|
|
---
- include: check-certs.yml
tags: [k8s-secrets, facts]
- include: check-tokens.yml
tags: [k8s-secrets, facts]
- name: Make sure the certificate directory exits
file:
path: "{{ kube_cert_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
- name: Make sure the tokens directory exits
file:
path: "{{ kube_token_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
- name: Make sure the users directory exits
file:
path: "{{ kube_users_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
- name: Populate users for basic auth in API
lineinfile:
dest: "{{ kube_users_dir }}/known_users.csv"
create: yes
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
backup: yes
with_dict: "{{ kube_users }}"
when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
notify: set secret_changed
#
# The following directory creates make sure that the directories
# exist on the first master for cases where the first master isn't
# being run.
#
- name: "Gen_certs | Create kubernetes config directory (on {{groups['kube-master'][0]}})"
file:
path: "{{ kube_config_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
when: gen_certs|default(false) or gen_tokens|default(false)
- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
file:
path: "{{ kube_script_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [k8s-secrets, bootstrap-os]
when: gen_certs|default(false) or gen_tokens|default(false)
- name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
file:
path: "{{ kube_token_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- include: "gen_certs_{{ cert_management }}.yml"
tags: k8s-secrets
- include: gen_tokens.yml
tags: k8s-secrets
|
