# [可选]操作系统安全加固 https://github.com/dev-sec/ansible-os-hardening - hosts: all roles: - { role: os-harden, when: "OS_HARDEN is defined and OS_HARDEN == 'yes'" } # 在deploy节点生成CA相关证书,以及kubedns.yaml配置文件 - hosts: deploy roles: - deploy # 集群节点的公共配置任务 - hosts: - kube-master - kube-node - deploy - etcd - lb roles: - prepare # [可选]多master部署时的负载均衡配置 - hosts: lb roles: - lb