kubernetes: add support for ansible managed node annotations,labels and taints

author: Christian Pointner <equinox@spreadspace.org> 2022-08-19 22:42:47 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2022-08-19 22:42:47 +0200
commit: 546880b4667f789ee1993b572f30e88cd1fae721 (patch)
tree: c35e2f0ace48f210f98ac1b9fb9431625433a032 /roles/kubernetes/kubeadm
parent: kubernetes/kubeadm: properly wait for new nodes to join the cluster (diff)
4 files changed, 9 insertions, 6 deletions
diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
index cbad58d9..36195235 100644
--- a/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml
@@ -38,8 +38,8 @@
         dest: /etc/kubernetes/kubeadm-init.errors
 
   - name: create bootstrap token for new cluster
-    command: kubeadm token create --ttl 42m
     check_mode: no
+    command: kubeadm token create --ttl 42m
     register: kubeadm_token_generate
 
 
@@ -61,9 +61,9 @@
   block:
 
   - name: fetch list of current nodes
+    check_mode: no
     command: kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes -o name
     changed_when: False
-    check_mode: no
     register: kubectl_node_list
 
   - name: save list of current nodes
@@ -71,9 +71,9 @@
       kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
 
   - name: create bootstrap token for existing cluster
+    check_mode: no
     when: "groups['_kubernetes_nodes_'] | map('extract', hostvars, 'kubernetes_node_name') | difference(kubernetes_current_nodes) | length > 0"
     command: kubeadm token create --ttl 42m
-    check_mode: no
     register: kubeadm_token_create
 
 
@@ -85,10 +85,10 @@
     state: present
 
 - name: get ca certificate digest
+  check_mode: no
   shell: "set -o pipefail && openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'"
   args:
     executable: /bin/bash
-  check_mode: no
   register: kube_ca_openssl
   changed_when: False
 
diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml b/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
index aaa4d94e..0c7a285f 100644
--- a/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/secondary.yml
@@ -5,9 +5,9 @@
   block:
 
   - name: fetch list of current nodes
+    check_mode: no
     command: kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes -o name
     changed_when: False
-    check_mode: no
     register: kubectl_node_list
 
   - name: save list of current nodes
@@ -15,9 +15,9 @@
       kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
 
   - name: upload certs
+    check_mode: no
     when: "groups['_kubernetes_controlplane_nodes_'] | map('extract', hostvars, 'kubernetes_node_name') | difference(kubernetes_current_nodes) | length > 0"
     command: kubeadm init phase upload-certs --upload-certs
-    check_mode: no
     register: kubeadm_upload_certs
 
 - name: extracting encryption key for certs
@@ -57,6 +57,7 @@
 
 - name: wait for new control-plane node to register
   delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
+  check_mode: no
   command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes -o name {{ kubernetes_node_name }}"
   changed_when: False
   register: kubectl_node_get
diff --git a/roles/kubernetes/kubeadm/reset/tasks/main.yml b/roles/kubernetes/kubeadm/reset/tasks/main.yml
index bc38ce81..ce343f3c 100644
--- a/roles/kubernetes/kubeadm/reset/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/reset/tasks/main.yml
@@ -14,6 +14,7 @@
   - /etc/kubernetes/network-plugin.yml
   - /etc/kubernetes/node-local-dns.yml
   - /etc/kubernetes/addons
+  - /etc/kubernetes/decorations
   - /etc/default/kubelet
   file:
     path: "{{ item }}"
diff --git a/roles/kubernetes/kubeadm/worker/tasks/main.yml b/roles/kubernetes/kubeadm/worker/tasks/main.yml
index 422f27c7..835967b8 100644
--- a/roles/kubernetes/kubeadm/worker/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/worker/tasks/main.yml
@@ -30,6 +30,7 @@
 
 - name: wait for new worker node to register
   delegate_to: "{{ groups['_kubernetes_primary_controlplane_node_'] | first }}"
+  check_mode: no
   command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes -o name {{ kubernetes_node_name }}"
   changed_when: False
   register: kubectl_node_get
author	Christian Pointner <equinox@spreadspace.org>	2022-08-19 22:42:47 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2022-08-19 22:42:47 +0200
commit	546880b4667f789ee1993b572f30e88cd1fae721 (patch)
tree	c35e2f0ace48f210f98ac1b9fb9431625433a032 /roles/kubernetes/kubeadm
parent	kubernetes/kubeadm: properly wait for new nodes to join the cluster (diff)