4 files changed, 23 insertions, 19 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 8e913560..2d2bd324 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -1,18 +1,18 @@
 ---
-- name: install kubeadm and kubectl
+- name: install kubeadm packages
   apt:
     name:
-    - haproxy
-    - hatop
-    - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
-    - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
+      - haproxy
+      - hatop
+      - "kubeadm={{ kubernetes_version }}-00"
+      - "kubectl={{ kubernetes_version }}-00"
     state: present
+    force: yes
 
-- name: disable automatic upgrades for kubeadm and kubectl
-  when: kubernetes.pkg_version is defined
+- name: disable automatic upgrades for kubeadm/kubectl
   loop:
-  - kubeadm
-  - kubectl
+    - kubeadm
+    - kubectl
   dpkg_selections:
     name: "{{ item }}"
     selection: hold
@@ -25,7 +25,7 @@
     line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}'
     create: yes
 
-- name: add kubeadm completion for shells
+- name: add kubeadm config for shells
   loop:
     - zsh
     - bash
@@ -58,3 +58,6 @@
     marker: "### {mark} ANSIBLE MANAGED BLOCK for hatop ###"
     content: |
       alias hatop="hatop -s /var/run/haproxy/admin.sock"
+
+# - name: prepare network plugin
+#   include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
index 319cc1cb..2e0eaf5d 100644
--- a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
+++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
@@ -37,5 +37,5 @@ backend kube_api
     timeout connect 5s
     timeout server 3h
 {% for master in groups['_kubernetes_masters_'] %}
-    server {{ hostvars[master].inventory_hostname }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
+    server {{ master }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
 {% endfor %}
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 115c8616..9bbe9ecc 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -103,6 +103,7 @@
   delegate_facts: True
   loop: "{{ groups['_kubernetes_nodes_'] }}"
 
+
 ## Network Plugin
 
 # - name: install network plugin
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index f48a34f3..bb7f9a96 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -23,14 +23,14 @@ networking:
   podSubnet: {{ kubernetes.pod_ip_range }}
   serviceSubnet: {{ kubernetes.service_ip_range }}
 apiServer:
-  # extraArgs:
-  #   encryption-provider-config: /etc/kubernetes/encryption/config
-  # extraVolumes:
-  # - name: encryption-config
-  #   hostPath: /etc/kubernetes/encryption
-  #   mountPath: /etc/kubernetes/encryption
-  #   readOnly: true
-  #   pathType: Directory
+  extraArgs:
+    encryption-provider-config: /etc/kubernetes/encryption/config
+  extraVolumes:
+  - name: encryption-config
+    hostPath: /etc/kubernetes/encryption
+    mountPath: /etc/kubernetes/encryption
+    readOnly: true
+    pathType: Directory
 {% if (kubernetes.api_extra_sans | default([]) | length) == 0 %}
   certSANs: []
 {% else %}