2018-05-23 13:54:41 +08:00
|
|
|
|
- name: 下载helm客户端
|
|
|
|
|
|
copy: src={{ base_dir }}/bin/helm dest={{ bin_dir }}/helm mode=0755
|
|
|
|
|
|
|
|
|
|
|
|
- name: 创建helm 客户端证书请求
|
|
|
|
|
|
template: src=helm-csr.json.j2 dest={{ ca_dir }}/{{ helm_cert_cn }}-csr.json
|
|
|
|
|
|
|
|
|
|
|
|
- name: 创建helm 客户端证书
|
|
|
|
|
|
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
|
|
|
|
|
|
-ca={{ ca_dir }}/ca.pem \
|
|
|
|
|
|
-ca-key={{ ca_dir }}/ca-key.pem \
|
|
|
|
|
|
-config={{ ca_dir }}/ca-config.json \
|
|
|
|
|
|
-profile=kubernetes {{ helm_cert_cn }}-csr.json | {{ bin_dir }}/cfssljson -bare {{ helm_cert_cn }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: 创建tiller 服务端证书请求
|
|
|
|
|
|
template: src=tiller-csr.json.j2 dest={{ ca_dir }}/{{ tiller_cert_cn }}-csr.json
|
|
|
|
|
|
|
2018-09-29 09:06:19 +08:00
|
|
|
|
- name: 创建tiller 服务端证书和私钥
|
2018-05-23 13:54:41 +08:00
|
|
|
|
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
|
|
|
|
|
|
-ca={{ ca_dir }}/ca.pem \
|
|
|
|
|
|
-ca-key={{ ca_dir }}/ca-key.pem \
|
|
|
|
|
|
-config={{ ca_dir }}/ca-config.json \
|
|
|
|
|
|
-profile=kubernetes {{ tiller_cert_cn }}-csr.json | {{ bin_dir }}/cfssljson -bare {{ tiller_cert_cn }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: 准备rbac配置
|
2019-06-10 23:55:33 +08:00
|
|
|
|
template: src=helm-rbac.yaml.j2 dest=/opt/kube/helm-rbac.yaml
|
2018-05-23 13:54:41 +08:00
|
|
|
|
|
|
|
|
|
|
- name: 在k8s上创建rbac
|
2019-06-10 23:55:33 +08:00
|
|
|
|
shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/helm-rbac.yaml"
|
2018-05-23 13:54:41 +08:00
|
|
|
|
ignore_errors: true
|
2019-06-10 23:55:33 +08:00
|
|
|
|
run_once: true
|
2018-05-23 13:54:41 +08:00
|
|
|
|
|
|
|
|
|
|
- name: 安装tiller
|
|
|
|
|
|
shell: "{{ bin_dir }}/helm init \
|
2019-06-10 23:55:33 +08:00
|
|
|
|
--history-max {{ history_max }} \
|
2018-05-23 13:54:41 +08:00
|
|
|
|
--tiller-tls \
|
|
|
|
|
|
--tiller-tls-verify \
|
|
|
|
|
|
--tiller-tls-cert {{ ca_dir }}/{{ tiller_cert_cn }}.pem \
|
|
|
|
|
|
--tiller-tls-key {{ ca_dir }}/{{ tiller_cert_cn }}-key.pem \
|
|
|
|
|
|
--tls-ca-cert {{ ca_dir }}/ca.pem \
|
|
|
|
|
|
--service-account {{ tiller_sa }} \
|
|
|
|
|
|
--tiller-namespace {{ helm_namespace }} \
|
2018-05-31 12:29:20 +08:00
|
|
|
|
--tiller-image {{ tiller_image }} \
|
2019-06-10 23:55:33 +08:00
|
|
|
|
--stable-repo-url {{ repo_url }} \
|
|
|
|
|
|
--upgrade"
|
2018-05-23 13:54:41 +08:00
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
|
|
- name: 配置helm客户端
|
|
|
|
|
|
shell: "cp -f {{ ca_dir }}/ca.pem ~/.helm/ca.pem && \
|
|
|
|
|
|
cp -f {{ ca_dir }}/{{ helm_cert_cn }}.pem ~/.helm/cert.pem && \
|
|
|
|
|
|
cp -f {{ ca_dir }}/{{ helm_cert_cn }}-key.pem ~/.helm/key.pem"
|
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
2018-05-24 16:52:18 +08:00
|
|
|
|
- name: 添加 helm 命令自动补全
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
dest: ~/.bashrc
|
|
|
|
|
|
state: present
|
|
|
|
|
|
regexp: 'helm completion'
|
|
|
|
|
|
line: 'source <(helm completion bash)'
|
|
|
|
|
|
|
2018-12-05 01:31:18 +08:00
|
|
|
|
# 为方便与tiller进行安全通信,启用helm tls环境变量;仅支持helm v2.11.0及以上版本
|
|
|
|
|
|
- name: 配置helm tls环境变量
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
dest: ~/.bashrc
|
|
|
|
|
|
state: present
|
|
|
|
|
|
regexp: "helm tls environment"
|
|
|
|
|
|
line: "export HELM_TLS_ENABLE=true"
|
