mirror of
https://github.com/KevinMidboe/kazan-ansible.git
synced 2025-10-29 01:30:16 +00:00
142 lines
3.3 KiB
YAML
142 lines
3.3 KiB
YAML
---
|
|
- name: Download Kuberneters controller binaries
|
|
get_url:
|
|
url: "{{ kubernetes_download_path }}/{{ item }}"
|
|
dest: /usr/local/bin
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
# TODO Add hash check
|
|
with_items:
|
|
- kube-apiserver
|
|
- kube-controller-manager
|
|
- kube-scheduler
|
|
- kubectl
|
|
become: true
|
|
|
|
- name: Create kubernetes var dir
|
|
file: path=/var/lib/kubernetes state=directory
|
|
become: true
|
|
|
|
- name: Create kubernetes etc dir
|
|
file: path=/etc/kubernetes/config state=directory
|
|
become: true
|
|
|
|
- name: Copy Authorisation files
|
|
copy:
|
|
src: "{{ playbook_dir }}/../../kazan-ssl/data-encryption/{{ item }}"
|
|
dest: /var/lib/kubernetes
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- encryption-config.yaml
|
|
become: true
|
|
|
|
- name: Copy cert files
|
|
copy:
|
|
src: "{{ playbook_dir }}/../../kazan-ssl/pki/{{ item }}"
|
|
dest: /var/lib/kubernetes
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- ca/ca.pem
|
|
- ca/ca-key.pem
|
|
- api/kubernetes-key.pem
|
|
- api/kubernetes.pem
|
|
- service-account/service-account-key.pem
|
|
- service-account/service-account.pem
|
|
- front-proxy/front-proxy-key.pem
|
|
- front-proxy/front-proxy.pem
|
|
become: true
|
|
|
|
- name: Copy kube-* kubeconfig files
|
|
copy:
|
|
src: "{{ playbook_dir }}/../../kazan-ssl/configs/{{ item }}"
|
|
dest: /var/lib/kubernetes
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- controller/kube-controller-manager.kubeconfig
|
|
- scheduler/kube-scheduler.kubeconfig
|
|
become: true
|
|
|
|
- name: Copy kube-* config files
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/kubernetes/config
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- kube-scheduler.yml
|
|
become: true
|
|
|
|
- name: Copy kube audit policy file
|
|
copy:
|
|
src: audit-policy.yml
|
|
dest: /etc/kubernetes
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
become: true
|
|
|
|
- name: Copy admin kube config
|
|
copy:
|
|
src: "{{ playbook_dir }}/../../kazan-ssl/configs/admin/admin.kubeconfig"
|
|
dest: /etc/kubernetes/config
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
directory_mode: false
|
|
become: true
|
|
|
|
- name: Add kube-* systemd unit
|
|
template:
|
|
src: "{{ item }}.service.j2"
|
|
dest: /etc/systemd/system/{{ item }}.service
|
|
mode: 700
|
|
with_items:
|
|
- kube-controller-manager
|
|
- kube-apiserver
|
|
- kube-scheduler
|
|
become: true
|
|
|
|
- name: Reload systemd
|
|
command: systemctl daemon-reload
|
|
become: true
|
|
|
|
- name: Enable kube-* services
|
|
command: "systemctl enable {{ item }}"
|
|
with_items:
|
|
- kube-apiserver
|
|
- kube-controller-manager
|
|
- kube-scheduler
|
|
become: true
|
|
|
|
- name: Restart kube-* services
|
|
service:
|
|
name: "{{ item }}"
|
|
state: restarted
|
|
enabled: yes
|
|
with_items:
|
|
- kube-apiserver
|
|
- kube-controller-manager
|
|
- kube-scheduler
|
|
become: true
|
|
|
|
- name: Verify Kubernetes status
|
|
shell: kubectl get componentstatuses --kubeconfig /etc/kubernetes/config/admin.kubeconfig
|
|
register: cmd_result
|
|
retries: 5
|
|
delay: 10
|
|
|
|
- assert:
|
|
that:
|
|
- "'scheduler Healthy' in cmd_result.stdout"
|
|
- "'controller-manager Healthy' in cmd_result.stdout"
|
|
- "'etcd-0 Healthy' in cmd_result.stdout"
|
|
- "'etcd-1 Healthy' in cmd_result.stdout"
|
|
- "'etcd-2 Healthy' in cmd_result.stdout" |