Rename master to control plane - non-breaking changes only (#11394)

K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
2026-02-28 09:39:12 +03:00 · 2024-09-06 09:56:19 +03:00
parent d4bf3b9dc7
commit 4b324cb0f0
37 changed files with 165 additions and 138 deletions
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -5,7 +5,7 @@ upgrade_cluster_setup: false
 # By default the external API listens on all interfaces, this can be changed to
 # listen on a specific address/interface.
 # NOTE: If you specific address/interface and use loadbalancer_apiserver_localhost
-# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on masters on 127.0.0.1:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }} too.
+# loadbalancer_apiserver_localhost (nginx/haproxy) will deploy on control plane nodes on 127.0.0.1:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }} too.
 kube_apiserver_bind_address: 0.0.0.0

 # A port range to reserve for services with NodePort visibility.
@@ -38,7 +38,7 @@ kube_controller_manager_leader_elect_renew_deadline: 10s
 # discovery_timeout modifies the discovery timeout
 discovery_timeout: 5m0s

-# Instruct first master to refresh kubeadm token
+# Instruct first control plane node to refresh kubeadm token
 kubeadm_refresh_token: true

 # Scale down coredns replicas to 0 if not using coredns dns_mode
--- a/roles/kubernetes/control-plane/handlers/main.yml
+++ b/roles/kubernetes/control-plane/handlers/main.yml
@@ -1,16 +1,16 @@
 ---
- name: Master | reload systemd
+- name: Control plane | reload systemd
  systemd_service:
    daemon_reload: true
-  listen: Master | restart kubelet
+  listen: Control plane | restart kubelet

- name: Master | reload kubelet
+- name: Control plane | reload kubelet
  service:
    name: kubelet
    state: restarted
-  listen: Master | restart kubelet
+  listen: Control plane | restart kubelet

- name: Master | Remove apiserver container docker
+- name: Control plane | Remove apiserver container docker
  shell: "set -o pipefail && docker ps -af name=k8s_kube-apiserver* -q | xargs --no-run-if-empty docker rm -f"
  args:
    executable: /bin/bash
@@ -19,9 +19,9 @@
  until: remove_apiserver_container.rc == 0
  delay: 1
  when: container_manager == "docker"
-  listen: Master | Restart apiserver
+  listen: Control plane | Restart apiserver

- name: Master | Remove apiserver container containerd/crio
+- name: Control plane | Remove apiserver container containerd/crio
  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
  args:
    executable: /bin/bash
@@ -30,9 +30,9 @@
  until: remove_apiserver_container.rc == 0
  delay: 1
  when: container_manager in ['containerd', 'crio']
-  listen: Master | Restart apiserver
+  listen: Control plane | Restart apiserver

- name: Master | Remove scheduler container docker
+- name: Control plane | Remove scheduler container docker
  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_kube-scheduler* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
  args:
    executable: /bin/bash
@@ -41,9 +41,9 @@
  until: remove_scheduler_container.rc == 0
  delay: 1
  when: container_manager == "docker"
-  listen: Master | Restart kube-scheduler
+  listen: Control plane | Restart kube-scheduler

- name: Master | Remove scheduler container containerd/crio
+- name: Control plane | Remove scheduler container containerd/crio
  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-scheduler* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
  args:
    executable: /bin/bash
@@ -52,9 +52,9 @@
  until: remove_scheduler_container.rc == 0
  delay: 1
  when: container_manager in ['containerd', 'crio']
-  listen: Master | Restart kube-scheduler
+  listen: Control plane | Restart kube-scheduler

- name: Master | Remove controller manager container docker
+- name: Control plane | Remove controller manager container docker
  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
  args:
    executable: /bin/bash
@@ -63,9 +63,9 @@
  until: remove_cm_container.rc == 0
  delay: 1
  when: container_manager == "docker"
-  listen: Master | Restart kube-controller-manager
+  listen: Control plane | Restart kube-controller-manager

- name: Master | Remove controller manager container containerd/crio
+- name: Control plane | Remove controller manager container containerd/crio
  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
  args:
    executable: /bin/bash
@@ -74,9 +74,9 @@
  until: remove_cm_container.rc == 0
  delay: 1
  when: container_manager in ['containerd', 'crio']
-  listen: Master | Restart kube-controller-manager
+  listen: Control plane | Restart kube-controller-manager

- name: Master | wait for kube-scheduler
+- name: Control plane | wait for kube-scheduler
  vars:
    endpoint: "{{ kube_scheduler_bind_address if kube_scheduler_bind_address != '0.0.0.0' else 'localhost' }}"
  uri:
@@ -87,10 +87,10 @@
  retries: 60
  delay: 1
  listen:
-    - Master | restart kubelet
-    - Master | Restart kube-scheduler
+    - Control plane | restart kubelet
+    - Control plane | Restart kube-scheduler

- name: Master | wait for kube-controller-manager
+- name: Control plane | wait for kube-controller-manager
  vars:
    endpoint: "{{ kube_controller_manager_bind_address if kube_controller_manager_bind_address != '0.0.0.0' else 'localhost' }}"
  uri:
@@ -101,10 +101,10 @@
  retries: 60
  delay: 1
  listen:
-    - Master | restart kubelet
-    - Master | Restart kube-controller-manager
+    - Control plane | restart kubelet
+    - Control plane | Restart kube-controller-manager

- name: Master | wait for the apiserver to be running
+- name: Control plane | wait for the apiserver to be running
  uri:
    url: "{{ kube_apiserver_endpoint }}/healthz"
    validate_certs: false
@@ -113,5 +113,5 @@
  retries: 60
  delay: 1
  listen:
-    - Master | restart kubelet
-    - Master | Restart apiserver
+    - Control plane | restart kubelet
+    - Control plane | Restart apiserver
--- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
+++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
@@ -23,7 +23,7 @@
    kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode }}"
  when: secrets_encryption_file.stat.exists

- name: Set kube_encrypt_token across master nodes
+- name: Set kube_encrypt_token across control plane nodes
  set_fact:
    kube_encrypt_token: "{{ kube_encrypt_token_extracted }}"
  delegate_to: "{{ item }}"
--- a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
@@ -12,6 +12,6 @@
    - kubelet.conf
    - scheduler.conf
  notify:
-    - "Master | Restart kube-controller-manager"
-    - "Master | Restart kube-scheduler"
-    - "Master | reload kubelet"
+    - "Control plane | Restart kube-controller-manager"
+    - "Control plane | Restart kube-scheduler"
+    - "Control plane | reload kubelet"
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -189,7 +189,7 @@
    mode: "0644"
  when: kubeadm_patches is defined and kubeadm_patches.enabled

- name: Kubeadm | Initialize first master
+- name: Kubeadm | Initialize first control plane node
  command: >-
    timeout -k {{ kubeadm_init_timeout }} {{ kubeadm_init_timeout }}
    {{ bin_dir }}/kubeadm init
@@ -205,7 +205,7 @@
  failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
-  notify: Master | restart kubelet
+  notify: Control plane | restart kubelet

 - name: Set kubeadm certificate key
  set_fact:
@@ -250,7 +250,7 @@
  tags:
    - kubeadm_token

- name: Kubeadm | Join other masters
+- name: Kubeadm | Join other control plane nodes
  include_tasks: kubeadm-secondary.yml

 - name: Kubeadm | upgrade kubernetes cluster
@@ -260,7 +260,7 @@
    - kubeadm_already_run.stat.exists

 # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
- name: Kubeadm | Remove taint for master with node role
+- name: Kubeadm | Remove taint for control plane node with node role
  command: "{{ kubectl }} taint node {{ inventory_hostname }} {{ item }}"
  delegate_to: "{{ first_kube_control_plane }}"
  with_items:
--- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
@@ -9,7 +9,7 @@
  delay: 5
  until: _result.status == 200

- name: Kubeadm | Upgrade first master
+- name: Kubeadm | Upgrade first control plane node
  command: >-
    timeout -k 600s 600s
    {{ bin_dir }}/kubeadm
@@ -28,9 +28,9 @@
  failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
-  notify: Master | restart kubelet
+  notify: Control plane | restart kubelet

- name: Kubeadm | Upgrade other masters
+- name: Kubeadm | Upgrade other control plane nodes
  command: >-
    timeout -k 600s 600s
    {{ bin_dir }}/kubeadm
@@ -49,7 +49,7 @@
  failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
-  notify: Master | restart kubelet
+  notify: Control plane | restart kubelet

 - name: Kubeadm | Remove binding to anonymous user
  command: "{{ kubectl }} -n kube-public delete rolebinding kubeadm:bootstrap-signer-clusterinfo --ignore-not-found"
--- a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
+++ b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
@@ -6,7 +6,7 @@
    line: '    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
    backup: true
  notify:
-    - "Master | reload kubelet"
+    - "Control plane | reload kubelet"

 - name: Fixup kubelet client cert rotation 2/2
  lineinfile:
@@ -15,4 +15,4 @@
    line: '    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
    backup: true
  notify:
-    - "Master | reload kubelet"
+    - "Control plane | reload kubelet"
--- a/roles/kubernetes/control-plane/tasks/pre-upgrade.yml
+++ b/roles/kubernetes/control-plane/tasks/pre-upgrade.yml
@@ -1,5 +1,5 @@
 ---
- name: "Pre-upgrade | Delete master manifests if etcd secrets changed"
+- name: "Pre-upgrade | Delete control plane manifests if etcd secrets changed"
  file:
    path: "/etc/kubernetes/manifests/{{ item }}.manifest"
    state: absent
@@ -8,14 +8,14 @@
  register: kube_apiserver_manifest_replaced
  when: etcd_secret_changed | default(false)

- name: "Pre-upgrade | Delete master containers forcefully"  # noqa no-handler
+- name: "Pre-upgrade | Delete control plane containers forcefully"  # noqa no-handler
  shell: "set -o pipefail && docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
  args:
    executable: /bin/bash
  with_items:
    - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
  when: kube_apiserver_manifest_replaced.changed
-  register: remove_master_container
+  register: remove_control_plane_container
  retries: 10
-  until: remove_master_container.rc == 0
+  until: remove_control_plane_container.rc == 0
  delay: 1