Merge "Update kubeadm kubernetes version to 1.13.4"

2019-03-20 02:28:35 +00:00 · 2019-03-20 02:28:35 +00:00 · e97faaaf0f
commit e97faaaf0f
parent 838fdc08e6 e247b6faf1
8 changed files with 64 additions and 76 deletions
--- a/roles/build-images/defaults/main.yml
+++ b/roles/build-images/defaults/main.yml
@ -13,7 +13,7 @@
 # limitations under the License.

 version:
-  kubernetes: v1.10.9
+  kubernetes: v1.13.4
  helm: v2.13.0
  cni: v0.6.0

--- a/tools/deployment/common/005-deploy-k8s.sh
+++ b/tools/deployment/common/005-deploy-k8s.sh
@ -18,7 +18,7 @@
 set -xe

 : ${HELM_VERSION:="v2.13.0"}
-: ${KUBE_VERSION:="v1.12.2"}
+: ${KUBE_VERSION:="v1.13.4"}
 : ${MINIKUBE_VERSION:="v0.30.0"}
 : ${CALICO_VERSION:="v3.3"}

--- a/tools/images/kubeadm-aio/Dockerfile
+++ b/tools/images/kubeadm-aio/Dockerfile
@ -34,7 +34,7 @@ ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL}
 ARG GOOGLE_HELM_REPO_URL=https://storage.googleapis.com/kubernetes-helm
 ENV GOOGLE_HELM_REPO_URL ${GOOGLE_HELM_REPO_URL}

-ARG KUBE_VERSION="v1.10.9"
+ARG KUBE_VERSION="v1.13.4"
 ENV KUBE_VERSION ${KUBE_VERSION}

 ARG CNI_VERSION="v0.6.0"
--- a/tools/images/kubeadm-aio/assets/entrypoint.sh
+++ b/tools/images/kubeadm-aio/assets/entrypoint.sh
@ -18,12 +18,10 @@ set -e
 if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then
 : ${TTL:="10m"}
 DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')"
-TLS_BOOTSTRAP_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages authentication --groups \"system:bootstrappers:kubeadm:default-node-token\")"
 DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')"
 API_SERVER=$(cat /etc/kubernetes/admin.conf | python -c "import sys, yaml; print yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop()")
 exec echo "kubeadm join \
--tls-bootstrap-token ${TLS_BOOTSTRAP_TOKEN} \
--discovery-token ${DISCOVERY_TOKEN} \
+--token ${DISCOVERY_TOKEN} \
 --discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \
 ${API_SERVER}"
 elif [ "x${ACTION}" == "xjoin-kube" ]; then
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
@ -43,53 +43,53 @@
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | certs | etcd-ca
-      command: kubeadm alpha phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | etcd-server
-      command: kubeadm alpha phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | etcd-peer
-      command: kubeadm alpha phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | etcd-healthcheck-client
-      command: kubeadm alpha phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | ca
-      command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver
-      command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver-etcd-client
-      command: kubeadm alpha phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver-kubelet-client
-      command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | sa
-      command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs sa
    - name: master | deploy | certs | front-proxy-ca
-      command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | front-proxy-client
-      command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating kubeconfigs
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | kubeconfig | admin
-      command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | kubelet
-      command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | controller-manager
-      command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | scheduler
-      command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating etcd static manifest
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating controlplane static manifests
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | controlplane | apiserver
-      command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | controlplane | controller-manager
-      command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | controlplane | scheduler
-      command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: wait for kube components
  delegate_to: 127.0.0.1
@ -118,7 +118,7 @@

 - name: deploying kube-proxy
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - include_tasks: helm-cni.yaml

@ -142,17 +142,19 @@
  when: k8s.keystoneAuth|bool == true
 - include_tasks: helm-deploy.yaml

- name: uploading cluster config to api
+- name: uploading kubeadm config
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase upload-config kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+
+- name: uploading kubelet config
+  delegate_to: 127.0.0.1
+  command: kubeadm init phase upload-config kubelet --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: generating bootstrap-token objects
  delegate_to: 127.0.0.1
  block:
-    - name: master | deploy | bootstrap-token | allow-post-csrs
-      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
-    - name: master | deploy | bootstrap-token | allow-auto-approve
-      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve
+    - name: master | deploy | bootstrap-token
+      command: kubeadm init phase bootstrap-token --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf

 - name: generating bootstrap-token objects
  delegate_to: 127.0.0.1
@ -209,7 +211,7 @@
 - name: converting the cluster to be selfhosted
  when: k8s.selfHosted|bool == true
  delegate_to: 127.0.0.1
-  command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

 - name: setting up kubectl client and kubeadm on host
  block:
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
@ -1,49 +1,38 @@
 #jinja2: trim_blocks:False
-apiVersion: kubeadm.k8s.io/v1alpha1
-kind: MasterConfiguration
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
 kubernetesVersion: {{ k8s.kubernetesVersion }}
 imageRepository: {{ k8s.imageRepository }}
-nodeName: {{ kubeadm_node_hostname }}
-api:
-  advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
-  bindPort: {{ k8s.api.bindPort }}
-# etcd:
-#   endpoints:
-#   - <endpoint1|string>
-#   - <endpoint2|string>
-#   caFile: <path|string>
-#   certFile: <path|string>
-#   keyFile: <path|string>
-#   dataDir: <path|string>
-#   extraArgs:
-#     <argument>: <value|string>
-#     <argument>: <value|string>
-#   image: <string>
 networking:
  dnsDomain: {{ k8s.networking.dnsDomain }}
  podSubnet: {{ k8s.networking.podSubnet }}
  serviceSubnet: {{ k8s.networking.serviceSubnet }}
-#cloudProvider: <string>
-authorizationModes:
- Node
- RBAC
-token: {{ kubeadm_bootstrap_token }}
-tokenTTL: 24h0m0s
-selfHosted: {{ k8s.selfHosted }}
-apiServerExtraArgs:
-  service-node-port-range: "1024-65535"
-  feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
-controllerManagerExtraArgs:
-  address: "0.0.0.0"
-  port: "10252"
+apiServer:
+  extraArgs:
+    service-node-port-range: "1024-65535"
+    feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
+controllerManager:
+  extraArgs:
+    address: "0.0.0.0"
+    port: "10252"
+    feature-gates: "PodShareProcessNamespace=true"
+scheduler:
+  extraArgs:
+    address: "0.0.0.0"
+    port: "10251"
  feature-gates: "PodShareProcessNamespace=true"
-#   <argument>: <value|string>
-schedulerExtraArgs:
-  address: "0.0.0.0"
-  port: "10251"
-  feature-gates: "PodShareProcessNamespace=true"
-# apiServerCertSANs:
-# - <name1|string>
-# - <name2|string>
 certificatesDir: {{ k8s.certificatesDir }}
-#unifiedControlPlaneImage: <string>
+---
+apiVersion: kubeadm.k8s.io/v1beta1
+localAPIEndpoint:
+  advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
+  bindPort: {{ k8s.api.bindPort }}
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: {{ kubeadm_bootstrap_token }}
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
@ -4,10 +4,9 @@ Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manife
 Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}"
 Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf"
 Environment="KUBELET_AUTHZ_ARGS=--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
-Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
 Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
 Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
 Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=MountPropagation=true --feature-gates=PodShareProcessNamespace=true"
 #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
@ -34,7 +34,7 @@ all:
    helm:
      tiller_image: gcr.io/kubernetes-helm/tiller:v2.7.0
    k8s:
-      kubernetesVersion: v1.9.1
+      kubernetesVersion: v1.13.4
      imageRepository: gcr.io/google_containers
      certificatesDir: /etc/kubernetes/pki
      selfHosted: false