richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3161 Commits
29 Branches
81 Tags
151 MiB
Tree: 62b1166911
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '62b1166911'
${ noResults }
kubespray/roles/kubernetes/kubeadm/tasks/main.yml

85 lines
2.9 KiB
Raw Normal View History

kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Enable HA deploy of kubeadm (#1658) * Enable HA deploy of kubeadm * raise delay to 60s for starting gce hosts
7 years ago
Update Kubernetes to v1.9.0 (#2100) Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performance
7 years ago
Fix safe upgrade Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335, so we need to create a new temporary token during the cluster upgrade.
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Refactored kubeadm join process and fixed uncrodonng for master nodes
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Update Kubernetes to v1.9.0 (#2100) Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performance
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Enable HA deploy of kubeadm (#1658) * Enable HA deploy of kubeadm * raise delay to 60s for starting gce hosts
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Fix nginx-proxy HA when kubeadm enable
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Fix scale.yml to supoort kubeadm (#1863) Signed-off-by: Haiwei Liu <carllhw@gmail.com>
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Reconfigure kube-proxy to access kube-apiserver via the LB(kubeadm)
6 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
  1. ---
  2. - name: Set kubeadm_discovery_address
  3. set_fact:
  4. kubeadm_discovery_address: >-
  5. {%- if "127.0.0.1" or "localhost" in kube_apiserver_endpoint -%}
  6. {{ first_kube_master }}:{{ kube_apiserver_port }}
  7. {%- else -%}
  8. {{ kube_apiserver_endpoint }}
  9. {%- endif %}
  10. tags:
  11. - facts
  13. - name: Check if kubelet.conf exists
  14. stat:
  15. path: "{{ kube_config_dir }}/kubelet.conf"
  16. register: kubelet_conf
  18. - name: Calculate kubeadm CA cert hash
  19. shell: openssl x509 -pubkey -in {{ kube_config_dir }}/ssl/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  20. register: kubeadm_ca_hash
  21. delegate_to: "{{ groups['kube-master'][0] }}"
  22. run_once: true
  24. - name: Create kubeadm token for joining nodes with 24h expiration (default)
  25. command: "{{ bin_dir }}/kubeadm token create"
  26. run_once: true
  27. register: temp_token
  28. delegate_to: "{{ groups['kube-master'][0] }}"
  30. - name: Create kubeadm client config
  31. template:
  32. src: kubeadm-client.conf.j2
  33. dest: "{{ kube_config_dir }}/kubeadm-client.conf"
  34. backup: yes
  35. when: not is_kube_master
  36. vars:
  37. kubeadm_token: "{{ temp_token.stdout }}"
  38. register: kubeadm_client_conf
  40. - name: Join to cluster if needed
  41. command: >-
  42. {{ bin_dir }}/kubeadm join
  43. --config {{ kube_config_dir}}/kubeadm-client.conf
  44. --ignore-preflight-errors=all
  45. register: kubeadm_join
  46. when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)
  48. - name: Wait for kubelet bootstrap to create config
  49. wait_for:
  50. path: "{{ kube_config_dir }}/kubelet.conf"
  51. delay: 1
  52. timeout: 60
  54. - name: Update server field in kubelet kubeconfig
  55. lineinfile:
  56. dest: "{{ kube_config_dir }}/kubelet.conf"
  57. regexp: 'server:'
  58. line: ' server: {{ kube_apiserver_endpoint }}'
  59. backup: yes
  60. when: not is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint
  61. notify: restart kubelet
  63. - name: Update server field in kube-proxy kubeconfig
  64. shell: >-
  65. {{ bin_dir }}/kubectl get configmap kube-proxy -n kube-system -o yaml
  66. | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
  67. | kubectl replace -f -
  68. delegate_to: "{{groups['kube-master']|first}}"
  69. run_once: true
  70. when: is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint
  72. - name: Restart all kube-proxy pods to ensure that they load the new configmap
  73. shell: "{{ bin_dir }}/kubectl delete pod -n kube-system -l k8s-app=kube-proxy"
  74. delegate_to: "{{groups['kube-master']|first}}"
  75. run_once: true
  76. when: is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint
  78. # FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
  79. - name: Symlink kubelet kubeconfig for calico/canal
  80. file:
  81. src: "{{ kube_config_dir }}//kubelet.conf"
  82. dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
  83. state: link
  84. force: yes
  85. when: kube_network_plugin in ['calico','canal']