Ensure Kubelet is stopped before kubeadm join command #154
Conversation
|
This change breaks the role's idempotence, however—it forces the service to be stopped any time it runs... |
|
@geerlingguy I don't think that's true....or the Ansible docs are wrong. From here: "started/stopped are idempotent actions that will not run commands unless necessary." |
|
I'm looking at the CI job for this branch (see the checks listed at the bottom of this PR), which is showing up as having idempotence tests failing with this change: https://github.com/geerlingguy/ansible-role-kubernetes/actions/runs/8190549299/job/22397750385?pr=154#step:5:436 |
|
How exactly does that test work? The Ansible docs say otherwise with regards to idempotency. Additionally, how would a test like that even work for some of those tasks that can never be idempotent, e.g. using the Would you prefer that I put a |
|
@rbaxende, please look at this, as I believe it solves the current issue and addresses the idempotency concerns. Feel free to use this for the PR https://github.com/rothman857/ansible-role-kubernetes/blob/update/tasks/node-setup.yml |
This change ensures that the kublet is in a stopped state before running the kubeadm join commands. This prevents preflight errors such as "Port 10250 is in use", e.g.:
This is occurring on at least Ubuntu 20 in AWS. The issue is that kubelet is running and already using port 10250 before the kubeadm join command is executed. Then, when the command is executed, it sees port 10250 is already in use by something and fails. And although it is the kubelet itself that is using the port, kubeadm doesn't seem smart enough to realize that.
I understand that I can set
kubernetes_join_command_extra_opts: "--ignore-preflight-errors=all"to work around this issue, but I'd rather not ignore all preflight checks if possible. There's really no need to start the kubelet the way it is currently being done.