80379f6cab
- Creates and defaults an ansible variable for every configuration option in the `kubeproxy.config.k8s.io/v1alpha1` type spec - Fixes vars that were orphaned by removing non-kubeadm - Fixes previously harcoded kubeadm values - Introduces a `main` directory for role default files per component (requires ansible 2.6.0+) - Split out just `kube-proxy.yml` in this first effort - Removes the kube-proxy server field patch task We should continue to pull out other components from `main.yml` into their own defaults files as I did here for `defaults/main/kube-proxy.yml`. I hope for and will need others to join me in this refactoring across the project until each component config template has a matching role defaults file, with shared defaults in `kubespray-defaults` or `downloads`
115 lines
3.7 KiB
YAML
115 lines
3.7 KiB
YAML
---
|
|
- name: Set kubeadm_discovery_address
|
|
set_fact:
|
|
kubeadm_discovery_address: >-
|
|
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
|
{{ first_kube_master }}:{{ kube_apiserver_port }}
|
|
{%- else -%}
|
|
{{ kube_apiserver_endpoint }}
|
|
{%- endif %}
|
|
tags:
|
|
- facts
|
|
|
|
- name: Check if kubelet.conf exists
|
|
stat:
|
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
|
register: kubelet_conf
|
|
|
|
- name: Calculate kubeadm CA cert hash
|
|
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
|
register: kubeadm_ca_hash
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
run_once: true
|
|
|
|
- name: Create kubeadm token for joining nodes with 24h expiration (default)
|
|
command: "{{ bin_dir }}/kubeadm token create"
|
|
run_once: true
|
|
register: temp_token
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
- name: gets the kubeadm version
|
|
command: "{{ bin_dir }}/kubeadm version -o short"
|
|
register: kubeadm_output
|
|
|
|
- name: sets kubeadm api version to v1alpha1
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1alpha1
|
|
when: kubeadm_output.stdout is version('v1.11.0', '<')
|
|
|
|
- name: sets kubeadm api version to v1alpha2
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1alpha2
|
|
when:
|
|
- kubeadm_output.stdout is version('v1.11.0', '>=')
|
|
- kubeadm_output.stdout is version('v1.12.0', '<')
|
|
|
|
- name: sets kubeadm api version to v1alpha3
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1alpha3
|
|
when:
|
|
- kubeadm_output.stdout is version('v1.12.0', '>=')
|
|
- kubeadm_output.stdout is version('v1.13.0', '<')
|
|
|
|
- name: sets kubeadm api version to v1beta1
|
|
set_fact:
|
|
kubeadmConfig_api_version: v1beta1
|
|
when: kubeadm_output.stdout is version('v1.13.0', '>=')
|
|
|
|
- name: Create kubeadm client config
|
|
template:
|
|
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
|
|
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
|
|
backup: yes
|
|
when: not is_kube_master
|
|
vars:
|
|
kubeadm_token: "{{ temp_token.stdout }}"
|
|
|
|
- name: Join to cluster if needed
|
|
command: >-
|
|
{{ bin_dir }}/kubeadm join
|
|
--config {{ kube_config_dir}}/kubeadm-client.conf
|
|
--ignore-preflight-errors=all
|
|
register: kubeadm_join
|
|
when: not is_kube_master and (not kubelet_conf.stat.exists)
|
|
environment:
|
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
|
|
|
|
- name: Wait for kubelet bootstrap to create config
|
|
wait_for:
|
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
|
delay: 1
|
|
timeout: 60
|
|
|
|
- name: Update server field in kubelet kubeconfig
|
|
lineinfile:
|
|
dest: "{{ kube_config_dir }}/kubelet.conf"
|
|
regexp: 'server:'
|
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
|
backup: yes
|
|
when:
|
|
- kubeadm_config_api_fqdn is not defined
|
|
- not is_kube_master
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint
|
|
notify: restart kubelet
|
|
|
|
# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
|
|
- name: Symlink kubelet kubeconfig for calico/canal
|
|
file:
|
|
src: "{{ kube_config_dir }}/kubelet.conf"
|
|
dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
|
|
state: link
|
|
force: yes
|
|
when: kube_network_plugin in ['calico','canal']
|
|
|
|
# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
|
|
# is fixed
|
|
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
|
|
shell: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
|
|
delegate_to: "{{groups['kube-master']|first}}"
|
|
run_once: true
|
|
when:
|
|
- kube_proxy_remove
|
|
- is_kube_master
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint
|
|
tags:
|
|
- kube-proxy
|