mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-01-22 23:18:07 -03:30
7afbdb3e1e
According to the canal github[1] the repo is not maintained over 5 years. In addition, the README says ``` Originally, we thought we might more deeply integrate the two projects (possibly even going as far as a rebranding!). However, over time it became clear that that wasn't really necessary to fulfil our goal of making them work well together. Ultimately, we decided to focus on adding features to both projects rather than doing work just to combine them. ``` So it is difficult to support canal by Kubespray at this situation. [1]: https://github.com/projectcalico/canal
78 lines
2.3 KiB
YAML
78 lines
2.3 KiB
YAML
---
|
|
- include_tasks: check_certs.yml
|
|
when: cert_management == "script"
|
|
tags:
|
|
- etcd-secrets
|
|
- facts
|
|
|
|
- include_tasks: "gen_certs_script.yml"
|
|
when:
|
|
- cert_management |d('script') == "script"
|
|
tags:
|
|
- etcd-secrets
|
|
|
|
- include_tasks: upd_ca_trust.yml
|
|
when:
|
|
- inventory_hostname in groups['etcd']|union(groups['kube_control_plane'])|unique|sort
|
|
tags:
|
|
- etcd-secrets
|
|
|
|
- include_tasks: upd_ca_trust.yml
|
|
when:
|
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
|
- inventory_hostname in groups['k8s_cluster']
|
|
tags:
|
|
- etcd-secrets
|
|
|
|
- name: "Gen_certs | Get etcd certificate serials"
|
|
command: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial"
|
|
register: "etcd_client_cert_serial_result"
|
|
changed_when: false
|
|
check_mode: no
|
|
when:
|
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
|
- inventory_hostname in groups['k8s_cluster']
|
|
tags:
|
|
- master
|
|
- network
|
|
|
|
- name: Set etcd_client_cert_serial
|
|
set_fact:
|
|
etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout.split('=')[1] }}"
|
|
when:
|
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
|
- inventory_hostname in groups['k8s_cluster']
|
|
tags:
|
|
- master
|
|
- network
|
|
|
|
- include_tasks: "install_{{ etcd_deployment_type }}.yml"
|
|
when: is_etcd_master
|
|
tags:
|
|
- upgrade
|
|
|
|
- include_tasks: configure.yml
|
|
when: is_etcd_master
|
|
|
|
- include_tasks: refresh_config.yml
|
|
when: is_etcd_master
|
|
|
|
- name: Restart etcd if certs changed
|
|
command: /bin/true
|
|
notify: restart etcd
|
|
when: is_etcd_master and etcd_cluster_setup and etcd_secret_changed|default(false)
|
|
|
|
- name: Restart etcd-events if certs changed
|
|
command: /bin/true
|
|
notify: restart etcd
|
|
when: is_etcd_master and etcd_events_cluster_setup and etcd_secret_changed|default(false)
|
|
|
|
# After etcd cluster is assembled, make sure that
|
|
# initial state of the cluster is in `existing`
|
|
# state instead of `new`.
|
|
- include_tasks: refresh_config.yml
|
|
when: is_etcd_master
|