Add KubeletConfiguration with custom resolv.conf

Change-Id: If681e42a08f756c27518b4bbfd51b9d3baf2a589
2019-08-22 17:20:19 -04:00 · 2019-08-22 17:20:19 -04:00 · e8d8e2a36e
commit e8d8e2a36e
parent 59a21bccb0
2 changed files with 57 additions and 20 deletions
--- a/ansible/site.yaml
+++ b/ansible/site.yaml
@ -69,23 +69,6 @@
        content: |
          nameserver 1.1.1.1

-    - name: Drop configuration file
-      become: true
-      copy:
-        dest: /etc/kubernetes/kubeadm.conf
-        content: |
-          ---
-          apiVersion: kubeadm.k8s.io/v1beta2
-          kind: InitConfiguration
-          nodeRegistration:
-            kubeletExtraArgs:
-              resolv-conf: /etc/kubernetes/resolv.conf
-          ---
-          apiVersion: kubeadm.k8s.io/v1beta2
-          kind: ClusterConfiguration
-          networking:
-            podSubnet: 10.244.0.0/16
-
 - name: Bootstrap cluster
  hosts: masters[0]
  gather_facts: false
@ -94,6 +77,12 @@
      wait_for_connection:
        timeout: 300

+    - name: Drop configuration file
+      become: true
+      template:
+        src: kubeadm.conf.j2
+        dest: /etc/kubernetes/kubeadm.conf
+
    - name: Initialize cluster
      become: true
      shell: |
@ -120,14 +109,33 @@
      become: true
      delegate_to: "{{ groups['masters'][0] }}"
      register: kubeadm_token_create
-      shell: |
-        kubeadm token create --ttl 5m --print-join-command
+      shell: kubeadm token create --ttl 5m --print-join-command
+      when:
+        - not apiserver_stat.stat.exists
+
+    # NOTE(mnaser): There is no clean way to get the CA hash from kubeadm :(
+    #               https://github.com/kubernetes/kubeadm/issues/659
+    - name: Parse token and hash facts
+      set_fact:
+        kubeadm_apiserver: "{{ kubeadm_token_create.stdout | regex_search(regex, '\\1') | first }}"
+        kubeadm_token: "{{ kubeadm_token_create.stdout | regex_search(regex, '\\2') | first }}"
+        kubeadm_hash: "{{ kubeadm_token_create.stdout | regex_search(regex, '\\3') | first }}"
+      vars:
+        regex: 'kubeadm\s+join\s+([^\s]+)\s+--token\s+([^\s]+)\s+--discovery-token-ca-cert-hash\s+([^\s]+)'
+      when:
+        - not apiserver_stat.stat.exists
+
+    - name: Drop configuration file
+      become: true
+      template:
+        src: kubeadm.conf.j2
+        dest: /etc/kubernetes/kubeadm.conf
      when:
        - not apiserver_stat.stat.exists

    - name: Join cluster
      become: true
-      shell: "{{ kubeadm_token_create.stdout }}"
+      shell: kubeadm join --config /etc/kubernetes/kubeadm.conf
      when:
        - not apiserver_stat.stat.exists

--- a/ansible/templates/kubeadm.conf.j2
+++ b/ansible/templates/kubeadm.conf.j2
@ -0,0 +1,29 @@
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+networking:
+  podSubnet: 10.244.0.0/16
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+nodeRegistration:
+  kubeletExtraArgs:
+    resolv-conf: /etc/kubernetes/resolv.conf
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+resolvConf: /etc/kubernetes/resolv.conf
+{% if kubeadm_token is defined %}
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: JoinConfiguration
+discovery:
+  bootstrapToken:
+    apiServerEndpoint: {{ kubeadm_apiserver }}
+    token: {{ kubeadm_token }}
+    caCertHashes:
+      - {{ kubeadm_hash }}
+nodeRegistration:
+  kubeletExtraArgs:
+    resolv-conf: /etc/kubernetes/resolv.conf
+{% endif %}