blob: 65a6f7c8f84197460dd00cb6aeaebc6869437d3d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
---
- name: check if kubeconfig kubelet.conf already exists
stat:
path: /etc/kubernetes/kubelet.conf
register: kubeconfig_kubelet_stats
- name: generate kubeadm.config
template:
src: kubeadm.config.j2
dest: /etc/kubernetes/kubeadm.config
register: kubeadm_config
### cluster not yet initialized
- name: create new cluster
when: not kubeconfig_kubelet_stats.stat.exists
block:
#### kubeadm wants token to come from --config if --config is used
#### i think this is stupid -> TODO: send bug report
# - name: generate bootstrap token for new cluster
# command: kubeadm token generate
# changed_when: False
# check_mode: no
# register: kubeadm_token_generate
- name: initialize kubernetes primary control-plane node and store log
block:
- name: initialize kubernetes primary control-plane node
command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --skip-token-print"
# command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
args:
creates: /etc/kubernetes/pki/ca.crt
register: kubeadm_init
always:
- name: dump output of kubeadm init to log file
when: kubeadm_init.changed
copy:
content: "{{ kubeadm_init.stdout }}\n"
dest: /etc/kubernetes/kubeadm-init.log
- name: dump error output of kubeadm init to log file
when: kubeadm_init.changed and kubeadm_init.stderr
copy:
content: "{{ kubeadm_init.stderr }}\n"
dest: /etc/kubernetes/kubeadm-init.errors
- name: create bootstrap token for new cluster
command: kubeadm token create --ttl 42m
check_mode: no
register: kubeadm_token_generate
### cluster is already initialized but config has changed
- name: upgrade cluster config
when: kubeconfig_kubelet_stats.stat.exists and kubeadm_config is changed
block:
- name: fail for cluster upgrades
fail:
msg: "upgrading cluster config is currently not supported!"
### cluster is already initialized
- name: prepare cluster for new nodes
when: kubeconfig_kubelet_stats.stat.exists and kubeadm_config is not changed
block:
- name: fetch list of current nodes
command: kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes -o name
changed_when: False
check_mode: no
register: kubectl_node_list
- name: save list of current nodes
set_fact:
kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"
- name: create bootstrap token for existing cluster
when: "groups['_kubernetes_nodes_'] | difference(kubernetes_current_nodes) | length > 0"
command: kubeadm token create --ttl 42m
check_mode: no
register: kubeadm_token_create
## calculate certificate digest
- name: install openssl
apt:
name: openssl
state: present
- name: get ca certificate digest
shell: "set -o pipefail && openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'"
args:
executable: /bin/bash
check_mode: no
register: kube_ca_openssl
changed_when: False
- name: set variables needed by kubernetes/nodes to join the cluster
set_fact:
kube_bootstrap_token: "{% if kubeadm_token_generate.stdout is defined %}{{ kubeadm_token_generate.stdout }}{% elif kubeadm_token_create.stdout is defined %}{{ kubeadm_token_create.stdout }}{% endif %}"
kube_bootstrap_ca_cert_hash: "sha256:{{ kube_ca_openssl.stdout }}"
delegate_to: "{{ item }}"
delegate_facts: True
loop: "{{ groups['_kubernetes_nodes_'] }}"
## install node-local-dns
- name: generate node-local dns cache config
template:
src: node-local-dns.yml.j2
dest: /etc/kubernetes/node-local-dns.yml
- name: check if node-local dns cache is already installed
check_mode: no
command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/node-local-dns.yml
failed_when: false
changed_when: false
register: kube_node_local_dns_diff_result
- name: install node-local dns cache
when: kube_node_local_dns_diff_result.rc != 0
command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/node-local-dns.yml
## Network Plugin
- name: install network plugin
include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
|