60 lines
1.7 KiB
YAML
60 lines
1.7 KiB
YAML
---
|
|
# Step 1: Install base packages on new CP nodes
|
|
- hosts: new_control_planes
|
|
become: yes
|
|
roles:
|
|
- common
|
|
- wireguard
|
|
- containerd
|
|
- kubernetes
|
|
|
|
# Step 2: Update WireGuard on existing nodes to know about new peers
|
|
- hosts: k8s_workers
|
|
become: yes
|
|
roles:
|
|
- wireguard
|
|
|
|
# Step 3: Get join credentials from existing CP
|
|
- hosts: k8s_control_plane[0]
|
|
become: yes
|
|
roles:
|
|
- kubeadm_cp_discovery
|
|
|
|
# Step 4: Join new nodes as control planes
|
|
- hosts: new_control_planes
|
|
become: yes
|
|
serial: 1 # Join one at a time for safety
|
|
tasks:
|
|
- name: Join as control plane
|
|
command: >-
|
|
{{ hostvars[groups['k8s_control_plane'][0]].kubeadm_cp_join_cmd }}
|
|
--control-plane-endpoint cp.k8s.betelgeusebytes.io:6443
|
|
--apiserver-advertise-address {{ wg_address }}
|
|
args:
|
|
creates: /etc/kubernetes/kubelet.conf
|
|
|
|
- name: Setup kubeconfig
|
|
shell: |
|
|
mkdir -p /root/.kube
|
|
cp -f /etc/kubernetes/admin.conf /root/.kube/config
|
|
|
|
- name: Update kubelet server to DNS endpoint
|
|
replace:
|
|
path: /etc/kubernetes/kubelet.conf
|
|
regexp: 'server: https://[0-9.]+:6443'
|
|
replace: 'server: https://cp.k8s.betelgeusebytes.io:6443'
|
|
|
|
- name: Update admin.conf server to DNS endpoint
|
|
replace:
|
|
path: /etc/kubernetes/admin.conf
|
|
regexp: 'server: https://[0-9.]+:6443'
|
|
replace: 'server: https://cp.k8s.betelgeusebytes.io:6443'
|
|
|
|
- name: Restart kubelet
|
|
service:
|
|
name: kubelet
|
|
state: restarted
|
|
|
|
- name: Taint node as control-plane only
|
|
command: kubectl taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane:NoSchedule --overwrite
|
|
delegate_to: "{{ groups['k8s_control_plane'][0] }}" |