--- - name: create systemd override directory for kubelet file: path: /etc/systemd/system/kubelet.service.d state: directory - name: install systemd override for kubelet template: src: kubelet.service.override.j2 dest: /etc/systemd/system/kubelet.service.d/standalone.conf notify: restart kubelet - name: install kubelet config template: src: kubelet-config.yml.j2 dest: /etc/kubernetes/kubelet.yml notify: restart kubelet - name: create TLS certificates and keys import_tasks: tls.yml - name: make sure kubelet is enabled and running systemd: name: kubelet.service state: started enabled: yes daemon_reload: yes - name: create cni config directory file: name: /etc/cni/net.d state: directory - name: install cni config template: src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2" dest: /etc/cni/net.d/kube-standalone.conflist - name: install local-services iptables script template: src: kube-standalone-local-services.sh.j2 dest: /usr/local/sbin/kube-standalone-local-services.sh mode: 0755 notify: restart local-services - name: install local-services systemd unit template: src: kube-standalone-local-services.service.j2 dest: /etc/systemd/system/kube-standalone-local-services.service notify: restart local-services - name: make sure local-services is enabled and started systemd: daemon_reload: yes name: kube-standalone-local-services.service state: started enabled: yes - name: install kubeletctl apt: name: kubeletctl state: present - name: add kubeletctl config for shells loop: - zsh - bash blockinfile: path: "/root/.{{ item }}rc" create: yes marker: "### {mark} ANSIBLE MANAGED BLOCK for kubeletctl ###" content: | alias kubeletctl="kubeletctl --server 127.0.0.1 --cacert /etc/ssl/standalone-kubelet/ca-crt.pem --cert /etc/ssl/standalone-kubelet/client/crt.pem --key /etc/ssl/standalone-kubelet/client/key.pem --ignoreconfig"