ddffdb63bf
* Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
64 lines
1.6 KiB
YAML
64 lines
1.6 KiB
YAML
---
|
|
- import_tasks: pre-upgrade.yml
|
|
tags:
|
|
- k8s-pre-upgrade
|
|
|
|
- import_tasks: users-file.yml
|
|
when:
|
|
- kube_basic_auth|default(true)
|
|
|
|
- import_tasks: encrypt-at-rest.yml
|
|
when:
|
|
- kube_encrypt_secret_data
|
|
|
|
- name: Install | Copy kubectl binary from download dir
|
|
synchronize:
|
|
src: "{{ local_release_dir }}/hyperkube"
|
|
dest: "{{ bin_dir }}/kubectl"
|
|
compress: no
|
|
perms: yes
|
|
owner: no
|
|
group: no
|
|
changed_when: false
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
tags:
|
|
- hyperkube
|
|
- kubectl
|
|
- upgrade
|
|
|
|
- name: install | Set kubectl binary permissions
|
|
file:
|
|
path: "{{ bin_dir }}/kubectl"
|
|
mode: "0755"
|
|
state: file
|
|
tags:
|
|
- hyperkube
|
|
- kubectl
|
|
- upgrade
|
|
|
|
- name: Install kubectl bash completion
|
|
shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh"
|
|
when: ansible_os_family in ["Debian","RedHat"]
|
|
tags:
|
|
- kubectl
|
|
|
|
- name: Set kubectl bash completion file
|
|
file:
|
|
path: /etc/bash_completion.d/kubectl.sh
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: ansible_os_family in ["Debian","RedHat"]
|
|
tags:
|
|
- kubectl
|
|
- upgrade
|
|
|
|
- name: Disable SecurityContextDeny admission-controller and enable PodSecurityPolicy
|
|
set_fact:
|
|
kube_apiserver_admission_control: "{{ kube_apiserver_admission_control | default([]) | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"
|
|
kube_apiserver_enable_admission_plugins: "{{ kube_apiserver_enable_admission_plugins | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"
|
|
when: podsecuritypolicy_enabled
|
|
|
|
- name: Include kubeadm setup
|
|
import_tasks: kubeadm-setup.yml
|