210 lines
9.6 KiB
YAML
210 lines
9.6 KiB
YAML
# Copyright 2017 The Openstack-Helm Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: storing node hostname
|
|
set_fact:
|
|
kubeadm_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}"
|
|
|
|
- name: deploy config file and make dir structure
|
|
block:
|
|
- name: setup directorys on host
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- /etc/kubernetes
|
|
- /etc/kubernetes/pki
|
|
- name: generating initial admin token
|
|
delegate_to: 127.0.0.1
|
|
command: /usr/bin/kubeadm token generate
|
|
register: kubeadm_bootstrap_token
|
|
- name: storing initial admin token
|
|
set_fact:
|
|
kubeadm_bootstrap_token: "{{ kubeadm_bootstrap_token.stdout }}"
|
|
- name: kubelet | copying config to host
|
|
template:
|
|
src: kubeadm-conf.yaml.j2
|
|
dest: /etc/kubernetes/kubeadm-conf.yaml
|
|
mode: 0640
|
|
|
|
- name: generating certs
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: master | deploy | certs | ca
|
|
command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | certs | apiserver
|
|
command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | certs | apiserver-kubelet-client
|
|
command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | certs | sa
|
|
command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | certs | front-proxy-ca
|
|
command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | certs | front-proxy-client
|
|
command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- name: generating kubeconfigs
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: master | deploy | kubeconfig | admin
|
|
command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | kubeconfig | kubelet
|
|
command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | kubeconfig | controller-manager
|
|
command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | kubeconfig | scheduler
|
|
command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- name: generating etcd static manifest
|
|
delegate_to: 127.0.0.1
|
|
command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- name: generating controlplane static manifests
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: master | deploy | controlplane | apiserver
|
|
command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | controlplane | controller-manager
|
|
command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
- name: master | deploy | controlplane | scheduler
|
|
command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- name: wait for kube components
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: wait for kube api
|
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; python /usr/bin/test-kube-api.py
|
|
register: task_result
|
|
until: task_result.rc == 0
|
|
retries: 120
|
|
delay: 5
|
|
- name: wait for node to come online
|
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '\(^Ready\)\|\(^NotReady\)'
|
|
register: task_result
|
|
until: task_result.rc == 0
|
|
retries: 120
|
|
delay: 5
|
|
- include_tasks: wait-for-kube-system-namespace.yaml
|
|
|
|
- name: deploying kube-proxy
|
|
delegate_to: 127.0.0.1
|
|
command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- include_tasks: helm-cni.yaml
|
|
|
|
- name: wait for kube components
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: wait for node to be ready
|
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '^Ready'
|
|
register: task_result
|
|
until: task_result.rc == 0
|
|
retries: 120
|
|
delay: 5
|
|
- include_tasks: wait-for-kube-system-namespace.yaml
|
|
|
|
# - name: deploying kube-dns addon
|
|
# delegate_to: 127.0.0.1
|
|
# block:
|
|
# - name: master | deploy | kube-dns
|
|
# command: kubeadm alpha phase addon kube-dns --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
# - include_tasks: wait-for-kube-system-namespace.yaml
|
|
|
|
- include_tasks: helm-dns.yaml
|
|
- include_tasks: helm-deploy.yaml
|
|
|
|
- name: uploading cluster config to api
|
|
delegate_to: 127.0.0.1
|
|
command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- name: generating bootstrap-token objects
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: master | deploy | bootstrap-token | allow-post-csrs
|
|
command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
|
|
- name: master | deploy | bootstrap-token | allow-auto-approve
|
|
command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve
|
|
|
|
- name: generating bootstrap-token objects
|
|
delegate_to: 127.0.0.1
|
|
block:
|
|
- name: check if kube-public namespace exists
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf get ns kube-public
|
|
register: kube_public_ns_exists
|
|
ignore_errors: True
|
|
- name: create kube-public namespace if required
|
|
when: kube_public_ns_exists | failed
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create ns kube-public
|
|
- name: sourcing kube cluster admin credentials
|
|
include_vars: /etc/kubernetes/admin.conf
|
|
- name: creating cluster-info configmap manifest on host
|
|
template:
|
|
src: cluster-info.yaml.j2
|
|
dest: /etc/kubernetes/cluster-info.yaml
|
|
mode: 0644
|
|
- name: removing any pre-existing cluster-info configmap
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf delete -f /etc/kubernetes/cluster-info.yaml --ignore-not-found
|
|
- name: creating cluster-info configmap
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create -f /etc/kubernetes/cluster-info.yaml
|
|
- name: removing cluster-info configmap manifest from host
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /etc/kubernetes/cluster-info.yaml
|
|
|
|
- name: check if kube-public configmap role exists
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get role system:bootstrap-signer-clusterinfo
|
|
register: kube_public_configmap_role_exists
|
|
ignore_errors: True
|
|
- name: create kube-public configmap role if required
|
|
when: kube_public_configmap_role_exists | failed
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create role system:bootstrap-signer-clusterinfo --verb get --resource configmaps
|
|
|
|
- name: check if kube-public configmap rolebinding exists
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get rolebinding kubeadm:bootstrap-signer-clusterinfo
|
|
register: kube_public_configmap_rolebinding_exists
|
|
ignore_errors: True
|
|
- name: create kube-public configmap rolebinding if required
|
|
when: kube_public_configmap_rolebinding_exists | failed
|
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create rolebinding kubeadm:bootstrap-signer-clusterinfo --role system:bootstrap-signer-clusterinfo --user system:anonymous
|
|
|
|
- name: converting the cluster to be selfhosted
|
|
when: k8s.selfHosted|bool == true
|
|
delegate_to: 127.0.0.1
|
|
command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
|
|
|
- name: setting up kubectl client on host
|
|
block:
|
|
- name: kubectl | copying kubectl binary to host
|
|
copy:
|
|
src: /usr/bin/kubectl
|
|
dest: /usr/bin/kubectl
|
|
owner: root
|
|
group: root
|
|
mode: 0555
|
|
- name: kubectl | master | ensure kube config directory exists for user
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- "{{ vars.user.home }}/.kube"
|
|
- name: kubectl | master | deploy kube config file for user
|
|
copy:
|
|
src: /mnt/rootfs/etc/kubernetes/admin.conf
|
|
dest: "{{ vars.user.home }}/.kube/config"
|
|
owner: "{{ vars.user.uid }}"
|
|
group: "{{ vars.user.gid }}"
|
|
mode: 0600
|