62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
---
|
|
- name: Check if selinux enforcing
|
|
command: getenforce
|
|
register: selinux
|
|
changed_when: false
|
|
|
|
- name: Set selinux permissive because tokens and selinux don't work together
|
|
selinux: state=permissive policy=targeted
|
|
when: "'Enforcing' in selinux.stdout"
|
|
|
|
- include: generic-install.yml
|
|
when: not is_atomic and not ansible_distribution == "CentOS"
|
|
|
|
- include: centos.yml
|
|
when: not is_atomic and ansible_distribution == "CentOS"
|
|
|
|
- name: Get the node token values
|
|
slurp:
|
|
src: "{{ kube_token_dir }}/{{ item }}-{{ inventory_hostname }}.token"
|
|
with_items:
|
|
- "system:kubelet"
|
|
- "system:proxy"
|
|
register: tokens
|
|
delegate_to: "{{ groups['masters'][0] }}"
|
|
|
|
- name: Set token facts
|
|
set_fact:
|
|
kubelet_token: "{{ tokens.results[0].content|b64decode }}"
|
|
proxy_token: "{{ tokens.results[1].content|b64decode }}"
|
|
|
|
- name: write the config files for kubelet
|
|
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet
|
|
notify:
|
|
- restart kubelet
|
|
|
|
- name: write the kubecfg (auth) file for kubelet
|
|
template: src=kubelet.kubeconfig.j2 dest={{ kube_config_dir }}/kubelet.kubeconfig
|
|
notify:
|
|
- restart kubelet
|
|
|
|
- name: Enable kubelet
|
|
service: name=kubelet enabled=yes state=started
|
|
|
|
- name: write the config files for proxy
|
|
template: src=proxy.j2 dest={{ kube_config_dir }}/proxy
|
|
notify:
|
|
- restart proxy
|
|
|
|
- name: write the kubecfg (auth) file for kube-proxy
|
|
template: src=proxy.kubeconfig.j2 dest={{ kube_config_dir }}/proxy.kubeconfig
|
|
notify:
|
|
- restart proxy
|
|
|
|
- name: Enable proxy
|
|
service: name=kube-proxy enabled=yes state=started
|
|
|
|
- include: firewalld.yml
|
|
when: has_firewalld
|
|
|
|
- include: iptables.yml
|
|
when: not has_firewalld and has_iptables
|