kubeasz/roles/kube-master/tasks/main.yml

56 lines
2.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: 下载 kube-master 二进制
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kube-apiserver
- kube-controller-manager
- kube-scheduler
# 注册变量p根据p的stat信息判断是否已经生成过kubernetes证书如果没有下一步生成证书
# 如果已经有证书,为了保证整个安装的幂等性,跳过证书生成的步骤
- name: 读取kubernetes证书stat信息
stat: path="/etc/kubernetes/ssl/kubernetes.pem"
register: p
- name: 创建 kubernetes 证书签名请求
template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json
when: p.stat.isreg is not defined
- name: 创建 kubernetes 证书和私钥
when: p.stat.isreg is not defined
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubernetes-csr.json | {{ bin_dir }}/cfssljson -bare kubernetes"
- name: 创建 token.csv
template: src=token.csv.j2 dest={{ ca_dir }}/token.csv
- name: 创建 basic-auth.csv
template: src=basic-auth.csv.j2 dest={{ ca_dir }}/basic-auth.csv
- name: 创建kube-apiserver的systemd unit文件
template: src=kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service
- name: 创建kube-controller-manager的systemd unit文件
template: src=kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service
- name: 创建kube-scheduler的systemd unit文件
template: src=kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service
- name: enable master 服务
shell: systemctl enable kube-apiserver kube-controller-manager kube-scheduler
ignore_errors: true
- name: 启动 master 服务
shell: "systemctl daemon-reload && systemctl restart kube-apiserver && \
systemctl restart kube-controller-manager && systemctl restart kube-scheduler"
- name: 以轮询的方式等待master服务启动完成
command: "{{ bin_dir }}/kubectl get node"
register: result
until: result.rc == 0
retries: 5
delay: 6
run_once: True