Replace kube-master with kube_control_plane (#7256)

This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
2026-02-28 09:39:12 +03:00 · 2021-03-23 17:26:05 -07:00
parent d53fd29e34
commit 486b223e01
159 changed files with 564 additions and 485 deletions
--- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
+++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
@@ -28,7 +28,7 @@
    kube_encrypt_token: "{{ kube_encrypt_token_extracted }}"
  delegate_to: "{{ item }}"
  delegate_facts: true
-  with_inventory_hostnames: kube-master
+  with_inventory_hostnames: kube_control_plane
  when: kube_encrypt_token_extracted is defined

 - name: Write secrets for encrypting secret data at rest
--- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
@@ -18,15 +18,15 @@
    --upload-certs
  register: kubeadm_upload_cert
  when:
-    - inventory_hostname == groups['kube-master']|first
+    - inventory_hostname == groups['kube_control_plane']|first

 - name: Parse certificate key if not set
  set_fact:
-    kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
+    kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
  run_once: yes
  when:
-    - hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is defined
-    - hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is not skipped
+    - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is defined
+    - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is not skipped

 - name: Create kubeadm ControlPlane config
  template:
@@ -35,7 +35,7 @@
    mode: 0640
    backup: yes
  when:
-    - inventory_hostname != groups['kube-master']|first
+    - inventory_hostname != groups['kube_control_plane']|first
    - not kubeadm_already_run.stat.exists

 - name: Wait for k8s apiserver
@@ -64,5 +64,5 @@
  throttle: 1
  until: kubeadm_join_control_plane is succeeded
  when:
-    - inventory_hostname != groups['kube-master']|first
+    - inventory_hostname != groups['kube_control_plane']|first
    - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -25,7 +25,7 @@

 - name: kubeadm | aggregate all SANs
  set_fact:
-    apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
+    apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
  vars:
    sans_base:
      - "kubernetes"
@@ -38,12 +38,12 @@
    sans_lb: "{{ [apiserver_loadbalancer_domain_name] if apiserver_loadbalancer_domain_name is defined else [] }}"
    sans_lb_ip: "{{ [loadbalancer_apiserver.address] if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined else [] }}"
    sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}"
-    sans_access_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}"
-    sans_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}"
-    sans_address: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
+    sans_access_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}"
+    sans_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}"
+    sans_address: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
    sans_override: "{{ [kube_override_hostname] if kube_override_hostname else [] }}"
-    sans_hostname: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}"
-    sans_fqdn: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}"
+    sans_hostname: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}"
+    sans_fqdn: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}"
  tags: facts

 - name: Create audit-policy directory
@@ -86,7 +86,7 @@
  register: apiserver_sans_check
  changed_when: "'does match certificate' not in apiserver_sans_check.stdout"
  when:
-    - inventory_hostname == groups['kube-master']|first
+    - inventory_hostname == groups['kube_control_plane']|first
    - kubeadm_already_run.stat.exists

 - name: kubeadm | regenerate apiserver cert 1/2
@@ -97,7 +97,7 @@
    - apiserver.crt
    - apiserver.key
  when:
-    - inventory_hostname == groups['kube-master']|first
+    - inventory_hostname == groups['kube_control_plane']|first
    - kubeadm_already_run.stat.exists
    - apiserver_sans_check.changed

@@ -107,7 +107,7 @@
    init phase certs apiserver
    --config={{ kube_config_dir }}/kubeadm-config.yaml
  when:
-    - inventory_hostname == groups['kube-master']|first
+    - inventory_hostname == groups['kube_control_plane']|first
    - kubeadm_already_run.stat.exists
    - apiserver_sans_check.changed

@@ -123,7 +123,7 @@
  # Retry is because upload config sometimes fails
  retries: 3
  until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
-  when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists
+  when: inventory_hostname == groups['kube_control_plane']|first and not kubeadm_already_run.stat.exists
  failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
@@ -132,7 +132,7 @@
 - name: set kubeadm certificate key
  set_fact:
    kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)','\\1') | first }}"
-  with_items: "{{ hostvars[groups['kube-master'][0]]['kubeadm_init'].stdout_lines | default([]) }}"
+  with_items: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_init'].stdout_lines | default([]) }}"
  when:
    - kubeadm_certificate_key is not defined
    - (item | trim) is match('.*--certificate-key.*')
@@ -143,7 +143,7 @@
    {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }}
  changed_when: false
  when:
-    - inventory_hostname == groups['kube-master']|first
+    - inventory_hostname == groups['kube_control_plane']|first
    - kubeadm_token is defined
    - kubeadm_refresh_token
  tags:
@@ -156,7 +156,7 @@
  retries: 5
  delay: 5
  until: temp_token is succeeded
-  delegate_to: "{{ groups['kube-master'] | first }}"
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
  when: kubeadm_token is not defined
  tags:
    - kubeadm_token
@@ -180,7 +180,7 @@
 # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
 - name: kubeadm | Remove taint for master with node role
  command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} {{ item }}"
-  delegate_to: "{{ groups['kube-master'] | first }}"
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
  with_items:
    - "node-role.kubernetes.io/master:NoSchedule-"
    - "node-role.kubernetes.io/control-plane:NoSchedule-"
--- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
@@ -3,7 +3,7 @@
  uri:
    url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
    validate_certs: false
-  when: inventory_hostname in groups['kube-master']
+  when: inventory_hostname in groups['kube_control_plane']
  register: _result
  retries: 60
  delay: 5
@@ -23,7 +23,7 @@
  # Retry is because upload config sometimes fails
  retries: 3
  until: kubeadm_upgrade.rc == 0
-  when: inventory_hostname == groups['kube-master']|first
+  when: inventory_hostname == groups['kube_control_plane']|first
  failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
@@ -40,7 +40,7 @@
    --etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }}
    --force
  register: kubeadm_upgrade
-  when: inventory_hostname != groups['kube-master']|first
+  when: inventory_hostname != groups['kube_control_plane']|first
  failed_when:
    - kubeadm_upgrade.rc != 0
    - '"field is immutable" not in kubeadm_upgrade.stderr'
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
@@ -3,7 +3,7 @@ Description=Timer to renew K8S control plane certificates

 [Timer]
 # First Monday of each month
-OnCalendar=Mon *-*-1..7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00
+OnCalendar=Mon *-*-1..7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00

 [Install]
 WantedBy=multi-user.target
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
@@ -16,7 +16,7 @@ nodeRegistration:
 {% if kube_override_hostname|default('') %}
  name: {{ kube_override_hostname }}
 {% endif %}
-{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
+{% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube-node'] %}
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master