From 14f67cf774fbd944bab0b3fc1f9a424356fc76d5 Mon Sep 17 00:00:00 2001
From: Adrien <adrien@reslinger.net>
Date: Thu, 18 Jul 2019 20:06:39 +0200
Subject: [PATCH] need debug

---
 tasks/install_server.yml         | 71 ++++++++++++++++++++++++--------
 templates/kubeadm-config.yaml.j2 | 45 +++++++++++++-------
 2 files changed, 84 insertions(+), 32 deletions(-)

diff --git a/tasks/install_server.yml b/tasks/install_server.yml
index 87255b2..03dba89 100644
--- a/tasks/install_server.yml
+++ b/tasks/install_server.yml
@@ -50,12 +50,14 @@
     - kubernetes_master == true
     - groups['KubernetesMaster'] | length > 1
 
-- stat: path=/etc/kubernetes/admin.conf
+- stat:
+    path: /etc/kubernetes/admin.conf
   register: st
   changed_when: False
 
 - name: Create KubernetesMasterConfigured group
-  group_by: key=KubernetesMasterConfigured
+  group_by:
+    key: KubernetesMasterConfigured
   when:
     - st.stat.exists
 
@@ -69,8 +71,8 @@
 
 - name: Deploy initial kubeadm config
   template:
-    src: kubeadmin-config.yaml.j2
-    dest: /root/kubeadmin-config.yaml
+    src: kubeadm-config.yaml.j2
+    dest: /root/kubeadm-config.yaml
     owner: root
     group: root
     mode: 600
@@ -81,28 +83,45 @@
     - kubeadm_version_minor.stdout | int >= 15
 
 - name: Init Kubernetes on {{ groups['KubernetesMasters'][0] }}
-  command: kubeadm init --config=kubeadm-config.yaml --upload-certs --apiserver-advertise-address={{ ansible_host }} --ignore-preflight-errors=SystemVerification
+  command: kubeadm init --config=/root/kubeadm-config.yaml
   when:
     - groups['KubernetesMasterConfigured'] is not defined
     - groups['KubernetesMasters'][0] == ansible_hostname
     - kubeadm_version_major.stdout | int == 1
     - kubeadm_version_minor.stdout | int >= 15
 
-- name: Create KubernetesMasterConfigured group
-  group_by: key=KubernetesMasterConfigured
+# Because next command will fail
+- name: Make /root/.kube directory
+  file:
+    path: "/root/.kube"
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+
+- name: Copy certificat file on
+  copy:
+    src: /etc/kubernetes/admin.conf
+    dest: /root/.kube/config
+    remote_src: yes
+    owner: root
+    group: root
+    mode: 0600
+
+- name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
+  group_by:
+    key: KubernetesMasterConfigured
   when:
     - groups['KubernetesMasterConfigured'] is not defined
     - groups['KubernetesMasters'][0] == ansible_hostname
 
 - name: Test if server node already included
   command: kubectl get nodes {{ ansible_hostname | lower }}
-  delegate_to: "{{ groups['KubernetesMasterConfigured'][0] }}"
+  delegate_to: "{{ lb_kubemaster }}"
   register: server_enrolled
   changed_when: False
   ignore_errors: yes
 
-# kubeadm init phase upload-certs --upload-certs
-
 - name: Deploy kubeadm config
   template:
     src: kubeadm-config.yaml.j2
@@ -116,25 +135,43 @@
     - kubeadm_version_minor.stdout | int >= 15
     - server_enrolled.rc == 1
 
-- name: Retreive token on "{{ groups['KubernetesMasterConfigured'][0] }}"
+- name: Retreive certificats key on {{ lb_kubemaster }}
+  shell: kubeadm init phase upload-certs --upload-certs | grep -v upload-certs
+  register: kubecertskey
+  delegate_to: "{{ lb_kubemaster }}"
+  when:
+    - server_enrolled.rc == 1
+    - kubernetes_master == true
+    - kubeadm_version_major.stdout | int == 1
+    - kubeadm_version_minor.stdout | int >= 15
+
+- name: Retreive token on "{{ lb_kubemaster }}"
   command: kubeadm token create
   register: kubetoken
-  delegate_to: "{{ groups['KubernetesMasterConfigured'][0] }}"
+  delegate_to: "{{ lb_kubemaster }}"
   when:
     - server_enrolled.rc == 1
 
 - name: Retreive hash certificat
   shell: openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
   register: hashcert
-  delegate_to: "{{ groups['KubernetesMasterConfigured'][0] }}"
+  delegate_to: "{{ lb_kubemaster }}"
+  when:
+    - server_enrolled.rc == 1
+
+- name: Deploy kubeadm config
+  template:
+    src: kubeadm-config.yaml.j2
+    dest: /root/kubeadm-config.yaml
+    owner: root
+    group: root
+    mode: 600
   when:
     - server_enrolled.rc == 1
 
 - name: Join '{{ ansible_hostname }}' to Kubernetes cluster
-  command: kubeadm join --config=kubeadm-config.yaml --token {{ kubetoken.stdout }} --discovery-token-ca-cert-hash sha256:{{ hashcert.stdout }} --ignore-preflight-errors=SystemVerification
+  command: kubeadm join --config=/root/kubeadm-config.yaml
   when:
-    - groups['KubernetesMasterConfigured'] is not defined
-    - groups['KubernetesMasters'][0] == ansible_hostname
     - kubeadm_version_major.stdout | int == 1
     - kubeadm_version_minor.stdout | int >= 15
     - server_enrolled.rc == 1
@@ -151,7 +188,7 @@
 
 - name: taint the machine if needed
   command: kubectl taint nodes --all node-role.kubernetes.io/master-
-  when: kubernetes_master_taint == true  and current_taint.stdout
+  when: kubernetes_master_taint == true and current_taint.stdout
       
 #
 # At this point, we have a kubernetes up and running, but ready for it
diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index 9215299..c055343 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -1,17 +1,10 @@
 apiVersion: kubeadm.k8s.io/v1beta2
 kind: InitConfiguration
-{% if true == false %}
+{% if kubetoken is defined %} %}
 bootstrapTokens:
-- token: "9a08jv.c0izixklcxtmnze7"
+- token: "{{ kubetoken.stdout }}"
   description: "kubeadm bootstrap token"
   ttl: "24h"
-- token: "783bde.3f89s0fje9f38fhf"
-  description: "another bootstrap token"
-  usages:
-  - authentication
-  - signing
-  groups:
-  - system:bootstrappers:kubeadm:default-node-token
 {% endif %}
 nodeRegistration:
 {% if  kubernetes_cri == "containerd" %}
@@ -27,9 +20,6 @@ nodeRegistration:
     effect: "NoSchedule"
 {% endif %}
   kubeletExtraArgs:
-{% if false %}
-    cgroupDriver: "cgroupfs"
-{% endif %}
 {% if  kubernetes_cri == "containerd" %}
     cgroup-driver: "systemd"
     container-runtime: "remote"
@@ -44,15 +34,40 @@ nodeRegistration:
   - IsPrivilegedUser
 {% endif %}
 localAPIEndpoint:
-  advertiseAddress: "{{ lbip_kubeapiserver }}"
+  advertiseAddress: "{{ ansible_host }}"
   bindPort: 6443
 {% if kubernetes_certificateKey is defined %}
-certificateKey: "{{ kubernetes_certificateKey }}"
+certificateKey: "{{ kubernetes_certificateKey.stdout }}"
+{% endif %}
+{% if kubecertskey is defined %}
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: JoinConfiguration
+controlPlane:
+  localAPIEndpoint:
+    advertiseAddress: "{{ ansible_host }}"
+    bindPort: 6443
+  certificateKey: "{{ kubecertskey.stdout }}"
+discovery:
+  bootstrapToken:
+    apiServerEndpoint: "{{ lb_kubemaster }}:6443"
+    caCertHashes:
+    - sha256:{{ cacerthash.stdout }} 
+    token: "{{ kubetoken.stdout }}"
+nodeRegistration:
+  kubeletExtraArgs:
+    node-ip: {{ ansible_host }}
+    read-only-port: "10255"
+  ignorePreflightErrors:
+  - SystemVerification
 {% endif %}
 ---
 apiVersion: kubeadm.k8s.io/v1beta1
 kind: ClusterConfiguration
 kubernetesVersion: stable
 controlPlaneEndpoint: "{{ lb_kubemaster }}:6443"
+apiServer:
+  certSANs:
+  - "{{ lbip_kubeapiserver }}"
 networking:
-   podSubnet: "10.244.0.0/16"
\ No newline at end of file
+  podSubnet: "10.244.0.0/16"