kubeadm support (#1631)

* kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2026-03-06 18:17:47 +03:00 · 2017-09-13 19:00:51 +01:00
parent 69fac8ea58
commit 6744726089
35 changed files with 469 additions and 120 deletions
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -19,21 +19,6 @@
    mode: o-rwx
    group: "{{ kube_cert_group }}"

- name: Make sure the users directory exits
-  file:
-    path: "{{ kube_users_dir }}"
-    state: directory
-    mode: o-rwx
-    group: "{{ kube_cert_group }}"
-
- name: Populate users for basic auth in API
-  template:
-    src: known_users.csv.j2
-    dest: "{{ kube_users_dir }}/known_users.csv"
-    backup: yes
-  when: inventory_hostname in groups['kube-master'] and kube_basic_auth|default(true)
-  notify: set secret_changed
-
 #
 # The following directory creates make sure that the directories
 # exist on the first master for cases where the first master isn't
@@ -103,7 +88,7 @@

 - name: "Gen_certs | set kube node certificate serial facts"
  set_fact:
-    etcd_node_cert_serial: "{{ node_certificate_serials.results[0].stdout|default() }}"
+    kubelet_cert_serial: "{{ node_certificate_serials.results[0].stdout|default() }}"
    kube_proxy_cert_serial: "{{ node_certificate_serials.results[1].stdout|default() }}"
  when: inventory_hostname in groups['k8s-cluster']