configpolicy/roles/k8s-worker/tasks/main.yml

- name: ensure required packages are installed
  package:
    name:
    # Required for Longhorn RWO volumes
    - iscsi-initiator-utils
    # Required for Longhorn RWX volumes
    - nfs-utils
    state: present
  tags:
  - install

- name: ensure iscsi socket is enabled
  systemd:
    name: iscsid.socket
    enabled: true
  tags:
  - service
- name: ensure iscsi socket is active
  systemd:
    name: iscsid.socket
    state: started
  tags:
  - service

- name: flush handlers
  meta: flush_handlers

- name: stat /var/lib/kubelet/config.yaml
  stat:
    path: /var/lib/kubelet/config.yaml
  ignore_errors: true
  register: stat_kubelet_config
  tags:
  - kubeadm-join

- name: add node to cluster
  when:
    stat_kubelet_config is not defined or not stat_kubelet_config.stat.exists
  tags:
  - kubeadm-join
  block:
  - name: get kubernetes cluster info
    set_fact:
      cluster_info: >-
        {{ query(
          "kubernetes.core.k8s",
          kind="ConfigMap",
          namespace="kube-public",
          resource_name="cluster-info",
        )[0] }}        
    tags:
    - cluster-info

  - name: generate bootstrap token
    set_fact:
      bootstrap_token_id: >-
        {{ lookup("password", "/dev/null length=6 chars=ascii_lowercase,digits") }}        
      bootstrap_token_secret: >-
        {{ lookup("password", "/dev/null length=16 chars=ascii_lowercase,digits") }}        
      cacheable: false
    no_log: true
    tags:
    - bootstrap-token

  - name: create bootstrap token secret
    delegate_to: localhost
    become: false
    kubernetes.core.k8s:
      definition:
        apiVersion: v1
        kind: Secret
        type: bootstrap.kubernetes.io/token
        metadata:
          name: bootstrap-token-{{ bootstrap_token_id }}
          namespace: kube-system
        stringData:
          description: Bootstrap token for {{ inventory_hostname }}
          token-id: '{{ bootstrap_token_id }}'
          token-secret: '{{ bootstrap_token_secret }}'
          expiration: >-
            {{ now().utcfromtimestamp(
                 now().timestamp() + 300
               ).strftime("%Y-%m-%dT%H:%M:%SZ")
            }}            
          usage-bootstrap-authentication: 'true'
          usage-bootstrap-signing: 'true'
          auth-extra-groups: 'system:bootstrappers:kubeadm:default-node-token'
    no_log: true
    tags:
    - bootstrap-token

  - name: generate kubeconfig for kubeadm join
    vars:
      kubeconfig: '{{ cluster_info.data.kubeconfig | from_yaml }}'
      config:
        apiVersion: v1
        kind: Config
        clusters:
        - name: kubernetes
          cluster: '{{ kubeconfig.clusters[0].cluster }}'
        contexts:
        - name: kubeadm
          context:
            cluster: kubernetes
            user: kubeadm
        current-context: kubeadm
        users:
        - name: kubeadm
          user:
            token: '{{ bootstrap_token_id }}.{{ bootstrap_token_secret }}'
    copy:
      dest: /tmp/kubeconfig
      owner: root
      group: root
      mode: u=rw,go=
      content: '{{ config | to_nice_yaml(indent=2) }}'
    tags:
    - kubeconfig

  - name: generate join configuration file
    vars:
      config:
        apiVersion: kubeadm.k8s.io/v1beta3
        kind: JoinConfiguration
        nodeRegistration:
          kubeletExtraArgs:
            config: /var/lib/kubelet/config.yaml
        discovery:
          file:
            kubeConfigPath: /tmp/kubeconfig
    copy:
      dest: /tmp/joinconfiguration
      owner: root
      group: root
      mode: u=rw,go=
      content: '{{ config | to_nice_yaml(indent=2) }}'

  - name: join the kubernetes cluster
    command: >-
      kubeadm join --config=/tmp/joinconfiguration      
    changed_when: true
    tags:
    - run-kubeadm-join

- name: ensure temporary join configuration files are removed
  file:
    path: '{{ item }}'
    state: absent
  loop:
  - /tmp/kubeconfig
  - /tmp/joinconfiguration
  tags:
  - kubeadm-join-cleanup
  - cleanup