Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 2.15 #35

Merged
merged 49 commits into from
May 3, 2021
Merged
Changes from 1 commit
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
f26cc9f
Only use stat get_checksum: yes when needed (#7270)
champtar Feb 10, 2021
53b9388
Add kube-ipvs0/nodelocaldns to NetworkManager unmanaged-devices (#7315)
champtar Mar 3, 2021
3c8ad07
Stop using kubeadm to update server in kubeconfigs (#7338)
champtar Mar 3, 2021
f4d3a4a
kubeadm-config.v1beta2.yaml.j2: etcd log level arg (#7339)
dujiulun Mar 3, 2021
1216a0d
Remove pre kubeadm cert migration tasks
champtar Mar 3, 2021
76a1697
Remove useless call to 'kubeadm version'
champtar Mar 3, 2021
591a51a
Remove admin.conf removal
champtar Mar 3, 2021
9ecbf75
Remove rotate_tokens logic
champtar Mar 3, 2021
8c693e8
Always backup both certs and kubeconfig
champtar Mar 3, 2021
704a054
Delete misnammed kubeadm-version.yml
champtar Mar 3, 2021
01e527a
Add privileged_without_host_devices support (#7343)
electrocucaracha Mar 8, 2021
0ea4328
ansible and jinja2 updates (#7357)
maciejaszek Mar 8, 2021
c22915a
Fixup kubelet.conf to point to kubelet-client-current.pem (#7347)
champtar Mar 9, 2021
ac1aa4d
Check for dummy kernel module (#7348)
Mar 9, 2021
bac71fa
Fixup one more missing kubespray-defaults (#7375)
champtar Mar 15, 2021
c1c7204
Upgrade openSUSE Leap to 15.2 (#7331)
maciejaszek Mar 17, 2021
d74dcfd
Update kube-ovn to 1.6.0 (#7240)
floryut Feb 10, 2021
df00b1d
Minor update to cilium and calico
floryut Feb 18, 2021
5e4f3ca
Update nodelocaldns to 1.17.1
floryut Mar 15, 2021
e12850b
Download Calico KDD CRDs (#7372)
mirwan Mar 19, 2021
cd46286
Update CNI (calico, kubeovn, multus) and Helm
floryut Mar 16, 2021
eb8dd77
Fix calico crds missing 3.16.9 (#7386)
floryut Mar 19, 2021
c1a686b
Update hashes for 1.20.5/1.19.9/1.18.17
floryut Mar 18, 2021
4e52da6
Set K8S default to v1.19.9
champtar Mar 22, 2021
b19d109
Auto renew control plane certificates (#7358)
champtar Mar 22, 2021
44d1f83
Add cryptography installation (#7404)
oomichi Mar 25, 2021
65aa921
Allow connecting to bastion via non-standard SSH port (#7396)
belak Mar 26, 2021
b0b5696
Correct Jinja Syntax for etcd-unsupported-arch (#6919)
anthr76 Mar 26, 2021
0f7b936
Fix k8s-certs-renew for k8s < 1.20 (#7410)
champtar Mar 26, 2021
26183c2
Remove ignore_errors from drain tasks and enable retires (#7151)
dlouks Jan 15, 2021
e7f8d5a
Fix remove-node by removing jq usage (#7405)
champtar Mar 26, 2021
ba1d3dc
Remove left over nodes_to_drain
champtar Mar 26, 2021
4661e7d
remove local lb privileged (#7437) (#7454)
bleech1 Apr 7, 2021
0bb0f4d
Add new kubernetes hashes (1.19.10, 1.20.6)
floryut Apr 15, 2021
58b9265
Default to latest kubernetes patch version (1.19.10)
Xartos Apr 16, 2021
45a92e4
Update k8s-certs-renew.sh.j2 (#7422)
hjanuschka Mar 31, 2021
0e67e28
reset roles need flush iptables:raw (#7426)
liupeng0518 Apr 5, 2021
16c750b
Remove calico-rr from local inventory hosts file (#7439)
lodow Apr 5, 2021
5cf0de6
Replace deprecated 'with_dict' with 'loop' (#7442)
floryut Apr 5, 2021
3e8e92b
local provisioner 'useNodeNameOnly' option can be configured (#7421)
orange-llajeanne Apr 1, 2021
ce1fdb8
fix scale (#7449)
liupeng0518 Apr 7, 2021
383b2fc
remove-node roles: fix kubectl absolute path (#7469)
liupeng0518 Apr 8, 2021
7cf6f3f
add CI test for auto_renew_certificates (#7472)
LuckySB Apr 9, 2021
2100d33
Remove dead code from kubeadm-etcd (#7470)
floryut Apr 9, 2021
65fafae
format ansible output (#7482)
liupeng0518 Apr 11, 2021
6f9f450
Regenerate apiserver.crt on all control-plane nodes (#7463)
champtar Apr 12, 2021
e7fad82
Add auto_renew_certificates_systemd_calendar (#7490)
champtar Apr 12, 2021
9be0304
Check if python netaddr and recent enough jinja are installed (#7486)
champtar Apr 13, 2021
82e9009
Add missing proxy environment in crio_repo.yml (#7492)
krystianmlynek Apr 13, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Only use stat get_checksum: yes when needed (kubernetes-sigs#7270)
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <[email protected]>
(cherry picked from commit de1d9df)

Conflicts:
	roles/etcd/tasks/check_certs.yml
  • Loading branch information
champtar authored and k8s-ci-robot committed Mar 15, 2021
commit f26cc9f75bfc82f3190cdf7ddce2b67a51b6a570
3 changes: 3 additions & 0 deletions roles/bootstrap-os/tasks/bootstrap-centos.yml
Original file line number Diff line number Diff line change
@@ -69,6 +69,9 @@
- name: Check presence of fastestmirror.conf
stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
get_attributes: no
get_checksum: no
get_mime: no
register: fastestmirror

# the fastestmirror plugin can actually slow down Ansible deployments
3 changes: 3 additions & 0 deletions roles/bootstrap-os/tasks/bootstrap-opensuse.yml
Original file line number Diff line number Diff line change
@@ -4,6 +4,9 @@
- name: Check that /etc/sysconfig/proxy file exists
stat:
path: /etc/sysconfig/proxy
get_attributes: no
get_checksum: no
get_mime: no
register: stat_result

- name: Create the /etc/sysconfig/proxy empty file
3 changes: 3 additions & 0 deletions roles/bootstrap-os/tasks/bootstrap-redhat.yml
Original file line number Diff line number Diff line change
@@ -85,6 +85,9 @@
- name: Check presence of fastestmirror.conf
stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
get_attributes: no
get_checksum: no
get_mime: no
register: fastestmirror

# the fastestmirror plugin can actually slow down Ansible deployments
3 changes: 3 additions & 0 deletions roles/container-engine/containerd/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_ostree
6 changes: 6 additions & 0 deletions roles/container-engine/cri-o/tasks/main.yaml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_ostree
@@ -94,6 +97,9 @@
- name: Check if already installed
stat:
path: "/bin/crio"
get_attributes: no
get_checksum: no
get_mime: no
register: need_bootstrap_crio
when: is_ostree

3 changes: 3 additions & 0 deletions roles/container-engine/crun/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -9,6 +9,9 @@
- name: Check if binary exists
stat:
path: "{{ crun_bin_dir }}/crun"
get_attributes: no
get_checksum: no
get_mime: no
register: crun_stat

# TODO: use download_file.yml
3 changes: 3 additions & 0 deletions roles/container-engine/docker/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_ostree
3 changes: 3 additions & 0 deletions roles/download/tasks/download_container.yml
Original file line number Diff line number Diff line change
@@ -24,6 +24,9 @@
- name: download_container | Determine if image is in cache
stat:
path: "{{ image_path_cached }}"
get_attributes: no
get_checksum: no
get_mime: no
delegate_to: localhost
connection: local
delegate_facts: no
3 changes: 3 additions & 0 deletions roles/etcd/handlers/backup.yml
Original file line number Diff line number Diff line change
@@ -29,6 +29,9 @@
- name: Stat etcd v2 data directory
stat:
path: "{{ etcd_data_dir }}/member"
get_attributes: no
get_checksum: no
get_mime: no
register: etcd_data_dir_member

- name: Backup etcd v2 data
3 changes: 3 additions & 0 deletions roles/etcd/tasks/check_certs.yml
Original file line number Diff line number Diff line change
@@ -17,6 +17,9 @@
- name: "Check certs | check if a cert already exists on node"
stat:
path: "{{ etcd_cert_dir }}/{{ item }}"
get_attributes: no
get_checksum: yes
get_mime: no
register: etcdcert_node
with_items:
- ca.pem
6 changes: 6 additions & 0 deletions roles/etcdctl/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -9,6 +9,9 @@
- name: Check if etcdctl exist
stat:
path: "{{ bin_dir }}/etcdctl"
get_attributes: no
get_checksum: no
get_mime: no
register: stat_etcdctl

- block:
@@ -28,6 +31,9 @@
- name: Check if etcdctl still exist after version check
stat:
path: "{{ bin_dir }}/etcdctl"
get_attributes: no
get_checksum: no
get_mime: no
register: stat_etcdctl

- block:
3 changes: 3 additions & 0 deletions roles/kubernetes-apps/helm/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -17,6 +17,9 @@
- name: Check if bash_completion.d folder exists # noqa 503
stat:
path: "/etc/bash_completion.d/"
get_attributes: no
get_checksum: no
get_mime: no
register: stat_result

- name: Get helm completion
6 changes: 6 additions & 0 deletions roles/kubernetes/kubeadm/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -13,11 +13,17 @@
- name: Check if kubelet.conf exists
stat:
path: "{{ kube_config_dir }}/kubelet.conf"
get_attributes: no
get_checksum: no
get_mime: no
register: kubelet_conf

- name: Check if kubeadm CA cert is accessible
stat:
path: "{{ kube_cert_dir }}/ca.crt"
get_attributes: no
get_checksum: no
get_mime: no
register: kubeadm_ca_stat
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
3 changes: 3 additions & 0 deletions roles/kubernetes/master/tasks/encrypt-at-rest.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: Check if secret for encrypting data at rest already exist
stat:
path: "{{ kube_cert_dir }}/secrets_encryption.yaml"
get_attributes: no
get_checksum: no
get_mime: no
register: secrets_encryption_file

- name: Slurp secrets_encryption file if it exists
12 changes: 12 additions & 0 deletions roles/kubernetes/master/tasks/kubeadm-setup.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: kubeadm | Check if old apiserver cert exists on host
stat:
path: "{{ kube_cert_dir }}/apiserver.pem"
get_attributes: no
get_checksum: no
get_mime: no
register: old_apiserver_cert
delegate_to: "{{ groups['kube-master'] | first }}"
run_once: true
@@ -24,12 +27,18 @@
- name: kubeadm | Check serviceaccount key
stat:
path: "{{ kube_cert_dir }}/sa.key"
get_attributes: no
get_checksum: yes
get_mime: no
register: sa_key_before
run_once: true

- name: kubeadm | Check if kubeadm has already run
stat:
path: "/var/lib/kubelet/config.yaml"
get_attributes: no
get_checksum: no
get_mime: no
register: kubeadm_already_run

- name: kubeadm | Delete old admin.conf
@@ -211,6 +220,9 @@
- name: kubeadm | Check serviceaccount key again
stat:
path: "{{ kube_cert_dir }}/sa.key"
get_attributes: no
get_checksum: yes
get_mime: no
register: sa_key_after
run_once: true

3 changes: 3 additions & 0 deletions roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
Original file line number Diff line number Diff line change
@@ -22,6 +22,9 @@
- name: haproxy | Get checksum from config
stat:
path: "{{ haproxy_config_dir }}/haproxy.cfg"
get_attributes: no
get_checksum: yes
get_mime: no
register: haproxy_stat

- name: haproxy | Write static pod
3 changes: 3 additions & 0 deletions roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
Original file line number Diff line number Diff line change
@@ -22,6 +22,9 @@
- name: nginx-proxy | Get checksum from config
stat:
path: "{{ nginx_config_dir }}/nginx.conf"
get_attributes: no
get_checksum: yes
get_mime: no
register: nginx_stat

- name: nginx-proxy | Write static pod
12 changes: 10 additions & 2 deletions roles/kubernetes/preinstall/handlers/main.yml
Original file line number Diff line number Diff line change
@@ -50,13 +50,21 @@

# FIXME(mattymo): Also restart for kubeadm mode
- name: Preinstall | kube-apiserver configured
stat: path="{{ kube_manifest_dir }}/kube-apiserver.manifest"
stat:
path: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
get_attributes: no
get_checksum: no
get_mime: no
register: kube_apiserver_set
when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'

# FIXME(mattymo): Also restart for kubeadm mode
- name: Preinstall | kube-controller configured
stat: path="{{ kube_manifest_dir }}/kube-controller-manager.manifest"
stat:
path: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
get_attributes: no
get_checksum: no
get_mime: no
register: kube_controller_set
when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'

15 changes: 15 additions & 0 deletions roles/kubernetes/preinstall/tasks/0040-set_facts.yml
Original file line number Diff line number Diff line change
@@ -9,6 +9,9 @@
- name: check if booted with ostree
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_fedora_coreos
@@ -59,6 +62,9 @@
- name: check if kubelet is configured
stat:
path: "{{ kube_config_dir }}/kubelet.env"
get_attributes: no
get_checksum: no
get_mime: no
register: kubelet_configured
changed_when: false

@@ -84,6 +90,9 @@
- name: check if /etc/dhclient.conf exists
stat:
path: /etc/dhclient.conf
get_attributes: no
get_checksum: no
get_mime: no
register: dhclient_stat

- name: target dhclient conf file for /etc/dhclient.conf
@@ -94,6 +103,9 @@
- name: check if /etc/dhcp/dhclient.conf exists
stat:
path: /etc/dhcp/dhclient.conf
get_attributes: no
get_checksum: no
get_mime: no
register: dhcp_dhclient_stat

- name: target dhclient conf file for /etc/dhcp/dhclient.conf
@@ -170,6 +182,9 @@
- name: check /usr readonly
stat:
path: "/usr"
get_attributes: no
get_checksum: no
get_mime: no
register: usr

- name: set alternate flexvolume path
3 changes: 3 additions & 0 deletions roles/kubernetes/preinstall/tasks/0050-create_directories.yml
Original file line number Diff line number Diff line change
@@ -46,6 +46,9 @@
- name: Check if kubernetes kubeadm compat cert dir exists
stat:
path: "{{ kube_cert_compat_dir }}"
get_attributes: no
get_checksum: no
get_mime: no
register: kube_cert_compat_dir_check
when:
- inventory_hostname in groups['k8s-cluster']
Original file line number Diff line number Diff line change
@@ -3,6 +3,9 @@
- name: Confirm selinux deployed
stat:
path: /etc/selinux/config
get_attributes: no
get_checksum: no
get_mime: no
when:
- ansible_os_family == "RedHat"
- "'Amazon' not in ansible_distribution"
@@ -36,6 +39,9 @@
- name: Stat sysctl file configuration
stat:
path: "{{ sysctl_file_path }}"
get_attributes: no
get_checksum: no
get_mime: no
register: sysctl_file_stat
tags:
- bootstrap-os
3 changes: 3 additions & 0 deletions roles/kubernetes/preinstall/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -92,6 +92,9 @@
- name: Check if we are running inside a Azure VM
stat:
path: /var/lib/waagent/
get_attributes: no
get_checksum: no
get_mime: no
register: azure_check
when:
- not dns_late
6 changes: 6 additions & 0 deletions roles/kubernetes/tokens/tasks/check-tokens.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: "Check_tokens | check if the tokens have already been generated on first master"
stat:
path: "{{ kube_token_dir }}/known_tokens.csv"
get_attributes: no
get_checksum: yes
get_mime: no
delegate_to: "{{ groups['kube-master'][0] }}"
register: known_tokens_master
run_once: true
@@ -20,6 +23,9 @@
- name: "Check tokens | check if a cert already exists"
stat:
path: "{{ kube_token_dir }}/known_tokens.csv"
get_attributes: no
get_checksum: yes
get_mime: no
register: known_tokens

- name: "Check_tokens | Set 'sync_tokens' to true"
3 changes: 3 additions & 0 deletions roles/network_plugin/calico/tasks/reset.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: reset | check dummy0 network device
stat:
path: /sys/class/net/dummy0
get_attributes: no
get_checksum: no
get_mime: no
register: dummy0

- name: reset | remove the network device created by calico
3 changes: 3 additions & 0 deletions roles/network_plugin/cilium/tasks/reset_iface.yml
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@
- name: "reset | check if network device {{ iface }} is present"
stat:
path: "/sys/class/net/{{ iface }}"
get_attributes: no
get_checksum: no
get_mime: no
register: device_remains

- name: "reset | remove network device {{ iface }}"
Loading