C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
c12s-kubespray/roles/kubernetes/master/tasks/static-pod-setup.yml

68 lines
1.8 KiB
YAML
Raw Normal View History

kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
---
Support audit
2018-08-15 08:41:13 +00:00
- name: Create audit-policy directory
minor variable fix and reuse + handle auditlog redirected to stdout
2018-08-16 10:51:09 +00:00
file:
path: "{{ audit_policy_file | dirname }}"
state: directory
Support audit
2018-08-15 08:41:13 +00:00
tags:
- kube-apiserver
when: kubernetes_audit|default(false)
- name: Write api audit policy yaml
template:
src: apiserver-audit-policy.yaml.j2
minor variable fix and reuse + handle auditlog redirected to stdout
2018-08-16 10:51:09 +00:00
dest: "{{ audit_policy_file }}"
Support audit
2018-08-15 08:41:13 +00:00
notify: Master | Restart apiserver
tags:
- kube-apiserver
when: kubernetes_audit|default(false)
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
- name: Write kube-apiserver manifest
template:
src: manifests/kube-apiserver.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
Master component and kubelet container upgrade fixes * Fixes an issue where apiserver and friends (controller manager, scheduler) were prevented from restarting after manifests/secrets are changed. This occurred when a replaced kubelet doesn't reconcile new master manifests, which caused old master component versions to linger during deployment. In my case this was causing upgrades from k8s 1.6/1.7 -> k8s 1.8 to fail * Improves transitions from kubelet container to host kubelet by preventing issues where kubelet container reappeared during the deployment
2017-11-08 07:40:33 +00:00
notify: Master | Restart apiserver
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- kube-apiserver
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
- meta: flush_handlers
Fix for Issue #2141
2018-01-12 07:07:02 +00:00
- name: Write kube-scheduler policy file
template:
Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation
2018-01-23 13:14:00 +00:00
src: kube-scheduler-policy.yaml.j2
dest: "{{ kube_config_dir }}/kube-scheduler-policy.yaml"
Restart scheduler when policy changes
2018-05-14 08:09:30 +00:00
notify: Master | Restart kube-scheduler
Fix for Issue #2141
2018-01-12 07:07:02 +00:00
tags:
- kube-scheduler
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
- name: Write kube-scheduler kubeconfig
template:
src: kube-scheduler-kubeconfig.yaml.j2
dest: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- kube-scheduler
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
- name: Write kube-scheduler manifest
template:
src: manifests/kube-scheduler.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
Master component and kubelet container upgrade fixes * Fixes an issue where apiserver and friends (controller manager, scheduler) were prevented from restarting after manifests/secrets are changed. This occurred when a replaced kubelet doesn't reconcile new master manifests, which caused old master component versions to linger during deployment. In my case this was causing upgrades from k8s 1.6/1.7 -> k8s 1.8 to fail * Improves transitions from kubelet container to host kubelet by preventing issues where kubelet container reappeared during the deployment
2017-11-08 07:40:33 +00:00
notify: Master | Restart kube-scheduler
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- kube-scheduler
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
- name: Write kube-controller-manager kubeconfig
template:
src: kube-controller-manager-kubeconfig.yaml.j2
dest: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- kube-controller-manager
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
- name: Write kube-controller-manager manifest
template:
src: manifests/kube-controller-manager.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
Master component and kubelet container upgrade fixes * Fixes an issue where apiserver and friends (controller manager, scheduler) were prevented from restarting after manifests/secrets are changed. This occurred when a replaced kubelet doesn't reconcile new master manifests, which caused old master component versions to linger during deployment. In my case this was causing upgrades from k8s 1.6/1.7 -> k8s 1.8 to fail * Improves transitions from kubelet container to host kubelet by preventing issues where kubelet container reappeared during the deployment
2017-11-08 07:40:33 +00:00
notify: Master | Restart kube-controller-manager
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- kube-controller-manager
Additional flush for static pod master upgrade Thought this wasn't required at first but I forgot there's no auto flush at the end of these tasks since the `kubernetes/master` role is not the end of the play.
2017-11-14 00:11:57 +00:00
Fix for Issue #2141
2018-01-12 07:07:02 +00:00
- meta: flush_handlers
Reference in a new issue Copy permalink