Hi @sathieu. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Hi @sathieu , I tried your PR and I get the following error. I think the reason is that "Kube-vip | Write static pod" is run before "Set fact first_kube_control_plane".

ansible.errors.AnsibleUndefinedVariable: 'first_kube_control_plane' is undefined. 'first_kube_control_plane' is undefined                                                            
fatal: [cp-1]: FAILED! => {                                                                                                                                                      
    "changed": false,                                                                                                                                                                
    "msg": "AnsibleUndefinedVariable: 'first_kube_control_plane' is undefined. 'first_kube_control_plane' is undefined"                                                              
}  

/ok-to-test

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sathieu
Once this PR has been reviewed and has the lgtm label, please assign floryut for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

FYI, I tried the patch and hit the same issue of 'first_kube_control_plane' not defined. I did this "hack" and was able to get this to work in a bare-metal, off-prem configuration:

diff --git a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
index f7b04a624..b5acdac8c 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
@@ -6,6 +6,10 @@
     - kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp
     - kube_vip_arp_enabled

+- name: Kube-vip | Check if first control plane
+  set_fact:
+    is_first_control_plane: "{{ inventory_hostname == groups['kube_control_plane'] | first }}"
+
 - name: Kube-vip | Write static pod
   template:
     src: manifests/kube-vip.manifest.j2
diff --git a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
index 11a971e93..7b59bca4c 100644
--- a/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-vip.manifest.j2
@@ -119,6 +119,6 @@ spec:
   hostNetwork: true
   volumes:
   - hostPath:
-      path: /etc/kubernetes/admin.conf
+      path: /etc/kubernetes/{% if is_first_control_plane %}super-{% endif %}admin.conf
     name: kubeconfig
 status: {}

FYI, I tried the patch and hit the same issue of 'first_kube_control_plane' not defined. I did this "hack" and was able to get this to work in a bare-metal, off-prem configuration:

You are not testing the last version, see 0d83237.

FYI, I tried the patch and hit the same issue of 'first_kube_control_plane' not defined. I did this "hack" and was able to get this to work in a bare-metal, off-prem configuration:

You are not testing the last version, see 0d83237.

0d83237 is based off of 4b82e90. My diff is based off of the newer 351393e commit on master branch. As mentioned by @andrewfung729, first_kube_control_plane is not defined, when kube-vip.manifest.j2 is processed. My change defines the fact, right before kube-vip.manifest.j2 is processed. I just used another name - is_first_control_plane.

CI is failing for probably unrelated reason, can someone take a look?

I think fixing this issue is easy, but adding proper test is harder (because we don't have an external IP available).

Now failing with:

No such file or directory - qemu-img

(unrelated to this PR)

I tried the fix on 2 cp cluster with kubespray v2.25.0 and it's failing for the second master:

TASK [kubernetes/control-plane : Wait for k8s apiserver] *****************************************************************************************
ok: [first_cp]
fatal: [second_cp]: FAILED! => {"changed": false, "elapsed": 181, "msg": "Timeout when waiting for lb-apiserver.kubernetes.local:6443"}

Am I missing anything?

EDIT: sorry, was using the wrong interface..

It worked fine and the playbook finished successfully..

@sathieu FYI, I tried the latest patch on a 3 control plane/4 worker node on-prem k8s 1.29.5 cluster using Kubespray (2 week old pull of master branch, post 2.25.0) and it worked fine! Thanks for working on this.

I've removed the CI part as it doesn't work (we need a valid VIP).

Please review and merge 🙏