Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • v2.27.0
  • v2.25.1
  • v2.24.3
  • v2.26.0
  • v2.24.2
  • v2.25.0
  • v2.24.1
  • v2.22.2
  • v2.23.3
  • v2.24.0
  • v2.23.2
  • v2.23.1
  • v2.23.0
  • v2.22.1
  • v2.22.0
  • v2.21.0
  • v2.20.0
  • v2.19.1
  • v2.18.2
  • v2.19.0
21 results
Blame Permalink
kubeadm-setup.yml 6.23 KiB 
---
- name: kubeadm | Check if old apiserver cert exists on host
  stat:
    path: "{{ kube_cert_dir }}/apiserver.pem"
  register: old_apiserver_cert
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true

- name: kubeadm | Check service account key
  stat:
    path: "{{ kube_cert_dir }}/sa.key"
  register: sa_key_before
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true

- name: kubeadm | Check if kubeadm has already run
  stat:
    path: "{{ kube_cert_dir }}/ca.key"
  register: kubeadm_ca

- name: kubeadm | Delete old admin.conf
  file:
    path: "{{ kube_config_dir }}/admin.conf"
    state: absent
  when: not kubeadm_ca.stat.exists

- name: kubeadm | Delete old static pods
  file:
    path: "{{ kube_config_dir }}/manifests/{{item}}.manifest"
    state: absent
  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
  when: old_apiserver_cert.stat.exists

- name: kubeadm | Forcefully delete old static pods
  shell: "docker ps -f name=k8s_{{item}} -q | xargs --no-run-if-empty docker rm -f"
  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
  when: old_apiserver_cert.stat.exists

- name: kubeadm | aggregate all SANs
  set_fact:
    apiserver_sans: >-
      kubernetes
      kubernetes.default
      kubernetes.default.svc
      kubernetes.default.svc.{{ dns_domain }}
      {{ kube_apiserver_ip }}
      localhost
      127.0.0.1
      {{ ' '.join(groups['kube-master']) }}
      {%- if loadbalancer_apiserver is defined %}
      {{ apiserver_loadbalancer_domain_name }}
      {%- endif %}
      {%- for host in groups['kube-master'] -%}
      {%- if hostvars[host]['access_ip'] is defined %}{{ hostvars[host]['access_ip'] }}{% endif %}
      {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
      {%- endfor %}
      {%- if supplementary_addresses_in_ssl_keys is defined %}
      {%- for addr in supplementary_addresses_in_ssl_keys %}
      {{ addr }}
      {%- endfor %}
      {%- endif %}
  tags: facts

- name: kubeadm | Copy etcd cert dir under k8s cert dir
  command: "cp -TR {{ etcd_cert_dir }} {{ kube_config_dir }}/ssl/etcd"
  changed_when: false

- name: kubeadm | Create kubeadm config
  template:
    src: kubeadm-config.yaml.j2