diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-01-17 17:46:08 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-01-31 22:31:22 +0100 |
| commit | cd946c702fea849b06e0fd6a19ef5597235caf55 (patch) | |
| tree | 5f8a90a2f4bc11f6a25833326e7d3f6eb3492171 /roles/kubernetes | |
| parent | kubernetes: move cluster cleanup to sepearte playbook (diff) | |
single master kubernetes cluster works now
Diffstat (limited to 'roles/kubernetes')
| -rw-r--r-- | roles/kubernetes/kubeadm/master/tasks/primary-master.yml | 17 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 | 4 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/node/tasks/main.yml | 2 |
3 files changed, 4 insertions, 19 deletions
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index 58658794..5efc91b5 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -53,7 +53,6 @@ fail: msg: "upgrading cluster config is currently not supported!" - ### cluster is already initialized - name: prepare cluster for new nodes @@ -76,22 +75,8 @@ check_mode: no register: kubeadm_token_create -## - -## this fixes the kubelet kubeconfig to make use of certificate rotation. This is a bug in -## kubeadm init which was fixed with 1.17 release. TODO: remove this once all cluster have been -## upgraded to 1.17 or newer. -- name: fix kubeconfig of kubelet - lineinfile: - path: /etc/kubernetes/kubelet.conf - backrefs: yes - regexp: '^(\s*)client-{{ item }}(-data)?:' - line: '\1client-{{ item }}: /var/lib/kubelet/pki/kubelet-client-current.pem' - with_items: - - certificate - - key - notify: restart kubelet +## calculate certificate digest - name: install openssl apt: diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 index e03ea6f6..3c10e59b 100644 --- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 @@ -1,13 +1,13 @@ {# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #} {# #} -apiVersion: kubeadm.k8s.io/v1beta1 +apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration {# TODO: this is ugly but we want to create our own token so we can #} {# better control it's lifetime #} bootstrapTokens: - ttl: "1s" --- -apiVersion: kubeadm.k8s.io/v1beta1 +apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} clusterName: {{ kubernetes.cluster_name }} diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml index 2a140099..dba2ce30 100644 --- a/roles/kubernetes/kubeadm/node/tasks/main.yml +++ b/roles/kubernetes/kubeadm/node/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: join kubernetes node - command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" + command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join |