diff --git a/manifests/config/kubeadm.pp b/manifests/config/kubeadm.pp index f4a24958..70394667 100644 --- a/manifests/config/kubeadm.pp +++ b/manifests/config/kubeadm.pp @@ -63,6 +63,7 @@ Integer $conntrack_min = $kubernetes::conntrack_min, String $conntrack_tcp_wait_timeout = $kubernetes::conntrack_tcp_wait_timeout, String $conntrack_tcp_stablished_timeout = $kubernetes::conntrack_tcp_stablished_timeout, + Hash[String[1], Boolean] $feature_gates = $kubernetes::feature_gates, ) { if !($proxy_mode in ['', 'userspace', 'iptables', 'ipvs', 'kernelspace']) { fail('Invalid kube-proxy mode! Must be one of "", userspace, iptables, ipvs, kernelspace.') @@ -167,10 +168,11 @@ $kubelet_extra_config_alpha1_yaml = regsubst(to_yaml($kubelet_extra_config_alpha1), '^---\n', '') $config_version = $kubernetes_version ? { - /1\.1(0|1)/ => 'v1alpha1', - /1\.12/ => 'v1alpha3', - /1\.1(3|4|5\.[012])/ => 'v1beta1', - default => 'v1beta2', + /1\.1(0|1)/ => 'v1alpha1', + /1\.12/ => 'v1alpha3', + /1\.1(3|4|5\.[012])/ => 'v1beta1', + /1\.(16|17|18|19|20|21)/ => 'v1beta2', + default => 'v1beta3', } file { $config_file: diff --git a/manifests/config/worker.pp b/manifests/config/worker.pp index 8b0dbef5..7ef26718 100644 --- a/manifests/config/worker.pp +++ b/manifests/config/worker.pp @@ -19,14 +19,16 @@ Optional[Array] $ignore_preflight_errors = undef, Boolean $skip_ca_verification = false, String $cgroup_driver = $kubernetes::cgroup_driver, + Optional[Array] $skip_phases_join = $kubernetes::skip_phases_join, ) { # to_yaml emits a complete YAML document, so we must remove the leading '---' $kubelet_extra_config_yaml = regsubst(to_yaml($kubelet_extra_config), '^---\n', '') $template = $kubernetes_version ? { - /1\.12/ => 'v1alpha3', - /1\.1(3|4|5\.[012])/ => 'v1beta1', - default => 'v1beta2', + /1\.12/ => 'v1alpha3', + /1\.1(3|4|5\.[012])/ => 'v1beta1', + /1\.(16|17|18|19|20|21)/ => 'v1beta2', + default => 'v1beta3', } file { '/etc/kubernetes': diff --git a/manifests/init.pp b/manifests/init.pp index 1f0b1967..2a1db528 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -522,6 +522,17 @@ # Allow kubeadm init skip some phases # Default: none phases skipped # +# [*skip_phases_join*] +# Allow kubeadm join to skip some phases +# Only works with Kubernetes 1.22+ +# Default: no phases skipped +# +# [*feature_gates*] +# Feature gate hash to be added to kubeadm configuration +# Example: +# {'RootlessControlPlane' => true} +# Default: undefined, no feature gates +# # Authors # ------- # @@ -671,6 +682,7 @@ Stdlib::IP::Address $metrics_bind_address = '127.0.0.1', Optional[String] $join_discovery_file = undef, Optional[String] $skip_phases = undef, + Optional[Array] $skip_phases_join = undef, Integer $conntrack_max_per_core = 32768, Integer $conntrack_min = 131072, String $conntrack_tcp_wait_timeout = '1h0m0s', @@ -678,6 +690,7 @@ String $tmp_directory = '/var/tmp/puppetlabs-kubernetes', Integer $wait_for_default_sa_tries = 5, Integer $wait_for_default_sa_try_sleep = 6, + Hash[String[1], Boolean] $feature_gates = {}, ) { if !$facts['os']['family'] in ['Debian', 'RedHat'] { notify { "The OS family ${facts['os']['family']} is not supported by this module": } diff --git a/spec/acceptance/kubernetes_spec.rb b/spec/acceptance/kubernetes_spec.rb index 54144932..23a8dc58 100644 --- a/spec/acceptance/kubernetes_spec.rb +++ b/spec/acceptance/kubernetes_spec.rb @@ -13,8 +13,8 @@ pp = <<-MANIFEST if $facts['os']['family'] == 'redhat'{ class {'kubernetes': - kubernetes_version => '1.20.6', - kubernetes_package_version => '1.20.6', + kubernetes_version => '1.22.0', + kubernetes_package_version => '1.22.0', controller_address => "$::ipaddress:6443", container_runtime => 'docker', manage_docker => false, diff --git a/templates/v1beta3/config_kubeadm.yaml.erb b/templates/v1beta3/config_kubeadm.yaml.erb new file mode 100644 index 00000000..37c06432 --- /dev/null +++ b/templates/v1beta3/config_kubeadm.yaml.erb @@ -0,0 +1,154 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: <%= @token %> + ttl: <%= @ttl_duration %> + usages: + - signing + - authentication +kind: InitConfiguration +localAPIEndpoint: + advertiseAddress: <%= @kube_api_advertise_address %> + bindPort: <%= @kube_api_bind_port %> +nodeRegistration: + name: <%= @node_name %> + <%- if @container_runtime == "cri_containerd" -%> + criSocket: unix:///run/containerd/containerd.sock + <%- end -%> + taints: + - effect: NoSchedule + key: node-role.kubernetes.io/master + kubeletExtraArgs: + cgroup-driver: <%= @cgroup_driver %> + <%- if @cloud_provider -%> + cloud-provider: <%= @cloud_provider %> + <%- end -%> + <%- if @cloud_config -%> + cloud-config: <%= @cloud_config %> + <%- end -%> + <%- @kubelet_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +<% if @skip_phases -%> +skipPhases: +<% @skip_phases.split(',').each do |skip_phase| -%> +- <%= skip_phase %> +<% end -%> +<% end -%> +--- +apiServer: + timeoutForControlPlane: 4m0s +<%- if @apiserver_cert_extra_sans -%> + certSANs: + <%- @apiserver_cert_extra_sans.each do |san| -%> + - <%= san %> + <%- end -%> +<%- end -%> +<%- if @apiserver_merged_extra_arguments -%> + extraArgs: + <%- @apiserver_merged_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +<%- end -%> +<%- if @apiserver_merged_extra_volumes -%> + extraVolumes: + <%- @apiserver_merged_extra_volumes.each do |name, config| -%> + - name: <%= name %> + hostPath: <%= config['hostPath'] %> + mountPath: <%= config['mountPath'] %> + readOnly: <%= config['readOnly'] %> + pathType: <%= config['pathType'] %> + <%- end -%> +<%- end -%> +apiVersion: kubeadm.k8s.io/v1beta3 +certificatesDir: /etc/kubernetes/pki +<%- if @kubernetes_cluster_name != "kubernetes" -%> +clusterName: <%= @kubernetes_cluster_name %> +<%- end -%> +controlPlaneEndpoint: "<%= @controller_address %>" +controllerManager: +<%- if @controllermanager_merged_extra_arguments -%> + extraArgs: + <%- @controllermanager_merged_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +<%- end -%> +<%- if @controllermanager_merged_extra_volumes -%> + extraVolumes: + <%- @controllermanager_merged_extra_volumes.each do |name, config| -%> + - name: <%= name %> + hostPath: <%= config['hostPath'] %> + mountPath: <%= config['mountPath'] %> + readOnly: <%= config['readOnly'] %> + pathType: <%= config['pathType'] %> + <%- end -%> +<%- end -%> +scheduler: +<%- if @scheduler_merged_extra_arguments -%> + extraArgs: + <%- @scheduler_merged_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +<%- end -%> +etcd: + external: + caFile: /etc/kubernetes/pki/etcd/ca.crt + certFile: /etc/kubernetes/pki/etcd/client.crt + endpoints: +<% @etcd_peers.each do |peer| -%> + - https://<%= peer %>:2379 +<% end -%> + keyFile: /etc/kubernetes/pki/etcd/client.key +imageRepository: <%= @image_repository %> +<% unless @feature_gates.empty? -%> +featureGates: +<% @feature_gates.each_pair do |key,value| -%> + <%= key %>: <%= value %> +<% end -%> +<% end -%> +kind: ClusterConfiguration +kubernetesVersion: v<%= @kubernetes_version %> +networking: + dnsDomain: <%= @dns_domain %> + podSubnet: <%= @cni_pod_cidr %> + serviceSubnet: <%= @service_cidr %> +<%- if @kubeadm_extra_config -%> +<%= @kubeadm_extra_config_yaml %> +<%- end -%> +--- +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +bindAddress: 0.0.0.0 +clientConnection: + acceptContentTypes: "" + burst: 10 + contentType: application/vnd.kubernetes.protobuf + kubeconfig: /var/lib/kube-proxy/kubeconfig.conf + qps: 5 +clusterCIDR: <%= @cni_pod_cidr %> +configSyncPeriod: 15m0s +conntrack: + maxPerCore: <%= @conntrack_max_per_core %> + min: <%= @conntrack_min %> + tcpCloseWaitTimeout: <%= @conntrack_tcp_wait_timeout %> + tcpEstablishedTimeout: <%= @conntrack_tcp_stablished_timeout %> +enableProfiling: false +healthzBindAddress: 0.0.0.0:10256 +hostnameOverride: "" +iptables: + masqueradeAll: false + masqueradeBit: 14 + minSyncPeriod: 0s + syncPeriod: 30s +ipvs: + excludeCIDRs: null + minSyncPeriod: 0s + scheduler: "" + syncPeriod: 30s +kind: KubeProxyConfiguration +metricsBindAddress: <%= @metrics_bind_address %>:10249 +mode: "<%= @proxy_mode %>" +nodePortAddresses: null +oomScoreAdj: -999 +portRange: "" +udpIdleTimeout: 250ms diff --git a/templates/v1beta3/config_worker.yaml.erb b/templates/v1beta3/config_worker.yaml.erb new file mode 100644 index 00000000..cc758e52 --- /dev/null +++ b/templates/v1beta3/config_worker.yaml.erb @@ -0,0 +1,40 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +caCertPath: /etc/kubernetes/pki/ca.crt +kind: JoinConfiguration +<%- if @kubernetes_cluster_name != "kubernetes" -%> +clusterName: <%= @kubernetes_cluster_name %> +<%- end -%> +discovery: + timeout: 5m0s + bootstrapToken: + token: <%= @discovery_token %> + apiServerEndpoint: '<%= @controller_address %>' + unsafeSkipCAVerification: false + caCertHashes: + - 'sha256:<%= @discovery_token_hash %>' +nodeRegistration: + name: <%= @node_name %> + <%- if @container_runtime == "cri_containerd" -%> + criSocket: unix:///run/containerd/containerd.sock + taints: null + <%- end -%> + kubeletExtraArgs: + cgroup-driver: <%= @cgroup_driver %> + <%- if @cloud_provider -%> + cloud-provider: <%= @cloud_provider %> + <%- if @cloud_config -%> + cloud-config: <%= @cloud_config %> + <%- end -%> + <%- end -%> + <%- @kubelet_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end %> +<% if @feature_gates -%> +featureGates: <%= @feature_gates %> +<% end -%> +<% if @skip_phases_join -%> +skipPhases: +<% @skip_phases_join.each do |skip_phase| -%> +- <%= skip_phase %> +<% end -%> +<% end -%>