22a5a00c49
Fix issue where `kubeadm join` could wait forever for joining. Fix issue where `kubeadm join` were not reaching the user, making impossible to find the cause of the failure. New behaviour is to first attempt to join without bypassing the verifications checks and to display them if needed. If this fails it still attempts to join by ignoring the check in order to make previous behavior. A timeout of 60 seconds is allocated for a joining. Related-bug: #3973
141 lines
4.2 KiB
YAML
141 lines
4.2 KiB
YAML
---
|
|
- name: Set kubeadm_discovery_address
|
|
set_fact:
|
|
kubeadm_discovery_address: >-
|
|
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
|
{{ first_kube_master }}:{{ kube_apiserver_port }}
|
|
{%- else -%}
|
|
{{ kube_apiserver_endpoint }}
|
|
{%- endif %}
|
|
tags:
|
|
- facts
|
|
|
|
- name: Check if kubelet.conf exists
|
|
stat:
|
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
|
register: kubelet_conf
|
|
|
|
- name: Calculate kubeadm CA cert hash
|
|
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
|
register: kubeadm_ca_hash
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
run_once: true
|
|
|
|
- name: Create kubeadm token for joining nodes with 24h expiration (default)
|
|
command: "{{ bin_dir }}/kubeadm token create"
|
|
run_once: true
|
|
register: temp_token
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
- name: gets the kubeadm version
|
|
command: "{{ bin_dir }}/kubeadm version -o short"
|
|
register: kubeadm_output
|
|
|
|
- name: sets kubeadm api version to v1alpha1
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1alpha1
|
|
when: kubeadm_output.stdout is version('v1.11.0', '<')
|
|
|
|
- name: sets kubeadm api version to v1alpha2
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1alpha2
|
|
when:
|
|
- kubeadm_output.stdout is version('v1.11.0', '>=')
|
|
- kubeadm_output.stdout is version('v1.12.0', '<')
|
|
|
|
- name: sets kubeadm api version to v1alpha3
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1alpha3
|
|
when:
|
|
- kubeadm_output.stdout is version('v1.12.0', '>=')
|
|
- kubeadm_output.stdout is version('v1.13.0', '<')
|
|
|
|
- name: sets kubeadm api version to v1beta1
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1beta1
|
|
when: kubeadm_output.stdout is version('v1.13.0', '>=')
|
|
|
|
- name: Create kubeadm client config
|
|
template:
|
|
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
|
|
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
|
|
backup: yes
|
|
when: not is_kube_master
|
|
vars:
|
|
kubeadm_token: "{{ temp_token.stdout }}"
|
|
|
|
- name: Join to cluster if needed
|
|
environment:
|
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
|
|
when: not is_kube_master and (not kubelet_conf.stat.exists)
|
|
block:
|
|
|
|
- name: Join to cluster
|
|
command: >-
|
|
{{ bin_dir }}/kubeadm join
|
|
--config {{ kube_config_dir}}/kubeadm-client.conf
|
|
register: kubeadm_join
|
|
async: 60
|
|
poll: 15
|
|
|
|
rescue:
|
|
|
|
- name: Join to cluster with ignores
|
|
command: >-
|
|
{{ bin_dir }}/kubeadm join
|
|
--config {{ kube_config_dir}}/kubeadm-client.conf
|
|
--ignore-preflight-errors=all
|
|
register: kubeadm_join
|
|
async: 60
|
|
poll: 15
|
|
|
|
always:
|
|
|
|
- name: Display kubeadm join stderr if any
|
|
when: kubeadm_join is failed
|
|
debug:
|
|
message: |
|
|
Joined with warnings
|
|
{{ kubeadm_join.stderr_lines }}
|
|
|
|
- name: Wait for kubelet bootstrap to create config
|
|
wait_for:
|
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
|
delay: 1
|
|
timeout: 60
|
|
|
|
- name: Update server field in kubelet kubeconfig
|
|
lineinfile:
|
|
dest: "{{ kube_config_dir }}/kubelet.conf"
|
|
regexp: 'server:'
|
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
|
backup: yes
|
|
when:
|
|
- kubeadm_config_api_fqdn is not defined
|
|
- not is_kube_master
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint
|
|
notify: restart kubelet
|
|
|
|
# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
|
|
- name: Symlink kubelet kubeconfig for calico/canal
|
|
file:
|
|
src: "{{ kube_config_dir }}/kubelet.conf"
|
|
dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
|
state: link
|
|
force: yes
|
|
when:
|
|
- kube_network_plugin in ['calico','canal']
|
|
- calico_version is version('v3.3.0', '<')
|
|
|
|
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
|
|
# is fixed
|
|
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
|
|
shell: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
|
|
delegate_to: "{{groups['kube-master']|first}}"
|
|
run_once: true
|
|
when:
|
|
- kube_proxy_remove
|
|
- is_kube_master
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint
|
|
tags:
|
|
- kube-proxy
|