Update

roles/kubeadm_install/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/kubeadm_install/README.md

@@ -0,0 +1,123 @@
+Kubeadm Install
+=========
+Role to configure prerequisites for installing a Kubeadm cluster
+
+- Remove existing repos and gpg keys
+- Open firewalld ports
+- Disable swap
+- Load modules and edit sysctl
+- Install containerd
+- Install kubelet, kubeadm, and kubectl
+
+Manual Commands to match this playbook
+-------------
+These assume you're running sudo.  
+
+To ensure the gpg keys and repos are removed:
+- rm -rf /etc/apt/sources.list.d/kubernetes.list
+- rm -rf /usr/share/keyrings kubernetes-archive-keyring.gpg
+- rm -rf /etc/apt/sources.list.d/docker.list
+- rm -rf /usr/share/keyrings/docker-archive-keyring.gpg
+
+
+To Open firewalld ports, restart, and enable firewalld: ( Do the --add-port= command for each port)
+- firewall-cmd --permanent --add-port=6443/tcp
+- systemctl restart firewalld
+- systemctl enable firewalld
+
+To disable swap:
+- swapoff -a
+- Edit /etc/fstab
+  * Comment out the swap line
+
+To check if br_netfilter and overlay modules are loaded and load them:
+- lsmod | grep br_netfilter ( if nothing is output, its not loaded)
+  * modprobe br_netfilter
+- lsmod | grep overlay
+  * modprobe overlay
+
+Add modules to a modules-load.d config
+- vi /etc/modules-load.d/k8s.conf
+- Add the below to the file
+  * overlay
+  * br_netfilter
+- hit ESC and type :wq to save and quit
+
+Add sysctl configs to /etc/sysctl.d
+- vi /etc/sysctl.d/k8s.conf
+- Add the below lines to the file
+  * net.bridge.bridge-nf-call-ip6tables = 1
+  * net.bridge.bridge-nf-call-iptables = 1
+  * net.ipv4.ip_forward                 = 1
+- hit ESC and type :wq to save and quit
+
+To apply the sysctl changes now type:
+- sysctl --system
+
+To install required packages to install containerd 
+- apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
+
+Add docker official gpg key
+- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+Setup Stable docker repository
+- echo \
+  "deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+Update repo lists
+- apt-get update
+
+Install containerd
+- apt-get install containerd.io
+
+Make /etc/containerd directory
+- mkdir /etc/containerd
+
+Set containerd config default
+- containerd config default | sudo tee /etc/containerd/config.toml
+
+Restart containerd
+- systemctl restart containerd
+
+Add lines to the end of /etc/containerd/config.toml
+- vi /etc/containerd/config.toml
+  * [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+  * [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+  *  SystemdCgroup = true
+- hit ESC and type :wq to save and quit
+
+Restart containerd
+- systemctl restart containerd
+
+Download google cloud GPG key
+- sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
+
+Setup kubernetes repository
+- echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
+
+Update repo lists
+- apt-get update
+
+To Install kubeadm, kubectl, and kubelet
+- apt-get install kubeadm kubectl kubelet
+
+------------
+
+
+Requirements
+------------
+
+- A Sudo user on your hosts you wish to apply this to
+- An internet connection
+
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/kubeadm_install/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for kubeadm_install

roles/kubeadm_install/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for kubeadm_install

roles/kubeadm_install/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  

roles/kubeadm_install/tasks/main.yml

@@ -0,0 +1,255 @@
+---
+# tasks file for kubeadm_install
+###############################
+###         Pre-reqs        ###
+###############################
+
+# Check to see if these exist. If they do remove them. Not removing them will cause issues for every run of this playbook after the first
+- name: Remove existing gpg keys and repos to prevent issues
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items:
+    - { path: /etc/apt/sources.list.d/kubernetes.list }
+    - { path: /usr/share/keyrings/kubernetes-archive-keyring.gpg }
+    - { path: /etc/apt/sources.list.d/docker.list }
+    - { path: /usr/share/keyrings/docker-archive-keyring.gpg }
+
+###############################
+###   Open Firewalld Ports  ###
+###############################
+
+# Install Firewalld and netfilter-persistent
+- name: Install firewalld and ( netfilter-persistent Debian only )
+  apt:
+    pkg: 
+      - firewalld
+      - netfilter-persistent
+    state: present
+  tags:
+    - firewalld
+    - iptables
+
+# Open Required Master Ports
+- name: open ports ( MASTERS )
+  firewalld:
+    port: "{{ item.port }}"
+    
+    permanent: yes
+    state: enabled
+  with_items:
+    - { port: 6443/tcp }
+    - { port: 8285/udp }
+    - { port: 8472/tcp }
+    - { port: 8080/tcp }
+    - { port: 2379-2380/tcp }
+    - { port: 10250-10252/tcp }
+  when: "'masters' in group_names"
+  tags:
+    - firewalld
+
+# Opern Required Worker Ports
+- name: open ports ( WORKERS )
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: yes
+    state: enabled
+  with_items:
+    - { port: 10250/tcp }
+    - { port: 8285/udp }
+    - { port: 8472/tcp }
+    - { port: 8080/tcp }
+    - { port: 30000-32767/tcp }
+  when: "'workers' in group_names"
+  tags:
+    - firewalld
+
+# Turn on and Enable Firewalld
+- name: Turn on and enable firewalld
+  service:
+    name: firewalld
+    state: restarted
+    enabled: yes
+  tags:
+    - firewalld
+
+# Make it so iptables is configured to allow flannel and coredns pods to start and add iptables rules
+- name: iptables default policies need to be ACCEPT on all chains
+  iptables:
+    chain: '{{item}}'
+    policy: ACCEPT
+  with_items:
+  - INPUT
+  - FORWARD
+  - OUTPUT
+  tags:
+    - iptables
+
+- name: save iptables rules (Debian)
+  shell: netfilter-persistent save
+  tags:
+    - iptables
+
+#############################
+###     Disable SWAP      ###
+#############################
+
+# Disable swap right now
+- name: disable swap NOW
+  shell: /usr/sbin/swapoff -a
+
+# Use if you have swap in your /etc/fstab file to comment out the swap line for presistence
+#- name: Disable swap persistently
+#  command: sudo sed -i '/ swap / s/^/#/' /etc/fstab
+
+##########################################
+## LETTING IPTABLES SEE BRIDGED TRAFFIC ##
+#########################################
+
+# Load br_netfilter and overlay module
+- name: Load required modules
+  modprobe:
+    name: "{{ item.name }}"
+    state: present
+  with_items:
+    - { name: br_netfilter }
+    - { name: overlay }
+
+# Create config to ensure modules are loaded on reboots
+- name: Place k8s.conf in modules-load.d
+  template:
+    src: k8s_modules.conf.j2
+    dest: /etc/modules-load.d/k8s.conf
+
+# Ensure sysctl options are set to allow proper network operation    
+- name: Adding /etc/sysctl.d/k8s.conf
+  template:
+    src: k8s_sysctl.conf.j2
+    dest: /etc/sysctl.d/k8s.conf
+
+# Apply the sysctl changes made right now  
+- name: Apply sysctl changes
+  command: /usr/sbin/sysctl --system
+
+# Add cgroups to cmdline
+- name: Add cgroups to cmdline
+  template:
+    src: cmdline.txt.j2
+    dest: /boot/firmware/cmdline.txt
+  register: task_result
+
+- name: Reboot immediately if there was a change.
+  shell: "sleep 5 && reboot"
+  async: 1
+  poll: 0
+  when: task_result is changed
+
+- name: Wait for the reboot to complete if there was a change.
+  wait_for_connection:
+    connect_timeout: 20
+    sleep: 5
+    delay: 5
+    timeout: 300
+  when: task_result is changed
+
+
+#####################################
+##      INSTALL CONTAINERD       ####
+#####################################
+
+# Install the required packages to perform the below operations
+- name: Install required software to setup containerd install repo
+  apt:
+    pkg:
+    - bridge-utils
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - gnupg
+    - lsb-release
+
+# Add official docker repo gpg key
+- name: Add docker official gpg key
+  shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+# Setup the repo file on the host
+- name: Setup Stable docker repository
+  template:
+    src: docker.list.j2
+    dest: /etc/apt/sources.list.d/docker.list
+
+# Update the repo based on the new repolist added and install containerd
+- name: Apt-get update and Install containerd
+  apt:
+    pkg:
+    - containerd.io
+    update_cache: yes
+
+# Build the containerd config directory
+- name: Make /etc/containerd directory
+  file:
+    path: /etc/containerd
+    state: directory
+
+# Tell containerd the location of the config
+- name: Set containerd config default
+  command: containerd config default | sudo tee /etc/containerd/config.toml
+
+# Restart containerd
+- name: Restart and enable containerd
+  service:
+    name: containerd
+    state: restarted
+    enabled: yes
+
+# Place the config file in the new config directory
+- name: Place config.toml file
+  template:
+    src: config.toml.j2
+    dest: /etc/containerd/config.toml
+
+# Restart containerd AGAIN
+- name: Restart and enable containerd
+  service:
+    name: containerd
+    state: restarted
+    enabled: yes
+
+################################################
+### INSTALL KUBEADM, KUBELET, KUBECTL     ######
+################################################
+
+# Download google cloud GPG key
+- name: Download the google cloud public signing GPG key
+  shell: sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
+
+# setup kubernetes repo
+- name: Setup kubernetes repository
+  template:
+    src: kubernetes.list.j2
+    dest: /etc/apt/sources.list.d/kubernetes.list
+
+# Install kubectl on all nodes in the lab
+- name: Apt-get update and Install kubectl on entire lab
+  apt:
+    pkg:
+    - kubectl
+    update_cache: yes 
+
+# Install kubeadm on all k8s nodes
+- name: Apt-get update and Install kubeadm on entire k8s cluster
+  apt:
+    pkg:
+    - kubeadm
+    update_cache: yes
+  when: "'masters' or 'workers' in group_names"
+
+# Install kubelet on the workers
+- name: Apt-get update and Install kubelet on workers
+  apt:
+    pkg:
+    - kubelet
+    update_cache: yes
+  when: "'workers' or 'masters' in group_names"
+
+

roles/kubeadm_install/templates/cmdline.txt.j2

@@ -0,0 +1 @@
+net.ifnames=0 dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=LABEL=writable rootfstype=ext4 elevator=deadline rootwait fixrtc cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1

roles/kubeadm_install/templates/config.toml.j2

@@ -0,0 +1,34 @@
+#   Copyright 2018-2020 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+#disabled_plugins = ["cri"]
+
+#root = "/var/lib/containerd"
+#state = "/run/containerd"
+#subreaper = true
+#oom_score = 0
+
+#[grpc]
+#  address = "/run/containerd/containerd.sock"
+#  uid = 0
+#  gid = 0
+
+#[debug]
+#  address = "/run/containerd/debug.sock"
+#  uid = 0
+#  gid = 0
+#  level = "info"
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+    SystemdCgroup = true

roles/kubeadm_install/templates/docker.list.j2

@@ -0,0 +1 @@
+deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu   focal stable

roles/kubeadm_install/templates/k8s_modules.conf.j2

@@ -0,0 +1,5 @@
+# Containerd Requirments
+overlay
+
+# Kubeadm Requirments 
+br_netfilter

roles/kubeadm_install/templates/k8s_sysctl.conf.j2

@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.ip_forward                 = 1

roles/kubeadm_install/templates/kubernetes.list.j2

@@ -0,0 +1 @@
+deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main

roles/kubeadm_install/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/kubeadm_install/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - kubeadm_install

roles/kubeadm_install/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for kubeadm_install