95 lines
2.8 KiB
YAML
95 lines
2.8 KiB
YAML
---
|
|
- name: get the node token values from token files
|
|
slurp:
|
|
src: "{{ kube_token_dir }}/{{ item }}-{{ inventory_hostname }}.token"
|
|
with_items:
|
|
- "system:controller_manager"
|
|
- "system:scheduler"
|
|
- "system:kubectl"
|
|
- "system:proxy"
|
|
register: tokens
|
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
|
|
|
- name: Set token facts
|
|
set_fact:
|
|
controller_manager_token: "{{ tokens.results[0].content|b64decode }}"
|
|
scheduler_token: "{{ tokens.results[1].content|b64decode }}"
|
|
kubectl_token: "{{ tokens.results[2].content|b64decode }}"
|
|
proxy_token: "{{ tokens.results[3].content|b64decode }}"
|
|
|
|
- name: write the config files for api server
|
|
template: src=apiserver.j2 dest={{ kube_config_dir }}/apiserver backup=yes
|
|
notify:
|
|
- restart apiserver
|
|
|
|
- name: write config file for controller-manager
|
|
template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager backup=yes
|
|
notify:
|
|
- restart controller-manager
|
|
|
|
- name: write the kubecfg (auth) file for controller-manager
|
|
template: src=controller-manager.kubeconfig.j2 dest={{ kube_config_dir }}/controller-manager.kubeconfig backup=yes
|
|
notify:
|
|
- restart controller-manager
|
|
|
|
- name: write the config file for scheduler
|
|
template: src=scheduler.j2 dest={{ kube_config_dir }}/scheduler backup=yes
|
|
notify:
|
|
- restart scheduler
|
|
|
|
- name: write the kubecfg (auth) file for scheduler
|
|
template: src=scheduler.kubeconfig.j2 dest={{ kube_config_dir }}/scheduler.kubeconfig backup=yes
|
|
notify:
|
|
- restart scheduler
|
|
|
|
- name: write the kubecfg (auth) file for kubectl
|
|
template: src=kubectl.kubeconfig.j2 dest={{ kube_config_dir }}/kubectl.kubeconfig backup=yes
|
|
|
|
- name: Copy kubectl bash completion
|
|
copy: src=kubectl_bash_completion.sh dest=/etc/bash_completion.d/kubectl.sh
|
|
|
|
- name: Create proxy environment vars dir
|
|
file: path=/etc/systemd/system/kube-proxy.service.d state=directory
|
|
|
|
- name: Write proxy config file
|
|
template: src=proxy.j2 dest=/etc/systemd/system/kube-proxy.service.d/10-proxy-cluster.conf backup=yes
|
|
notify:
|
|
- restart proxy
|
|
|
|
- name: write the kubecfg (auth) file for proxy
|
|
template: src=proxy.kubeconfig.j2 dest={{ kube_config_dir }}/proxy.kubeconfig backup=yes
|
|
|
|
- name: populate users for basic auth in API
|
|
lineinfile:
|
|
dest: "{{ kube_users_dir }}/known_users.csv"
|
|
create: yes
|
|
line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
|
|
backup: yes
|
|
with_dict: "{{ kube_users }}"
|
|
notify:
|
|
- restart apiserver
|
|
|
|
- name: Enable controller-manager
|
|
service:
|
|
name: kube-controller-manager
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Enable scheduler
|
|
service:
|
|
name: kube-scheduler
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Enable kube-proxy
|
|
service:
|
|
name: kube-proxy
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Enable apiserver
|
|
service:
|
|
name: kube-apiserver
|
|
enabled: yes
|
|
state: started
|