ansible/roles/kubelet/meta/main.yml

   1 ---
   2 # Copyright 2019 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 dependencies:
  17   - role: kube_token_reading
  18     when: nodename | search("caas_worker")
  19
  20   - role: creategroup
  21     _name: kube
  22     _gid: "{{ caas.uid.kube }}"
  23     become: true
  24     become_user: "root"
  25
  26   - role: createuser
  27     _name: kube
  28     _group: kube
  29     _groups: ''
  30     _shell: /sbin/nologin
  31     _home: /
  32     _uid: "{{ caas.uid.kube }}"
  33     become: true
  34     become_user: "root"
  35
  36   # kubelet server certs
  37   - role: cert
  38     instance: "kubelet{{ nodeindex }}"
  39     cert_path: /etc/kubernetes/ssl
  40     common_name: "system:node:{{ ansible_host }}"
  41     org_name: "system:nodes"
  42     add_users:
  43       - kube
  44     kube_conf:
  45       - path: /etc/kubernetes/kubeconfig/kubeletc.yml
  46         apiserver: "{{ caas.apiserver_svc_ip }}"
  47         apiserver_port: "{{ caas.apiserver_svc_port }}"
  48         restricted: true
  49     become: true
  50     become_user: "root"
  51     when: nodename | search("caas_master")
  52   - role: kubeconfig
  53     config:
  54       path: /etc/kubernetes/kubeconfig/kubelet-bootstrapc.yml
  55       owner: "root"
  56       group: "root"
  57       restricted: true
  58       user: "system:node:{{ ansible_host }}"
  59       token: "{{ kube_token }}"
  60       apiserver: "{{ caas.apiserver_in_hosts }}"
  61       apiserver_port: "{{ caas.apiserver_secure_port }}"
  62       add_users:
  63         - kube
  64     become: true
  65     become_user: "root"
  66     when: nodename | search("caas_worker")
  67   # kubelet server cert
  68   - role: cert
  69     instance: "kubelet-server"
  70     cert_path: /etc/kubernetes/ssl
  71     common_name: "kubelet-server"
  72     alt_names:
  73       ip:
  74         - "{{ ansible_host }}"
  75     add_users:
  76       - kube
  77   # kubectl cert
  78   - role: cert
  79     instance: "kube-admin"
  80     cert_path: /etc/kubernetes/ssl
  81     common_name: "kube-admin"
  82     org_name: "system:masters"
  83     kube_conf:
  84       - path: "/root/.kube/config"
  85         apiserver: "{{ caas.apiserver_svc_ip }}"
  86         apiserver_port: "{{ caas.apiserver_svc_port }}"
  87     become: true
  88     become_user: "root"
  89   # danm cert
  90   - role: cert
  91     instance: "danm"
  92     cert_path: /etc/kubernetes/ssl
  93     common_name: "danm"
  94     kube_conf:
  95       - path: "/etc/kubernetes/kubeconfig/danmc.yml"
  96         apiserver: "{{ caas.apiserver_svc_ip }}"
  97         apiserver_port: "{{ caas.apiserver_svc_port }}"
  98     become: true
  99     become_user: "root"
 100
 101   - role: docker_image_load
 102     images:
 103       - hyperkube
 104       - kubernetespause