|
|
@ -21,6 +21,32 @@ |
|
|
|
run_once: true |
|
|
|
when: inventory_hostname == groups['kube-master'][0] |
|
|
|
|
|
|
|
- name: tokens | generate tokens for calico |
|
|
|
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|
|
|
environment: |
|
|
|
TOKEN_DIR: "{{ kube_token_dir }}" |
|
|
|
with_nested: |
|
|
|
- [ "system:calico" ] |
|
|
|
- "{{ groups['k8s-cluster'] }}" |
|
|
|
register: gentoken |
|
|
|
changed_when: "'Added' in gentoken.stdout" |
|
|
|
when: kube_network_plugin == "calico" |
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}" |
|
|
|
|
|
|
|
- name: tokens | get the calico token values |
|
|
|
slurp: |
|
|
|
src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token" |
|
|
|
register: calico_token |
|
|
|
when: kube_network_plugin == "calico" |
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}" |
|
|
|
|
|
|
|
- name: tokens | Add KUBE_AUTH_TOKEN for calico |
|
|
|
lineinfile: |
|
|
|
regexp: "^KUBE_AUTH_TOKEN=.*$" |
|
|
|
line: "KUBE_AUTH_TOKEN={{ calico_token.content|b64decode }}" |
|
|
|
dest: "/etc/network-environment" |
|
|
|
when: kube_network_plugin == "calico" |
|
|
|
|
|
|
|
# Sync certs between nodes |
|
|
|
- user: |
|
|
|
name: '{{ansible_user_id}}' |
|
|
|