-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathplaybook.yml
143 lines (126 loc) · 2.79 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
---
- name: Installing the Client Tools
hosts: localhost
roles:
- role: client-tools
tags:
- bootstrap
- name: Nodes bootstrap
hosts: all
roles:
- role: nodes-bootstrap
tags:
- bootstrap
- name: Provisioning a CA and Generating TLS Certificates
hosts: localhost
roles:
- role: certificate-authority
tags:
- ca
- name: Distributing Client Certificates for Workers
hosts: workers
roles:
- role: artifact-deployer
tags:
- ca
items:
- "{{ cert_path }}/ca.pem"
- "{{ cert_path }}/{{ inventory_hostname }}-key.pem"
- "{{ cert_path }}/{{ inventory_hostname }}.pem"
- name: Distributing Client Certificates for Controllers
hosts: controllers
roles:
- role: artifact-deployer
tags:
- ca
items:
- "{{ cert_path }}/ca.pem"
- "{{ cert_path }}/ca-key.pem"
- "{{ cert_path }}/kubernetes-key.pem"
- "{{ cert_path }}/kubernetes.pem"
- name: Kubernetes Configuration Files for Authentication
hosts: localhost
roles:
- role: authentication-configs
tags:
- rbac
- name: Distributing the Kubernetes Configuration Files
hosts: workers
roles:
- role: artifact-deployer
tags:
- rbac
items:
- "{{ kubeconfig_path }}/{{ inventory_hostname }}.kubeconfig"
- "{{ kubeconfig_path }}/kube-proxy.kubeconfig"
- name: Generating the Data Encryption Config and Key
hosts: localhost
roles:
- role: data-encryption
tags:
- bootstrap
- encryption
- name: Distributing the Data Encryption Config and Key
hosts: controllers
roles:
- role: artifact-deployer
tags:
- encryption
items:
- "{{ encryption_path }}/encryption-config.yaml"
- name: Bootstrapping the etcd Cluster
hosts: controllers
roles:
- role: etcd
tags:
- etcd
- name: Installing Kubernetes control plane
hosts: controllers
roles:
- role: kube-control-plane
tags:
- controllers
- name: RBAC for Kubelet Authorization
hosts: controllers[2]
roles:
- role: kube-control-plane-kubelet-rbac-auth
tags:
- controllers
- rbac
- name: Opening firewall port for Controllers
become: yes
hosts: controllers
roles:
- role: lb-controllers-firewall
tags:
- controllers
- lb
- name: Installing Kubernetes API load balancer
become: yes
hosts: lb
roles:
- role: lb
tags:
- lb
- name: Bootstrapping the Kubernetes Worker nodes
hosts: workers
roles:
- role: worker-nodes-bootstrap
tags:
- workers
- name: Verification of Kubernetes Worker nodes
hosts: controllers[2]
roles:
- role: worker-nodes-bootstrap-verification
tags:
- workers
- name: Configuring `kubectl` for Remote Access
hosts: localhost
roles:
- kubectl
- name: Installing `Weave Net` CNI plugin
hosts: localhost
roles:
- role: network-routes
tags:
- controllers