Generate external admin.conf with kubeadm (#4056)

* Generate external admin.conf with kubeadm

* Fix apiserver sans
This commit is contained in:
Matthew Mosesohn 2019-01-16 16:30:50 +03:00 committed by GitHub
parent 5a7ac7e5c1
commit eecaba6b84
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 29 deletions

View file

@ -1,11 +1,17 @@
---
- name: Set external kube-apiserver endpoint
set_fact:
external_apiserver_endpoint: >-
external_apiserver_address: >-
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
{{ apiserver_loadbalancer_domain_name }}
{%- else -%}
https://{{ kube_apiserver_access_address }}:{{ kube_apiserver_port }}
{{ kube_apiserver_access_address }}
{%- endif -%}
external_apiserver_port: >-
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
{%- else -%}
{{ kube_apiserver_port }}
{%- endif -%}
tags:
- facts
@ -24,12 +30,28 @@
mode: "0600"
backup: yes
- name: Copy admin kubeconfig to ansible host
fetch:
src: "{{ kube_config_dir }}/admin.conf"
- name: Generate admin kubeconfig with external api endpoint
shell: >-
{{ bin_dir }}/kubeadm alpha
{% if kubeadm_version is version('v1.13.0', '<') %}
phase
{% endif %}
kubeconfig user
--client-name kubernetes-admin
--org system:masters
--cert-dir {{ kube_config_dir }}/ssl
--apiserver-advertise-address {{ external_apiserver_address }}
--apiserver-bind-port {{ external_apiserver_port }}
run_once: yes
register: admin_kubeconfig
- name: Write admin kubeconfig on ansible host
copy:
content: "{{ admin_kubeconfig.stdout }}"
dest: "{{ artifacts_dir }}/admin.conf"
flat: yes
validate_checksum: no
mode: 0640
delegate_to: localhost
become: no
run_once: yes
when: kubeconfig_localhost|default(false)

View file

@ -1,19 +0,0 @@
apiVersion: v1
kind: Config
current-context: admin-{{ cluster_name }}
preferences: {}
clusters:
- cluster:
certificate-authority-data: {{ admin_certs.results[0]['content'] }}
server: {{ external_apiserver_endpoint }}
name: {{ cluster_name }}
contexts:
- context:
cluster: {{ cluster_name }}
user: admin-{{ cluster_name }}
name: admin-{{ cluster_name }}
users:
- name: admin-{{ cluster_name }}
user:
client-certificate-data: {{ admin_certs.results[1]['content'] }}
client-key-data: {{ admin_certs.results[2]['content'] }}

View file

@ -56,11 +56,11 @@
{{ ' '.join(groups['kube-master']) }}
{%- if loadbalancer_apiserver is defined %}
{{ apiserver_loadbalancer_domain_name }}
{%- endif %}
{% endif %}
{% for host in groups['kube-master'] -%}
{%- if hostvars[host]['access_ip'] is defined -%}
{{ hostvars[host]['access_ip'] }}
{%- endif %}
{% endif %}
{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
{%- endfor %}
{%- if supplementary_addresses_in_ssl_keys is defined -%}