easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubeasz/roles/kube-master/tasks/main.yml

66 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: 下载 kube-master 二进制
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kube-apiserver
- kube-controller-manager
- kube-scheduler
- kubectl
- kube-proxy
- kubelet
# 注册变量result根据result结果判断是否已经生成过 kubernetes证书
# result|failed 说明没有生成过证书,下一步生成证书
# result|succeeded 说明已经有kubernetes证书使用原证书跳过生成证书步骤
- name: 注册变量result
command: ls /etc/kubernetes/ssl/kubernetes.pem
register: result
ignore_errors: True
- name: 创建 kubernetes 证书签名请求
template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json
when: result|failed
- name: 创建 kubernetes 证书和私钥
when: result|failed
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubernetes-csr.json | {{ bin_dir }}/cfssljson -bare kubernetes"
- name: 创建 token.csv
template: src=token.csv.j2 dest={{ ca_dir }}/token.csv
- name: 创建 basic-auth.csv
template: src=basic-auth.csv.j2 dest={{ ca_dir }}/basic-auth.csv
- name: 创建kube-apiserver的systemd unit文件
template: src=kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service
- name: 创建kube-controller-manager的systemd unit文件
template: src=kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service
- name: 创建kube-scheduler的systemd unit文件
template: src=kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service
- name: daemon-reload
shell: systemctl daemon-reload
- name: enable-kube-apiserver
shell: systemctl enable kube-apiserver
- name: enable-kube-controller-manager
shell: systemctl enable kube-controller-manager
- name: enable-kube-scheduler
shell: systemctl enable kube-scheduler
- name: start-kube-apiserver
shell: systemctl restart kube-apiserver
- name: start-kube-controller-manager
shell: systemctl restart kube-controller-manager
- name: start-kube-scheduler
shell: systemctl restart kube-scheduler
Reference in New Issue View Git Blame Copy Permalink