168 lines
5.1 KiB
YAML
168 lines
5.1 KiB
YAML
- name: Install kubernetes
|
|
become: true
|
|
hosts: incus-k8s-nodes
|
|
tasks:
|
|
- name: Disable SELinux
|
|
ansible.posix.selinux:
|
|
state: disabled
|
|
|
|
- name: Install nfs-utils
|
|
ansible.builtin.dnf:
|
|
name: nfs-utils
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Check if firewalld is installed
|
|
ansible.builtin.command:
|
|
cmd: rpm -q firewalld
|
|
failed_when: false
|
|
changed_when: false
|
|
register: firewalld_check
|
|
|
|
- name: Disable firewall
|
|
ansible.builtin.systemd_service:
|
|
name: firewalld
|
|
state: stopped
|
|
enabled: false
|
|
masked: true
|
|
when: firewalld_check.rc == 0
|
|
|
|
- name: Install iptables and iproute-tc
|
|
ansible.builtin.dnf:
|
|
name: "{{ item }}"
|
|
state: present
|
|
update_cache: true
|
|
loop:
|
|
- iptables
|
|
- iproute-tc
|
|
|
|
- name: Configure network
|
|
block:
|
|
- name: Configure kernel modules
|
|
ansible.builtin.copy:
|
|
src: files/etc_modules-load.d_k8s.conf
|
|
dest: /etc/modules-load.d/k8s.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Enable overlay and br_netfilter module
|
|
community.general.modprobe:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- overlay
|
|
- br_netfilter
|
|
|
|
- name: Configure sysctl
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
state: present
|
|
reload: true
|
|
loop:
|
|
- { key: net.bridge.bridge-nf-call-iptables, value: 1 }
|
|
- { key: net.bridge.bridge-nf-call-ip6tables, value: 1 }
|
|
- { key: net.ipv4.ip_forward, value: 1 }
|
|
|
|
- name: Install kubernetes
|
|
ansible.builtin.dnf:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- cri-o1.34
|
|
- kubernetes1.34
|
|
- kubernetes1.34-kubeadm
|
|
- kubernetes1.34-client
|
|
|
|
- name: Start and enable cri-o
|
|
ansible.builtin.systemd_service:
|
|
name: crio
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Start and enable kubelet
|
|
ansible.builtin.systemd_service:
|
|
name: kubelet
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Check if kubeadm_init_result.txt exists on kube-main
|
|
when: inventory_hostname == "kube-main"
|
|
ansible.builtin.stat:
|
|
path: /root/kubeadm_init_result.txt
|
|
register: kubeadm_init_file_check
|
|
failed_when: false
|
|
|
|
# --token=xn6uig.fkf8debm23p79wwv
|
|
|
|
- name: Run init command
|
|
when: inventory_hostname == "kube-main" and kubeadm_init_file_check.stat.exists == false
|
|
ansible.builtin.shell:
|
|
cmd: "kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/crio/crio.sock > /root/kubeadm_init_result.txt"
|
|
register: kubeadm_init_result
|
|
changed_when: kubeadm_init_result.rc == 0
|
|
failed_when: kubeadm_init_result.rc != 0
|
|
|
|
- name: AFTER INIT -- Check if kubeadm_init_result.txt exists on kube-main
|
|
when: inventory_hostname == "kube-main"
|
|
ansible.builtin.stat:
|
|
path: /root/kubeadm_init_result.txt
|
|
register: kubeadm_init_file_check
|
|
|
|
- name: Read init result file content
|
|
when: inventory_hostname == "kube-main" and kubeadm_init_file_check.stat.exists == true
|
|
ansible.builtin.command:
|
|
cmd: cat /root/kubeadm_init_result.txt
|
|
register: kubeadm_init_file_content
|
|
|
|
- name: Retrieve kubeadm_init_file_content for other tasks
|
|
ansible.builtin.set_fact:
|
|
kubeadm_init_file_content: "{{ kubeadm_init_file_content }}"
|
|
run_once: true
|
|
delegate_to: localhost
|
|
|
|
- name: Set join command from file content
|
|
ansible.builtin.set_fact:
|
|
join_command: >-
|
|
{{
|
|
(kubeadm_init_file_content.stdout_lines[-2] +
|
|
kubeadm_init_file_content.stdout_lines[-1])
|
|
| to_json()
|
|
| replace("\\", '')
|
|
| replace("\t", '')
|
|
| replace('"', '')
|
|
}}
|
|
|
|
- name: Display join command on worker nodes
|
|
when: inventory_hostname in ["kube-worker1", "kube-worker2"]
|
|
ansible.builtin.debug:
|
|
var: join_command
|
|
|
|
- name: Check if kubeadm join was already runned
|
|
when: inventory_hostname in ["kube-worker1", "kube-worker2"]
|
|
ansible.builtin.stat:
|
|
path: /var/log/kubeadm_join.log
|
|
register: kubeadm_join_file_check
|
|
|
|
- name: Join worker nodes to the cluster
|
|
when: inventory_hostname in ["kube-worker1", "kube-worker2"] and kubeadm_join_file_check.stat.exists == false
|
|
ansible.builtin.command:
|
|
cmd: "{{ join_command }} >> /var/log/kubeadm_join.log"
|
|
register: kubeadm_join_result
|
|
changed_when: kubeadm_join_result.rc == 0
|
|
failed_when: kubeadm_join_result.rc != 0
|
|
|
|
- name: Create .kube directory on localhost
|
|
ansible.builtin.file:
|
|
path: ~/.kube
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Fetch admin.conf from kube-main
|
|
when: inventory_hostname == "kube-main"
|
|
ansible.builtin.fetch:
|
|
src: /etc/kubernetes/admin.conf
|
|
dest: ~/.kube/config
|
|
flat: true
|