-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathpb_scale.yaml
143 lines (127 loc) · 5.04 KB
/
pb_scale.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
---
- hosts: all
tasks:
- set_fact:
unsafe_show_logs: "{{ not (kuboardspray_no_log | default(true)) }}"
# 由于始终通过镜像分发,因此我们不检查 ansible_version
# - name: Check ansible version
# import_playbook: 3rd/kubespray/ansible_version.yml
# - name: Ensure compatibility with old groups
# import_playbook: legacy_groups.yml
- name: Disable firewalld
hosts: "{{ node }}"
roles:
- { role: os-services/roles/prepare }
- name: Config apt-sources / yum-repo
hosts: "{{ node }}"
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: config-apt-sources }
- { role: config-yum-repo }
- { role: kubespray-defaults }
- { role: configure-docker-repo, when: container_manager == 'docker' }
- name: Bootstrap any new workers
hosts: "{{ node }}"
strategy: linear
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false
environment: "{{ proxy_disable_env }}"
roles:
- { role: kubespray-defaults }
- { role: bootstrap-os, tags: bootstrap-os }
- { role: deploy-kube-bench, tags: download, when: "not skip_downloads" }
- name: Gather facts
hosts: kube_control_plane,{{node}}
any_errors_fatal: true
roles:
- { role: kuboard-spray-facts }
- { role: kubespray-defaults }
# - name: Generate the etcd certificates beforehand
# hosts: etcd
# gather_facts: False
# any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
# environment: "{{ proxy_disable_env }}"
# roles:
# - { role: kubespray-defaults }
# - { role: etcd, tags: etcd, etcd_cluster_setup: false }
# - name: Download images to ansible host cache via first kube_control_plane node
# hosts: kube_control_plane[0]
# gather_facts: False
# any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
# environment: "{{ proxy_disable_env }}"
# roles:
# - { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost" }
# - { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" }
# - { role: download, tags: download, when: "not skip_downloads and download_run_once and not download_localhost" }
- name: Target only workers to get kubelet installed and checking in on any new nodes(engine)
hosts: "{{ node }}"
gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles:
- { role: kubespray-defaults }
- { role: kubernetes/preinstall, tags: preinstall }
- { role: container-engine, tags: "container-engine", when: deploy_container_engine }
- { role: download, tags: download, when: "not skip_downloads" }
# - { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "not etcd_kubeadm_enabled|default(false)" }
- role: etcd
tags: etcd
etcd_cluster_setup: false
when:
- "etcd_deployment_type != 'kubeadm'"
- inventory_hostname in groups['etcd']
vars:
kubeadm_images:
kubeadm_kube-proxy:
enabled: true
container: true
repo: "{{ kube_image_repo }}/kube-proxy"
tag: "{{ kube_version }}"
groups: "k8s_cluster"
- name: Target only workers to get kubelet installed and checking in on any new nodes(node)
hosts: "{{ node }}"
gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles:
- { role: kubespray-defaults }
- { role: kubernetes/node, tags: node }
- name: Upload control plane certs and retrieve encryption key
hosts: kube_control_plane | first
environment: "{{ proxy_disable_env }}"
gather_facts: False
tags: kubeadm
roles:
- { role: kubespray-defaults }
tasks:
- name: Upload control plane certificates
command: >-
{{ bin_dir }}/kubeadm init phase
--config {{ kube_config_dir }}/kubeadm-config.yaml
upload-certs
--upload-certs
environment: "{{ proxy_disable_env }}"
register: kubeadm_upload_cert
changed_when: false
- name: set fact 'kubeadm_certificate_key' for later use
set_fact:
kubeadm_certificate_key: "{{ kubeadm_upload_cert.stdout_lines[-1] | trim }}"
when: kubeadm_certificate_key is not defined
- name: Target only workers to get kubelet installed and checking in on any new nodes(network)
hosts: "{{ node }}"
gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles:
- { role: kubespray-defaults }
- { role: kubernetes/kubeadm, tags: kubeadm }
- { role: kubernetes/node-label, tags: node-label }
- { role: network_plugin, tags: network }
- name: Apply resolv.conf changes now that cluster DNS is up
hosts: k8s_cluster
gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles:
- { role: kubespray-defaults }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }