fix: worker should not hava kubeconfig (#2890)

Signed-off-by: William Wang <williamw0825@gmail.com>
2025-12-25 17:12:50 +00:00 · 2025-12-09 10:57:17 +08:00 · 2025-12-09 10:57:17 +08:00 · b7f6e19045
parent 0c859e8e1f
commit b7f6e19045
1 changed files with 5 additions and 0 deletions
--- a/builtin/core/roles/kubernetes/join-kubernetes/tasks/main.yaml
+++ b/builtin/core/roles/kubernetes/join-kubernetes/tasks/main.yaml
@ -14,12 +14,14 @@
    /usr/local/bin/kubeadm join --config=/etc/kubernetes/kubeadm-config.yaml --ignore-preflight-errors=FileExisting-crictl,ImagePull

 - name: Join | Synchronize kubeconfig to remote node for current user
+  when: .groups.kube_control_plane | default list | has .inventory_hostname
  copy:
    src: >-
      {{ .work_dir }}/kubekey/kubeconfig
    dest: ~/.kube/config

 - name: Join | Synchronize kubeconfig to remote node for root
+  when: .groups.kube_control_plane | default list | has .inventory_hostname
  copy:
    src: >-
      {{ .work_dir }}/kubekey/kubeconfig
@ -30,15 +32,18 @@
  block:
    - name: Join | Remove master and control-plane taints from node
      ignore_errors: true
+      delegate_to: "{{ .init_kubernetes_node }}"
      command: |
        /usr/local/bin/kubectl taint nodes {{ .hostname }} node-role.kubernetes.io/master=:NoSchedule-
        /usr/local/bin/kubectl taint nodes {{ .hostname }} node-role.kubernetes.io/control-plane=:NoSchedule-
    - name: Join | Add worker label to node
+      delegate_to: "{{ .init_kubernetes_node }}"
      command: |
        /usr/local/bin/kubectl label --overwrite node {{ .hostname }} node-role.kubernetes.io/worker=

 - name: Join | Add custom annotations to node
  when: .annotations | empty | not
+  delegate_to: "{{ .init_kubernetes_node }}"
  command: |
    kubectl annotate {{ .hostname }} {{- range $k,$v := .annotations }}{{ printf "%s=%s" $k $v}} {{- end }}