mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-03-19 18:07:37 -02:30
Replace kube-master with kube_control_plane (#7256)
This replaces kube-master with kube_control_plane because of [1]:
The Kubernetes project is moving away from wording that is
considered offensive. A new working group WG Naming was created
to track this work, and the word "master" was declared as offensive.
A proposal was formalized for replacing the word "master" with
"control plane". This means it should be removed from source code,
documentation, and user-facing configuration from Kubernetes and
its sub-projects.
NOTE: The reason why this changes it to kube_control_plane not
kube-control-plane is for valid group names on ansible.
[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
This commit is contained in:
Kenichi Omichi
GitHub
@@ -28,7 +28,7 @@
|
||||
kube_encrypt_token: "{{ kube_encrypt_token_extracted }}"
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: true
|
||||
with_inventory_hostnames: kube-master
|
||||
with_inventory_hostnames: kube_control_plane
|
||||
when: kube_encrypt_token_extracted is defined
|
||||
|
||||
- name: Write secrets for encrypting secret data at rest
|
||||
|
||||
@@ -18,15 +18,15 @@
|
||||
--upload-certs
|
||||
register: kubeadm_upload_cert
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- inventory_hostname == groups['kube_control_plane']|first
|
||||
|
||||
- name: Parse certificate key if not set
|
||||
set_fact:
|
||||
kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
|
||||
kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
|
||||
run_once: yes
|
||||
when:
|
||||
- hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is defined
|
||||
- hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'] is not skipped
|
||||
- hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is defined
|
||||
- hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is not skipped
|
||||
|
||||
- name: Create kubeadm ControlPlane config
|
||||
template:
|
||||
@@ -35,7 +35,7 @@
|
||||
mode: 0640
|
||||
backup: yes
|
||||
when:
|
||||
- inventory_hostname != groups['kube-master']|first
|
||||
- inventory_hostname != groups['kube_control_plane']|first
|
||||
- not kubeadm_already_run.stat.exists
|
||||
|
||||
- name: Wait for k8s apiserver
|
||||
@@ -64,5 +64,5 @@
|
||||
throttle: 1
|
||||
until: kubeadm_join_control_plane is succeeded
|
||||
when:
|
||||
- inventory_hostname != groups['kube-master']|first
|
||||
- inventory_hostname != groups['kube_control_plane']|first
|
||||
- kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
|
||||
- name: kubeadm | aggregate all SANs
|
||||
set_fact:
|
||||
apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
|
||||
apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
|
||||
vars:
|
||||
sans_base:
|
||||
- "kubernetes"
|
||||
@@ -38,12 +38,12 @@
|
||||
sans_lb: "{{ [apiserver_loadbalancer_domain_name] if apiserver_loadbalancer_domain_name is defined else [] }}"
|
||||
sans_lb_ip: "{{ [loadbalancer_apiserver.address] if loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined else [] }}"
|
||||
sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}"
|
||||
sans_access_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}"
|
||||
sans_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}"
|
||||
sans_address: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
|
||||
sans_access_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}"
|
||||
sans_ip: "{{ groups['kube_control_plane'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}"
|
||||
sans_address: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
|
||||
sans_override: "{{ [kube_override_hostname] if kube_override_hostname else [] }}"
|
||||
sans_hostname: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}"
|
||||
sans_fqdn: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}"
|
||||
sans_hostname: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_hostname']) | list | select('defined') | list }}"
|
||||
sans_fqdn: "{{ groups['kube_control_plane'] | map('extract', hostvars, ['ansible_fqdn']) | list | select('defined') | list }}"
|
||||
tags: facts
|
||||
|
||||
- name: Create audit-policy directory
|
||||
@@ -86,7 +86,7 @@
|
||||
register: apiserver_sans_check
|
||||
changed_when: "'does match certificate' not in apiserver_sans_check.stdout"
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- inventory_hostname == groups['kube_control_plane']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
|
||||
- name: kubeadm | regenerate apiserver cert 1/2
|
||||
@@ -97,7 +97,7 @@
|
||||
- apiserver.crt
|
||||
- apiserver.key
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- inventory_hostname == groups['kube_control_plane']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
- apiserver_sans_check.changed
|
||||
|
||||
@@ -107,7 +107,7 @@
|
||||
init phase certs apiserver
|
||||
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- inventory_hostname == groups['kube_control_plane']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
- apiserver_sans_check.changed
|
||||
|
||||
@@ -123,7 +123,7 @@
|
||||
# Retry is because upload config sometimes fails
|
||||
retries: 3
|
||||
until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
|
||||
when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists
|
||||
when: inventory_hostname == groups['kube_control_plane']|first and not kubeadm_already_run.stat.exists
|
||||
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
|
||||
environment:
|
||||
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
|
||||
@@ -132,7 +132,7 @@
|
||||
- name: set kubeadm certificate key
|
||||
set_fact:
|
||||
kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)','\\1') | first }}"
|
||||
with_items: "{{ hostvars[groups['kube-master'][0]]['kubeadm_init'].stdout_lines | default([]) }}"
|
||||
with_items: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_init'].stdout_lines | default([]) }}"
|
||||
when:
|
||||
- kubeadm_certificate_key is not defined
|
||||
- (item | trim) is match('.*--certificate-key.*')
|
||||
@@ -143,7 +143,7 @@
|
||||
{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }}
|
||||
changed_when: false
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- inventory_hostname == groups['kube_control_plane']|first
|
||||
- kubeadm_token is defined
|
||||
- kubeadm_refresh_token
|
||||
tags:
|
||||
@@ -156,7 +156,7 @@
|
||||
retries: 5
|
||||
delay: 5
|
||||
until: temp_token is succeeded
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||
when: kubeadm_token is not defined
|
||||
tags:
|
||||
- kubeadm_token
|
||||
@@ -180,7 +180,7 @@
|
||||
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
|
||||
- name: kubeadm | Remove taint for master with node role
|
||||
command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} {{ item }}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'] | first }}"
|
||||
with_items:
|
||||
- "node-role.kubernetes.io/master:NoSchedule-"
|
||||
- "node-role.kubernetes.io/control-plane:NoSchedule-"
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
uri:
|
||||
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
|
||||
validate_certs: false
|
||||
when: inventory_hostname in groups['kube-master']
|
||||
when: inventory_hostname in groups['kube_control_plane']
|
||||
register: _result
|
||||
retries: 60
|
||||
delay: 5
|
||||
@@ -23,7 +23,7 @@
|
||||
# Retry is because upload config sometimes fails
|
||||
retries: 3
|
||||
until: kubeadm_upgrade.rc == 0
|
||||
when: inventory_hostname == groups['kube-master']|first
|
||||
when: inventory_hostname == groups['kube_control_plane']|first
|
||||
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
|
||||
environment:
|
||||
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
|
||||
@@ -40,7 +40,7 @@
|
||||
--etcd-upgrade={{ etcd_kubeadm_enabled | bool | lower }}
|
||||
--force
|
||||
register: kubeadm_upgrade
|
||||
when: inventory_hostname != groups['kube-master']|first
|
||||
when: inventory_hostname != groups['kube_control_plane']|first
|
||||
failed_when:
|
||||
- kubeadm_upgrade.rc != 0
|
||||
- '"field is immutable" not in kubeadm_upgrade.stderr'
|
||||
|
||||
@@ -3,7 +3,7 @@ Description=Timer to renew K8S control plane certificates
|
||||
|
||||
[Timer]
|
||||
# First Monday of each month
|
||||
OnCalendar=Mon *-*-1..7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00
|
||||
OnCalendar=Mon *-*-1..7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -16,7 +16,7 @@ nodeRegistration:
|
||||
{% if kube_override_hostname|default('') %}
|
||||
name: {{ kube_override_hostname }}
|
||||
{% endif %}
|
||||
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
|
||||
{% if inventory_hostname in groups['kube_control_plane'] and inventory_hostname not in groups['kube-node'] %}
|
||||
taints:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: Parse certificate key if not set
|
||||
set_fact:
|
||||
kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_certificate_key'] }}"
|
||||
kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_certificate_key'] }}"
|
||||
when: kubeadm_certificate_key is undefined
|
||||
|
||||
- name: Pull control plane certs down
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
get_checksum: no
|
||||
get_mime: no
|
||||
register: kubeadm_ca_stat
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
run_once: true
|
||||
|
||||
- name: Calculate kubeadm CA cert hash
|
||||
@@ -36,14 +36,14 @@
|
||||
when:
|
||||
- kubeadm_ca_stat.stat is defined
|
||||
- kubeadm_ca_stat.stat.exists
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
run_once: true
|
||||
changed_when: false
|
||||
|
||||
- name: Create kubeadm token for joining nodes with 24h expiration (default)
|
||||
command: "{{ bin_dir }}/kubeadm token create"
|
||||
register: temp_token
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
when: kubeadm_token is not defined
|
||||
changed_when: false
|
||||
|
||||
@@ -118,7 +118,7 @@
|
||||
args:
|
||||
executable: /bin/bash
|
||||
run_once: true
|
||||
delegate_to: "{{ groups['kube-master']|first }}"
|
||||
delegate_to: "{{ groups['kube_control_plane']|first }}"
|
||||
delegate_facts: false
|
||||
when:
|
||||
- kubeadm_config_api_fqdn is not defined
|
||||
@@ -138,7 +138,7 @@
|
||||
- name: Restart all kube-proxy pods to ensure that they load the new configmap
|
||||
command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
|
||||
run_once: true
|
||||
delegate_to: "{{ groups['kube-master']|first }}"
|
||||
delegate_to: "{{ groups['kube_control_plane']|first }}"
|
||||
delegate_facts: false
|
||||
when:
|
||||
- kubeadm_config_api_fqdn is not defined
|
||||
@@ -151,6 +151,6 @@
|
||||
include_tasks: kubeadm_etcd_node.yml
|
||||
when:
|
||||
- etcd_kubeadm_enabled
|
||||
- inventory_hostname not in groups['kube-master']
|
||||
- inventory_hostname not in groups['kube_control_plane']
|
||||
- kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
until: result.status == 200
|
||||
retries: 10
|
||||
delay: 6
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
- name: Set role node label to empty list
|
||||
set_fact:
|
||||
@@ -42,6 +42,6 @@
|
||||
command: >-
|
||||
{{ bin_dir }}/kubectl label node {{ kube_override_hostname | default(inventory_hostname) }} {{ item }} --overwrite=true
|
||||
loop: "{{ role_node_labels + inventory_node_labels }}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
changed_when: false
|
||||
...
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
tags:
|
||||
- kubeadm
|
||||
when:
|
||||
- not inventory_hostname in groups['kube-master']
|
||||
- not inventory_hostname in groups['kube_control_plane']
|
||||
|
||||
- name: install | Copy kubelet binary from download dir
|
||||
copy:
|
||||
|
||||
@@ -38,6 +38,6 @@ backend kube_api_backend
|
||||
default-server inter 15s downinter 15s rise 2 fall 2 slowstart 60s maxconn 1000 maxqueue 256 weight 100
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
{% for host in groups['kube-master'] -%}
|
||||
{% for host in groups['kube_control_plane'] -%}
|
||||
server {{ host }} {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }} check check-ssl verify none
|
||||
{% endfor -%}
|
||||
|
||||
@@ -13,7 +13,7 @@ events {
|
||||
stream {
|
||||
upstream kube_apiserver {
|
||||
least_conn;
|
||||
{% for host in groups['kube-master'] -%}
|
||||
{% for host in groups['kube_control_plane'] -%}
|
||||
server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
|
||||
{% endfor -%}
|
||||
}
|
||||
|
||||
@@ -55,7 +55,7 @@
|
||||
get_checksum: no
|
||||
get_mime: no
|
||||
register: kube_apiserver_set
|
||||
when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
||||
when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
||||
|
||||
# FIXME(mattymo): Also restart for kubeadm mode
|
||||
- name: Preinstall | kube-controller configured
|
||||
@@ -65,13 +65,13 @@
|
||||
get_checksum: no
|
||||
get_mime: no
|
||||
register: kube_controller_set
|
||||
when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
||||
when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
||||
|
||||
- name: Preinstall | restart kube-controller-manager docker
|
||||
shell: "{{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
|
||||
when:
|
||||
- container_manager == "docker"
|
||||
- inventory_hostname in groups['kube-master']
|
||||
- inventory_hostname in groups['kube_control_plane']
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode == 'host_resolvconf'
|
||||
- kube_controller_set.stat.exists
|
||||
@@ -80,7 +80,7 @@
|
||||
shell: "{{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
|
||||
when:
|
||||
- container_manager in ['crio', 'containerd']
|
||||
- inventory_hostname in groups['kube-master']
|
||||
- inventory_hostname in groups['kube_control_plane']
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode == 'host_resolvconf'
|
||||
- kube_controller_set.stat.exists
|
||||
@@ -89,7 +89,7 @@
|
||||
shell: "{{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-apiserver* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
|
||||
when:
|
||||
- container_manager == "docker"
|
||||
- inventory_hostname in groups['kube-master']
|
||||
- inventory_hostname in groups['kube_control_plane']
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode == 'host_resolvconf'
|
||||
|
||||
@@ -97,7 +97,7 @@
|
||||
shell: "{{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
|
||||
when:
|
||||
- container_manager in ['crio', 'containerd']
|
||||
- inventory_hostname in groups['kube-master']
|
||||
- inventory_hostname in groups['kube_control_plane']
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode == 'host_resolvconf'
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
---
|
||||
- name: Stop if either kube-master or kube-node group is empty
|
||||
- name: Stop if either kube_control_plane or kube-node group is empty
|
||||
assert:
|
||||
that: "groups.get('{{ item }}')"
|
||||
with_items:
|
||||
- kube-master
|
||||
- kube_control_plane
|
||||
- kube-node
|
||||
run_once: true
|
||||
when: not ignore_assert_errors
|
||||
@@ -79,7 +79,7 @@
|
||||
that: ansible_memtotal_mb >= minimal_master_memory_mb
|
||||
when:
|
||||
- not ignore_assert_errors
|
||||
- inventory_hostname in groups['kube-master']
|
||||
- inventory_hostname in groups['kube_control_plane']
|
||||
|
||||
- name: Stop if memory is too small for nodes
|
||||
assert:
|
||||
@@ -136,7 +136,7 @@
|
||||
assert:
|
||||
that: rbac_enabled and kube_api_anonymous_auth
|
||||
when:
|
||||
- kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube-master']
|
||||
- kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube_control_plane']
|
||||
- not ignore_assert_errors
|
||||
|
||||
- name: Stop if kernel version is too low
|
||||
@@ -193,7 +193,7 @@
|
||||
- kube_network_plugin == 'calico'
|
||||
- 'calico_version_on_server.stdout is defined'
|
||||
- calico_version_on_server.stdout
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
run_once: yes
|
||||
|
||||
- name: "Check that cluster_id is set if calico_rr enabled"
|
||||
@@ -204,7 +204,7 @@
|
||||
when:
|
||||
- kube_network_plugin == 'calico'
|
||||
- peer_with_calico_rr
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
run_once: yes
|
||||
|
||||
- name: "Check that calico_rr nodes are in k8s-cluster group"
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
get_attributes: no
|
||||
get_checksum: yes
|
||||
get_mime: no
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
register: known_tokens_master
|
||||
run_once: true
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
set_fact:
|
||||
sync_tokens: >-
|
||||
{%- set tokens = {'sync': False} -%}
|
||||
{%- for server in groups['kube-master'] | intersect(ansible_play_batch)
|
||||
{%- for server in groups['kube_control_plane'] | intersect(ansible_play_batch)
|
||||
if (not hostvars[server].known_tokens.stat.exists) or
|
||||
(hostvars[server].known_tokens.stat.checksum|default('') != known_tokens_master.stat.checksum|default('')) -%}
|
||||
{%- set _ = tokens.update({'sync': True}) -%}
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | generate tokens for master components
|
||||
@@ -14,11 +14,11 @@
|
||||
TOKEN_DIR: "{{ kube_token_dir }}"
|
||||
with_nested:
|
||||
- [ "system:kubectl" ]
|
||||
- "{{ groups['kube-master'] }}"
|
||||
- "{{ groups['kube_control_plane'] }}"
|
||||
register: gentoken_master
|
||||
changed_when: "'Added' in gentoken_master.stdout"
|
||||
run_once: yes
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | generate tokens for node components
|
||||
@@ -31,14 +31,14 @@
|
||||
register: gentoken_node
|
||||
changed_when: "'Added' in gentoken_node.stdout"
|
||||
run_once: yes
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | Get list of tokens from first master
|
||||
command: "find {{ kube_token_dir }} -maxdepth 1 -type f"
|
||||
register: tokens_list
|
||||
check_mode: no
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
run_once: true
|
||||
when: sync_tokens|default(false)
|
||||
|
||||
@@ -49,7 +49,7 @@
|
||||
executable: /bin/bash
|
||||
register: tokens_data
|
||||
check_mode: no
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||
run_once: true
|
||||
when: sync_tokens|default(false)
|
||||
|
||||
@@ -58,7 +58,7 @@
|
||||
args:
|
||||
executable: /bin/bash
|
||||
when:
|
||||
- inventory_hostname in groups['kube-master']
|
||||
- inventory_hostname in groups['kube_control_plane']
|
||||
- sync_tokens|default(false)
|
||||
- inventory_hostname != groups['kube-master'][0]
|
||||
- inventory_hostname != groups['kube_control_plane'][0]
|
||||
- tokens_data.stdout
|
||||
|
||||
Reference in New Issue
Block a user