richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4354 Commits
29 Branches
81 Tags
150 MiB
Tree: 4d57ed314d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4d57ed314d'
${ noResults }
kubespray/roles/kubernetes/master/tasks/main.yml

77 lines
2.0 KiB
Raw Normal View History

Initial commit
9 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Review role order, use master ip even when fqdn are used in the inventory
9 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Remove non-kubeadm deployment (#3811) * Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Adds support for webhook token auth. (#3939) Webhook token auth: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication Fixes #3063.
5 years ago
Added option for encrypting secrets to etcd v.2 (#2428) * Added option for encrypting secrets to etcd * Fix keylength to 32 * Forgot the default * Rename secrets.yaml to secrets_encryption.yaml * Fix static path for secrets file to use ansible variable * Rename secrets.yaml.j2 to secrets_encryption.yaml.j2 * Base64 encode the token * Fixed merge error * Changed path to credentials dir * Update path to secrets file which is now readable inside the apiserver container. Set better file permissions * Add encryption option to k8s-cluster.yml
6 years ago
Remove non-kubeadm deployment (#3811) * Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
6 years ago
Added option for encrypting secrets to etcd v.2 (#2428) * Added option for encrypting secrets to etcd * Fix keylength to 32 * Forgot the default * Rename secrets.yaml to secrets_encryption.yaml * Fix static path for secrets file to use ansible variable * Rename secrets.yaml.j2 to secrets_encryption.yaml.j2 * Base64 encode the token * Fixed merge error * Changed path to credentials dir * Update path to secrets file which is now readable inside the apiserver container. Set better file permissions * Add encryption option to k8s-cluster.yml
6 years ago
Remove non-kubeadm deployment (#3811) * Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
6 years ago
Use synchronize module
6 years ago
Idempotency fixes (#1838)
7 years ago
Use synchronize module
6 years ago
Idempotency fixes (#1838)
7 years ago
Download etcd and hyperkube binary.
6 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
running kubernetes master processes as pods
9 years ago
Ensure /etc/bash_completion.d/ folder exists (#4543) The Stateless ClearLinux feature[1] requires the creation of folders in /etc folder. This change ensure the existence of the /etc/bash_completion.d/ folder for ClearLinux Distribution. [1] https://clearlinux.org/features/stateless
5 years ago
Fix bash completion installation
7 years ago
Download etcd and hyperkube binary.
6 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Generate kubectl bash completion from kubectl instead of file
8 years ago
Fix bash completion installation
7 years ago
Generate kubectl bash completion from kubectl instead of file
8 years ago
Fix bash completion installation
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Generate kubectl bash completion from kubectl instead of file
8 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Remove non-kubeadm deployment (#3811) * Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
6 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
  1. ---
  2. - import_tasks: pre-upgrade.yml
  3. tags:
  4. - k8s-pre-upgrade
  6. - import_tasks: users-file.yml
  7. when:
  8. - kube_basic_auth|default(true)
  10. - name: Create webhook token auth config
  11. template:
  12. src: webhook-token-auth-config.yaml.j2
  13. dest: "{{ kube_config_dir }}/webhook-token-auth-config.yaml"
  14. when: kube_webhook_token_auth|default(false)
  16. - import_tasks: encrypt-at-rest.yml
  17. when:
  18. - kube_encrypt_secret_data
  20. - name: Install | Copy kubectl binary from download dir
  21. synchronize:
  22. src: "{{ local_release_dir }}/hyperkube"
  23. dest: "{{ bin_dir }}/kubectl"
  24. compress: no
  25. perms: yes
  26. owner: no
  27. group: no
  28. changed_when: false
  29. delegate_to: "{{ inventory_hostname }}"
  30. tags:
  31. - hyperkube
  32. - kubectl
  33. - upgrade
  35. - name: install | Set kubectl binary permissions
  36. file:
  37. path: "{{ bin_dir }}/kubectl"
  38. mode: "0755"
  39. state: file
  40. tags:
  41. - hyperkube
  42. - kubectl
  43. - upgrade
  45. - name: Make sure bash_completion.d folder exists
  46. file:
  47. name: "/etc/bash_completion.d/"
  48. state: directory
  49. when: ansible_os_family in ["ClearLinux"]
  50. tags:
  51. - kubectl
  53. - name: Install kubectl bash completion
  54. shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh"
  55. when: ansible_os_family in ["Debian","RedHat"]
  56. tags:
  57. - kubectl
  59. - name: Set kubectl bash completion file
  60. file:
  61. path: /etc/bash_completion.d/kubectl.sh
  62. owner: root
  63. group: root
  64. mode: 0755
  65. when: ansible_os_family in ["Debian","RedHat"]
  66. tags:
  67. - kubectl
  68. - upgrade
  70. - name: Disable SecurityContextDeny admission-controller and enable PodSecurityPolicy
  71. set_fact:
  72. kube_apiserver_admission_control: "{{ kube_apiserver_admission_control | default([]) | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"
  73. kube_apiserver_enable_admission_plugins: "{{ kube_apiserver_enable_admission_plugins | difference(['SecurityContextDeny']) | union(['PodSecurityPolicy']) | unique }}"
  74. when: podsecuritypolicy_enabled
  76. - name: Include kubeadm setup
  77. import_tasks: kubeadm-setup.yml