From 30017d399a648ce5732332c5b0292fd89e887d85 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 20 Jan 2018 18:16:05 +0100
Subject: initial version of the kubernetes master role

---
 roles/kubernetes-base/tasks/main.yaml  |  8 ++++---
 roles/kubernetes-master/tasks/main.yml | 43 ++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 3 deletions(-)

(limited to 'roles')

diff --git a/roles/kubernetes-base/tasks/main.yaml b/roles/kubernetes-base/tasks/main.yaml
index 5fc3ee4a..171375dd 100644
--- a/roles/kubernetes-base/tasks/main.yaml
+++ b/roles/kubernetes-base/tasks/main.yaml
@@ -56,10 +56,12 @@
     name: "{{ item }}"
     selection: hold
 
-- name: install kubelet dns config snippet
+- name: install kubelet config snippets
+  with_items:
+  - 20-dns.conf
   template:
-    src: 20-dns.conf.j2
-    dest: /etc/systemd/system/kubelet.service.d/20-dns.conf
+    src: "{{ item }}.j2"
+    dest: "/etc/systemd/system/kubelet.service.d/{{ item }}"
   notify: reload systemd
 
 - name: add dummy group with gid 998
diff --git a/roles/kubernetes-master/tasks/main.yml b/roles/kubernetes-master/tasks/main.yml
index ed97d539..c0841585 100644
--- a/roles/kubernetes-master/tasks/main.yml
+++ b/roles/kubernetes-master/tasks/main.yml
@@ -1 +1,44 @@
 ---
+- name: generate bootstrap token
+  command: kubeadm token generate
+  changed_when: False
+  check_mode: no
+  register: kubeadm_token_generate
+
+- name: extract token id and secret
+  set_fact:
+    kube_bootstrap_token: "{{ kubeadm_token_generate.stdout }}"
+
+- name: set up kubernetes master
+  command: "kubeadm init --pod-network-cidr {{ kubernetes.pod_ip_range }}  --service-cidr {{ kubernetes.service_ip_range }} {% if kubernetes.api_extra_sans | length > 0 %}--apiserver-cert-extra-sans {{ kubernetes.api_extra_sans | join(',') }}{% endif %} --token '{{ kube_bootstrap_token }}' --token-ttl 42m"
+  args:
+    creates: /etc/kubernetes/pki/ca.crt
+  register: kubeadm_init
+
+- name: print result of kubeadm init
+  when: kubeadm_init.changed
+  debug:
+    var: kubeadm_init.stdout
+
+## TODO: check if the taint is set or not before taking any action
+
+# - name: remove taint from master node
+#   when: kubernetes.dedicated_master == False
+#   command: kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-
+
+# - name: add taint for master node
+#   when: kubernetes.dedicated_master == True
+#   command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ ansible_nodename }} node-role.kubernetes.io/master='':NoSchedule"
+
+- name: install openssl
+  apt:
+    name: openssl
+    state: present
+
+- name: get ca certificate digest
+  shell: "openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'"
+  register: kube_ca_openssl
+
+- name: set ca digest fact
+  set_fact:
+    kube_bootstrap_ca_cert_hash: "sha256:{{ kube_ca_openssl.stdout }}"
-- 
cgit v1.2.3