dc515e5ac5
This role only support Red Hat type distros and is not maintained or used by many users. It should be removed because it creates feature disparity between supported OSes and is not maintained.
105 lines
3.6 KiB
YAML
105 lines
3.6 KiB
YAML
---
|
|
- hosts: localhost
|
|
gather_facts: False
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
|
|
|
|
- hosts: k8s-cluster:etcd:calico-rr
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
gather_facts: false
|
|
vars:
|
|
# Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining
|
|
# fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled.
|
|
ansible_ssh_pipelining: false
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: bootstrap-os, tags: bootstrap-os}
|
|
|
|
- hosts: k8s-cluster:etcd:calico-rr
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
vars:
|
|
ansible_ssh_pipelining: true
|
|
gather_facts: true
|
|
|
|
- hosts: k8s-cluster:etcd:calico-rr
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: kubernetes/preinstall, tags: preinstall }
|
|
- { role: docker, tags: docker }
|
|
- role: rkt
|
|
tags: rkt
|
|
when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
|
|
|
|
- hosts: etcd:k8s-cluster:vault
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults, when: "cert_management == 'vault'" }
|
|
- { role: vault, tags: vault, vault_bootstrap: true, when: "cert_management == 'vault'" }
|
|
|
|
- hosts: etcd
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: etcd, tags: etcd, etcd_cluster_setup: true }
|
|
|
|
- hosts: k8s-cluster
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: etcd, tags: etcd, etcd_cluster_setup: false }
|
|
|
|
- hosts: etcd:k8s-cluster:vault
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
|
|
|
|
- hosts: k8s-cluster
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: kubernetes/node, tags: node }
|
|
|
|
- hosts: kube-master
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: kubernetes/master, tags: master }
|
|
|
|
- hosts: k8s-cluster
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
|
|
- { role: network_plugin, tags: network }
|
|
|
|
- hosts: kube-master
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
|
|
- { role: kubernetes-apps/network_plugin, tags: network }
|
|
- { role: kubernetes-apps/policy_controller, tags: policy-controller }
|
|
- { role: kubernetes/client, tags: client }
|
|
|
|
- hosts: calico-rr
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: network_plugin/calico/rr, tags: network }
|
|
|
|
- hosts: k8s-cluster
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: dnsmasq, when: "dns_mode == 'dnsmasq_kubedns'", tags: dnsmasq }
|
|
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }
|
|
|
|
- hosts: kube-master[0]
|
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
|
roles:
|
|
- { role: kubespray-defaults}
|
|
- { role: kubernetes-apps, tags: apps }
|