2017-09-14 02:00:51 +08:00
|
|
|
---
|
|
|
|
- name: Set kubeadm_discovery_address
|
|
|
|
set_fact:
|
2023-07-05 11:36:54 +08:00
|
|
|
# noqa: jinja[spacing]
|
2017-09-14 02:00:51 +08:00
|
|
|
kubeadm_discovery_address: >-
|
2018-08-07 18:25:31 +08:00
|
|
|
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
2022-01-10 17:35:19 +08:00
|
|
|
{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }}
|
2017-09-14 02:00:51 +08:00
|
|
|
{%- else -%}
|
2019-06-28 15:37:37 +08:00
|
|
|
{{ kube_apiserver_endpoint | replace("https://", "") }}
|
2017-09-14 02:00:51 +08:00
|
|
|
{%- endif %}
|
2017-10-05 15:43:04 +08:00
|
|
|
tags:
|
|
|
|
- facts
|
2017-09-14 02:00:51 +08:00
|
|
|
|
2017-09-16 05:28:15 +08:00
|
|
|
- name: Check if kubelet.conf exists
|
|
|
|
stat:
|
|
|
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
2024-08-28 13:30:56 +08:00
|
|
|
get_attributes: false
|
|
|
|
get_checksum: false
|
|
|
|
get_mime: false
|
2017-09-16 05:28:15 +08:00
|
|
|
register: kubelet_conf
|
|
|
|
|
2019-07-09 20:41:59 +08:00
|
|
|
- name: Check if kubeadm CA cert is accessible
|
|
|
|
stat:
|
|
|
|
path: "{{ kube_cert_dir }}/ca.crt"
|
2024-08-28 13:30:56 +08:00
|
|
|
get_attributes: false
|
|
|
|
get_checksum: false
|
|
|
|
get_mime: false
|
2019-07-09 20:41:59 +08:00
|
|
|
register: kubeadm_ca_stat
|
2021-03-24 08:26:05 +08:00
|
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
2019-07-09 20:41:59 +08:00
|
|
|
run_once: true
|
|
|
|
|
2020-08-05 22:56:28 +08:00
|
|
|
- name: Calculate kubeadm CA cert hash
|
|
|
|
shell: set -o pipefail && openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
|
|
|
args:
|
|
|
|
executable: /bin/bash
|
2017-12-25 16:57:45 +08:00
|
|
|
register: kubeadm_ca_hash
|
2019-07-09 20:41:59 +08:00
|
|
|
when:
|
|
|
|
- kubeadm_ca_stat.stat is defined
|
|
|
|
- kubeadm_ca_stat.stat.exists
|
2021-03-24 08:26:05 +08:00
|
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
2017-12-25 16:57:45 +08:00
|
|
|
run_once: true
|
2020-06-16 15:24:03 +08:00
|
|
|
changed_when: false
|
2017-12-25 16:57:45 +08:00
|
|
|
|
2018-02-06 07:14:50 +08:00
|
|
|
- name: Create kubeadm token for joining nodes with 24h expiration (default)
|
|
|
|
command: "{{ bin_dir }}/kubeadm token create"
|
|
|
|
register: temp_token
|
2021-03-24 08:26:05 +08:00
|
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
2019-04-19 21:01:54 +08:00
|
|
|
when: kubeadm_token is not defined
|
2020-06-16 15:24:03 +08:00
|
|
|
changed_when: false
|
2019-04-19 21:01:54 +08:00
|
|
|
|
|
|
|
- name: Set kubeadm_token to generated token
|
|
|
|
set_fact:
|
|
|
|
kubeadm_token: "{{ temp_token.stdout }}"
|
|
|
|
when: kubeadm_token is not defined
|
|
|
|
|
2022-10-06 15:39:52 +08:00
|
|
|
- name: Set kubeadm api version to v1beta3
|
2018-12-07 04:11:48 +08:00
|
|
|
set_fact:
|
2022-06-07 03:25:57 +08:00
|
|
|
kubeadmConfig_api_version: v1beta3
|
2018-08-14 20:13:44 +08:00
|
|
|
|
2024-04-03 14:54:12 +08:00
|
|
|
- name: Get kubeconfig for join discovery process
|
|
|
|
command: "{{ kubectl }} -n kube-public get cm cluster-info -o jsonpath='{.data.kubeconfig}'"
|
|
|
|
register: kubeconfig_file_discovery
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
|
|
|
when: kubeadm_use_file_discovery
|
|
|
|
|
|
|
|
- name: Copy discovery kubeconfig
|
|
|
|
copy:
|
|
|
|
dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml"
|
|
|
|
content: "{{ kubeconfig_file_discovery.stdout }}"
|
|
|
|
owner: "root"
|
2024-07-26 09:42:20 +08:00
|
|
|
mode: "0644"
|
2024-04-03 14:54:12 +08:00
|
|
|
when:
|
|
|
|
- not is_kube_master
|
|
|
|
- not kubelet_conf.stat.exists
|
|
|
|
- kubeadm_use_file_discovery
|
|
|
|
|
2017-09-14 02:00:51 +08:00
|
|
|
- name: Create kubeadm client config
|
|
|
|
template:
|
2018-08-14 20:13:44 +08:00
|
|
|
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
|
2018-12-19 21:16:14 +08:00
|
|
|
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
|
2024-08-28 13:30:56 +08:00
|
|
|
backup: true
|
2024-07-26 09:42:20 +08:00
|
|
|
mode: "0640"
|
2017-09-14 02:00:51 +08:00
|
|
|
when: not is_kube_master
|
|
|
|
|
2023-07-26 22:36:22 +08:00
|
|
|
- name: Kubeadm | Create directory to store kubeadm patches
|
2022-10-06 15:39:52 +08:00
|
|
|
file:
|
|
|
|
path: "{{ kubeadm_patches.dest_dir }}"
|
|
|
|
state: directory
|
2024-07-26 09:42:20 +08:00
|
|
|
mode: "0640"
|
2022-10-06 15:39:52 +08:00
|
|
|
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
|
|
|
|
2023-07-26 22:36:22 +08:00
|
|
|
- name: Kubeadm | Copy kubeadm patches from inventory files
|
2022-10-06 15:39:52 +08:00
|
|
|
copy:
|
|
|
|
src: "{{ kubeadm_patches.source_dir }}/"
|
|
|
|
dest: "{{ kubeadm_patches.dest_dir }}"
|
|
|
|
owner: "root"
|
2024-07-26 09:42:20 +08:00
|
|
|
mode: "0644"
|
2022-10-06 15:39:52 +08:00
|
|
|
when: kubeadm_patches is defined and kubeadm_patches.enabled
|
|
|
|
|
2017-09-14 02:00:51 +08:00
|
|
|
- name: Join to cluster if needed
|
2021-02-24 01:44:02 +08:00
|
|
|
environment:
|
|
|
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
|
2019-02-13 05:42:56 +08:00
|
|
|
when: not is_kube_master and (not kubelet_conf.stat.exists)
|
|
|
|
block:
|
|
|
|
|
|
|
|
- name: Join to cluster
|
|
|
|
command: >-
|
2019-07-09 20:41:59 +08:00
|
|
|
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
|
2019-02-13 05:42:56 +08:00
|
|
|
{{ bin_dir }}/kubeadm join
|
2019-05-03 05:24:21 +08:00
|
|
|
--config {{ kube_config_dir }}/kubeadm-client.conf
|
2019-02-20 14:13:59 +08:00
|
|
|
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
|
2021-10-12 00:36:41 +08:00
|
|
|
--skip-phases={{ kubeadm_join_phases_skip | join(',') }}
|
2019-02-13 05:42:56 +08:00
|
|
|
register: kubeadm_join
|
2022-03-07 21:35:55 +08:00
|
|
|
changed_when: kubeadm_join is success
|
2019-02-13 05:42:56 +08:00
|
|
|
|
|
|
|
rescue:
|
|
|
|
|
|
|
|
- name: Join to cluster with ignores
|
|
|
|
command: >-
|
2019-07-09 20:41:59 +08:00
|
|
|
timeout -k {{ kubeadm_join_timeout }} {{ kubeadm_join_timeout }}
|
2019-02-13 05:42:56 +08:00
|
|
|
{{ bin_dir }}/kubeadm join
|
2019-05-03 05:24:21 +08:00
|
|
|
--config {{ kube_config_dir }}/kubeadm-client.conf
|
2019-02-13 05:42:56 +08:00
|
|
|
--ignore-preflight-errors=all
|
2021-10-12 00:36:41 +08:00
|
|
|
--skip-phases={{ kubeadm_join_phases_skip | join(',') }}
|
2019-02-13 05:42:56 +08:00
|
|
|
register: kubeadm_join
|
2022-03-07 21:35:55 +08:00
|
|
|
changed_when: kubeadm_join is success
|
2019-02-13 05:42:56 +08:00
|
|
|
|
|
|
|
always:
|
|
|
|
|
|
|
|
- name: Display kubeadm join stderr if any
|
|
|
|
when: kubeadm_join is failed
|
|
|
|
debug:
|
2019-05-04 03:21:42 +08:00
|
|
|
msg: |
|
2019-02-13 05:42:56 +08:00
|
|
|
Joined with warnings
|
|
|
|
{{ kubeadm_join.stderr_lines }}
|
2017-09-16 05:28:15 +08:00
|
|
|
|
2017-09-14 02:00:51 +08:00
|
|
|
- name: Update server field in kubelet kubeconfig
|
2018-06-07 17:46:15 +08:00
|
|
|
lineinfile:
|
|
|
|
dest: "{{ kube_config_dir }}/kubelet.conf"
|
|
|
|
regexp: 'server:'
|
|
|
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
2024-08-28 13:30:56 +08:00
|
|
|
backup: true
|
2018-08-18 22:05:35 +08:00
|
|
|
when:
|
|
|
|
- kubeadm_config_api_fqdn is not defined
|
|
|
|
- not is_kube_master
|
2019-06-28 15:37:37 +08:00
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
2020-03-21 04:54:08 +08:00
|
|
|
notify: Kubeadm | restart kubelet
|
2017-09-14 02:00:51 +08:00
|
|
|
|
2023-10-17 15:45:00 +08:00
|
|
|
- name: Update server field in kubelet kubeconfig - external lb
|
|
|
|
lineinfile:
|
|
|
|
dest: "{{ kube_config_dir }}/kubelet.conf"
|
|
|
|
regexp: '^ server: https'
|
|
|
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
2024-08-28 13:30:56 +08:00
|
|
|
backup: true
|
2023-10-17 15:45:00 +08:00
|
|
|
when:
|
|
|
|
- not is_kube_master
|
|
|
|
- loadbalancer_apiserver is defined
|
|
|
|
notify: Kubeadm | restart kubelet
|
|
|
|
|
2024-08-06 15:50:50 +08:00
|
|
|
- name: Get current resourceVersion of kube-proxy configmap
|
|
|
|
command: "{{ kubectl }} get configmap kube-proxy -n kube-system -o jsonpath='{.metadata.resourceVersion}'"
|
|
|
|
register: original_configmap_resource_version
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
|
|
|
delegate_facts: false
|
|
|
|
when:
|
|
|
|
- kube_proxy_deployed
|
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
2019-09-10 01:33:20 +08:00
|
|
|
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
|
|
|
|
# incorrectly to first master, creating SPoF.
|
2020-08-05 22:56:28 +08:00
|
|
|
- name: Update server field in kube-proxy kubeconfig
|
2019-01-11 12:40:25 +08:00
|
|
|
shell: >-
|
2022-01-05 18:26:32 +08:00
|
|
|
set -o pipefail && {{ kubectl }} get configmap kube-proxy -n kube-system -o yaml
|
2019-09-10 01:33:20 +08:00
|
|
|
| sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g'
|
2022-01-05 18:26:32 +08:00
|
|
|
| {{ kubectl }} replace -f -
|
2020-08-05 22:56:28 +08:00
|
|
|
args:
|
|
|
|
executable: /bin/bash
|
2019-01-11 12:40:25 +08:00
|
|
|
run_once: true
|
2023-07-05 11:36:54 +08:00
|
|
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
2020-05-18 04:05:36 +08:00
|
|
|
delegate_facts: false
|
2019-01-11 12:40:25 +08:00
|
|
|
when:
|
|
|
|
- kubeadm_config_api_fqdn is not defined
|
2019-06-28 15:37:37 +08:00
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "")
|
2020-09-17 19:30:45 +08:00
|
|
|
- kube_proxy_deployed
|
2020-03-13 01:40:39 +08:00
|
|
|
- loadbalancer_apiserver_localhost
|
2019-01-11 12:40:25 +08:00
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
2023-10-17 15:45:00 +08:00
|
|
|
- name: Update server field in kube-proxy kubeconfig - external lb
|
|
|
|
shell: >-
|
|
|
|
set -o pipefail && {{ kubectl }} get configmap kube-proxy -n kube-system -o yaml
|
|
|
|
| sed 's#server:.*#server: {{kube_apiserver_endpoint}}#g'
|
|
|
|
| {{ kubectl }} replace -f -
|
|
|
|
args:
|
|
|
|
executable: /bin/bash
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
|
|
|
delegate_facts: false
|
|
|
|
when:
|
|
|
|
- kube_proxy_deployed
|
|
|
|
- loadbalancer_apiserver is defined
|
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
2024-08-06 15:50:50 +08:00
|
|
|
- name: Get new resourceVersion of kube-proxy configmap
|
|
|
|
command: "{{ kubectl }} get configmap kube-proxy -n kube-system -o jsonpath='{.metadata.resourceVersion}'"
|
|
|
|
register: new_configmap_resource_version
|
|
|
|
run_once: true
|
|
|
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
|
|
|
delegate_facts: false
|
|
|
|
when:
|
|
|
|
- kube_proxy_deployed
|
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
2019-12-11 16:54:04 +08:00
|
|
|
- name: Set ca.crt file permission
|
|
|
|
file:
|
|
|
|
path: "{{ kube_cert_dir }}/ca.crt"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
|
2020-07-28 16:39:08 +08:00
|
|
|
- name: Restart all kube-proxy pods to ensure that they load the new configmap
|
2022-01-05 18:26:32 +08:00
|
|
|
command: "{{ kubectl }} delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
|
2019-01-11 12:40:25 +08:00
|
|
|
run_once: true
|
2023-07-05 11:36:54 +08:00
|
|
|
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
2020-05-18 04:05:36 +08:00
|
|
|
delegate_facts: false
|
2019-01-11 12:40:25 +08:00
|
|
|
when:
|
2023-10-17 15:45:00 +08:00
|
|
|
- kubeadm_config_api_fqdn is not defined or loadbalancer_apiserver is defined
|
|
|
|
- kubeadm_discovery_address != kube_apiserver_endpoint | replace("https://", "") or loadbalancer_apiserver is defined
|
2020-09-17 19:30:45 +08:00
|
|
|
- kube_proxy_deployed
|
2024-08-06 15:50:50 +08:00
|
|
|
- original_configmap_resource_version.stdout != new_configmap_resource_version.stdout
|
2019-01-11 12:40:25 +08:00
|
|
|
tags:
|
|
|
|
- kube-proxy
|
|
|
|
|
2019-06-21 02:12:51 +08:00
|
|
|
- name: Extract etcd certs from control plane if using etcd kubeadm mode
|
|
|
|
include_tasks: kubeadm_etcd_node.yml
|
|
|
|
when:
|
2022-02-23 00:53:16 +08:00
|
|
|
- etcd_deployment_type == "kubeadm"
|
2021-03-24 08:26:05 +08:00
|
|
|
- inventory_hostname not in groups['kube_control_plane']
|
2023-05-18 18:40:33 +08:00
|
|
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
2019-06-21 02:12:51 +08:00
|
|
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|