Compress image using xz
[ta/caas-kubernetes.git] / ansible / roles / kubelet / meta / main.yml
1 ---
2 # Copyright 2019 Nokia
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 dependencies:
17   - role: kube_token_reading
18     when: nodename | search("caas_worker")
19
20   - role: creategroup
21     _name: kube
22     _gid: "{{ caas.uid.kube }}"
23     become: true
24     become_user: "root"
25
26   - role: createuser
27     _name: kube
28     _group: kube
29     _groups: ''
30     _shell: /sbin/nologin
31     _home: /
32     _uid: "{{ caas.uid.kube }}"
33     become: true
34     become_user: "root"
35
36   # kubelet server certs
37   - role: cert
38     instance: "kubelet{{ nodeindex }}"
39     cert_path: /etc/kubernetes/ssl
40     common_name: "system:node:{{ ansible_host }}"
41     org_name: "system:nodes"
42     add_users:
43       - kube
44     kube_conf:
45       - path: /etc/kubernetes/kubeconfig/kubeletc.yml
46         apiserver: "{{ caas.apiserver_svc_ip }}"
47         apiserver_port: "{{ caas.apiserver_svc_port }}"
48         restricted: true
49     become: true
50     become_user: "root"
51     when: nodename | search("caas_master")
52   - role: kubeconfig
53     config:
54       path: /etc/kubernetes/kubeconfig/kubelet-bootstrapc.yml
55       owner: "root"
56       group: "root"
57       restricted: true
58       user: "system:node:{{ ansible_host }}"
59       token: "{{ kube_token }}"
60       apiserver: "{{ caas.apiserver_in_hosts }}"
61       apiserver_port: "{{ caas.apiserver_secure_port }}"
62       add_users:
63         - kube
64     become: true
65     become_user: "root"
66     when: nodename | search("caas_worker")
67   # kubelet server cert
68   - role: cert
69     instance: "kubelet-server"
70     cert_path: /etc/kubernetes/ssl
71     common_name: "kubelet-server"
72     alt_names:
73       ip:
74         - "{{ ansible_host }}"
75     add_users:
76       - kube
77   # kubectl cert
78   - role: cert
79     instance: "kube-admin"
80     cert_path: /etc/kubernetes/ssl
81     common_name: "kube-admin"
82     org_name: "system:masters"
83     kube_conf:
84       - path: "/root/.kube/config"
85         apiserver: "{{ caas.apiserver_svc_ip }}"
86         apiserver_port: "{{ caas.apiserver_svc_port }}"
87     become: true
88     become_user: "root"
89   # danm cert
90   - role: cert
91     instance: "danm"
92     cert_path: /etc/kubernetes/ssl
93     common_name: "danm"
94     kube_conf:
95       - path: "/etc/kubernetes/kubeconfig/danmc.yml"
96         apiserver: "{{ caas.apiserver_svc_ip }}"
97         apiserver_port: "{{ caas.apiserver_svc_port }}"
98     become: true
99     become_user: "root"
100
101   - role: docker_image_load
102     images:
103       - hyperkube
104       - kubernetespause