k8s-sig-cluster-lifecycleawskubesprayhigh-availabilityansiblekubernetes-clustergcekubernetesbare-metal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.5 KiB
64 lines
1.5 KiB
---
|
|
- name: certs | create system kube-cert groups
|
|
group: name={{ kube_cert_group }} state=present system=yes
|
|
|
|
- name: create system kube user
|
|
user:
|
|
name=kube
|
|
comment="Kubernetes user"
|
|
shell=/sbin/nologin
|
|
state=present
|
|
system=yes
|
|
groups={{ kube_cert_group }}
|
|
|
|
- name: certs | make sure the certificate directory exits
|
|
file:
|
|
path={{ kube_cert_dir }}
|
|
state=directory
|
|
mode=o-rwx
|
|
group={{ kube_cert_group }}
|
|
|
|
- name: tokens | make sure the tokens directory exits
|
|
file:
|
|
path={{ kube_token_dir }}
|
|
state=directory
|
|
mode=o-rwx
|
|
group={{ kube_cert_group }}
|
|
|
|
- include: gen_certs.yml
|
|
run_once: true
|
|
when: inventory_hostname == groups['kube-master'][0]
|
|
|
|
- include: gen_tokens.yml
|
|
run_once: true
|
|
when: inventory_hostname == groups['kube-master'][0]
|
|
|
|
# Sync certs between nodes
|
|
- user:
|
|
name: '{{ansible_user_id}}'
|
|
generate_ssh_key: yes
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
run_once: yes
|
|
|
|
- name: 'get ssh keypair'
|
|
slurp: path=~/.ssh/id_rsa.pub
|
|
register: public_key
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
- name: 'setup keypair on nodes'
|
|
authorized_key:
|
|
user: '{{ansible_user_id}}'
|
|
key: "{{public_key.content|b64decode }}"
|
|
|
|
- name: synchronize certificates for nodes
|
|
synchronize:
|
|
src: "{{ item }}"
|
|
dest: "{{ kube_cert_dir }}"
|
|
recursive: yes
|
|
delete: yes
|
|
rsync_opts: [ '--one-file-system']
|
|
with_items:
|
|
- "{{ kube_cert_dir}}/ca.pem"
|
|
- "{{ kube_cert_dir}}/node.pem"
|
|
- "{{ kube_cert_dir}}/node-key.pem"
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|