50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
---
|
|
- name: certs | create system kube-cert groups
|
|
group: name={{ kube_cert_group }} state=present system=yes
|
|
|
|
- name: create system kube user
|
|
user:
|
|
name=kube
|
|
comment="Kubernetes user"
|
|
shell=/sbin/nologin
|
|
state=present
|
|
system=yes
|
|
groups={{ kube_cert_group }}
|
|
|
|
- name: certs | make sure the certificate directory exits
|
|
file:
|
|
path={{ kube_cert_dir }}
|
|
state=directory
|
|
mode=o-rwx
|
|
group={{ kube_cert_group }}
|
|
|
|
- name: tokens | make sure the tokens directory exits
|
|
file:
|
|
path={{ kube_token_dir }}
|
|
state=directory
|
|
mode=o-rwx
|
|
group={{ kube_cert_group }}
|
|
|
|
- include: gen_certs.yml
|
|
run_once: true
|
|
when: inventory_hostname == groups['kube-master'][0]
|
|
|
|
- name: Read back the CA certificate
|
|
slurp:
|
|
src: "{{ kube_cert_dir }}/ca.crt"
|
|
register: ca_cert
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
- name: certs | register the CA certificate as a fact for later use
|
|
set_fact:
|
|
kube_ca_cert: "{{ ca_cert.content|b64decode }}"
|
|
|
|
- name: certs | write CA certificate everywhere
|
|
copy: content="{{ kube_ca_cert }}" dest="{{ kube_cert_dir }}/ca.crt"
|
|
notify:
|
|
- restart daemons
|
|
|
|
- include: gen_tokens.yml
|
|
run_once: true
|
|
when: inventory_hostname == groups['kube-master'][0]
|