mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 13:46:59 +01:00
83 lines
3.1 KiB
YAML
83 lines
3.1 KiB
YAML
---
|
|
- name: Download kubernetes-client archive
|
|
get_url:
|
|
url: "https://dl.k8s.io/v{{kubectl_version}}/kubernetes-client-{{kubectl_os}}-{{kubectl_arch}}.tar.gz"
|
|
checksum: "{{kubectl_checksum}}"
|
|
dest: "{{kubectl_tmp_directory}}"
|
|
tags:
|
|
- kubectl
|
|
|
|
- name: Unarchive kubernetes-client
|
|
unarchive:
|
|
src: "{{kubectl_tmp_directory}}/kubernetes-client-{{kubectl_os}}-{{kubectl_arch}}.tar.gz"
|
|
dest: "{{kubectl_tmp_directory}}"
|
|
tags:
|
|
- kubectl
|
|
|
|
- name: Copy kubectl binary to destination directory
|
|
copy:
|
|
src: "{{kubectl_tmp_directory}}/kubernetes/client/bin/{{item}}"
|
|
dest: "{{kubectl_bin_directory}}/{{item}}"
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
remote_src: yes
|
|
with_items:
|
|
- kubectl
|
|
|
|
- name: Generate a kubeconfig file for each worker node (set-cluster)
|
|
shell: "kubectl config set-cluster {{k8s_config_cluster_name}} --certificate-authority={{k8s_ca_conf_directory}}/ca-k8s-apiserver.pem --embed-certs=true --server=https://{{hostvars[groups['k8s_master'][0]]['ansible_'+hostvars[item]['peervpn_conf_interface']].ipv4.address}}:{{k8s_apiserver_secure_port}} --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
|
|
with_inventory_hostnames:
|
|
- k8s_worker
|
|
tags:
|
|
- k8s-auth-config-kubelet
|
|
|
|
- name: Generate a kubeconfig file for each worker node (set-credentials)
|
|
shell: "kubectl config set-credentials system:node:{{hostvars[item]['ansible_hostname']}} --client-certificate={{k8s_ca_conf_directory}}/cert-{{item}}.pem --client-key={{k8s_ca_conf_directory}}/cert-{{item}}-key.pem --embed-certs=true --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
|
|
with_inventory_hostnames:
|
|
- k8s_worker
|
|
tags:
|
|
- k8s-auth-config-kubelet
|
|
|
|
- name: Generate a kubeconfig file for each worker node (set-context)
|
|
shell: "kubectl config set-context default --cluster={{k8s_config_cluster_name}} --user=system:node:{{hostvars[item]['ansible_hostname']}} --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
|
|
with_inventory_hostnames:
|
|
- k8s_worker
|
|
tags:
|
|
- k8s-auth-config-kubelet
|
|
|
|
- name: Set use-context
|
|
shell: "kubectl config use-context default --kubeconfig={{k8s_config_directory}}/{{item}}.kubeconfig"
|
|
with_inventory_hostnames:
|
|
- k8s_worker
|
|
tags:
|
|
- k8s-auth-config-kubelet
|
|
|
|
- name: Get IP address of first host in k8s_master group and use as API server
|
|
set_fact:
|
|
apiServer: |
|
|
{% set item = groups["k8s_master"][0] %}
|
|
{{ hostvars[item]["ansible_"+hostvars[item]["peervpn_conf_interface"]].ipv4.address }}
|
|
|
|
- name: Remove newline from API server IP address
|
|
set_fact:
|
|
apiServer: "{{apiServer |replace('\n', '')}}"
|
|
|
|
- include_tasks: kubectl-config.yml
|
|
loop:
|
|
- name: kube-proxy
|
|
client_cert: k8s-proxy
|
|
- name: kube-controller-manager
|
|
client_cert: k8s-controller-manager
|
|
- name: kube-scheduler
|
|
client_cert: k8s-scheduler
|
|
- name: admin
|
|
client_cert: admin
|
|
loop_control:
|
|
loop_var: service
|
|
|
|
- name: Create encryption config file
|
|
template:
|
|
src: "templates/encryption-config.yaml.j2"
|
|
dest: "{{k8s_encryption_config_directory}}/encryption-config.yaml"
|
|
mode: 0600
|