self-hosting/roles/kubernetes-controller/tasks/main.yml

---
- name: Create Kubernetes/kube-apiserver config directory
  file:
    path: "{{k8s_conf_dir}}"
    state: directory
    mode: 0700
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-controller-manager config directory
  file:
    path: "{{k8s_controller_manager_conf_dir}}"
    state: directory
    mode: 0700
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-controller-manager kubeconfig
  template:
    src: "{{k8s_config_directory}}/kube-controller-manager.kubeconfig"
    dest: "{{k8s_controller_manager_conf_dir}}/kube-controller-manager.kubeconfig"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-worker
    - k8s-controller-base

- name: Create scheduler config directory
  file:
    path: "{{k8s_scheduler_conf_dir}}"
    state: directory
    mode: 0700
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-scheduler kubeconfig
  template:
    src: "{{k8s_config_directory}}/kube-scheduler.kubeconfig"
    dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.kubeconfig"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-scheduler.yaml
  template:
    src: "templates/var/lib/kube-scheduler/kube-scheduler.yaml.j2"
    dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.yaml"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kubeconfig for admin user
  template:
    src: "{{k8s_config_directory}}/admin.kubeconfig"
    dest: "{{k8s_conf_dir}}/admin.kubeconfig"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Copy etcd certificates
  copy:
    src: "{{k8s_ca_conf_directory}}/{{item}}"
    dest: "{{k8s_conf_dir}}/{{item}}"
    mode: 0640
    owner: root
    group: root
  with_items:
    - "{{etcd_certificates}}"
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Copy Kubernetes certificates
  copy:
    src: "{{k8s_ca_conf_directory}}/{{item}}"
    dest: "{{k8s_conf_dir}}/{{item}}"
    mode: 0640
    owner: root
    group: root
  with_items:
    - "{{k8s_certificates}}"
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Downloading official Kubernetes binaries
  get_url:
    url: https://storage.googleapis.com/kubernetes-release/release/v{{k8s_release}}/bin/linux/amd64/{{item}}
    dest: "{{k8s_bin_dir}}"
    mode: 0755
  with_items:
    - "{{k8s_controller_binaries}}"
  notify:
    - restart kube-apiserver
    - restart kube-controller-manager
    - restart kube-scheduler
  tags:
    - k8s-controller

- name: Copy encryption provider config file
  copy:
    src: "{{k8s_config_directory}}/encryption-config.yaml"
    dest: "{{k8s_conf_dir}}/encryption-config.yaml"
    mode: 0644
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Combine k8s_apiserver_settings and k8s_apiserver_settings_user (if defined)
  set_fact:
    k8s_apiserver_settings: "{{k8s_apiserver_settings | combine(k8s_apiserver_settings_user|default({})) }}"
  tags:
    - k8s-controller

- name: Create systemd unit file for kube-apiserver
  template:
    src: etc/systemd/system/kube-apiserver.service.j2
    dest: /etc/systemd/system/kube-apiserver.service
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
  notify:
    - reload systemd

- name: Enable and start kube-apiserver
  service:
    name: kube-apiserver
    enabled: yes
    state: started
  tags:
    - k8s-controller

- name: Combine k8s_controller_manager_settings and k8s_controller_manager_settings_user (if defined)
  set_fact:
    k8s_controller_manager_settings: "{{k8s_controller_manager_settings | combine(k8s_controller_manager_settings_user|default({})) }}"
  tags:
    - k8s-controller

- name: Create systemd unit file for kube-controller-manager
  template:
    src: etc/systemd/system/kube-controller-manager.service.j2
    dest: /etc/systemd/system/kube-controller-manager.service
    owner: root
    group: root
    mode: 0644
  notify:
    - reload systemd
  tags:
    - k8s-controller

- name: Enable and start kube-controller-manager
  service:
    name: kube-controller-manager
    enabled: yes
    state: started
  tags:
    - k8s-controller

- name: Combine k8s_scheduler_settings and k8s_scheduler_settings_user (if defined)
  set_fact:
    k8s_scheduler_settings: "{{k8s_scheduler_settings | combine(k8s_scheduler_settings_user|default({})) }}"
  tags:
    - k8s-controller
 
- name: Create systemd unit file for kube-scheduler
  template:
    src: etc/systemd/system/kube-scheduler.service.j2
    dest: /etc/systemd/system/kube-scheduler.service
    owner: root
    group: root
    mode: 0644
  notify:
    - reload systemd
  tags:
    - k8s-controller

- name: Enable and start kube-scheduler
  service:
    name: kube-scheduler
    enabled: yes
    state: started
  tags:
    - k8s-controller

# TODO: Check if ClusterRole + ClusterRoleBinding are already configured

- name: Copy kube-apiserver-to-kubelet ClusterRole
  copy:
    src: "files/kube-apiserver-to-kubelet_cluster_role.yaml"
    dest: "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
    mode: 0600
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Copy kube-apiserver-to-kubelet ClusterRoleBinding
  copy:
    src: "files/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
    dest: "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
    mode: 0600
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Wait 300 seconds for kube-apiserver port 6443 to become open on the host
  wait_for:
    port: 6443
    delay: 5
    host: "{{hostvars[inventory_hostname]['ansible_' + k8s_interface].ipv4.address}}"
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"

- name: Apply kube-apiserver-to-kubelet ClusterRole
  shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
  register: kube_apiserver_to_kubelet_cluster_role
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Apply kube-apiserver-to-kubelet ClusterRoleBinding
  shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
  register: kube_apiserver_to_kubelet_cluster_role_binding
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Remove temporary files
  file:
    path: "{{item}}"
    state: absent
  with_items:
    - "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
    - "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller
Custom role for control plane 2018-08-01 11:10:51 +02:00			`---`
			`- name: Create Kubernetes/kube-apiserver config directory`
			`file:`
			`path: "{{k8s_conf_dir}}"`
			`state: directory`
			`mode: 0700`
			`owner: root`
			`group: root`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Create kube-controller-manager config directory`
			`file:`
			`path: "{{k8s_controller_manager_conf_dir}}"`
			`state: directory`
			`mode: 0700`
			`owner: root`
			`group: root`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Create kube-controller-manager kubeconfig`
			`template:`
			`src: "{{k8s_config_directory}}/kube-controller-manager.kubeconfig"`
			`dest: "{{k8s_controller_manager_conf_dir}}/kube-controller-manager.kubeconfig"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`tags:`
			`- k8s-worker`
			`- k8s-controller-base`

			`- name: Create scheduler config directory`
			`file:`
			`path: "{{k8s_scheduler_conf_dir}}"`
			`state: directory`
			`mode: 0700`
			`owner: root`
			`group: root`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Create kube-scheduler kubeconfig`
			`template:`
			`src: "{{k8s_config_directory}}/kube-scheduler.kubeconfig"`
			`dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.kubeconfig"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Create kube-scheduler.yaml`
			`template:`
			`src: "templates/var/lib/kube-scheduler/kube-scheduler.yaml.j2"`
			`dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.yaml"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Create kubeconfig for admin user`
			`template:`
			`src: "{{k8s_config_directory}}/admin.kubeconfig"`
			`dest: "{{k8s_conf_dir}}/admin.kubeconfig"`
			`owner: root`
			`group: root`
			`mode: 0644`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Copy etcd certificates`
			`copy:`
			`src: "{{k8s_ca_conf_directory}}/{{item}}"`
			`dest: "{{k8s_conf_dir}}/{{item}}"`
			`mode: 0640`
			`owner: root`
			`group: root`
			`with_items:`
			`- "{{etcd_certificates}}"`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Copy Kubernetes certificates`
			`copy:`
			`src: "{{k8s_ca_conf_directory}}/{{item}}"`
			`dest: "{{k8s_conf_dir}}/{{item}}"`
			`mode: 0640`
			`owner: root`
			`group: root`
			`with_items:`
			`- "{{k8s_certificates}}"`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Downloading official Kubernetes binaries`
			`get_url:`
			`url: https://storage.googleapis.com/kubernetes-release/release/v{{k8s_release}}/bin/linux/amd64/{{item}}`
			`dest: "{{k8s_bin_dir}}"`
			`mode: 0755`
			`with_items:`
			`- "{{k8s_controller_binaries}}"`
			`notify:`
			`- restart kube-apiserver`
			`- restart kube-controller-manager`
			`- restart kube-scheduler`
			`tags:`
			`- k8s-controller`

			`- name: Copy encryption provider config file`
			`copy:`
			`src: "{{k8s_config_directory}}/encryption-config.yaml"`
			`dest: "{{k8s_conf_dir}}/encryption-config.yaml"`
			`mode: 0644`
			`owner: root`
			`group: root`
			`tags:`
			`- k8s-controller`
			`- k8s-controller-base`

			`- name: Combine k8s_apiserver_settings and k8s_apiserver_settings_user (if defined)`
			`set_fact:`
			`k8s_apiserver_settings: "{{k8s_apiserver_settings \| combine(k8s_apiserver_settings_user\|default({})) }}"`
			`tags:`
			`- k8s-controller`

			`- name: Create systemd unit file for kube-apiserver`
			`template:`
			`src: etc/systemd/system/kube-apiserver.service.j2`
			`dest: /etc/systemd/system/kube-apiserver.service`
			`owner: root`
			`group: root`
			`mode: 0644`
			`tags:`
			`- k8s-controller`
			`notify:`
			`- reload systemd`

			`- name: Enable and start kube-apiserver`
			`service:`
			`name: kube-apiserver`
			`enabled: yes`
			`state: started`
			`tags:`
			`- k8s-controller`

			`- name: Combine k8s_controller_manager_settings and k8s_controller_manager_settings_user (if defined)`
			`set_fact:`
			`k8s_controller_manager_settings: "{{k8s_controller_manager_settings \| combine(k8s_controller_manager_settings_user\|default({})) }}"`
			`tags:`
			`- k8s-controller`

			`- name: Create systemd unit file for kube-controller-manager`
			`template:`
			`src: etc/systemd/system/kube-controller-manager.service.j2`
			`dest: /etc/systemd/system/kube-controller-manager.service`
			`owner: root`
			`group: root`
			`mode: 0644`
			`notify:`
			`- reload systemd`
			`tags:`
			`- k8s-controller`

			`- name: Enable and start kube-controller-manager`
			`service:`
			`name: kube-controller-manager`
			`enabled: yes`
			`state: started`
			`tags:`
			`- k8s-controller`

			`- name: Combine k8s_scheduler_settings and k8s_scheduler_settings_user (if defined)`
			`set_fact:`
			`k8s_scheduler_settings: "{{k8s_scheduler_settings \| combine(k8s_scheduler_settings_user\|default({})) }}"`
			`tags:`
			`- k8s-controller`

			`- name: Create systemd unit file for kube-scheduler`
			`template:`
			`src: etc/systemd/system/kube-scheduler.service.j2`
			`dest: /etc/systemd/system/kube-scheduler.service`
			`owner: root`
			`group: root`
			`mode: 0644`
			`notify:`
			`- reload systemd`
			`tags:`
			`- k8s-controller`

			`- name: Enable and start kube-scheduler`
			`service:`
			`name: kube-scheduler`
			`enabled: yes`
			`state: started`
			`tags:`
			`- k8s-controller`

			`# TODO: Check if ClusterRole + ClusterRoleBinding are already configured`

			`- name: Copy kube-apiserver-to-kubelet ClusterRole`
			`copy:`
			`src: "files/kube-apiserver-to-kubelet_cluster_role.yaml"`
			`dest: "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"`
			`mode: 0600`
			`run_once: true`
			`delegate_to: "{{groups.k8s_master\|first}}"`
			`tags:`
			`- k8s-controller`

			`- name: Copy kube-apiserver-to-kubelet ClusterRoleBinding`
			`copy:`
			`src: "files/kube-apiserver-to-kubelet_cluster_role_binding.yaml"`
			`dest: "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"`
			`mode: 0600`
			`run_once: true`
			`delegate_to: "{{groups.k8s_master\|first}}"`
			`tags:`
			`- k8s-controller`

			`- name: Wait 300 seconds for kube-apiserver port 6443 to become open on the host`
			`wait_for:`
			`port: 6443`
			`delay: 5`
			`host: "{{hostvars[inventory_hostname]['ansible_' + k8s_interface].ipv4.address}}"`
			`run_once: true`
			`delegate_to: "{{groups.k8s_master\|first}}"`

			`- name: Apply kube-apiserver-to-kubelet ClusterRole`
			`shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role.yaml"`
			`register: kube_apiserver_to_kubelet_cluster_role`
			`run_once: true`
			`delegate_to: "{{groups.k8s_master\|first}}"`
			`tags:`
			`- k8s-controller`

			`- name: Apply kube-apiserver-to-kubelet ClusterRoleBinding`
			`shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"`
			`register: kube_apiserver_to_kubelet_cluster_role_binding`
			`run_once: true`
			`delegate_to: "{{groups.k8s_master\|first}}"`
			`tags:`
			`- k8s-controller`

			`- name: Remove temporary files`
			`file:`
			`path: "{{item}}"`
			`state: absent`
			`with_items:`
			`- "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"`
			`- "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"`
			`run_once: true`
			`delegate_to: "{{groups.k8s_master\|first}}"`
			`tags:`
			`- k8s-controller`