c12s-kubespray/roles/kubernetes-apps/helm/tasks/main.yml

132 lines
6.3 KiB
YAML
Raw Normal View History

2016-09-07 18:02:06 +00:00
---
- name: Helm | Make sure HELM_HOME directory exists
file: path={{ helm_home_dir }} state=directory
2017-03-17 11:56:25 +00:00
- name: Helm | Set up helm launcher
include_tasks: "install_{{ helm_deployment_type }}.yml"
2017-03-17 11:56:25 +00:00
2017-06-27 04:27:25 +00:00
- name: Helm | Lay Down Helm Manifests (RBAC)
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
2017-06-27 04:27:25 +00:00
with_items:
- {name: tiller, file: tiller-namespace.yml, type: namespace}
2017-06-27 04:27:25 +00:00
- {name: tiller, file: tiller-sa.yml, type: sa}
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests
2018-09-10 09:39:26 +00:00
when:
- dns_mode != 'none'
- inventory_hostname == groups['kube-master'][0]
- helm_version is version('v3.0.0', '<')
2017-06-27 04:27:25 +00:00
- name: Helm | Apply Helm Manifests (RBAC)
kube:
name: "{{ item.item.name }}"
namespace: "{{ tiller_namespace }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ manifests.results }}"
2018-09-10 09:39:26 +00:00
when:
- dns_mode != 'none'
- inventory_hostname == groups['kube-master'][0]
- helm_version is version('v3.0.0', '<')
2017-06-27 04:27:25 +00:00
# Generate necessary certs for securing Helm and Tiller connection with TLS
- name: Helm | Set up TLS
include_tasks: "gen_helm_tiller_certs.yml"
when:
- tiller_enable_tls
- helm_version is version('v3.0.0', '<')
2019-10-04 12:14:02 +00:00
- name: Helm | Install client on all masters
command: >
{{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }}
{% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
--client-only
environment: "{{ proxy_env }}"
changed_when: false
when:
- helm_version is version('v3.0.0', '<')
2019-10-04 12:14:02 +00:00
# FIXME: https://github.com/helm/helm/issues/6374
2020-08-28 08:20:53 +00:00
- name: Helm | Install/upgrade helm
shell: >
2020-08-28 08:20:53 +00:00
set -o pipefail &&
2018-09-10 09:39:26 +00:00
{{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }}
{% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
2018-09-10 09:39:26 +00:00
--upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }}
{% if rbac_enabled %} --service-account={{ tiller_service_account }}{% endif %}
{% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %}
2019-07-16 08:39:24 +00:00
--override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}
{% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %}
{% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %}
{% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %}
{% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
--override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
{% if tiller_wait %} --wait{% endif %}
{% if tiller_replicas is defined %} --replicas {{ tiller_replicas | int }}{% endif %}
--output yaml
| sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@'
| {{ bin_dir }}/kubectl apply -f -
2020-08-28 08:20:53 +00:00
args:
executable: /bin/bash
register: install_helm
2019-10-04 12:14:02 +00:00
when:
- inventory_hostname == groups['kube-master'][0]
- helm_version is version('v3.0.0', '<')
changed_when: false
environment: "{{ proxy_env }}"
2018-09-06 14:26:57 +00:00
# FIXME: https://github.com/helm/helm/issues/4063
2020-08-28 08:20:53 +00:00
- name: Helm | Force apply tiller overrides if necessary
shell: >
2020-08-28 08:20:53 +00:00
set -o pipefail &&
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
{% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
{% if rbac_enabled %} --service-account={{ tiller_service_account }}{% endif %}
{% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %}
2019-07-16 08:39:24 +00:00
--override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}
{% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %}
{% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %}
{% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %}
{% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
--override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
{% if tiller_wait %} --wait{% endif %}
{% if tiller_replicas is defined %} --replicas {{ tiller_replicas | int }}{% endif %}
--output yaml
| sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@'
| {{ bin_dir }}/kubectl apply -f -
2020-08-28 08:20:53 +00:00
args:
executable: /bin/bash
changed_when: false
2018-09-10 09:39:26 +00:00
when:
- inventory_hostname == groups['kube-master'][0]
- helm_version is version('v3.0.0', '<')
environment: "{{ proxy_env }}"
2017-03-17 11:56:25 +00:00
- name: Helm | Add/update stable repo on all masters
command: "{{ bin_dir }}/helm repo add stable {{ helm_stable_repo_url }}"
environment: "{{ proxy_env }}"
when:
- helm_version is version('v3.0.0', '>=')
- helm_stable_repo_url is defined
- name: Make sure bash_completion.d folder exists # noqa 503
file:
name: "/etc/bash_completion.d/"
state: directory
when:
- ((helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed))
- ansible_os_family in ["ClearLinux"]
- name: Helm | Set up bash completion # noqa 503
2017-06-19 06:33:50 +00:00
shell: "umask 022 && {{ bin_dir }}/helm completion bash >/etc/bash_completion.d/helm.sh"
2018-09-10 09:39:26 +00:00
when:
- ((helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed))
- not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]