c12s-kubespray/roles/kubernetes/master/tasks/main.yml

---
- include: pre-upgrade.yml
  tags: k8s-pre-upgrade

- name: Copy kubectl from hyperkube container
  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
  register: kube_task_result
  until: kube_task_result.rc == 0
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  changed_when: false
  tags: [hyperkube, kubectl, upgrade]

- name: Install kubectl bash completion
  shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh"
  when: ansible_os_family in ["Debian","RedHat"]
  tags: kubectl

- name: Set kubectl bash completion file
  file:
    path: /etc/bash_completion.d/kubectl.sh
    owner: root
    group: root
    mode: 0755
  when: ansible_os_family in ["Debian","RedHat"]
  tags: [kubectl, upgrade]

- name: Write kube-apiserver manifest
  template:
    src: manifests/kube-apiserver.manifest.j2
    dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
  notify: Master | wait for the apiserver to be running
  tags: kube-apiserver

- meta: flush_handlers

- name: Write kube system namespace manifest
  template:
    src: namespace.j2
    dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
  run_once: yes
  when: inventory_hostname == groups['kube-master'][0]
  tags: apps

- name: Check if kube system namespace exists
  command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}"
  register: 'kubesystem'
  changed_when: False
  failed_when: False
  run_once: yes
  tags: apps

- name: Create kube system namespace
  command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml"
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  register: create_system_ns
  until: create_system_ns.rc == 0
  changed_when: False
  when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
  tags: apps

- name: Lay Down kubelet PSP Resources (RBAC)
  template:
    src: "{{item.file}}"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
    - {name: kubelet-psp, file: kubelet-psp.yaml, type: psp}
    - {name: kubelet-psp, file: kubelet-psp-clusterrole.yaml, type: clusterrole}
    - {name: kubelet-psp, file: kubelet-psp-clusterrolebinding.yaml, type: clusterrolebinding}
  register: manifests
  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled and psp_enabled
  tags: apps

- name: Apply kubelet PSP Resources (RBAC)
  kube:
    name: "{{item.item.name}}"
    namespace: "{{ system_namespace }}"
    kubectl: "{{bin_dir}}/kubectl"
    resource: "{{item.item.type}}"
    filename: "{{kube_config_dir}}/{{item.item.file}}"
    state: "{{item.changed | ternary('latest','present') }}"
  with_items: "{{ manifests.results }}"
  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled and psp_enabled
  tags: apps

- name: Write kube-scheduler kubeconfig
  template:
    src: kube-scheduler-kubeconfig.yaml.j2
    dest: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
  tags: kube-scheduler

- name: Write kube-scheduler manifest
  template:
    src: manifests/kube-scheduler.manifest.j2
    dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
  notify: Master | wait for kube-scheduler
  tags: kube-scheduler

- name: Write kube-controller-manager kubeconfig
  template:
    src: kube-controller-manager-kubeconfig.yaml.j2
    dest: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
  tags: kube-controller-manager

- name: Write kube-controller-manager manifest
  template:
    src: manifests/kube-controller-manager.manifest.j2
    dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
  notify: Master | wait for kube-controller-manager
  tags: kube-controller-manager

- include: post-upgrade.yml
  tags: k8s-post-upgrade