--- - name: Set kubeadm_discovery_address set_fact: kubeadm_discovery_address: >- {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%} {{ first_kube_master }}:{{ kube_apiserver_port }} {%- else -%} {{ kube_apiserver_endpoint | regex_replace('https://', '') }} {%- endif %} tags: - facts - name: Upload certificates so they are fresh and not expired command: >- {{ bin_dir }}/kubeadm init phase --config {{ kube_config_dir }}/kubeadm-config.yaml upload-certs --upload-certs register: kubeadm_upload_cert when: - inventory_hostname == groups['kube-master']|first - name: Parse certificate key if not set set_fact: kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}" run_once: yes when: - hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is defined - hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is not skipped - name: Create kubeadm ControlPlane config template: src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" mode: 0640 backup: yes when: - inventory_hostname != groups['kube-master']|first - not kubeadm_already_run.stat.exists - name: Wait for k8s apiserver wait_for: host: "{{ kubeadm_discovery_address.split(':')[0] }}" port: "{{ kubeadm_discovery_address.split(':')[1] }}" timeout: 180 - name: check already run debug: msg: "{{ kubeadm_already_run.stat.exists }}" - name: Joining control plane node to the cluster. shell: >- if [ -f /etc/kubernetes/manifests/kube-apiserver.yaml ]; then {{ bin_dir }}/kubeadm reset -f --cert-dir {{ kube_cert_dir }}; fi && {{ bin_dir }}/kubeadm join --config {{ kube_config_dir }}/kubeadm-controlplane.yaml --ignore-preflight-errors=all environment: PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" register: kubeadm_join_control_plane retries: 3 throttle: 1 until: kubeadm_join_control_plane is succeeded when: - inventory_hostname != groups['kube-master']|first - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists - name: Set secret_changed to false to avoid extra token rotation set_fact: secret_changed: false