--- - name: Helm | Make sure HELM_HOME directory exists file: path={{ helm_home_dir }} state=directory - name: Helm | Set up helm launcher include_tasks: "install_{{ helm_deployment_type }}.yml" - name: Helm | Lay Down Helm Manifests (RBAC) template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" with_items: - {name: tiller, file: tiller-namespace.yml, type: namespace} - {name: tiller, file: tiller-sa.yml, type: sa} - {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding} register: manifests when: - dns_mode != 'none' - inventory_hostname == groups['kube-master'][0] - helm_version is version('v3.0.0', '<') - name: Helm | Apply Helm Manifests (RBAC) kube: name: "{{ item.item.name }}" namespace: "{{ tiller_namespace }}" kubectl: "{{ bin_dir }}/kubectl" resource: "{{ item.item.type }}" filename: "{{ kube_config_dir }}/{{ item.item.file }}" state: "latest" with_items: "{{ manifests.results }}" when: - dns_mode != 'none' - inventory_hostname == groups['kube-master'][0] - helm_version is version('v3.0.0', '<') # Generate necessary certs for securing Helm and Tiller connection with TLS - name: Helm | Set up TLS include_tasks: "gen_helm_tiller_certs.yml" when: - tiller_enable_tls - helm_version is version('v3.0.0', '<') - name: Helm | Install client on all masters command: > {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }} {% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} --client-only environment: "{{ proxy_env }}" changed_when: false when: - helm_version is version('v3.0.0', '<') # FIXME: https://github.com/helm/helm/issues/6374 - name: Helm | Install/upgrade helm shell: > set -o pipefail && {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }} {% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} {% if rbac_enabled %} --service-account={{ tiller_service_account }}{% endif %} {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %} --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %} {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %} {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %} {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %} {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %} --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' {% if tiller_wait %} --wait{% endif %} {% if tiller_replicas is defined %} --replicas {{ tiller_replicas | int }}{% endif %} --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | {{ bin_dir }}/kubectl apply -f - args: executable: /bin/bash register: install_helm when: - inventory_hostname == groups['kube-master'][0] - helm_version is version('v3.0.0', '<') changed_when: false environment: "{{ proxy_env }}" # FIXME: https://github.com/helm/helm/issues/4063 - name: Helm | Force apply tiller overrides if necessary shell: > set -o pipefail && {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }} {% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} {% if rbac_enabled %} --service-account={{ tiller_service_account }}{% endif %} {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %} --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %} {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %} {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %} {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %} {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %} --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' {% if tiller_wait %} --wait{% endif %} {% if tiller_replicas is defined %} --replicas {{ tiller_replicas | int }}{% endif %} --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | {{ bin_dir }}/kubectl apply -f - args: executable: /bin/bash changed_when: false when: - inventory_hostname == groups['kube-master'][0] - helm_version is version('v3.0.0', '<') environment: "{{ proxy_env }}" - name: Helm | Add/update stable repo on all masters command: "{{ bin_dir }}/helm repo add stable {{ helm_stable_repo_url }}" environment: "{{ proxy_env }}" when: - helm_version is version('v3.0.0', '>=') - helm_stable_repo_url is defined - name: Make sure bash_completion.d folder exists # noqa 503 file: name: "/etc/bash_completion.d/" state: directory when: - ((helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed)) - ansible_os_family in ["ClearLinux"] - name: Helm | Set up bash completion # noqa 503 shell: "umask 022 && {{ bin_dir }}/helm completion bash >/etc/bash_completion.d/helm.sh" when: - ((helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed)) - not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]