Test group membership with group_names

Testing for group membership with group names makes Kubespray more tolerant towards the structure of the inventory. Where 'inventory_hostname in groups["some_group"] would fail if "some_group" is not defined, '"some_group" in group_names' would not.
2026-02-28 09:39:12 +03:00 · 2024-09-21 14:09:09 +02:00
parent 89ff0710e9
commit 2ec1c93897
22 changed files with 60 additions and 60 deletions
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -243,5 +243,5 @@
  delegate_to: "{{ first_kube_control_plane }}"
  with_items:
    - "node-role.kubernetes.io/control-plane:NoSchedule-"
-  when: inventory_hostname in groups['kube_node']
+  when: ('kube_node' in group_names)
  failed_when: false
--- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
@@ -3,7 +3,7 @@
  uri:
    url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
    validate_certs: false
-  when: inventory_hostname in groups['kube_control_plane']
+  when: ('kube_control_plane' in group_names)
  register: _result
  retries: 60
  delay: 5
--- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
+++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
@@ -51,7 +51,7 @@
  register: "etcd_client_cert_serial_result"
  changed_when: false
  when:
-    - inventory_hostname in groups['k8s_cluster'] | union(groups['calico_rr'] | default([])) | unique | sort
+    - group_names | intersect(['k8s_cluster', 'calico_rr']) | length > 0
  tags:
    - network

--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -8,7 +8,7 @@
  tags:
    - kubeadm
  when:
-    - not inventory_hostname in groups['kube_control_plane']
+    - not ('kube_control_plane' in group_names)

 - name: Install | Copy kubelet binary from download dir
  copy:
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -35,7 +35,7 @@
    get_checksum: false
    get_mime: false
  register: kube_apiserver_set
-  when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
+  when: ('kube_control_plane' in group_names) and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
  listen: Preinstall | propagate resolvconf to k8s components

 # FIXME(mattymo): Also restart for kubeadm mode
@@ -46,7 +46,7 @@
    get_checksum: false
    get_mime: false
  register: kube_controller_set
-  when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
+  when: ('kube_control_plane' in group_names) and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
  listen: Preinstall | propagate resolvconf to k8s components

 - name: Preinstall | restart kube-controller-manager docker
@@ -55,7 +55,7 @@
    executable: /bin/bash
  when:
    - container_manager == "docker"
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - kube_controller_set.stat.exists
@@ -71,7 +71,7 @@
  until: preinstall_restart_controller_manager.rc == 0
  when:
    - container_manager in ['crio', 'containerd']
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - kube_controller_set.stat.exists
@@ -83,7 +83,7 @@
    executable: /bin/bash
  when:
    - container_manager == "docker"
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - kube_apiserver_set.stat.exists
@@ -99,7 +99,7 @@
  delay: 1
  when:
    - container_manager in ['crio', 'containerd']
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - kube_apiserver_set.stat.exists
@@ -116,7 +116,7 @@
  delay: 1
  when:
    - dns_late
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
--- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -65,14 +65,14 @@
    that: ansible_memtotal_mb >= minimal_master_memory_mb
  when:
    - not ignore_assert_errors
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)

 - name: Stop if memory is too small for nodes
  assert:
    that: ansible_memtotal_mb >= minimal_node_memory_mb
  when:
    - not ignore_assert_errors
-    - inventory_hostname in groups['kube_node']
+    - ('kube_node' in group_names)

 # This command will fail if cgroups are not enabled on the node.
 # For reference: https://kubernetes.io/docs/concepts/architecture/cgroups/#check-cgroup-version
@@ -92,7 +92,7 @@
    msg: "Do not schedule more pods on a node than inet addresses are available."
  when:
    - not ignore_assert_errors
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
    - kube_network_node_prefix is defined
    - kube_network_plugin != 'calico'

--- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
+++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
@@ -5,7 +5,7 @@
    state: directory
    owner: "{{ kube_owner }}"
    mode: "0755"
-  when: inventory_hostname in groups['k8s_cluster']
+  when: ('k8s_cluster' in group_names)
  become: true
  tags:
    - kubelet
@@ -30,7 +30,7 @@
    state: directory
    owner: root
    mode: "0755"
-  when: inventory_hostname in groups['k8s_cluster']
+  when: ('k8s_cluster' in group_names)
  become: true
  tags:
    - kubelet
@@ -55,7 +55,7 @@
    get_mime: false
  register: kube_cert_compat_dir_check
  when:
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
    - kube_cert_dir != kube_cert_compat_dir

 - name: Create kubernetes kubeadm compat cert dir (kubernetes/kubeadm issue 1498)
@@ -65,7 +65,7 @@
    state: link
    mode: "0755"
  when:
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
    - kube_cert_dir != kube_cert_compat_dir
    - not kube_cert_compat_dir_check.stat.exists

@@ -80,7 +80,7 @@
    - "/opt/cni/bin"
  when:
    - kube_network_plugin in ["calico", "weave", "flannel", "cilium", "kube-ovn", "kube-router", "macvlan"]
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
  tags:
    - network
    - cilium
@@ -100,7 +100,7 @@
    - "/var/lib/calico"
  when:
    - kube_network_plugin == "calico"
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
  tags:
    - network
    - calico
@@ -115,7 +115,7 @@
    mode: "{{ local_volume_provisioner_directory_mode }}"
  with_items: "{{ local_volume_provisioner_storage_classes.keys() | list }}"
  when:
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
    - local_volume_provisioner_enabled
  tags:
    - persistent_volumes
--- a/roles/kubernetes/tokens/tasks/gen_tokens.yml
+++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml
@@ -57,7 +57,7 @@
  args:
    executable: /bin/bash
  when:
-    - inventory_hostname in groups['kube_control_plane']
+    - ('kube_control_plane' in group_names)
    - sync_tokens | default(false)
    - inventory_hostname != groups['kube_control_plane'][0]
    - tokens_data.stdout