summaryrefslogtreecommitdiff
path: root/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/kubernetes/kubeadm/control-plane/tasks/main.yml')
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/main.yml76
1 files changed, 76 insertions, 0 deletions
diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/main.yml b/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
new file mode 100644
index 00000000..d5bd378e
--- /dev/null
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/main.yml
@@ -0,0 +1,76 @@
+---
+- name: create direcotry for encryption config
+ file:
+ name: /etc/kubernetes/encryption
+ state: directory
+ mode: 0700
+
+- name: install encryption config
+ template:
+ src: encryption-config.j2
+ dest: /etc/kubernetes/encryption/config
+ mode: 0600
+
+
+- name: install primary control-plane node
+ include_tasks: primary.yml
+ when: "'_kubernetes_primary_controlplane_node_' in group_names"
+
+- name: install secondary control-plane nodes
+ include_tasks: secondary.yml
+ when: "'_kubernetes_primary_controlplane_node_' not in group_names"
+
+
+- name: check if control-plane node is tainted (1/2)
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ inventory_hostname }} -o json"
+ check_mode: no
+ register: kubectl_get_node
+ changed_when: False
+
+- name: check if control-plane node is tainted (2/2)
+ set_fact:
+ kube_node_taints: "{% set node_info = kubectl_get_node.stdout | from_json %}{%if node_info.spec.taints is defined %}{{ node_info.spec.taints | map(attribute='key') | list }}{% endif %}"
+
+- name: remove taint from control-plane node
+ when: not kubernetes.dedicated_controlplane_nodes
+ block:
+ - name: remove control-plane taint from node
+ when: "'node-role.kubernetes.io/control-plane' in kube_node_taints"
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane-"
+
+ - name: remove deprecated master taint from node
+ when: "'node-role.kubernetes.io/master' in kube_node_taints"
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-"
+
+- name: add taint from control-plane node
+ when: kubernetes.dedicated_controlplane_nodes
+ block:
+ - name: add control-plane taint to node
+ when: "'node-role.kubernetes.io/control-plane' not in kube_node_taints"
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane='':NoSchedule"
+
+ - name: add deprecated master taint to node
+ when: "'node-role.kubernetes.io/master' not in kube_node_taints"
+ command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master='':NoSchedule"
+
+- name: prepare kubectl (1/2)
+ file:
+ name: /root/.kube
+ state: directory
+
+- name: prepare kubectl (2/2)
+ file:
+ dest: /root/.kube/config
+ src: /etc/kubernetes/admin.conf
+ state: link
+
+- name: add kubectl completion config for shells
+ loop:
+ - zsh
+ - bash
+ blockinfile:
+ path: "/root/.{{ item }}rc"
+ create: yes
+ marker: "### {mark} ANSIBLE MANAGED BLOCK for kubectl ###"
+ content: |
+ source <(kubectl completion {{ item }})
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 10:05:15 +0000