diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-01-20 18:16:05 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-01-20 18:16:05 +0100 |
commit | 30017d399a648ce5732332c5b0292fd89e887d85 (patch) | |
tree | b1e413b40cdc9a10fc17f39646b6d6cc57fcf83a /roles/kubernetes-master/tasks | |
parent | install kubelet systemd snippet for dns config (diff) |
initial version of the kubernetes master role
Diffstat (limited to 'roles/kubernetes-master/tasks')
-rw-r--r-- | roles/kubernetes-master/tasks/main.yml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/roles/kubernetes-master/tasks/main.yml b/roles/kubernetes-master/tasks/main.yml index ed97d539..c0841585 100644 --- a/roles/kubernetes-master/tasks/main.yml +++ b/roles/kubernetes-master/tasks/main.yml @@ -1 +1,44 @@ --- +- name: generate bootstrap token + command: kubeadm token generate + changed_when: False + check_mode: no + register: kubeadm_token_generate + +- name: extract token id and secret + set_fact: + kube_bootstrap_token: "{{ kubeadm_token_generate.stdout }}" + +- name: set up kubernetes master + command: "kubeadm init --pod-network-cidr {{ kubernetes.pod_ip_range }} --service-cidr {{ kubernetes.service_ip_range }} {% if kubernetes.api_extra_sans | length > 0 %}--apiserver-cert-extra-sans {{ kubernetes.api_extra_sans | join(',') }}{% endif %} --token '{{ kube_bootstrap_token }}' --token-ttl 42m" + args: + creates: /etc/kubernetes/pki/ca.crt + register: kubeadm_init + +- name: print result of kubeadm init + when: kubeadm_init.changed + debug: + var: kubeadm_init.stdout + +## TODO: check if the taint is set or not before taking any action + +# - name: remove taint from master node +# when: kubernetes.dedicated_master == False +# command: kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master- + +# - name: add taint for master node +# when: kubernetes.dedicated_master == True +# command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ ansible_nodename }} node-role.kubernetes.io/master='':NoSchedule" + +- name: install openssl + apt: + name: openssl + state: present + +- name: get ca certificate digest + shell: "openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'" + register: kube_ca_openssl + +- name: set ca digest fact + set_fact: + kube_bootstrap_ca_cert_hash: "sha256:{{ kube_ca_openssl.stdout }}" |