mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 21:57:00 +01:00
264 lines
6.8 KiB
YAML
264 lines
6.8 KiB
YAML
---
|
|
- name: Create Kubernetes/kube-apiserver config directory
|
|
file:
|
|
path: "{{k8s_conf_dir}}"
|
|
state: directory
|
|
mode: 0700
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Create kube-controller-manager config directory
|
|
file:
|
|
path: "{{k8s_controller_manager_conf_dir}}"
|
|
state: directory
|
|
mode: 0700
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Create kube-controller-manager kubeconfig
|
|
template:
|
|
src: "{{k8s_config_directory}}/kube-controller-manager.kubeconfig"
|
|
dest: "{{k8s_controller_manager_conf_dir}}/kube-controller-manager.kubeconfig"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- k8s-worker
|
|
- k8s-controller-base
|
|
|
|
- name: Create scheduler config directory
|
|
file:
|
|
path: "{{k8s_scheduler_conf_dir}}"
|
|
state: directory
|
|
mode: 0700
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Create kube-scheduler kubeconfig
|
|
template:
|
|
src: "{{k8s_config_directory}}/kube-scheduler.kubeconfig"
|
|
dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.kubeconfig"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Create kube-scheduler.yaml
|
|
template:
|
|
src: "templates/var/lib/kube-scheduler/kube-scheduler.yaml.j2"
|
|
dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.yaml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Create kubeconfig for admin user
|
|
template:
|
|
src: "{{k8s_config_directory}}/admin.kubeconfig"
|
|
dest: "{{k8s_conf_dir}}/admin.kubeconfig"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Copy etcd certificates
|
|
copy:
|
|
src: "{{k8s_ca_conf_directory}}/{{item}}"
|
|
dest: "{{k8s_conf_dir}}/{{item}}"
|
|
mode: 0640
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- "{{etcd_certificates}}"
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Copy Kubernetes certificates
|
|
copy:
|
|
src: "{{k8s_ca_conf_directory}}/{{item}}"
|
|
dest: "{{k8s_conf_dir}}/{{item}}"
|
|
mode: 0640
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- "{{k8s_certificates}}"
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Downloading official Kubernetes binaries
|
|
get_url:
|
|
url: https://storage.googleapis.com/kubernetes-release/release/v{{k8s_release}}/bin/linux/amd64/{{item}}
|
|
dest: "{{k8s_bin_dir}}"
|
|
mode: 0755
|
|
with_items:
|
|
- "{{k8s_controller_binaries}}"
|
|
notify:
|
|
- restart kube-apiserver
|
|
- restart kube-controller-manager
|
|
- restart kube-scheduler
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Copy encryption provider config file
|
|
copy:
|
|
src: "{{k8s_config_directory}}/encryption-config.yaml"
|
|
dest: "{{k8s_conf_dir}}/encryption-config.yaml"
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- k8s-controller
|
|
- k8s-controller-base
|
|
|
|
- name: Combine k8s_apiserver_settings and k8s_apiserver_settings_user (if defined)
|
|
set_fact:
|
|
k8s_apiserver_settings: "{{k8s_apiserver_settings | combine(k8s_apiserver_settings_user|default({})) }}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Create systemd unit file for kube-apiserver
|
|
template:
|
|
src: etc/systemd/system/kube-apiserver.service.j2
|
|
dest: /etc/systemd/system/kube-apiserver.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- k8s-controller
|
|
notify:
|
|
- reload systemd
|
|
|
|
- name: Enable and start kube-apiserver
|
|
service:
|
|
name: kube-apiserver
|
|
enabled: yes
|
|
state: started
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Combine k8s_controller_manager_settings and k8s_controller_manager_settings_user (if defined)
|
|
set_fact:
|
|
k8s_controller_manager_settings: "{{k8s_controller_manager_settings | combine(k8s_controller_manager_settings_user|default({})) }}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Create systemd unit file for kube-controller-manager
|
|
template:
|
|
src: etc/systemd/system/kube-controller-manager.service.j2
|
|
dest: /etc/systemd/system/kube-controller-manager.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Enable and start kube-controller-manager
|
|
service:
|
|
name: kube-controller-manager
|
|
enabled: yes
|
|
state: started
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Combine k8s_scheduler_settings and k8s_scheduler_settings_user (if defined)
|
|
set_fact:
|
|
k8s_scheduler_settings: "{{k8s_scheduler_settings | combine(k8s_scheduler_settings_user|default({})) }}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Create systemd unit file for kube-scheduler
|
|
template:
|
|
src: etc/systemd/system/kube-scheduler.service.j2
|
|
dest: /etc/systemd/system/kube-scheduler.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Enable and start kube-scheduler
|
|
service:
|
|
name: kube-scheduler
|
|
enabled: yes
|
|
state: started
|
|
tags:
|
|
- k8s-controller
|
|
|
|
# TODO: Check if ClusterRole + ClusterRoleBinding are already configured
|
|
|
|
- name: Copy kube-apiserver-to-kubelet ClusterRole
|
|
copy:
|
|
src: "files/kube-apiserver-to-kubelet_cluster_role.yaml"
|
|
dest: "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
|
|
mode: 0600
|
|
run_once: true
|
|
delegate_to: "{{groups.k8s_master|first}}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Copy kube-apiserver-to-kubelet ClusterRoleBinding
|
|
copy:
|
|
src: "files/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
|
|
dest: "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
|
|
mode: 0600
|
|
run_once: true
|
|
delegate_to: "{{groups.k8s_master|first}}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Wait 300 seconds for kube-apiserver port 6443 to become open on the host
|
|
wait_for:
|
|
port: 6443
|
|
delay: 5
|
|
host: "{{hostvars[inventory_hostname]['ansible_' + k8s_interface].ipv4.address}}"
|
|
run_once: true
|
|
delegate_to: "{{groups.k8s_master|first}}"
|
|
|
|
- name: Apply kube-apiserver-to-kubelet ClusterRole
|
|
shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
|
|
register: kube_apiserver_to_kubelet_cluster_role
|
|
run_once: true
|
|
delegate_to: "{{groups.k8s_master|first}}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Apply kube-apiserver-to-kubelet ClusterRoleBinding
|
|
shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
|
|
register: kube_apiserver_to_kubelet_cluster_role_binding
|
|
run_once: true
|
|
delegate_to: "{{groups.k8s_master|first}}"
|
|
tags:
|
|
- k8s-controller
|
|
|
|
- name: Remove temporary files
|
|
file:
|
|
path: "{{item}}"
|
|
state: absent
|
|
with_items:
|
|
- "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
|
|
- "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
|
|
run_once: true
|
|
delegate_to: "{{groups.k8s_master|first}}"
|
|
tags:
|
|
- k8s-controller
|