 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -136,7 +136,7 @@ kubelet_custom_flags: [] # If non-empty, will use this string as identification instead of the actual hostname kube_override_hostname: >- - {%- if cloud_provider is defined and cloud_provider in ['aws'] -%} + {%- if cloud_provider is defined -%} {%- else -%} {{ inventory_hostname }} {%- endif -%} diff --git a/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml deleted file mode 100644 index c5d6030848c..00000000000 --- a/roles/kubernetes/node/tasks/cloud-credentials/azure-credential-check.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- -- name: Check azure_tenant_id value - fail: - msg: "azure_tenant_id is missing" - when: azure_tenant_id is not defined or not azure_tenant_id - -- name: Check azure_subscription_id value - fail: - msg: "azure_subscription_id is missing" - when: azure_subscription_id is not defined or not azure_subscription_id - -- name: Check azure_aad_client_id value - fail: - msg: "azure_aad_client_id is missing" - when: azure_aad_client_id is not defined or not azure_aad_client_id - -- name: Check azure_aad_client_secret value - fail: - msg: "azure_aad_client_secret is missing" - when: azure_aad_client_secret is not defined or not azure_aad_client_secret - -- name: Check azure_resource_group value - fail: - msg: "azure_resource_group is missing" - when: azure_resource_group is not defined or not azure_resource_group - -- name: Check azure_location value - fail: - msg: "azure_location is missing" - when: azure_location is not defined or not azure_location - -- name: Check azure_subnet_name value - fail: - msg: "azure_subnet_name is missing" - when: azure_subnet_name is not defined or not azure_subnet_name - -- name: Check azure_security_group_name value - fail: - msg: "azure_security_group_name is missing" - when: azure_security_group_name is not defined or not azure_security_group_name - -- name: Check azure_vnet_name value - fail: - msg: "azure_vnet_name is missing" - when: azure_vnet_name is not defined or not azure_vnet_name - -- name: Check azure_vnet_resource_group value - fail: - msg: "azure_vnet_resource_group is missing" - when: azure_vnet_resource_group is not defined or not azure_vnet_resource_group - -- name: Check azure_route_table_name value - fail: - msg: "azure_route_table_name is missing" - when: azure_route_table_name is not defined or not azure_route_table_name - -- name: Check azure_loadbalancer_sku value - fail: - msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'" - when: azure_loadbalancer_sku not in ["basic", "standard"] - -- name: "Check azure_exclude_master_from_standard_lb is a bool" - assert: - that: azure_exclude_master_from_standard_lb | type_debug == 'bool' - -- name: "Check azure_disable_outbound_snat is a bool" - assert: - that: azure_disable_outbound_snat | type_debug == 'bool' - -- name: "Check azure_use_instance_metadata is a bool" - assert: - that: azure_use_instance_metadata | type_debug == 'bool' - -- name: Check azure_vmtype value - fail: - msg: "azure_vmtype is missing. Supported values are 'standard' or 'vmss'" - when: azure_vmtype is not defined or not azure_vmtype - -- name: Check azure_cloud value - fail: - msg: "azure_cloud has an invalid value '{{ azure_cloud }}'. Supported values are 'AzureChinaCloud', 'AzureGermanCloud', 'AzurePublicCloud', 'AzureUSGovernmentCloud'." - when: azure_cloud not in ["AzureChinaCloud", "AzureGermanCloud", "AzurePublicCloud", "AzureUSGovernmentCloud"] diff --git a/roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml deleted file mode 100644 index 7354d43af61..00000000000 --- a/roles/kubernetes/node/tasks/cloud-credentials/openstack-credential-check.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Check openstack_auth_url value - fail: - msg: "openstack_auth_url is missing" - when: openstack_auth_url is not defined or not openstack_auth_url - -- name: Check openstack_username value - fail: - msg: "openstack_username is missing" - when: openstack_username is not defined or not openstack_username - -- name: Check openstack_password value - fail: - msg: "openstack_password is missing" - when: openstack_password is not defined or not openstack_password - -- name: Check openstack_region value - fail: - msg: "openstack_region is missing" - when: openstack_region is not defined or not openstack_region - -- name: Check openstack_tenant_id value - fail: - msg: "one of openstack_tenant_id or openstack_trust_id must be specified" - when: - - openstack_tenant_id is not defined or not openstack_tenant_id - - openstack_trust_id is not defined - -- name: Check openstack_trust_id value - fail: - msg: "one of openstack_tenant_id or openstack_trust_id must be specified" - when: - - openstack_trust_id is not defined or not openstack_trust_id - - openstack_tenant_id is not defined diff --git a/roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml b/roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml deleted file mode 100644 index b18583af069..00000000000 --- a/roles/kubernetes/node/tasks/cloud-credentials/vsphere-credential-check.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Check vsphere environment variables - fail: - msg: "{{ item.name }} is missing" - when: item.value is not defined or not item.value - with_items: - - name: vsphere_vcenter_ip - value: "{{ vsphere_vcenter_ip }}" - - name: vsphere_vcenter_port - value: "{{ vsphere_vcenter_port }}" - - name: vsphere_user - value: "{{ vsphere_user }}" - - name: vsphere_password - value: "{{ vsphere_password }}" - - name: vsphere_datacenter - value: "{{ vsphere_datacenter }}" - - name: vsphere_datastore - value: "{{ vsphere_datastore }}" - - name: vsphere_working_dir - value: "{{ vsphere_working_dir }}" - - name: vsphere_insecure - value: "{{ vsphere_insecure }}" diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 572850ba050..4e38a95a515 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -137,53 +137,6 @@ tags: - kube-proxy -- name: Check cloud provider credentials - include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml" - when: - - cloud_provider is defined - - cloud_provider in [ 'openstack', 'azure', 'vsphere' ] - tags: - - cloud-provider - - facts - -- name: Test if openstack_cacert is a base64 string - set_fact: - openstack_cacert_is_base64: "{% if openstack_cacert is search('^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}= | [A-Za-z0-9+/]{2}==)?$') %}true{% else %}false{% endif %}" - when: - - cloud_provider is defined - - cloud_provider == 'openstack' - - openstack_cacert is defined - - openstack_cacert | length > 0 - - -- name: Write cacert file - copy: - src: "{{ openstack_cacert if not openstack_cacert_is_base64 else omit }}" - content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}" - dest: "{{ kube_config_dir }}/openstack-cacert.pem" - group: "{{ kube_cert_group }}" - mode: "0640" - when: - - cloud_provider is defined - - cloud_provider == 'openstack' - - openstack_cacert is defined - - openstack_cacert | length > 0 - tags: - - cloud-provider - -- name: Write cloud-config - template: - src: "cloud-configs/{{ cloud_provider }}-cloud-config.j2" - dest: "{{ kube_config_dir }}/cloud_config" - group: "{{ kube_cert_group }}" - mode: "0640" - when: - - cloud_provider is defined - - cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ] - notify: Node | restart kubelet - tags: - - cloud-provider - - name: Install kubelet import_tasks: kubelet.yml tags: diff --git a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 index 576b9c8fd5a..e3b54d7a3e2 100644 --- a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 +++ b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 @@ -21,9 +21,7 @@ KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }} {% if kube_network_plugin is defined and kube_network_plugin == "cloud" %} KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet" {% endif %} -{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %} -KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config" -{% elif cloud_provider is defined and cloud_provider in ["external"] %} +{% if cloud_provider is defined and cloud_provider in ["external"] %} KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }}" {% else %} KUBELET_CLOUDPROVIDER="" diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml index 263bca400a1..8d6b7fbe8e1 100644 --- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml @@ -87,9 +87,7 @@ {% for d in default_searchdomains | default([]) + searchdomains | default([]) -%} {{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./ {%- endfor %} - cloud_resolver: "{{ ['169.254.169.254'] if cloud_provider is defined and cloud_provider == 'gce' else - ['169.254.169.253'] if cloud_provider is defined and cloud_provider == 'aws' else - [] }}" + cloud_resolver: "{{ [] }}" - name: Check if kubelet is configured stat: diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml index 867cfb2ed9e..08a4a3f7085 100644 --- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml @@ -136,13 +136,6 @@ - dashboard_enabled - not ignore_assert_errors -- name: Stop if RBAC is not enabled when OCI cloud controller is enabled - assert: - that: rbac_enabled - when: - - cloud_provider is defined and cloud_provider == "oci" - - not ignore_assert_errors - - name: Stop if kernel version is too low assert: that: ansible_kernel.split('-')[0] is version('4.9.17', '>=') @@ -158,8 +151,8 @@ - name: Check cloud_provider value assert: - that: cloud_provider in ['gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external'] - msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci' or 'external'" + that: cloud_provider in ['external'] + msg: "If set the 'cloud_provider' var must be set either to 'external'" when: - cloud_provider is defined - not ignore_assert_errors diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml index 8cbfd0f01a0..53c315d693b 100644 --- a/roles/kubespray-defaults/defaults/main/main.yml +++ b/roles/kubespray-defaults/defaults/main/main.yml @@ -254,7 +254,7 @@ kube_apiserver_port: 6443 # If non-empty, will use this string as identification instead of the actual hostname kube_override_hostname: >- - {%- if cloud_provider is defined and cloud_provider in ['aws'] -%} + {%- if cloud_provider is defined -%} {%- else -%} {{ inventory_hostname }} {%- endif -%} diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 7f73a08c4cb..aef34bb2cdf 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -24,17 +24,6 @@ delegate_to: "{{ groups['kube_control_plane'][0] }}" -- name: Stop if incompatible network plugin and cloudprovider - assert: - that: - - calico_ipip_mode == 'Never' - - calico_vxlan_mode in ['Always', 'CrossSubnet'] - msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'" - when: - - cloud_provider is defined and cloud_provider == 'azure' - run_once: true - delegate_to: "{{ groups['kube_control_plane'][0] }}" - - name: Stop if supported Calico versions assert: that: