C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
c12s-kubespray/roles/kubernetes/secrets/tasks/main.yml
Greg Althaus 707e6a4642 This PR adds/or modifies a few tasks to allow for the playbook to 
be run by limit on each node without regard for order.

The changes make sure that all of the directories needed to do
certificate management are on the master[0] or etcd[0] node regardless
of when the playbook gets run on each node.  This allows for separate
ansible playbook runs in parallel that don't have to be synchronized.
2017-01-14 23:24:34 -06:00

76 lines
2.1 KiB
YAML
Raw Blame History

---
- include: check-certs.yml
tags: [k8s-secrets, facts]
- include: check-tokens.yml
tags: [k8s-secrets, facts]
- name: Make sure the certificate directory exits
file:
path={{ kube_cert_dir }}
state=directory
mode=o-rwx
group={{ kube_cert_group }}
- name: Make sure the tokens directory exits
file:
path={{ kube_token_dir }}
state=directory
mode=o-rwx
group={{ kube_cert_group }}
- name: Make sure the users directory exits
file:
path={{ kube_users_dir }}
state=directory
mode=o-rwx
group={{ kube_cert_group }}
- name: Populate users for basic auth in API
lineinfile:
dest: "{{ kube_users_dir }}/known_users.csv"
create: yes
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
backup: yes
with_dict: "{{ kube_users }}"
when: inventory_hostname in "{{ groups['kube-master'] }}"
notify: set secret_changed
#
# The following directory creates make sure that the directories
# exist on the first master for cases where the first master isn't
# being run.
#
- name: Gen_certs | Create kubernetes config directory (on master[0])
file:
path: "{{ kube_config_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
when: gen_certs|default(false) or gen_tokens|default(false)
- name: Gen_certs | Create kubernetes script directory (on master[0])
file:
path: "{{ kube_script_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [k8s-secrets, bootstrap-os]
when: gen_certs|default(false) or gen_tokens|default(false)
- name: Get_tokens | Make sure the tokens directory exits (on master[0])
file:
path={{ kube_token_dir }}
state=directory
mode=o-rwx
group={{ kube_cert_group }}
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- include: gen_certs.yml
tags: k8s-secrets
- include: gen_tokens.yml
tags: k8s-secrets
Reference in a new issue View git blame Copy permalink