kubekey/builtin/roles/install/kubernetes/tasks/init_kubernetes.yaml

---
- name: Add kube user
  command: |
    useradd -M -c 'Kubernetes user' -s /sbin/nologin -r kube || :    

- name: Create kube directories
  command: |
    if [ ! -d "{{ .item.path }}" ]; then
      mkdir -p {{ .item.path }} && chown kube -R {{ .item.chown }}
    fi    
  loop:
    - {path: "/usr/local/bin", chown: "/usr/local/bin"}
    - {path: "/etc/kubernetes", chown: "/etc/kubernetes"}
    - {path: "/etc/kubernetes/pki", chown: "/etc/kubernetes/pki"}
    - {path: "/etc/kubernetes/manifests", chown: "/etc/kubernetes/manifests"}
    - {path: "/usr/local/bin/kube-scripts", chown: "/usr/local/bin/kube-scripts"}
    - {path: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec", chown: "/usr/libexec/kubernetes"}
    - {path: "/etc/cni/net.d", chown: "/etc/cni"}
    - {path: "/opt/cni/bin", chown: "/opt/cni"}
    - {path: "/var/lib/calico", chown: "/var/lib/calico"}

- name: Sync external etcd config
  when: and (.kubernetes.etcd.deployment_type | eq "external") (.groups.etcd | default list | len | lt 0)
  block:
    - name: Sync etcd ca file to remote
      copy:
        src: |
          {{ .work_dir }}/kubekey/pki/root.crt          
        dest: /etc/kubernetes/pki/etcd/ca.crt
    - name: Sync etcd cert files to remote
      copy:
        src: |
          {{ .work_dir }}/kubekey/pki/etcd.crt          
        dest: /etc/kubernetes/pki/etcd/client.crt
    - name: Sync etcd key files to remote
      copy:
        src: |
          {{ .work_dir }}/kubekey/pki/etcd.key          
        dest: /etc/kubernetes/pki/etcd/client.key

- name: Sync audit policy file to remote
  copy:
    src: audit
    dest: /etc/kubernetes/audit/
  when: .kubernetes.audit

- name: Generate kubeadm init config
  template:
    src: |
      {{- if .kube_version | semverCompare ">=v1.24.0" -}}
      kubeadm/kubeadm-init.v1beta3
      {{- else -}}
      kubeadm/kubeadm-init.v1beta2
      {{- end -}}      
    dest: /etc/kubernetes/kubeadm-config.yaml

- name: Init kubernetes cluster
  block:
    - name: Init kubernetes by kubeadm
      command: |
        /usr/local/bin/kubeadm init --config=/etc/kubernetes/kubeadm-config.yaml --ignore-preflight-errors=FileExisting-crictl,ImagePull {{ if not .kubernetes.kube_proxy.enabled }}--skip-phases=addon/kube-proxy{{ end }}        
  rescue:
    - name: Reset kubeadm if init failed
      command: |
        kubeadm reset -f {{ if and .cri.cri_socket (ne .cri.cri_socket "") }}--cri-socket {{ .cri.cri_socket }}{{ end }}        

- name: Copy kubeconfig to default dir
  command: |
    if [ ! -d /root/.kube ]; then
      mkdir -p /root/.kube
    fi
    cp -f /etc/kubernetes/admin.conf /root/.kube/config    
  when: .kube_node_info_important.stderr | ne ""

- name: Set to worker node
  when: .groups.kube_worker | default list | has .inventory_name
  block:
    - name: Remote master taint
      ignore_errors: true
      command: |
        /usr/local/bin/kubectl taint nodes {{ .inventory_name }} node-role.kubernetes.io/master=:NoSchedule-
        /usr/local/bin/kubectl taint nodes {{ .inventory_name }} node-role.kubernetes.io/control-plane=:NoSchedule-        
    - name: Add work label
      command: |
        /usr/local/bin/kubectl label --overwrite node {{ .inventory_name }} node-role.kubernetes.io/worker=