Update kubeadm kubernetes version to 1.13.4

This updates the kubernetes version used when deploying via kubeadm and minikube to v1.13.4 This required updating the apiVersion in the kubeadm configuration file template, as well as removing the --cadvisor-port flag from the kubelet args, as this has been removed entirely Change-Id: I3088b65ece0a5c9c5ef2669247ac293d6a6f66ed
2019-02-19 10:01:20 -06:00 · 2019-02-19 10:01:20 -06:00 · e247b6faf1
commit e247b6faf1
parent 64fb053e68
8 changed files with 64 additions and 76 deletions
--- a/roles/build-images/defaults/main.yml
+++ b/roles/build-images/defaults/main.yml
@ -13,7 +13,7 @@
 # limitations under the License.

 version:
-  kubernetes: v1.10.9
+  kubernetes: v1.13.4
  helm: v2.13.0
  cni: v0.6.0

--- a/tools/deployment/common/005-deploy-k8s.sh
+++ b/tools/deployment/common/005-deploy-k8s.sh
@ -18,7 +18,7 @@
 set -xe

 : ${HELM_VERSION:="v2.13.0"}
-: ${KUBE_VERSION:="v1.12.2"}
+: ${KUBE_VERSION:="v1.13.4"}
 : ${MINIKUBE_VERSION:="v0.30.0"}
 : ${CALICO_VERSION:="v3.3"}

--- a/tools/images/kubeadm-aio/Dockerfile
+++ b/tools/images/kubeadm-aio/Dockerfile
@ -34,7 +34,7 @@ ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL}
 ARG GOOGLE_HELM_REPO_URL=https://storage.googleapis.com/kubernetes-helm
 ENV GOOGLE_HELM_REPO_URL ${GOOGLE_HELM_REPO_URL}

-ARG KUBE_VERSION="v1.10.9"
+ARG KUBE_VERSION="v1.13.4"
 ENV KUBE_VERSION ${KUBE_VERSION}

 ARG CNI_VERSION="v0.6.0"
--- a/tools/images/kubeadm-aio/assets/entrypoint.sh
+++ b/tools/images/kubeadm-aio/assets/entrypoint.sh
@ -18,12 +18,10 @@ set -e
 if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then
 : ${TTL:="10m"}
 DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')"
-TLS_BOOTSTRAP_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages authentication --groups \"system:bootstrappers:kubeadm:default-node-token\")"
 DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')"
 API_SERVER=$(cat /etc/kubernetes/admin.conf | python -c "import sys, yaml; print yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop()")
 exec echo "kubeadm join \
--tls-bootstrap-token ${TLS_BOOTSTRAP_TOKEN} \
--discovery-token ${DISCOVERY_TOKEN} \
+--token ${DISCOVERY_TOKEN} \
 --discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \
 ${API_SERVER}"
 elif [ "x${ACTION}" == "xjoin-kube" ]; then
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
@ -43,53 +43,53 @@
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | certs | etcd-ca
-      command: kubeadm alpha phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | etcd-server
-      command: kubeadm alpha phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | etcd-peer
-      command: kubeadm alpha phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | etcd-healthcheck-client
-      command: kubeadm alpha phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | ca
-      command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver
-      command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver-etcd-client
-      command: kubeadm alpha phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver-kubelet-client
-      command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | sa
-      command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs sa
    - name: master | deploy | certs | front-proxy-ca
-      command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | front-proxy-client
-      command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating kubeconfigs
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | kubeconfig | admin
-      command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | kubelet
-      command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | controller-manager
-      command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | scheduler
-      command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating etcd static manifest
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating controlplane static manifests
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | controlplane | apiserver
-      command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | controlplane | controller-manager
-      command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | controlplane | scheduler
-      command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: wait for kube components
  delegate_to: 127.0.0.1
@ -118,7 +118,7 @@

 - name: deploying kube-proxy
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - include_tasks: helm-cni.yaml

@ -142,17 +142,19 @@
  when: k8s.keystoneAuth|bool == true
 - include_tasks: helm-deploy.yaml

- name: uploading cluster config to api
+- name: uploading kubeadm config
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase upload-config kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+
+- name: uploading kubelet config
+  delegate_to: 127.0.0.1
+  command: kubeadm init phase upload-config kubelet --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating bootstrap-token objects
  delegate_to: 127.0.0.1
  block:
-    - name: master | deploy | bootstrap-token | allow-post-csrs
-      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
-    - name: master | deploy | bootstrap-token | allow-auto-approve
-      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve
+    - name: master | deploy | bootstrap-token
+      command: kubeadm init phase bootstrap-token --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf

 - name: generating bootstrap-token objects
  delegate_to: 127.0.0.1
@ -209,7 +211,7 @@
 - name: converting the cluster to be selfhosted
  when: k8s.selfHosted|bool == true
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: setting up kubectl client and kubeadm on host
  block:
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
@ -1,49 +1,38 @@
 #jinja2: trim_blocks:False
-apiVersion: kubeadm.k8s.io/v1alpha1
-kind: MasterConfiguration
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
 kubernetesVersion: {{ k8s.kubernetesVersion }}
 imageRepository: {{ k8s.imageRepository }}
-nodeName: {{ kubeadm_node_hostname }}
-api:
-  advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
-  bindPort: {{ k8s.api.bindPort }}
-# etcd:
-#   endpoints:
-#   - <endpoint1|string>
-#   - <endpoint2|string>
-#   caFile: <path|string>
-#   certFile: <path|string>
-#   keyFile: <path|string>
-#   dataDir: <path|string>
-#   extraArgs:
-#     <argument>: <value|string>
-#     <argument>: <value|string>
-#   image: <string>
 networking:
  dnsDomain: {{ k8s.networking.dnsDomain }}
  podSubnet: {{ k8s.networking.podSubnet }}
  serviceSubnet: {{ k8s.networking.serviceSubnet }}
-#cloudProvider: <string>
-authorizationModes:
- Node
- RBAC
-token: {{ kubeadm_bootstrap_token }}
-tokenTTL: 24h0m0s
-selfHosted: {{ k8s.selfHosted }}
-apiServerExtraArgs:
-  service-node-port-range: "1024-65535"
-  feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
-controllerManagerExtraArgs:
-  address: "0.0.0.0"
-  port: "10252"
+apiServer:
+  extraArgs:
+    service-node-port-range: "1024-65535"
+    feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
+controllerManager:
+  extraArgs:
+    address: "0.0.0.0"
+    port: "10252"
+    feature-gates: "PodShareProcessNamespace=true"
+scheduler:
+  extraArgs:
+    address: "0.0.0.0"
+    port: "10251"
  feature-gates: "PodShareProcessNamespace=true"
-#   <argument>: <value|string>
-schedulerExtraArgs:
-  address: "0.0.0.0"
-  port: "10251"
-  feature-gates: "PodShareProcessNamespace=true"
-# apiServerCertSANs:
-# - <name1|string>
-# - <name2|string>
 certificatesDir: {{ k8s.certificatesDir }}
-#unifiedControlPlaneImage: <string>
+---
+apiVersion: kubeadm.k8s.io/v1beta1
+localAPIEndpoint:
+  advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
+  bindPort: {{ k8s.api.bindPort }}
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: {{ kubeadm_bootstrap_token }}
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
@ -4,10 +4,9 @@ Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manife
 Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}"
 Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf"
 Environment="KUBELET_AUTHZ_ARGS=--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
-Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
 Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
 Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
 Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=MountPropagation=true --feature-gates=PodShareProcessNamespace=true"
 #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
@ -34,7 +34,7 @@ all:
    helm:
      tiller_image: gcr.io/kubernetes-helm/tiller:v2.7.0
    k8s:
-      kubernetesVersion: v1.9.1
+      kubernetesVersion: v1.13.4
      imageRepository: gcr.io/google_containers
      certificatesDir: /etc/kubernetes/pki
      selfHosted: false