Make playbooks code cleaner

Author: ydamni

playbooks/bootstrap-control-plane.yml

@@ -135,7 +135,7 @@
         sudo systemctl start kube-apiserver kube-controller-manager kube-scheduler
 -
   name: 'Kubernetes Frontend Load Balancer'
-  hosts: loadbalancer-1
+  hosts: loadbalancer
   tasks: 
     -
       name: 'Install haproxy'
@@ -144,7 +144,7 @@
       name: 'Modify haproxy configuration file'
       shell: |
         INTERNAL_IP=$(ip addr show enp0s8 | grep "inet " | awk '{print $2}' | cut -d / -f 1)
-        MASTER_NODES=$(cat /vagrant/.vagrant/shared-folder/inventory.txt | grep master-* | sed 's/^/    server /' | sed 's/$/:6443 check fail 3 rise 2/')
+        MASTER_NODES=$(cat /vagrant/.vagrant/shared-folder/inventory.txt | grep master-* | sed 's/^/    server /' | sed 's/$/:6443 check fall 3 rise 2/')
         cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg 
         frontend kubernetes
             bind ${INTERNAL_IP}:6443

playbooks/pod-networking-solution.yml

@@ -1,15 +1,17 @@
 -
-  name: 'Provisioning pod Network (CNI)'
+  name: 'Provisioning pod Network (CNI) to worker nodes'
   hosts: worker-*
   tasks:
     -
       name: 'Install CNI plugins required for Weave'
       shell: |
         wget https://github.com/containernetworking/plugins/releases/download/v0.7.5/cni-plugins-amd64-v0.7.5.tgz
         sudo tar -xzvf cni-plugins-amd64-v0.7.5.tgz --directory /opt/cni/bin/
+-
+  name: 'Deploy Weave Network on master node'
+  hosts: master-1
+  tasks:
     -
       name: 'Deploy Weave Network'
       shell: |
         kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
-      ignore_errors: true #If there is an error, it means Weave Network is already deployed
-      delegate_to: master-1

playbooks/prerequisites.yml

@@ -69,15 +69,12 @@
         INTERNAL_IP=$(ip addr show enp0s8 | grep "inet " | awk '{print $2}' | cut -d / -f 1)
         HOSTNAME=$(hostname -s)
         echo $HOSTNAME $INTERNAL_IP >> /vagrant/.vagrant/shared-folder/inventory.txt
--
-  name: 'Update /etc/hosts on all nodes'
-  hosts: all
-  tasks:
     -
       name: 'Append nodes IP addresses to /etc/hosts file'
       shell: |
-        cat <<EOF | sudo tee /etc/hosts
-        cat /vagrant/.vagrant/shared-folder/inventory.txt | awk '{print $2 " " $1}'
+        LIST_IP=$(cat /vagrant/.vagrant/shared-folder/inventory.txt | awk '{print $2 " " $1}')
+        cat <<EOF | sudo tee -a /etc/hosts
+        ${LIST_IP}
         EOF
 -
   name: 'Install kubectl on Master nodes'

playbooks/tls-bootstrap-kube-worker-nodes.yml

@@ -23,6 +23,10 @@
       shell: |
         cd /vagrant/.vagrant/shared-folder
         sudo cp ca.crt /var/lib/kubernetes/
+-
+  name: 'Give CSR access rights to Worker nodes'
+  hosts: master-1
+  tasks: 
     -
       name: 'Create Bootstrap Token to be used by Worker nodes (kubelet) to invoke Certificate API'
       shell: |
@@ -55,21 +59,17 @@
           # Extra groups to authenticate the token as. Must start with "system:bootstrappers:"
           auth-extra-groups: system:bootstrappers:worker
         EOF
-    -
-      name: 'Apply Bootstrap Token'
-      shell: |
-        cd /vagrant/.vagrant/shared-folder
         kubectl create -f bootstrap-token-07401b.yaml
-      ignore_errors: true #If there is an error, it means the Bootstrap Token is already applied
-      delegate_to: master-1
     -
       name: 'Authorize Worker nodes (kubelet) to create, approve and auto renew Certificates'
       shell: |
         kubectl create clusterrolebinding create-csrs-for-bootstrapping --clusterrole=system:node-bootstrapper --group=system:bootstrappers
         kubectl create clusterrolebinding auto-approve-csrs-for-group --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --group=system:bootstrappers
         kubectl create clusterrolebinding auto-approve-renewals-for-nodes --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeclient --group=system:nodes
-      ignore_errors: true #If there is an error, it means Worker nodes can already create, approve and auto renew Certificates
-      delegate_to: master-1
+-
+  name: 'Add kube services for Worker nodes (kubelet & kube-proxy)'
+  hosts: worker-*
+  tasks: 
     -
       name: 'Configure kubelet to TLS Bootstrap'
       shell: |
@@ -184,7 +184,14 @@
         sudo systemctl daemon-reload
         sudo systemctl enable kubelet kube-proxy
         sudo systemctl start kubelet kube-proxy
+    -
+      name: 'Wait for Workers to generate CSRs'
+      pause:
+        seconds: 10
+-
+  name: 'Approve Server CSR from Master node'
+  hosts: master-1
+  tasks: 
     -
       name: 'Approve Server CSR'
       shell: "kubectl certificate approve $(kubectl get csr|grep csr|awk -F ' ' '{print $1}')"
-      delegate_to: master-1