wip: r/k8s-worker: Use K8s API to create join token
parent
a399591f16
commit
0a0ff374f2
|
|
@ -6,25 +6,118 @@
|
|||
tags:
|
||||
- kubeadm-join
|
||||
|
||||
- name: generate bootstrap token
|
||||
delegate_to: '{{ groups["k8s-controller"][0] }}'
|
||||
command:
|
||||
kubeadm token create
|
||||
--kubeconfig /etc/kubernetes/admin.conf
|
||||
--ttl 1h
|
||||
--print-join-command
|
||||
when:
|
||||
not stat_kublet_config.stat.exists
|
||||
changed_when: true
|
||||
register: kubeadm_token_create
|
||||
tags:
|
||||
- bootstrap-token
|
||||
- kubeadm-join
|
||||
- name: join the kubernetes cluster
|
||||
command: >-
|
||||
{{ kubeadm_token_create.stdout }}
|
||||
when:
|
||||
not stat_kublet_config.stat.exists
|
||||
changed_when: true
|
||||
- name: add node to cluster
|
||||
#when:
|
||||
# not stat_kublet_config.stat.exists
|
||||
tags:
|
||||
- kubeadm-join
|
||||
block:
|
||||
- name: generate bootstrap token
|
||||
set_fact:
|
||||
bootstrap_token_id: >-
|
||||
{{ lookup("password", "/dev/null length=6 chars=ascii_lowercase,digits") }}
|
||||
bootstrap_token_secret: >-
|
||||
{{ lookup("password", "/dev/null length=16 chars=ascii_lowercase,digits") }}
|
||||
cacheable: false
|
||||
tags:
|
||||
- bootstrap-token
|
||||
|
||||
- name: create bootstrap token secret
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
kubernetes.core.k8s:
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: bootstrap.kubernetes.io/token
|
||||
metadata:
|
||||
name: bootstrap-token-{{ bootstrap_token_id }}
|
||||
namespace: kube-system
|
||||
stringData:
|
||||
description: Bootstrap token for {{ inventory_hostname }}
|
||||
token-id: '{{ bootstrap_token_id }}'
|
||||
token-secret: '{{ bootstrap_token_secret }}'
|
||||
expiration: >-
|
||||
{{ now().utcfromtimestamp(
|
||||
now().timestamp() + 300
|
||||
).strftime("%Y-%m-%dT%H:%M:%SZ")
|
||||
}}
|
||||
usage-bootstrap-authentication: 'true'
|
||||
usage-bootstrap-signing: 'true'
|
||||
auth-extra-groups: 'system:bootstrappers:kubeadm:default-node-token'
|
||||
tags:
|
||||
- bootstrap-token
|
||||
|
||||
- name: get cluster info
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
kubernetes.core.k8s:
|
||||
namespace: kube-public
|
||||
api_version: v1
|
||||
kind: ConfigMap
|
||||
name: cluster-info
|
||||
register: cluster_info
|
||||
tags:
|
||||
- cluster-info
|
||||
|
||||
- name: generate kubeconfig for kubeadm join
|
||||
vars:
|
||||
kubeconfig: '{{ cluster_info.result.data.kubeconfig | from_yaml }}'
|
||||
config:
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: kubernetes
|
||||
cluster: '{{ kubeconfig.clusters[0].cluster }}'
|
||||
contexts:
|
||||
- name: kubeadm
|
||||
context:
|
||||
cluster: kubernetes
|
||||
user: kubeadm
|
||||
users:
|
||||
- name: kubeadm
|
||||
token: '{{ bootstrap_token_id }}.{{ bootstrap_token_secret }}'
|
||||
copy:
|
||||
dest: /tmp/kubeconfig
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=
|
||||
content: '{{ config | to_nice_yaml(indent=2) }}'
|
||||
tags:
|
||||
- kubeconfig
|
||||
|
||||
- name: generate join configuration file
|
||||
vars:
|
||||
config:
|
||||
apiVersion: kubeadm.k8s.io/v1beta3
|
||||
kind: JoinConfiguration
|
||||
nodeRegistration:
|
||||
kubeletExtraArgs:
|
||||
config: /var/lib/kubelet/config.yaml
|
||||
discovery:
|
||||
file:
|
||||
kubeConfigPath: /tmp/kubeconfig
|
||||
copy:
|
||||
dest: /tmp/joinconfiguration
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=
|
||||
content: '{{ config | to_nice_yaml(indent=2) }}'
|
||||
|
||||
- name: join the kubernetes cluster
|
||||
command: >-
|
||||
kubeadm join --config=/tmp/joinconfiguration
|
||||
changed_when: true
|
||||
tags:
|
||||
- run-kubeadm-join
|
||||
|
||||
- name: ensure temporary join configuration files are removed
|
||||
file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
loop:
|
||||
- /tmp/kubeconfig
|
||||
- /tmp/joinconfiguration
|
||||
tags:
|
||||
- kubeadm-join-cleanup
|
||||
- cleanup
|
||||
|
|
|
|||
Loading…
Reference in New Issue