2017-09-13 18:00:51 +00:00
|
|
|
---
|
|
|
|
- name: Set kubeadm_discovery_address
|
|
|
|
set_fact:
|
|
|
|
kubeadm_discovery_address: >-
|
2018-08-07 10:25:31 +00:00
|
|
|
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
2017-09-13 18:00:51 +00:00
|
|
|
{{ first_kube_master }}:{{ kube_apiserver_port }}
|
|
|
|
{%- else -%}
|
2019-06-28 07:37:37 +00:00
|
|
|
{{ kube_apiserver_endpoint | replace("https://", "") }}
|
2017-09-13 18:00:51 +00:00
|
|
|
{%- endif %}
|
2017-10-05 07:43:04 +00:00
|
|
|
tags:
|
|
|
|
- facts
|
2017-09-13 18:00:51 +00:00
|
|
|
|
2017-09-15 21:28:15 +00:00
|
|
|
- name: Check if kubelet.conf exists
|
|
|
|
stat:
|
|
|
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
|
|
|
register: kubelet_conf
|
|
|
|
|
2019-07-09 12:41:59 +00:00
|
|
|
- name: Check if kubeadm CA cert is accessible
|
|
|
|
stat:
|
|
|
|
path: "{{ kube_cert_dir }}/ca.crt"
|
|
|
|
register: kubeadm_ca_stat
|
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
run_once: true
|
|
|
|
|
2017-12-25 08:57:45 +00:00
|
|
|
- name: Calculate kubeadm CA cert hash
|
2018-12-07 07:11:53 +00:00
|
|
|
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
2017-12-25 08:57:45 +00:00
|
|
|
register: kubeadm_ca_hash
|
2019-07-09 12:41:59 +00:00
|
|
|
when:
|
|
|
|
- kubeadm_ca_stat.stat is defined
|
|
|
|
- kubeadm_ca_stat.stat.exists
|
2017-12-25 08:57:45 +00:00
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
run_once: true
|
|
|
|
|
2018-02-05 23:14:50 +00:00
|
|
|
- name: Create kubeadm token for joining nodes with 24h expiration (default)
|
|
|
|
command: "{{ bin_dir }}/kubeadm token create"
|
|
|
|
register: temp_token
|
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
2019-04-19 13:01:54 +00:00
|
|
|
when: kubeadm_token is not defined
|
|
|
|
|
|
|
|
- name: Set kubeadm_token to generated token
|
|
|
|
set_fact:
|
|
|
|
kubeadm_token: "{{ temp_token.stdout }}"
|
|
|
|
when: kubeadm_token is not defined
|
|
|
|
|
2018-02-05 23:14:50 +00:00
|
|
|
|
2018-08-14 12:13:44 +00:00
|
|
|
- name: gets the kubeadm version
|
|
|
|
command: "{{ bin_dir }}/kubeadm version -o short"
|
|
|
|
register: kubeadm_output
|
|
|
|
|
2018-12-06 20:11:48 +00:00
|
|
|
- name: sets kubeadm api version to v1beta1
|
|
|
|
set_fact:
|
|
|
|
kubeadmConfig_api_version: v1beta1
|
|
|
|
when: kubeadm_output.stdout is version('v1.13.0', '>=')
|
2018-08-14 12:13:44 +00:00
|
|
|
|
2017-09-13 18:00:51 +00:00
|
|
|
- name: Create kubeadm client config
|
|
|
|
template:
|
2018-08-14 12:13:44 +00:00
|
|
|
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
|
2018-12-19 13:16:14 +00:00
|
|
|
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
|
2017-09-13 18:00:51 +00:00
|
|
|
backup: yes
|
|
|
|
when: not is_kube_master
|
|
|
|
|
|
|
|
- name: Join to cluster if needed
|
2018-09-18 23:48:45 +00:00
|
|
|
environment:
|
2019-05-27 08:49:51 +00:00
|
|
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin" # Make sure we can workaround RH / CentOS conservative path management
|
2019-02-12 21:42:56 +00:00
|
|
|
when: not is_kube_master and (not kubelet_conf.stat.exists)
|
|
|
|
block:
|
|
|
|
|
|
|
|
- name: Join to cluster
|
|
|
|
command: >-
|
2019-07-09 12:41:59 +00:00
|
|
|
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
|
2019-02-12 21:42:56 +00:00
|
|
|
{{ bin_dir }}/kubeadm join
|
2019-05-02 21:24:21 +00:00
|
|
|
--config {{ kube_config_dir }}/kubeadm-client.conf
|
2019-02-20 06:13:59 +00:00
|
|
|
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
|
2019-02-12 21:42:56 +00:00
|
|
|
register: kubeadm_join
|
|
|
|
|
|
|
|
rescue:
|
|
|
|
|
|
|
|
- name: Join to cluster with ignores
|
|
|
|
command: >-
|
2019-07-09 12:41:59 +00:00
|
|
|
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
|
2019-02-12 21:42:56 +00:00
|
|
|
{{ bin_dir }}/kubeadm join
|
2019-05-02 21:24:21 +00:00
|
|
|
--config {{ kube_config_dir }}/kubeadm-client.conf
|
2019-02-12 21:42:56 +00:00
|
|
|
--ignore-preflight-errors=all
|
|
|
|
register: kubeadm_join
|
|
|
|
|
|
|
|
always:
|
|
|
|
|
|
|
|
- name: Display kubeadm join stderr if any
|
|
|
|
when: kubeadm_join is failed
|
|
|
|
debug:
|
2019-05-03 19:21:42 +00:00
|
|
|
msg: |
|
2019-02-12 21:42:56 +00:00
|
|
|
Joined with warnings
|
|
|
|
{{ kubeadm_join.stderr_lines }}
|
2017-09-15 21:28:15 +00:00
|
|
|
|
2017-09-13 18:00:51 +00:00
|
|
|
- name: Update server field in kubelet kubeconfig
|
2018-06-07 09:46:15 +00:00
|
|
|
lineinfile:
|
|
|
|
dest: "{{ kube_config_dir }}/kubelet.conf"
|
|
|
|
regexp: 'server:'
|
|
|
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
2017-09-13 18:00:51 +00:00
|
|
|
backup: yes
|
2018-08-18 14:05:35 +00:00
|
|
|
when:
|
|
|
|
- kubeadm_config_api_fqdn is not defined
|
|
|
|
- not is_kube_master
|
2019-06-28 07:37:37 +00:00
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
2017-10-24 15:08:48 +00:00
|
|
|
notify: restart kubelet
|
2017-09-13 18:00:51 +00:00
|
|
|
|
2019-09-09 17:33:20 +00:00
|
|
|
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
|
|
|
|
# incorrectly to first master, creating SPoF.
|
2019-01-11 04:40:25 +00:00
|
|
|
- name: Update server field in kube-proxy kubeconfig
|
|
|
|
shell: >-
|
|
|
|
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
|
2019-09-09 17:33:20 +00:00
|
|
|
| sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g'
|
2019-01-11 04:40:25 +00:00
|
|
|
| {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
|
|
|
|
run_once: true
|
|
|
|
when:
|
2019-04-19 13:01:54 +00:00
|
|
|
- inventory_hostname == groups['kube-master']|first
|
2019-01-11 04:40:25 +00:00
|
|
|
- kubeadm_config_api_fqdn is not defined
|
2019-06-28 07:37:37 +00:00
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
2019-01-11 04:40:25 +00:00
|
|
|
- not kube_proxy_remove
|
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
|
|
|
- name: Restart all kube-proxy pods to ensure that they load the new configmap
|
2019-03-14 14:45:46 +00:00
|
|
|
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
|
2019-01-11 04:40:25 +00:00
|
|
|
run_once: true
|
|
|
|
when:
|
2019-04-19 13:01:54 +00:00
|
|
|
- inventory_hostname == groups['kube-master']|first
|
2019-01-11 04:40:25 +00:00
|
|
|
- kubeadm_config_api_fqdn is not defined
|
2019-06-28 07:37:37 +00:00
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
2019-01-11 04:40:25 +00:00
|
|
|
- not kube_proxy_remove
|
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
2018-08-23 14:17:18 +00:00
|
|
|
# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
|
|
|
|
- name: Symlink kubelet kubeconfig for calico/canal
|
|
|
|
file:
|
|
|
|
src: "{{ kube_config_dir }}/kubelet.conf"
|
|
|
|
dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
|
|
|
state: link
|
|
|
|
force: yes
|
2019-01-28 19:03:49 +00:00
|
|
|
when:
|
|
|
|
- kube_network_plugin in ['calico','canal']
|
|
|
|
- calico_version is version('v3.3.0', '<')
|
2018-08-23 14:17:18 +00:00
|
|
|
|
2018-10-16 14:15:05 +00:00
|
|
|
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
|
|
|
|
# is fixed
|
|
|
|
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
|
2018-12-06 10:33:38 +00:00
|
|
|
shell: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
|
2018-10-16 14:15:05 +00:00
|
|
|
run_once: true
|
|
|
|
when:
|
2019-04-19 13:01:54 +00:00
|
|
|
- inventory_hostname == groups['kube-master']|first
|
2018-10-16 14:15:05 +00:00
|
|
|
- kube_proxy_remove
|
2019-06-28 07:37:37 +00:00
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
2018-10-16 14:15:05 +00:00
|
|
|
tags:
|
|
|
|
- kube-proxy
|
2019-06-20 18:12:51 +00:00
|
|
|
|
|
|
|
- name: Extract etcd certs from control plane if using etcd kubeadm mode
|
|
|
|
include_tasks: kubeadm_etcd_node.yml
|
|
|
|
when:
|
|
|
|
- etcd_kubeadm_enabled
|
|
|
|
- kubeadm_control_plane
|
|
|
|
- inventory_hostname not in groups['kube-master']
|
|
|
|
- kube_network_plugin in ["calico", "flannel", "canal", "cilium"]
|
|
|
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|