mirror of https://github.com/easzlab/kubeasz.git
55 lines
2.5 KiB
YAML
55 lines
2.5 KiB
YAML
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
|
|
|
- block:
|
|
- name: 获取是否已创建命名空间{{ prom_namespace }}
|
|
shell: "{{ base_dir }}/bin/kubectl get ns"
|
|
register: ns_info
|
|
|
|
- name: 创建命名空间{{ prom_namespace }}
|
|
shell: "{{ base_dir }}/bin/kubectl create ns {{ prom_namespace }}"
|
|
when: "prom_namespace not in ns_info.stdout"
|
|
|
|
- name: get etcd-client-cert info
|
|
shell: "{{ base_dir }}/bin/kubectl get secrets -n {{ prom_namespace }}"
|
|
register: secrets_info
|
|
|
|
- name: 创建etcd-client 证书请求
|
|
template: src=prometheus/etcd-client-csr.json.j2 dest={{ cluster_dir }}/ssl/etcd-client-csr.json
|
|
when: '"etcd-client-cert" not in secrets_info.stdout'
|
|
|
|
- name: 创建 etcd-client证书和私钥
|
|
shell: "cd {{ cluster_dir }}/ssl && {{ base_dir }}/bin/cfssl gencert \
|
|
-ca=ca.pem \
|
|
-ca-key=ca-key.pem \
|
|
-config=ca-config.json \
|
|
-profile=kubernetes etcd-client-csr.json|{{ base_dir }}/bin/cfssljson -bare etcd-client"
|
|
when: '"etcd-client-cert" not in secrets_info.stdout or CHANGE_CA|bool'
|
|
|
|
- name: 删除 etcd-client-cert
|
|
shell: "{{ base_dir }}/bin/kubectl delete secret -n {{ prom_namespace }} etcd-client-cert || echo true"
|
|
when: 'CHANGE_CA|bool'
|
|
|
|
- name: 创建 etcd-client-cert
|
|
shell: "cd {{ cluster_dir }}/ssl && \
|
|
{{ base_dir }}/bin/kubectl create secret generic -n {{ prom_namespace }} etcd-client-cert \
|
|
--from-file=etcd-ca=ca.pem \
|
|
--from-file=etcd-client=etcd-client.pem \
|
|
--from-file=etcd-client-key=etcd-client-key.pem"
|
|
when: '"etcd-client-cert" not in secrets_info.stdout or CHANGE_CA|bool'
|
|
|
|
- debug: var="K8S_VER"
|
|
|
|
- name: 创建 prom chart 个性化设置
|
|
template: src=prometheus/values.yaml.j2 dest={{ cluster_dir }}/yml/prom-values.yaml
|
|
|
|
- name: helm 删除 kube-prometheus-stack {{ prom_chart_ver }}
|
|
shell: "{{ base_dir }}/bin/helm delete prometheus -n {{ prom_namespace }} || echo true; sleep 3"
|
|
when: 'CHANGE_CA|bool'
|
|
|
|
- name: helm 创建 kube-prometheus-stack {{ prom_chart_ver }}
|
|
shell: "{{ base_dir }}/bin/helm upgrade prometheus --install \
|
|
-n {{ prom_namespace }} -f {{ cluster_dir }}/yml/prom-values.yaml \
|
|
{{ base_dir }}/roles/cluster-addon/files/kube-prometheus-stack-{{ prom_chart_ver }}.tgz"
|
|
when: 'prom_install == "yes"'
|
|
tags: force_change_certs
|