diff --git a/contrib/ansible/roles/kubernetes/tasks/gen_tokens.yml b/contrib/ansible/roles/kubernetes/tasks/gen_tokens.yml index 2920b46ef8c..ad11be10a27 100644 --- a/contrib/ansible/roles/kubernetes/tasks/gen_tokens.yml +++ b/contrib/ansible/roles/kubernetes/tasks/gen_tokens.yml @@ -6,12 +6,12 @@ mode=u+x - name: Generate tokens for master components - command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item }}" + command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" environment: TOKEN_DIR: "{{ kube_token_dir }}" - with_items: - - "system:controller_manager" - - "system:scheduler" + with_nested: + - [ "system:controller_manager", "system:scheduler" ] + - "{{ groups['masters'] }}" register: gentoken changed_when: "'Added' in gentoken.stdout" notify: diff --git a/contrib/ansible/roles/kubernetes/tasks/place_secrets.yml b/contrib/ansible/roles/kubernetes/tasks/place_secrets.yml index 61a53c3d8d5..7cde9821544 100644 --- a/contrib/ansible/roles/kubernetes/tasks/place_secrets.yml +++ b/contrib/ansible/roles/kubernetes/tasks/place_secrets.yml @@ -13,16 +13,6 @@ notify: - restart daemons -- name: Copy master tokens to the masters - synchronize: src={{ kube_token_dir }}/{{ item }} dest={{ kube_token_dir }}/{{ item }} - delegate_to: "{{ groups['masters'][0] }}" - with_items: - - "system:controller_manager.token" - - "system:scheduler.token" - notify: - - restart daemons - when: inventory_hostname in groups['masters'] - - name: remove ssh public key so apiserver can not push stuff authorized_key: user=root key="{{ item }}" state=absent with_file: diff --git a/contrib/ansible/roles/master/tasks/main.yml b/contrib/ansible/roles/master/tasks/main.yml index a1b4511fcde..81ca16aefe0 100644 --- a/contrib/ansible/roles/master/tasks/main.yml +++ b/contrib/ansible/roles/master/tasks/main.yml @@ -21,16 +21,25 @@ - name: Enable apiserver service: name=kube-apiserver enabled=yes state=started +- name: Get the node token values + slurp: + src: "{{ kube_token_dir }}/{{ item }}-{{ inventory_hostname }}.token" + with_items: + - "system:controller_manager" + - "system:scheduler" + register: tokens + delegate_to: "{{ groups['masters'][0] }}" + +- name: Set token facts + set_fact: + controller_manager_token: "{{ tokens.results[0].content|b64decode }}" + scheduler_token: "{{ tokens.results[1].content|b64decode }}" + - name: write the config file for the controller-manager template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager notify: - restart controller-manager -- name: Get the controller-manager token value - slurp: - src: "{{ kube_token_dir }}/system:controller_manager.token" - register: controller_manager_token - - name: write the kubecfg (auth) file for controller-manager template: src=controller-manager.kubeconfig.j2 dest={{ kube_config_dir }}/controller-manager.kubeconfig notify: @@ -44,11 +53,6 @@ notify: - restart scheduler -- name: Get the scheduler token value - slurp: - src: "{{ kube_token_dir }}/system:scheduler.token" - register: scheduler_token - - name: write the kubecfg (auth) file for scheduler template: src=scheduler.kubeconfig.j2 dest={{ kube_config_dir }}/scheduler.kubeconfig notify: diff --git a/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2 b/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2 index d36522091c6..96703b5ed5b 100644 --- a/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2 +++ b/contrib/ansible/roles/master/templates/controller-manager.kubeconfig.j2 @@ -15,4 +15,4 @@ contexts: users: - name: controller-manager user: - token: {{ controller_manager_token.content|b64decode }} + token: {{ controller_manager_token }} diff --git a/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2 b/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2 index d8031f761cb..300783dd3e2 100644 --- a/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2 +++ b/contrib/ansible/roles/master/templates/scheduler.kubeconfig.j2 @@ -15,4 +15,4 @@ contexts: users: - name: scheduler user: - token: {{ scheduler_token.content|b64decode }} + token: {{ scheduler_token }}