--- - include: gen_kube_tokens.yml tags: tokens - name: Copy kubectl bash completion copy: src: kubectl_bash_completion.sh dest: /etc/bash_completion.d/kubectl.sh - name: Install kubernetes binaries command: cp -pf "{{ local_release_dir }}/kubernetes/bin/{{ item }}" "{{ bin_dir }}/{{ item }}" changed_when: false with_items: - kubectl - kube-apiserver - name: populate users for basic auth in API lineinfile: dest: "{{ kube_users_dir }}/known_users.csv" create: yes line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}' backup: yes with_dict: "{{ kube_users }}" notify: restart kube-apiserver # Sync masters - name: synchronize auth directories for masters synchronize: src: "{{ item }}" dest: "{{ kube_config_dir }}" recursive: yes delete: yes rsync_opts: [ '--one-file-system'] set_remote_user: false with_items: - "{{ kube_token_dir }}" - "{{ kube_cert_dir }}" - "{{ kube_users_dir }}" delegate_to: "{{ groups['kube-master'][0] }}" when: inventory_hostname != "{{ groups['kube-master'][0] }}" - name: install | Write kube-apiserver systemd init file template: src: "kube-apiserver.service.j2" dest: "/etc/systemd/system/kube-apiserver.service" backup: yes when: init_system == "systemd" notify: restart systemd-kube-apiserver - name: install | Write kube-apiserver initd script template: src: "deb-kube-apiserver.initd.j2" dest: "/etc/init.d/kube-apiserver" owner: root mode: 755 backup: yes when: init_system == "sysvinit" and ansible_os_family == "Debian" notify: restart kube-apiserver - name: Allow apiserver to bind on both secure and insecure ports shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver changed_when: false - name: Write kube-apiserver config file template: src: "kube-apiserver.j2" dest: "{{ kube_config_dir }}/kube-apiserver.env" backup: yes notify: restart kube-apiserver # restart apiserver if calico tokens list has changed - name: Reload tokens (restart apiserver) command: /bin/true notify: restart kube-apiserver changed_when: is_gentoken_calico|default(false) - name: Enable apiserver service: name: kube-apiserver enabled: yes state: started # Create kube-system namespace - name: copy 'kube-system' namespace manifest copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml run_once: yes when: inventory_hostname == groups['kube-master'][0] - name: Check if kube-system exists command: kubectl get ns kube-system register: 'kubesystem' changed_when: False ignore_errors: yes run_once: yes - name: wait for the apiserver to be running wait_for: port: "{{kube_apiserver_insecure_port}}" delay: 10 timeout: 60 - name: Create 'kube-system' namespace command: kubectl create -f /etc/kubernetes/kube-system-ns.yml changed_when: False when: kubesystem|failed and inventory_hostname == groups['kube-master'][0] # Write manifests - name: Write kube-controller-manager manifest template: src: manifests/kube-controller-manager.manifest.j2 dest: "{{ kube_config_dir }}/kube-controller-manager.manifest" - name: Write kube-scheduler manifest template: src: manifests/kube-scheduler.manifest.j2 dest: "{{ kube_config_dir }}/kube-scheduler.manifest" - name: Write podmaster manifest template: src: manifests/kube-podmaster.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-podmaster.manifest"