richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5416 Commits
29 Branches
81 Tags
147 MiB
Tree: 91f1edbdd4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '91f1edbdd4'
${ noResults }
kubespray/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml

61 lines
2.0 KiB
Raw Normal View History

Enable kubeadm etcd mode (#4818) * Enable kubeadm etcd mode Uses cert commands from kubeadm experimental control plane to enable non-master nodes to obtain etcd certs. Related story: PROD-29434 Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178 * Add validation checks and exclude calico kdd mode Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c * Move etcd mode test to ubuntu flannel HA job Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732 * rename etcd_mode to etcd_kubeadm_enabled Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
5 years ago
fix scaling in kubeadm etcd mode (#6822) 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'kubeadm_upload_cert' kubeadm_upload_cert will never be found as a hostvar for the first master since the task is executed for a worker. Fix by executing the upload task for the first master and register the needed key. After that, workers can read hostvars for the master Var kubeadm_etcd_refresh_cert_key removed since it no longer has any use.
4 years ago
Enable kubeadm etcd mode (#4818) * Enable kubeadm etcd mode Uses cert commands from kubeadm experimental control plane to enable non-master nodes to obtain etcd certs. Related story: PROD-29434 Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178 * Add validation checks and exclude calico kdd mode Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c * Move etcd mode test to ubuntu flannel HA job Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732 * rename etcd_mode to etcd_kubeadm_enabled Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
5 years ago
Switch to Kubernetes v1.16.0 (#5189) * Switch to Kubernetes v1.16.0 Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158 * Fix download localhost cached file path Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47 * fix kubeadm etcd for v1.16 Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2 * disable tf packet jobs Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154 * Disable contiv packet jobs. Fix kube-router Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d * bump sonobuoy version Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
5 years ago
Enable kubeadm etcd mode (#4818) * Enable kubeadm etcd mode Uses cert commands from kubeadm experimental control plane to enable non-master nodes to obtain etcd certs. Related story: PROD-29434 Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178 * Add validation checks and exclude calico kdd mode Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c * Move etcd mode test to ubuntu flannel HA job Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732 * rename etcd_mode to etcd_kubeadm_enabled Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
5 years ago
Switch to Kubernetes v1.16.0 (#5189) * Switch to Kubernetes v1.16.0 Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158 * Fix download localhost cached file path Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47 * fix kubeadm etcd for v1.16 Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2 * disable tf packet jobs Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154 * Disable contiv packet jobs. Fix kube-router Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d * bump sonobuoy version Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
5 years ago
Enable kubeadm etcd mode (#4818) * Enable kubeadm etcd mode Uses cert commands from kubeadm experimental control plane to enable non-master nodes to obtain etcd certs. Related story: PROD-29434 Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178 * Add validation checks and exclude calico kdd mode Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c * Move etcd mode test to ubuntu flannel HA job Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732 * rename etcd_mode to etcd_kubeadm_enabled Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
5 years ago
  1. ---
  2. - name: Parse certificate key if not set
  3. set_fact:
  4. kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_certificate_key'] }}"
  5. when: kubeadm_certificate_key is undefined
  7. - name: Pull control plane certs down
  8. shell: >-
  9. {{ bin_dir }}/kubeadm join phase
  10. control-plane-prepare download-certs
  11. --certificate-key {{ kubeadm_certificate_key }}
  12. --control-plane
  13. --token {{ kubeadm_token }}
  14. --discovery-token-unsafe-skip-ca-verification
  15. {{ kubeadm_discovery_address }}
  16. &&
  17. {{ bin_dir }}/kubeadm join phase
  18. control-plane-prepare certs
  19. --control-plane
  20. --token {{ kubeadm_token }}
  21. --discovery-token-unsafe-skip-ca-verification
  22. {{ kubeadm_discovery_address }}
  23. args:
  24. creates: "{{ kube_cert_dir }}/apiserver-etcd-client.key"
  26. - name: Delete unneeded certificates
  27. file:
  28. path: "{{ item }}"
  29. state: absent
  30. with_items:
  31. - "{{ kube_cert_dir }}/apiserver.crt"
  32. - "{{ kube_cert_dir }}/apiserver.key"
  33. - "{{ kube_cert_dir }}/ca.key"
  34. - "{{ kube_cert_dir }}/etcd/ca.key"
  35. - "{{ kube_cert_dir }}/etcd/healthcheck-client.crt"
  36. - "{{ kube_cert_dir }}/etcd/healthcheck-client.key"
  37. - "{{ kube_cert_dir }}/etcd/peer.crt"
  38. - "{{ kube_cert_dir }}/etcd/peer.key"
  39. - "{{ kube_cert_dir }}/etcd/server.crt"
  40. - "{{ kube_cert_dir }}/etcd/server.key"
  41. - "{{ kube_cert_dir }}/front-proxy-ca.crt"
  42. - "{{ kube_cert_dir }}/front-proxy-ca.key"
  43. - "{{ kube_cert_dir }}/front-proxy-client.crt"
  44. - "{{ kube_cert_dir }}/front-proxy-client.key"
  45. - "{{ kube_cert_dir }}/sa.key"
  46. - "{{ kube_cert_dir }}/sa.pub"
  48. - name: Calculate etcd cert serial
  49. command: "openssl x509 -in {{ kube_cert_dir }}/apiserver-etcd-client.crt -noout -serial"
  50. register: "etcd_client_cert_serial_result"
  51. changed_when: false
  52. when:
  53. - inventory_hostname in groups['k8s-cluster']|union(groups['calico-rr']|default([]))|unique|sort
  54. tags:
  55. - network
  57. - name: Set etcd_client_cert_serial
  58. set_fact:
  59. etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout.split('=')[1] }}"
  60. tags:
  61. - network