kubeasz/roles/kube-master/tasks/main.yml

81 lines
3.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: 下载 kube-master 二进制
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kube-apiserver
- kube-controller-manager
- kube-scheduler
tags: upgrade_k8s
# 注册变量p根据p的stat信息判断是否已经生成过kubernetes证书如果没有下一步生成证书
# 如果已经有证书,为了保证整个安装的幂等性,跳过证书生成的步骤
- name: 读取kubernetes证书stat信息
stat: path="/etc/kubernetes/ssl/kubernetes.pem"
register: p
- name: 创建 kubernetes 证书签名请求
template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json
when: p.stat.isreg is not defined
- name: 创建 kubernetes 证书和私钥
when: p.stat.isreg is not defined
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubernetes-csr.json | {{ bin_dir }}/cfssljson -bare kubernetes"
# 创建aggregator proxy相关证书
- name: 创建 aggregator proxy证书签名请求
template: src=aggregator-proxy-csr.json.j2 dest={{ ca_dir }}/aggregator-proxy-csr.json
when: p.stat.isreg is not defined
- name: 创建 aggregator-proxy证书和私钥
when: p.stat.isreg is not defined
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes aggregator-proxy-csr.json | {{ bin_dir }}/cfssljson -bare aggregator-proxy"
- name: 创建 token.csv
template: src=token.csv.j2 dest={{ ca_dir }}/token.csv
- name: 创建 basic-auth.csv
template: src=basic-auth.csv.j2 dest={{ ca_dir }}/basic-auth.csv
- name: 创建kube-apiserver的systemd unit文件
template: src=kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service
tags: upgrade_k8s, restart_master
# 为兼容之前的模式需特别对v1.8版本重新配置kube-apiserver的systemd unit文件
- name: 创建kube-apiserver v1.8的systemd unit文件
template: src=kube-apiserver-{{ K8S_VER }}.service.j2 dest=/etc/systemd/system/kube-apiserver.service
tags: upgrade_k8s, restart_master
when: "K8S_VER is defined and K8S_VER == 'v1.8'"
- name: 创建kube-controller-manager的systemd unit文件
template: src=kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service
tags: upgrade_k8s, restart_master
- name: 创建kube-scheduler的systemd unit文件
template: src=kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service
tags: upgrade_k8s, restart_master
- name: enable master 服务
shell: systemctl enable kube-apiserver kube-controller-manager kube-scheduler
ignore_errors: true
- name: 启动 master 服务
shell: "systemctl daemon-reload && systemctl restart kube-apiserver && \
systemctl restart kube-controller-manager && systemctl restart kube-scheduler"
tags: upgrade_k8s, restart_master
- name: 以轮询的方式等待master服务启动完成
command: "{{ bin_dir }}/kubectl get node"
register: result
until: result.rc == 0
retries: 5
delay: 6
run_once: True
tags: upgrade_k8s, restart_master