Generate external admin.conf with kubeadm (#4056)
* Generate external admin.conf with kubeadm * Fix apiserver sans
This commit is contained in:
parent
5a7ac7e5c1
commit
eecaba6b84
3 changed files with 32 additions and 29 deletions
|
@ -1,11 +1,17 @@
|
|||
---
|
||||
- name: Set external kube-apiserver endpoint
|
||||
set_fact:
|
||||
external_apiserver_endpoint: >-
|
||||
external_apiserver_address: >-
|
||||
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
|
||||
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
||||
{{ apiserver_loadbalancer_domain_name }}
|
||||
{%- else -%}
|
||||
https://{{ kube_apiserver_access_address }}:{{ kube_apiserver_port }}
|
||||
{{ kube_apiserver_access_address }}
|
||||
{%- endif -%}
|
||||
external_apiserver_port: >-
|
||||
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
|
||||
{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
||||
{%- else -%}
|
||||
{{ kube_apiserver_port }}
|
||||
{%- endif -%}
|
||||
tags:
|
||||
- facts
|
||||
|
@ -24,12 +30,28 @@
|
|||
mode: "0600"
|
||||
backup: yes
|
||||
|
||||
- name: Copy admin kubeconfig to ansible host
|
||||
fetch:
|
||||
src: "{{ kube_config_dir }}/admin.conf"
|
||||
- name: Generate admin kubeconfig with external api endpoint
|
||||
shell: >-
|
||||
{{ bin_dir }}/kubeadm alpha
|
||||
{% if kubeadm_version is version('v1.13.0', '<') %}
|
||||
phase
|
||||
{% endif %}
|
||||
kubeconfig user
|
||||
--client-name kubernetes-admin
|
||||
--org system:masters
|
||||
--cert-dir {{ kube_config_dir }}/ssl
|
||||
--apiserver-advertise-address {{ external_apiserver_address }}
|
||||
--apiserver-bind-port {{ external_apiserver_port }}
|
||||
run_once: yes
|
||||
register: admin_kubeconfig
|
||||
|
||||
- name: Write admin kubeconfig on ansible host
|
||||
copy:
|
||||
content: "{{ admin_kubeconfig.stdout }}"
|
||||
dest: "{{ artifacts_dir }}/admin.conf"
|
||||
flat: yes
|
||||
validate_checksum: no
|
||||
mode: 0640
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: yes
|
||||
when: kubeconfig_localhost|default(false)
|
||||
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Config
|
||||
current-context: admin-{{ cluster_name }}
|
||||
preferences: {}
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: {{ admin_certs.results[0]['content'] }}
|
||||
server: {{ external_apiserver_endpoint }}
|
||||
name: {{ cluster_name }}
|
||||
contexts:
|
||||
- context:
|
||||
cluster: {{ cluster_name }}
|
||||
user: admin-{{ cluster_name }}
|
||||
name: admin-{{ cluster_name }}
|
||||
users:
|
||||
- name: admin-{{ cluster_name }}
|
||||
user:
|
||||
client-certificate-data: {{ admin_certs.results[1]['content'] }}
|
||||
client-key-data: {{ admin_certs.results[2]['content'] }}
|
|
@ -56,11 +56,11 @@
|
|||
{{ ' '.join(groups['kube-master']) }}
|
||||
{%- if loadbalancer_apiserver is defined %}
|
||||
{{ apiserver_loadbalancer_domain_name }}
|
||||
{%- endif %}
|
||||
{% endif %}
|
||||
{% for host in groups['kube-master'] -%}
|
||||
{%- if hostvars[host]['access_ip'] is defined -%}
|
||||
{{ hostvars[host]['access_ip'] }}
|
||||
{%- endif %}
|
||||
{% endif %}
|
||||
{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
|
||||
{%- endfor %}
|
||||
{%- if supplementary_addresses_in_ssl_keys is defined -%}
|
||||
|
|
Loading…
Reference in a new issue