diff --git a/roles/k8s-worker/tasks/main.yml b/roles/k8s-worker/tasks/main.yml index 9a1a075..61a4672 100644 --- a/roles/k8s-worker/tasks/main.yml +++ b/roles/k8s-worker/tasks/main.yml @@ -1,3 +1,6 @@ +- name: flush handlers + meta: flush_handlers + - name: stat /var/lib/kubelet/config.yaml stat: path: /var/lib/kubelet/config.yaml @@ -6,25 +9,122 @@ tags: - kubeadm-join -- name: generate bootstrap token - delegate_to: '{{ groups["k8s-controller"][0] }}' - command: - kubeadm token create - --kubeconfig /etc/kubernetes/admin.conf - --ttl 1h - --print-join-command +- name: add node to cluster when: - not stat_kublet_config.stat.exists - changed_when: true - register: kubeadm_token_create - tags: - - bootstrap-token - - kubeadm-join -- name: join the kubernetes cluster - command: >- - {{ kubeadm_token_create.stdout }} - when: - not stat_kublet_config.stat.exists - changed_when: true + stat_kubelet_config is not defined or not stat_kublet_config.stat.exists tags: - kubeadm-join + block: + - name: get kubernetes cluster info + set_fact: + cluster_info: >- + {{ query( + "kubernetes.core.k8s", + kind="ConfigMap", + namespace="kube-public", + resource_name="cluster-info", + )[0] }} + tags: + - cluster-info + + - name: generate bootstrap token + set_fact: + bootstrap_token_id: >- + {{ lookup("password", "/dev/null length=6 chars=ascii_lowercase,digits") }} + bootstrap_token_secret: >- + {{ lookup("password", "/dev/null length=16 chars=ascii_lowercase,digits") }} + cacheable: false + no_log: true + tags: + - bootstrap-token + + - name: create bootstrap token secret + delegate_to: localhost + become: false + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Secret + type: bootstrap.kubernetes.io/token + metadata: + name: bootstrap-token-{{ bootstrap_token_id }} + namespace: kube-system + stringData: + description: Bootstrap token for {{ inventory_hostname }} + token-id: '{{ bootstrap_token_id }}' + token-secret: '{{ bootstrap_token_secret }}' + expiration: >- + {{ now().utcfromtimestamp( + now().timestamp() + 300 + ).strftime("%Y-%m-%dT%H:%M:%SZ") + }} + usage-bootstrap-authentication: 'true' + usage-bootstrap-signing: 'true' + auth-extra-groups: 'system:bootstrappers:kubeadm:default-node-token' + no_log: true + tags: + - bootstrap-token + + - name: generate kubeconfig for kubeadm join + vars: + kubeconfig: '{{ cluster_info.data.kubeconfig | from_yaml }}' + config: + apiVersion: v1 + kind: Config + clusters: + - name: kubernetes + cluster: '{{ kubeconfig.clusters[0].cluster }}' + contexts: + - name: kubeadm + context: + cluster: kubernetes + user: kubeadm + current-context: kubeadm + users: + - name: kubeadm + user: + token: '{{ bootstrap_token_id }}.{{ bootstrap_token_secret }}' + copy: + dest: /tmp/kubeconfig + owner: root + group: root + mode: u=rw,go= + content: '{{ config | to_nice_yaml(indent=2) }}' + tags: + - kubeconfig + + - name: generate join configuration file + vars: + config: + apiVersion: kubeadm.k8s.io/v1beta3 + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + config: /var/lib/kubelet/config.yaml + discovery: + file: + kubeConfigPath: /tmp/kubeconfig + copy: + dest: /tmp/joinconfiguration + owner: root + group: root + mode: u=rw,go= + content: '{{ config | to_nice_yaml(indent=2) }}' + + - name: join the kubernetes cluster + command: >- + kubeadm join --config=/tmp/joinconfiguration + changed_when: true + tags: + - run-kubeadm-join + +- name: ensure temporary join configuration files are removed + file: + path: '{{ item }}' + state: absent + loop: + - /tmp/kubeconfig + - /tmp/joinconfiguration + tags: + - kubeadm-join-cleanup + - cleanup