1c5391dda7
* Move proxy_env to kubespray-defaults/defaults
There is no reasons to use set_facts here
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
* Ensure kubeadm doesn't use proxy
*_proxy variables might be present in the environment (/etc/environment, bash profile, ...)
When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests
We cannot unset env variables, but kubeadm is nice enough to ignore empty vars
93d288e2a4/cmd/kubeadm/app/util/env.go (L27)
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
72 lines
2.4 KiB
YAML
72 lines
2.4 KiB
YAML
---
|
|
- name: Set kubeadm_discovery_address
|
|
set_fact:
|
|
kubeadm_discovery_address: >-
|
|
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
|
{{ first_kube_master }}:{{ kube_apiserver_port }}
|
|
{%- else -%}
|
|
{{ kube_apiserver_endpoint | regex_replace('https://', '') }}
|
|
{%- endif %}
|
|
tags:
|
|
- facts
|
|
|
|
- name: Upload certificates so they are fresh and not expired
|
|
command: >-
|
|
{{ bin_dir }}/kubeadm init phase
|
|
--config {{ kube_config_dir }}/kubeadm-config.yaml
|
|
upload-certs
|
|
--upload-certs
|
|
environment: "{{ proxy_disable_env }}"
|
|
register: kubeadm_upload_cert
|
|
when:
|
|
- inventory_hostname == groups['kube-master']|first
|
|
|
|
- name: Parse certificate key if not set
|
|
set_fact:
|
|
kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
|
|
run_once: yes
|
|
when:
|
|
- hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is defined
|
|
- hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is not skipped
|
|
|
|
- name: Create kubeadm ControlPlane config
|
|
template:
|
|
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
|
|
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
|
|
mode: 0640
|
|
backup: yes
|
|
when:
|
|
- inventory_hostname != groups['kube-master']|first
|
|
- not kubeadm_already_run.stat.exists
|
|
|
|
- name: Wait for k8s apiserver
|
|
wait_for:
|
|
host: "{{ kubeadm_discovery_address.split(':')[0] }}"
|
|
port: "{{ kubeadm_discovery_address.split(':')[1] }}"
|
|
timeout: 180
|
|
|
|
|
|
- name: check already run
|
|
debug:
|
|
msg: "{{ kubeadm_already_run.stat.exists }}"
|
|
|
|
- name: Joining control plane node to the cluster.
|
|
shell: >-
|
|
if [ -f /etc/kubernetes/manifests/kube-apiserver.yaml ]; then
|
|
{{ bin_dir }}/kubeadm reset -f --cert-dir {{ kube_cert_dir }};
|
|
fi &&
|
|
{{ bin_dir }}/kubeadm join
|
|
--config {{ kube_config_dir }}/kubeadm-controlplane.yaml
|
|
--ignore-preflight-errors=all
|
|
environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}'
|
|
register: kubeadm_join_control_plane
|
|
retries: 3
|
|
throttle: 1
|
|
until: kubeadm_join_control_plane is succeeded
|
|
when:
|
|
- inventory_hostname != groups['kube-master']|first
|
|
- kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists
|
|
|
|
- name: Set secret_changed to false to avoid extra token rotation
|
|
set_fact:
|
|
secret_changed: false
|