--- - name: Set kubeadm_discovery_address set_fact: kubeadm_discovery_address: >- {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%} {{ first_kube_master }}:{{ kube_apiserver_port }} {%- else -%} {{ kube_apiserver_endpoint | regex_replace('https://', '')}} {%- endif %} tags: - facts - name: Create kubeadm ControlPlane config template: src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" backup: yes when: - inventory_hostname != groups['kube-master']|first - not kubeadm_already_run.stat.exists - name: Wait for k8s apiserver wait_for: host: "{{kubeadm_discovery_address.split(':')[0]}}" port: "{{kubeadm_discovery_address.split(':')[1]}}" timeout: 180 - name: Upload certificates so they are fresh and not expired command: >- {{ bin_dir }}/kubeadm init phase --config {{ kube_config_dir}}/kubeadm-config.yaml upload-certs --experimental-upload-certs {% if kubeadm_certificate_key is defined %} --certificate-key={{ kubeadm_certificate_key }} {% endif %} register: kubeadm_upload_cert when: - inventory_hostname == groups['kube-master']|first - name: Parse certificate key if not set set_fact: kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}" when: kubeadm_certificate_key is undefined - name: Joining control plane node to the cluster. command: >- {{ bin_dir }}/kubeadm join --config {{ kube_config_dir}}/kubeadm-controlplane.yaml --ignore-preflight-errors=all {% if kubeadm_certificate_key is defined %} --certificate-key={{ kubeadm_certificate_key }} {% endif %} register: kubeadm_join_control_plane when: - inventory_hostname != groups['kube-master']|first - not kubeadm_already_run.stat.exists environment: PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" - name: Set secret_changed to false to avoid extra token rotation set_fact: secret_changed: false