kubeasz/roles/kube-master/tasks/main.yml

84 lines
3.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: 下载 kube-master 二进制
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- kube-apiserver
- kube-controller-manager
- kube-scheduler
tags: upgrade_k8s
- name: 分发证书相关
synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
with_items:
- admin.pem
- admin-key.pem
- ca.pem
- ca-key.pem
- ca.csr
- ca-config.json
delegate_to: "{{ groups.deploy[0] }}"
- name: 创建 kubernetes 证书签名请求
template: src=kubernetes-csr.json.j2 dest={{ ca_dir }}/kubernetes-csr.json
tags: change_cert
- name: 创建 kubernetes 证书和私钥
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubernetes-csr.json | {{ bin_dir }}/cfssljson -bare kubernetes"
tags: change_cert
# 创建aggregator proxy相关证书
- name: 创建 aggregator proxy证书签名请求
template: src=aggregator-proxy-csr.json.j2 dest={{ ca_dir }}/aggregator-proxy-csr.json
tags: upgrade_k8s
- name: 创建 aggregator-proxy证书和私钥
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes aggregator-proxy-csr.json | {{ bin_dir }}/cfssljson -bare aggregator-proxy"
tags: upgrade_k8s
- name: 创建 basic-auth.csv
template: src=basic-auth.csv.j2 dest={{ ca_dir }}/basic-auth.csv
- name: 创建kube-apiserver的systemd unit文件
template: src=kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service
tags: upgrade_k8s, restart_master
# 为兼容之前的模式需特别对v1.8版本重新配置kube-apiserver的systemd unit文件
- name: 创建kube-apiserver v1.8的systemd unit文件
template: src=kube-apiserver-{{ K8S_VER }}.service.j2 dest=/etc/systemd/system/kube-apiserver.service
tags: upgrade_k8s, restart_master
when: "K8S_VER is defined and K8S_VER == 'v1.8'"
- name: 创建kube-controller-manager的systemd unit文件
template: src=kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service
tags: upgrade_k8s, restart_master
- name: 创建kube-scheduler的systemd unit文件
template: src=kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service
tags: upgrade_k8s, restart_master
- name: enable master 服务
shell: systemctl enable kube-apiserver kube-controller-manager kube-scheduler
ignore_errors: true
- name: 启动 master 服务
shell: "systemctl daemon-reload && systemctl restart kube-apiserver && \
systemctl restart kube-controller-manager && systemctl restart kube-scheduler"
tags: upgrade_k8s, restart_master
- name: 以轮询的方式等待master服务启动完成
command: "{{ bin_dir }}/kubectl get node"
register: result
until: result.rc == 0
retries: 5
delay: 6
delegate_to: "{{ groups.deploy[0] }}"
run_once: True
tags: upgrade_k8s, restart_master