--- - name: Set kubeadm_discovery_address set_fact: kubeadm_discovery_address: >- {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%} {{ first_kube_master }}:{{ kube_apiserver_port }} {%- else -%} {{ kube_apiserver_endpoint }} {%- endif %} tags: - facts - name: Check if kubelet.conf exists stat: path: "{{ kube_config_dir }}/kubelet.conf" register: kubelet_conf - name: Calculate kubeadm CA cert hash shell: openssl x509 -pubkey -in {{ kube_config_dir }}/ssl/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' register: kubeadm_ca_hash delegate_to: "{{ groups['kube-master'][0] }}" run_once: true - name: Create kubeadm token for joining nodes with 24h expiration (default) command: "{{ bin_dir }}/kubeadm token create" run_once: true register: temp_token delegate_to: "{{ groups['kube-master'][0] }}" - name: gets the kubeadm version command: "{{ bin_dir }}/kubeadm version -o short" register: kubeadm_output - name: sets kubeadm api version to v1alpha1 set_fact: kubeadmConfig_api_version: v1alpha1 when: kubeadm_output.stdout|version_compare('v1.11.0', '<') - name: defaults kubeadm api version to v1alpha2 set_fact: kubeadmConfig_api_version: v1alpha2 when: kubeadm_output.stdout|version_compare('v1.11.0', '>=') - name: Create kubeadm client config template: src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2" dest: "{{ kube_config_dir }}/kubeadm-client.{{ kubeadmConfig_api_version }}.conf" backup: yes when: not is_kube_master vars: kubeadm_token: "{{ temp_token.stdout }}" - name: Join to cluster if needed command: >- {{ bin_dir }}/kubeadm join --config {{ kube_config_dir}}/kubeadm-client.{{ kubeadmConfig_api_version }}.conf --ignore-preflight-errors=all register: kubeadm_join when: not is_kube_master and (not kubelet_conf.stat.exists) - name: Wait for kubelet bootstrap to create config wait_for: path: "{{ kube_config_dir }}/kubelet.conf" delay: 1 timeout: 60 - name: Update server field in kubelet kubeconfig lineinfile: dest: "{{ kube_config_dir }}/kubelet.conf" regexp: 'server:' line: ' server: {{ kube_apiserver_endpoint }}' backup: yes when: not is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint notify: restart kubelet - name: Update server field in kube-proxy kubeconfig shell: >- {{ bin_dir }}/kubectl get configmap kube-proxy -n kube-system -o yaml | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g' | {{ bin_dir }}/kubectl replace -f - delegate_to: "{{groups['kube-master']|first}}" run_once: true when: is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint - name: Restart all kube-proxy pods to ensure that they load the new configmap shell: "{{ bin_dir }}/kubectl delete pod -n kube-system -l k8s-app=kube-proxy" delegate_to: "{{groups['kube-master']|first}}" run_once: true when: is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint # FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes - name: Symlink kubelet kubeconfig for calico/canal file: src: "{{ kube_config_dir }}/kubelet.conf" dest: "{{ kube_config_dir }}/node-kubeconfig.yaml" state: link force: yes when: kube_network_plugin in ['calico','canal']