richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2631 Commits
34 Branches
82 Tags
158 MiB
Tree: b75b6b513b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b75b6b513b'
${ noResults }
kubespray/roles/kubernetes/kubeadm/tasks/main.yml

71 lines
2.3 KiB
Raw Normal View History

kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Enable HA deploy of kubeadm (#1658) * Enable HA deploy of kubeadm * raise delay to 60s for starting gce hosts
7 years ago
Update Kubernetes to v1.9.0 (#2100) Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performance
7 years ago
Fix safe upgrade Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335, so we need to create a new temporary token during the cluster upgrade.
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Refactored kubeadm join process and fixed uncrodonng for master nodes
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Update Kubernetes to v1.9.0 (#2100) Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performance
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Enable HA deploy of kubeadm (#1658) * Enable HA deploy of kubeadm * raise delay to 60s for starting gce hosts
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Fix scale.yml to supoort kubeadm (#1863) Signed-off-by: Haiwei Liu <carllhw@gmail.com>
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Fix scale.yml to supoort kubeadm (#1863) Signed-off-by: Haiwei Liu <carllhw@gmail.com>
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
  1. ---
  2. - name: Set kubeadm_discovery_address
  3. set_fact:
  4. kubeadm_discovery_address: >-
  5. {%- if "127.0.0.1" or "localhost" in kube_apiserver_endpoint -%}
  6. {{ first_kube_master }}:{{ kube_apiserver_port }}
  7. {%- else -%}
  8. {{ kube_apiserver_endpoint }}
  9. {%- endif %}
  10. when: not is_kube_master
  11. tags:
  12. - facts
  14. - name: Check if kubelet.conf exists
  15. stat:
  16. path: "{{ kube_config_dir }}/kubelet.conf"
  17. register: kubelet_conf
  19. - name: Calculate kubeadm CA cert hash
  20. shell: openssl x509 -pubkey -in {{ kube_config_dir }}/ssl/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  21. register: kubeadm_ca_hash
  22. delegate_to: "{{ groups['kube-master'][0] }}"
  23. run_once: true
  25. - name: Create kubeadm token for joining nodes with 24h expiration (default)
  26. command: "{{ bin_dir }}/kubeadm token create"
  27. run_once: true
  28. register: temp_token
  29. delegate_to: "{{ groups['kube-master'][0] }}"
  31. - name: Create kubeadm client config
  32. template:
  33. src: kubeadm-client.conf.j2
  34. dest: "{{ kube_config_dir }}/kubeadm-client.conf"
  35. backup: yes
  36. when: not is_kube_master
  37. vars:
  38. kubeadm_token: "{{ temp_token.stdout }}"
  39. register: kubeadm_client_conf
  41. - name: Join to cluster if needed
  42. command: >-
  43. {{ bin_dir }}/kubeadm join
  44. --config {{ kube_config_dir}}/kubeadm-client.conf
  45. --ignore-preflight-errors=all
  46. register: kubeadm_join
  47. when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)
  49. - name: Wait for kubelet bootstrap to create config
  50. wait_for:
  51. path: "{{ kube_config_dir }}/kubelet.conf"
  52. delay: 1
  53. timeout: 60
  55. - name: Update server field in kubelet kubeconfig
  56. replace:
  57. path: "{{ kube_config_dir }}/kubelet.conf"
  58. regexp: '(\s+)https://{{ first_kube_master }}:{{ kube_apiserver_port }}(\s+.*)?$'
  59. replace: '\1{{ kube_apiserver_endpoint }}\2'
  60. backup: yes
  61. when: not is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint
  62. notify: restart kubelet
  64. # FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
  65. - name: Symlink kubelet kubeconfig for calico/canal
  66. file:
  67. src: "{{ kube_config_dir }}//kubelet.conf"
  68. dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
  69. state: link
  70. force: yes
  71. when: kube_network_plugin in ['calico','canal']