diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
index 5c5b3d251f4cef4012747d81a13c8884791a4165..8afb5c5308523ca4419003788e89075ad6555c7a 100644
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@@ -1,11 +1,17 @@
---
- name: Set external kube-apiserver endpoint
set_fact:
- external_apiserver_endpoint: >-
+ external_apiserver_address: >-
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
- https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
+ {{ apiserver_loadbalancer_domain_name }}
{%- else -%}
- https://{{ kube_apiserver_access_address }}:{{ kube_apiserver_port }}
+ {{ kube_apiserver_access_address }}
+ {%- endif -%}
+ external_apiserver_port: >-
+ {%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
+ {{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
+ {%- else -%}
+ {{ kube_apiserver_port }}
{%- endif -%}
tags:
- facts
@@ -24,12 +30,28 @@
mode: "0600"
backup: yes
-- name: Copy admin kubeconfig to ansible host
- fetch:
- src: "{{ kube_config_dir }}/admin.conf"
+- name: Generate admin kubeconfig with external api endpoint
+ shell: >-
+ {{ bin_dir }}/kubeadm alpha
+ {% if kubeadm_version is version('v1.13.0', '<') %}
+ phase
+ {% endif %}
+ kubeconfig user
+ --client-name kubernetes-admin
+ --org system:masters
+ --cert-dir {{ kube_config_dir }}/ssl
+ --apiserver-advertise-address {{ external_apiserver_address }}
+ --apiserver-bind-port {{ external_apiserver_port }}
+ run_once: yes
+ register: admin_kubeconfig
+
+- name: Write admin kubeconfig on ansible host
+ copy:
+ content: "{{ admin_kubeconfig.stdout }}"
dest: "{{ artifacts_dir }}/admin.conf"
- flat: yes
- validate_checksum: no
+ mode: 0640
+ delegate_to: localhost
+ become: no
run_once: yes
when: kubeconfig_localhost|default(false)
diff --git a/roles/kubernetes/client/templates/admin.conf.j2 b/roles/kubernetes/client/templates/admin.conf.j2
deleted file mode 100644
index b1640c1c563006408bca2212014783b11d554cb0..0000000000000000000000000000000000000000
--- a/roles/kubernetes/client/templates/admin.conf.j2
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Config
-current-context: admin-{{ cluster_name }}
-preferences: {}
-clusters:
-- cluster:
- certificate-authority-data: {{ admin_certs.results[0]['content'] }}
- server: {{ external_apiserver_endpoint }}
- name: {{ cluster_name }}
-contexts:
-- context:
- cluster: {{ cluster_name }}
- user: admin-{{ cluster_name }}
- name: admin-{{ cluster_name }}
-users:
-- name: admin-{{ cluster_name }}
- user:
- client-certificate-data: {{ admin_certs.results[1]['content'] }}
- client-key-data: {{ admin_certs.results[2]['content'] }}
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 3f26f707da3e870b66601c5cfded7223d2826960..b8884bc8ad996a35966584df5541a7be0e092d5b 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -56,11 +56,11 @@
{{ ' '.join(groups['kube-master']) }}
{%- if loadbalancer_apiserver is defined %}
{{ apiserver_loadbalancer_domain_name }}
- {%- endif %}
+ {% endif %}
{% for host in groups['kube-master'] -%}
{%- if hostvars[host]['access_ip'] is defined -%}
{{ hostvars[host]['access_ip'] }}
- {%- endif %}
+ {% endif %}
{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
{%- endfor %}
{%- if supplementary_addresses_in_ssl_keys is defined -%}