use new master ha join

tasks/main.yml

@@ -50,7 +50,10 @@
 
 - name: include etcd tasks
   include_tasks: etcd.yml
-  when: inventory_hostname in groups.etcd
+  when:
+  - inventory_hostname in groups.etcd
+  - inventory_hostname not in groups.k8s_masters
+
 
 - name: include master with etcd prepare tasks
   include_tasks: prepare_master_with_etcd.yml
@@ -68,7 +71,6 @@
 
 - name: include join worker tasks
   include_tasks: join.yml
-  when: inventory_hostname not in groups.k8s_masters
 
 #- name: include update master tasks
 #  include_tasks: update_master.yml

tasks/master-ha.yml

@@ -20,87 +20,19 @@
     dest: "{{ item.source }}"
   with_items: "{{ master_certs_configs_register.results }}"
 
-- name: check master certs exists
-  stat:
-    path: "{{ item }}"
-  register: master_certs_result
-  with_items:
-    - '{{ kubernetes_certs_dir }}/apiserver-kubelet-client.crt'
-    - '{{ kubernetes_certs_dir }}/apiserver-kubelet-client.key'
-    - '{{ kubernetes_certs_dir }}/apiserver.crt'
-    - '{{ kubernetes_certs_dir }}/apiserver.key'
-    - '{{ kubernetes_certs_dir }}/front-proxy-client.crt'
-    - '{{ kubernetes_certs_dir }}/front-proxy-client.key'
-
-- name: gen certs on master ha nodes
-  command: kubeadm init phase certs all --config {{ kubernetes_kubeadm_config_file }}
-  when: (
-    master_certs_result.results[0].stat.exists == False or
-    master_certs_result.results[1].stat.exists == False or
-    master_certs_result.results[2].stat.exists == False or
-    master_certs_result.results[3].stat.exists == False or
-    master_certs_result.results[4].stat.exists == False or
-    master_certs_result.results[5].stat.exists == False )
-
-- name: write kubelet config on master ha nodes
-  command: kubeadm init phase kubelet config write-to-disk --config {{ kubernetes_kubeadm_config_file }}
-  changed_when: false
-
-#- name: write kubelet env on master ha nodes
-#  command: kubeadm alpha phase kubelet write-env-file --config {{ kubernetes_kubeadm_config_file }}
-#  changed_when: false
-- name: incluse bug work around
-  include: master-ha-bug-workaround.yml
-
-- name: write kubelet systemd file on master ha nodes
-  command: kubeadm init phase kubeconfig kubelet --config {{ kubernetes_kubeadm_config_file }}
+- name: check node is already in cluster
+  delegate_to: "{{ groups.k8s_masters[0] }}"
+  command: "kubectl get nodes -n kube-system --kubeconfig {{ kubernetes_config_dir }}/admin.conf -o name"
+  register: get_node_register
   changed_when: false
 
-- name: Ensure kubelet is started and enabled at boot.
-  service:
-    name: kubelet
-    state: started
-    enabled: true
-    daemon_reload: yes
-
-- name: check master admin conf exists
-  stat:
-    path: "{{ item }}"
-  register: master_conf_result
-  with_items:
-    - '{{ kubernetes_config_dir }}/admin.conf'
-    - '{{ kubernetes_config_dir }}/controller-manager.conf'
-    - '{{ kubernetes_config_dir }}/kubelet.conf'
-    - '{{ kubernetes_config_dir }}/scheduler.conf'
-
-- name: write kubeconfig files for control-plane on master ha nodes
-  command: kubeadm init phase kubeconfig all --config {{ kubernetes_kubeadm_config_file }}
-  when: (
-    master_conf_result.results[0].stat.exists == False or
-    master_conf_result.results[1].stat.exists == False or
-    master_conf_result.results[2].stat.exists == False or
-    master_conf_result.results[3].stat.exists == False )
-
-- name: check master manifests exists
-  stat:
-    path: "{{ item }}"
-  register: master_manifest_result
-  with_items:
-    - '{{ kubernetes_apiserver_manifest_file }}'
-    - '{{ kubernetes_controller_manager_manifest_file }}'
-    - '{{ kubernetes_scheduler_manifest_file }}'
-
-- name: write controle-plane manifests on master ha nodes
-  command: kubeadm init phase controlplane all --config {{ kubernetes_kubeadm_config_file }}
-  when: (
-    master_manifest_result.results[0].stat.exists == False or
-    master_manifest_result.results[1].stat.exists == False or
-    master_manifest_result.results[2].stat.exists == False )
-
-- name: annotate cri on master ha nodes
-  command: kubeadm init phase kubelet config annotate-cri --config {{ kubernetes_kubeadm_config_file }}
+- name: get join command from master
+  delegate_to: "{{ groups.k8s_masters[0] }}"
+  command: "kubeadm token create --print-join-command"
   changed_when: false
+  when: ( 'node/' + ansible_nodename ) not in get_node_register.stdout_lines
+  register: join_command_register
 
-- name: mark as master on master ha nodes
-  command: kubeadm init phase mark-master --config {{ kubernetes_kubeadm_config_file }}
-  changed_when: false
+- name: join master node into cluster
+  command: "{{ join_command_register.stdout }} --experimental-control-plane"
+  when: ( 'node/' + ansible_nodename ) not in get_node_register.stdout_lines

templates/clusterconfig.yaml.j2

@@ -38,13 +38,12 @@ etcd:
     keyFile: {{ kubernetes_etcd_apiserver_client_key_file }}
 {% endif %}
 {% if inventory_hostname in groups.k8s_masters %}
-  {%- if kubernetes_apiserver_dns != "" %}
+{% if kubernetes_apiserver_dns != "" %}
 - "{{ kubernetes_apiserver_dns }}"
 controlPlaneEndpoint: "{{ kubernetes_apiserver_dns }}:{{ kubernetes_apiserver_port}}"
-  {%- else %}
+{% else %}
 controlPlaneEndpoint: "{{ kubernetes_apiserver_ip | default(hostvars[groups.k8s_masters[0]]['ansible_host'])| default(hostvars[groups.k8s_masters[0]]['ansible_default_ipv4.address']) }}:{{ kubernetes_apiserver_port}}"
-  {%- endif %}
-
+{% endif %}
 apiServer:
   certSANs:
   - "{{ kubernetes_apiserver_ip | default(hostvars[groups.k8s_masters[0]]['ansible_host']) | default(hostvars[groups.k8s_masters[0]]['ansible_default_ipv4.address']) }}"
@@ -68,7 +67,7 @@ controllerManager:
   - name: cloud
     hostPath: "{{ kubernetes_cloud_config_file }}"
     mountPath: "{{ kubernetes_cloud_config_file }}"
-{%- endif %}
+{% endif %}
 networking:
   dnsDomain: {{ kubernetes_dns_domain }}
   podSubnet: {{ kubernetes_pod_subnet }}