easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubeasz/roles/helm/tasks/main.yml

56 lines
2.0 KiB
YAML
Raw Blame History

- name: 下载helm客户端
copy: src={{ base_dir }}/bin/helm dest={{ bin_dir }}/helm mode=0755
- name: 创建helm 客户端证书请求
template: src=helm-csr.json.j2 dest={{ ca_dir }}/{{ helm_cert_cn }}-csr.json
- name: 创建helm 客户端证书
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes {{ helm_cert_cn }}-csr.json | {{ bin_dir }}/cfssljson -bare {{ helm_cert_cn }}"
- name: 创建tiller 服务端证书请求
template: src=tiller-csr.json.j2 dest={{ ca_dir }}/{{ tiller_cert_cn }}-csr.json
- name: 创建 calico证书和私钥
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes {{ tiller_cert_cn }}-csr.json | {{ bin_dir }}/cfssljson -bare {{ tiller_cert_cn }}"
- name: 准备rbac配置
template: src=helm-rbac.yaml.j2 dest=~/helm-rbac.yaml
- name: 在k8s上创建rbac
shell: "{{ bin_dir }}/kubectl create -f ~/helm-rbac.yaml"
ignore_errors: true
- name: 安装tiller
shell: "{{ bin_dir }}/helm init \
--tiller-tls \
--tiller-tls-verify \
--tiller-tls-cert {{ ca_dir }}/{{ tiller_cert_cn }}.pem \
--tiller-tls-key {{ ca_dir }}/{{ tiller_cert_cn }}-key.pem \
--tls-ca-cert {{ ca_dir }}/ca.pem \
--service-account {{ tiller_sa }} \
--tiller-namespace {{ helm_namespace }} \
--tiller-image {{ tiller_image }}"
ignore_errors: true
- name: 配置helm客户端
shell: "cp -f {{ ca_dir }}/ca.pem ~/.helm/ca.pem && \
cp -f {{ ca_dir }}/{{ helm_cert_cn }}.pem ~/.helm/cert.pem && \
cp -f {{ ca_dir }}/{{ helm_cert_cn }}-key.pem ~/.helm/key.pem"
ignore_errors: true
- name: 配置helm命令别名
lineinfile:
dest: ~/.bashrc
state: present
regexp: "alias helm"
line: "alias helm='helm --tls --tiller-namespace {{ helm_namespace }}'"
Reference in New Issue View Git Blame Copy Permalink