ansible-role-kubernetes icon indicating copy to clipboard operation
ansible-role-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

Ensure Kubelet is stopped before kubeadm join command

Open rbaxende opened this issue 1 year ago • 6 comments

This change ensures that the kublet is in a stopped state before running the kubeadm join commands. This prevents preflight errors such as "Port 10250 is in use", e.g.:

Screenshot 2024-03-07 at 10 16 41 AM

This is occurring on at least Ubuntu 20 in AWS. The issue is that kubelet is running and already using port 10250 before the kubeadm join command is executed. Then, when the command is executed, it sees port 10250 is already in use by something and fails. And although it is the kubelet itself that is using the port, kubeadm doesn't seem smart enough to realize that.

I understand that I can set kubernetes_join_command_extra_opts: "--ignore-preflight-errors=all" to work around this issue, but I'd rather not ignore all preflight checks if possible. There's really no need to start the kubelet the way it is currently being done.

rbaxende avatar Mar 07 '24 15:03 rbaxende

This change breaks the role's idempotence, however—it forces the service to be stopped any time it runs...

geerlingguy avatar Mar 07 '24 17:03 geerlingguy

@geerlingguy I don't think that's true....or the Ansible docs are wrong. From here: "started/stopped are idempotent actions that will not run commands unless necessary."

rbaxende avatar Mar 07 '24 17:03 rbaxende

I'm looking at the CI job for this branch (see the checks listed at the bottom of this PR), which is showing up as having idempotence tests failing with this change: https://github.com/geerlingguy/ansible-role-kubernetes/actions/runs/8190549299/job/22397750385?pr=154#step:5:436

geerlingguy avatar Mar 07 '24 19:03 geerlingguy

How exactly does that test work? The Ansible docs say otherwise with regards to idempotency. Additionally, how would a test like that even work for some of those tasks that can never be idempotent, e.g. using the shell task?

Would you prefer that I put a changed_when: false on that task? That should solve the test failure I would assume.

rbaxende avatar Mar 11 '24 14:03 rbaxende

@rbaxende, please look at this, as I believe it solves the current issue and addresses the idempotency concerns. Feel free to use this for the PR

https://github.com/rothman857/ansible-role-kubernetes/blob/update/tasks/node-setup.yml

rothman857 avatar Mar 18 '24 18:03 rothman857

This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

github-actions[bot] avatar Jul 21 '24 03:07 github-actions[bot]

This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

github-actions[bot] avatar Sep 22 '24 03:09 github-actions[bot]