c12s-kubespray/roles/kubernetes/client/tasks/main.yml

---
- name: Set external kube-apiserver endpoint
  set_fact:
    external_apiserver_address: >-
      {%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined -%}
      {{ loadbalancer_apiserver.address }}
      {%- else -%}
      {{ kube_apiserver_access_address }}
      {%- endif -%}
    external_apiserver_port: >-
      {%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined and loadbalancer_apiserver.port is defined -%}
      {{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
      {%- else -%}
      {{ kube_apiserver_port }}
      {%- endif -%}
  tags:
    - facts

- name: Create kube config dir
  file:
    path: "/root/.kube"
    mode: "0700"
    state: directory

- name: Copy admin kubeconfig to root user home
  copy:
    src: "{{ kube_config_dir }}/admin.conf"
    dest: "/root/.kube/config"
    remote_src: yes
    mode: "0600"
    backup: yes

- name: Create kube artifacts dir
  file:
    path: "{{ artifacts_dir }}"
    mode: "0750"
    state: directory
  delegate_to: localhost
  become: no
  run_once: yes
  when: kubeconfig_localhost|default(false)

# NOTE(mattymo): Please forgive this workaround
- name: Generate admin kubeconfig with external api endpoint
  shell: >-
    {% if kubeadm_version is version('v1.14.0', '>=') %}
    mkdir -p {{ kube_config_dir }}/external_kubeconfig &&
    {% endif %}
    {{ bin_dir }}/kubeadm
    {% if kubeadm_version is version('v1.14.0', '>=') %}
    init phase
    {% elif kubeadm_version is version('v1.13.0', '>=') %}
    alpha
    {% else %}
    alpha phase
    {% endif %}
    {% if kubeadm_version is version('v1.14.0', '>=') %}
    kubeconfig admin
    --kubeconfig-dir {{ kube_config_dir }}/external_kubeconfig
    {% else %}
    kubeconfig user
    --client-name kubernetes-admin
    --org system:masters
    {% endif %}
    --cert-dir {{ kube_config_dir }}/ssl
    --apiserver-advertise-address {{ external_apiserver_address }}
    --apiserver-bind-port {{ external_apiserver_port }}
    {% if kubeadm_version is version('v1.14.0', '>=') %}
    && cat {{ kube_config_dir }}/external_kubeconfig/admin.conf &&
    rm -rf {{ kube_config_dir }}/external_kubeconfig
    {% endif %}
  environment: "{{ proxy_env }}"
  run_once: yes
  register: admin_kubeconfig

- name: Write admin kubeconfig on ansible host
  copy:
    content: "{{ admin_kubeconfig.stdout }}"
    dest: "{{ artifacts_dir }}/admin.conf"
    mode: 0640
  delegate_to: localhost
  become: no
  run_once: yes
  when: kubeconfig_localhost|default(false)

- name: Copy kubectl binary to ansible host
  fetch:
    src: "{{ bin_dir }}/kubectl"
    dest: "{{ artifacts_dir }}/kubectl"
    flat: yes
    validate_checksum: no
  become: no
  run_once: yes
  when: kubectl_localhost|default(false)

- name: create helper script kubectl.sh on ansible host
  copy:
    content: |
      #!/bin/bash
      kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf $@
    dest: "{{ artifacts_dir }}/kubectl.sh"
    mode: 0755
  become: no
  run_once: yes
  delegate_to: localhost
  when: kubectl_localhost|default(false) and kubeconfig_localhost|default(false)
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`---`
			`- name: Set external kube-apiserver endpoint`
			`set_fact:`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`external_apiserver_address: >-`
Use external LB IP for external api endpoint (#4060) * Use external LB IP for external api endpoint Use loadbalancer_apiserver.address instead of apiserver_loadbalancer_domain_name for kudadm init --apiserver-advertise-address argument https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#options states apiserver-advertise-address needs to be a IPv4 or IPv6 address * only use loadbalancer IP if it is defined 2019-01-21 09:27:42 +00:00			`{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined -%}`
			`{{ loadbalancer_apiserver.address }}`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`{%- else -%}`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`{{ kube_apiserver_access_address }}`
			`{%- endif -%}`
			`external_apiserver_port: >-`
fixup external kube-apiserver port (#4075) 2019-01-21 11:43:27 +00:00			`{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined and loadbalancer_apiserver.port is defined -%}`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`{{ loadbalancer_apiserver.port\|default(kube_apiserver_port) }}`
			`{%- else -%}`
			`{{ kube_apiserver_port }}`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`{%- endif -%}`
Normalize tags in all places to prepare for tag fixing in future (#1739) 2017-10-05 07:43:04 +00:00			`tags:`
			`- facts`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00
			`- name: Create kube config dir`
			`file:`
			`path: "/root/.kube"`
			`mode: "0700"`
			`state: directory`

			`- name: Copy admin kubeconfig to root user home`
			`copy:`
			`src: "{{ kube_config_dir }}/admin.conf"`
			`dest: "/root/.kube/config"`
			`remote_src: yes`
make admin.conf -> .kube/config non-executable Almost certainly, the .kube/config file (YAML) should not be executable. 2018-05-14 09:29:48 +00:00			`mode: "0600"`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`backup: yes`

create artifacts_dir (#4079) 2019-01-28 09:59:15 +00:00			`- name: Create kube artifacts dir`
			`file:`
			`path: "{{ artifacts_dir }}"`
			`mode: "0750"`
			`state: directory`
			`delegate_to: localhost`
			`become: no`
			`run_once: yes`
			`when: kubeconfig_localhost\|default(false)`

Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca 2019-04-19 13:01:54 +00:00			`# NOTE(mattymo): Please forgive this workaround`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`- name: Generate admin kubeconfig with external api endpoint`
			`shell: >-`
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca 2019-04-19 13:01:54 +00:00			`{% if kubeadm_version is version('v1.14.0', '>=') %}`
			`mkdir -p {{ kube_config_dir }}/external_kubeconfig &&`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`{% endif %}`
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca 2019-04-19 13:01:54 +00:00			`{{ bin_dir }}/kubeadm`
			`{% if kubeadm_version is version('v1.14.0', '>=') %}`
			`init phase`
			`{% elif kubeadm_version is version('v1.13.0', '>=') %}`
			`alpha`
			`{% else %}`
			`alpha phase`
			`{% endif %}`
			`{% if kubeadm_version is version('v1.14.0', '>=') %}`
			`kubeconfig admin`
			`--kubeconfig-dir {{ kube_config_dir }}/external_kubeconfig`
			`{% else %}`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`kubeconfig user`
			`--client-name kubernetes-admin`
			`--org system:masters`
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca 2019-04-19 13:01:54 +00:00			`{% endif %}`
Revert "Fix #4237: update kube cert path (#4354)" (#4369) This reverts commit ea7a6f1cf1d95732d8305d0ca8da0da8a0050e3d. This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters. 2019-03-20 12:56:57 +00:00			`--cert-dir {{ kube_config_dir }}/ssl`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`--apiserver-advertise-address {{ external_apiserver_address }}`
			`--apiserver-bind-port {{ external_apiserver_port }}`
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca 2019-04-19 13:01:54 +00:00			`{% if kubeadm_version is version('v1.14.0', '>=') %}`
			`&& cat {{ kube_config_dir }}/external_kubeconfig/admin.conf &&`
			`rm -rf {{ kube_config_dir }}/external_kubeconfig`
			`{% endif %}`
Use proxy_env with kubeadm phase commands (#4325) 2019-03-26 10:03:19 +00:00			`environment: "{{ proxy_env }}"`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`run_once: yes`
			`register: admin_kubeconfig`

			`- name: Write admin kubeconfig on ansible host`
			`copy:`
			`content: "{{ admin_kubeconfig.stdout }}"`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`dest: "{{ artifacts_dir }}/admin.conf"`
Generate external admin.conf with kubeadm (#4056) * Generate external admin.conf with kubeadm * Fix apiserver sans 2019-01-16 13:30:50 +00:00			`mode: 0640`
			`delegate_to: localhost`
			`become: no`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`run_once: yes`
			`when: kubeconfig_localhost\|default(false)`

			`- name: Copy kubectl binary to ansible host`
			`fetch:`
			`src: "{{ bin_dir }}/kubectl"`
fix kubectl download location and kubectl.sh helper owner/group remove 2018-04-09 10:19:26 +00:00			`dest: "{{ artifacts_dir }}/kubectl"`
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false) 2017-09-18 12:30:57 +00:00			`flat: yes`
			`validate_checksum: no`
			`become: no`
			`run_once: yes`
			`when: kubectl_localhost\|default(false)`
Support multiple artifacts under individual inventory directory 2018-02-16 12:53:35 +00:00
			`- name: create helper script kubectl.sh on ansible host`
			`copy:`
			`content: \|`
			`#!/bin/bash`
Fix helper script to refer to admin.conf as relative path (#3738) 2018-11-20 02:28:51 +00:00			`kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf $@`
Support multiple artifacts under individual inventory directory 2018-02-16 12:53:35 +00:00			`dest: "{{ artifacts_dir }}/kubectl.sh"`
			`mode: 0755`
			`become: no`
			`run_once: yes`
			`delegate_to: localhost`
			`when: kubectl_localhost\|default(false) and kubeconfig_localhost\|default(false)`