Add ansible files

2025-11-23 11:22:45 +00:00
parent 8fc60f9d8b
commit bc439597cb
26 changed files with 1364 additions and 0 deletions
--- a/ansible/01_install.yaml
+++ b/ansible/01_install.yaml
@@ -0,0 +1,167 @@
+- name: Install kubernetes
+  become: true
+  hosts: incus-k8s-nodes
+  tasks:
+    - name: Disable SELinux
+      ansible.posix.selinux:
+        state: disabled
+
+    - name: Install nfs-utils
+      ansible.builtin.dnf:
+        name: nfs-utils
+        state: present
+        update_cache: true
+
+    - name: Check if firewalld is installed
+      ansible.builtin.command:
+        cmd: rpm -q firewalld
+      failed_when: false
+      changed_when: false
+      register: firewalld_check
+
+    - name: Disable firewall
+      ansible.builtin.systemd_service:
+        name: firewalld
+        state: stopped
+        enabled: false
+        masked: true
+      when: firewalld_check.rc == 0
+
+    - name: Install iptables and iproute-tc
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+        update_cache: true
+      loop:
+        - iptables
+        - iproute-tc
+
+    - name: Configure network
+      block:
+        - name: Configure kernel modules
+          ansible.builtin.copy:
+            src: files/etc_modules-load.d_k8s.conf
+            dest: /etc/modules-load.d/k8s.conf
+            owner: root
+            group: root
+            mode: "0644"
+
+        - name: Enable overlay and br_netfilter module
+          community.general.modprobe:
+            name: "{{ item }}"
+            state: present
+          loop:
+            - overlay
+            - br_netfilter
+
+        - name: Configure sysctl
+          ansible.posix.sysctl:
+            name: "{{ item.key }}"
+            value: "{{ item.value }}"
+            state: present
+            reload: true
+          loop:
+            - { key: net.bridge.bridge-nf-call-iptables, value: 1 }
+            - { key: net.bridge.bridge-nf-call-ip6tables, value: 1 }
+            - { key: net.ipv4.ip_forward, value: 1 }
+
+    - name: Install kubernetes
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      loop:
+        - cri-o1.34
+        - kubernetes1.34
+        - kubernetes1.34-kubeadm
+        - kubernetes1.34-client
+
+    - name: Start and enable cri-o
+      ansible.builtin.systemd_service:
+        name: crio
+        state: started
+        enabled: true
+
+    - name: Start and enable kubelet
+      ansible.builtin.systemd_service:
+        name: kubelet
+        state: started
+        enabled: true
+
+    - name: Check if kubeadm_init_result.txt exists on kube-main
+      when: inventory_hostname == "kube-main"
+      ansible.builtin.stat:
+        path: /root/kubeadm_init_result.txt
+      register: kubeadm_init_file_check
+      failed_when: false
+
+      #  --token=xn6uig.fkf8debm23p79wwv
+
+    - name: Run init command
+      when: inventory_hostname == "kube-main" and kubeadm_init_file_check.stat.exists == false
+      ansible.builtin.shell:
+        cmd: "kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/crio/crio.sock > /root/kubeadm_init_result.txt"
+      register: kubeadm_init_result
+      changed_when: kubeadm_init_result.rc == 0
+      failed_when: kubeadm_init_result.rc != 0
+
+    - name: AFTER INIT -- Check if kubeadm_init_result.txt exists on kube-main
+      when: inventory_hostname == "kube-main"
+      ansible.builtin.stat:
+        path: /root/kubeadm_init_result.txt
+      register: kubeadm_init_file_check
+
+    - name: Read init result file content
+      when: inventory_hostname == "kube-main" and kubeadm_init_file_check.stat.exists == true
+      ansible.builtin.command:
+        cmd: cat /root/kubeadm_init_result.txt
+      register: kubeadm_init_file_content
+
+    - name: Retrieve kubeadm_init_file_content for other tasks
+      ansible.builtin.set_fact:
+        kubeadm_init_file_content: "{{ kubeadm_init_file_content }}"
+      run_once: true
+      delegate_to: localhost
+
+    - name: Set join command from file content
+      ansible.builtin.set_fact:
+        join_command: >-
+          {{
+            (kubeadm_init_file_content.stdout_lines[-2] +
+             kubeadm_init_file_content.stdout_lines[-1])
+             | to_json()
+             | replace("\\", '')
+             | replace("\t", '')
+             | replace('"', '')
+          }}
+
+    - name: Display join command on worker nodes
+      when: inventory_hostname in ["kube-worker1", "kube-worker2"]
+      ansible.builtin.debug:
+        var: join_command
+
+    - name: Check if kubeadm join was already runned
+      when: inventory_hostname in ["kube-worker1", "kube-worker2"]
+      ansible.builtin.stat:
+        path: /var/log/kubeadm_join.log
+      register: kubeadm_join_file_check
+
+    - name: Join worker nodes to the cluster
+      when: inventory_hostname in ["kube-worker1", "kube-worker2"] and kubeadm_join_file_check.stat.exists == false
+      ansible.builtin.command:
+        cmd: "{{ join_command }} >> /var/log/kubeadm_join.log"
+      register: kubeadm_join_result
+      changed_when: kubeadm_join_result.rc == 0
+      failed_when: kubeadm_join_result.rc != 0
+
+    - name: Create .kube directory on localhost
+      ansible.builtin.file:
+        path: ~/.kube
+        state: directory
+        mode: "0755"
+
+    - name: Fetch admin.conf from kube-main
+      when: inventory_hostname == "kube-main"
+      ansible.builtin.fetch:
+        src: /etc/kubernetes/admin.conf
+        dest: ~/.kube/config
+        flat: true