Update
This commit is contained in:
255
roles/kubeadm_install/tasks/main.yml
Normal file
255
roles/kubeadm_install/tasks/main.yml
Normal file
@ -0,0 +1,255 @@
|
||||
---
|
||||
# tasks file for kubeadm_install
|
||||
###############################
|
||||
### Pre-reqs ###
|
||||
###############################
|
||||
|
||||
# Check to see if these exist. If they do remove them. Not removing them will cause issues for every run of this playbook after the first
|
||||
- name: Remove existing gpg keys and repos to prevent issues
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- { path: /etc/apt/sources.list.d/kubernetes.list }
|
||||
- { path: /usr/share/keyrings/kubernetes-archive-keyring.gpg }
|
||||
- { path: /etc/apt/sources.list.d/docker.list }
|
||||
- { path: /usr/share/keyrings/docker-archive-keyring.gpg }
|
||||
|
||||
###############################
|
||||
### Open Firewalld Ports ###
|
||||
###############################
|
||||
|
||||
# Install Firewalld and netfilter-persistent
|
||||
- name: Install firewalld and ( netfilter-persistent Debian only )
|
||||
apt:
|
||||
pkg:
|
||||
- firewalld
|
||||
- netfilter-persistent
|
||||
state: present
|
||||
tags:
|
||||
- firewalld
|
||||
- iptables
|
||||
|
||||
# Open Required Master Ports
|
||||
- name: open ports ( MASTERS )
|
||||
firewalld:
|
||||
port: "{{ item.port }}"
|
||||
|
||||
permanent: yes
|
||||
state: enabled
|
||||
with_items:
|
||||
- { port: 6443/tcp }
|
||||
- { port: 8285/udp }
|
||||
- { port: 8472/tcp }
|
||||
- { port: 8080/tcp }
|
||||
- { port: 2379-2380/tcp }
|
||||
- { port: 10250-10252/tcp }
|
||||
when: "'masters' in group_names"
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
# Opern Required Worker Ports
|
||||
- name: open ports ( WORKERS )
|
||||
firewalld:
|
||||
port: "{{ item.port }}"
|
||||
permanent: yes
|
||||
state: enabled
|
||||
with_items:
|
||||
- { port: 10250/tcp }
|
||||
- { port: 8285/udp }
|
||||
- { port: 8472/tcp }
|
||||
- { port: 8080/tcp }
|
||||
- { port: 30000-32767/tcp }
|
||||
when: "'workers' in group_names"
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
# Turn on and Enable Firewalld
|
||||
- name: Turn on and enable firewalld
|
||||
service:
|
||||
name: firewalld
|
||||
state: restarted
|
||||
enabled: yes
|
||||
tags:
|
||||
- firewalld
|
||||
|
||||
# Make it so iptables is configured to allow flannel and coredns pods to start and add iptables rules
|
||||
- name: iptables default policies need to be ACCEPT on all chains
|
||||
iptables:
|
||||
chain: '{{item}}'
|
||||
policy: ACCEPT
|
||||
with_items:
|
||||
- INPUT
|
||||
- FORWARD
|
||||
- OUTPUT
|
||||
tags:
|
||||
- iptables
|
||||
|
||||
- name: save iptables rules (Debian)
|
||||
shell: netfilter-persistent save
|
||||
tags:
|
||||
- iptables
|
||||
|
||||
#############################
|
||||
### Disable SWAP ###
|
||||
#############################
|
||||
|
||||
# Disable swap right now
|
||||
- name: disable swap NOW
|
||||
shell: /usr/sbin/swapoff -a
|
||||
|
||||
# Use if you have swap in your /etc/fstab file to comment out the swap line for presistence
|
||||
#- name: Disable swap persistently
|
||||
# command: sudo sed -i '/ swap / s/^/#/' /etc/fstab
|
||||
|
||||
##########################################
|
||||
## LETTING IPTABLES SEE BRIDGED TRAFFIC ##
|
||||
#########################################
|
||||
|
||||
# Load br_netfilter and overlay module
|
||||
- name: Load required modules
|
||||
modprobe:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
with_items:
|
||||
- { name: br_netfilter }
|
||||
- { name: overlay }
|
||||
|
||||
# Create config to ensure modules are loaded on reboots
|
||||
- name: Place k8s.conf in modules-load.d
|
||||
template:
|
||||
src: k8s_modules.conf.j2
|
||||
dest: /etc/modules-load.d/k8s.conf
|
||||
|
||||
# Ensure sysctl options are set to allow proper network operation
|
||||
- name: Adding /etc/sysctl.d/k8s.conf
|
||||
template:
|
||||
src: k8s_sysctl.conf.j2
|
||||
dest: /etc/sysctl.d/k8s.conf
|
||||
|
||||
# Apply the sysctl changes made right now
|
||||
- name: Apply sysctl changes
|
||||
command: /usr/sbin/sysctl --system
|
||||
|
||||
# Add cgroups to cmdline
|
||||
- name: Add cgroups to cmdline
|
||||
template:
|
||||
src: cmdline.txt.j2
|
||||
dest: /boot/firmware/cmdline.txt
|
||||
register: task_result
|
||||
|
||||
- name: Reboot immediately if there was a change.
|
||||
shell: "sleep 5 && reboot"
|
||||
async: 1
|
||||
poll: 0
|
||||
when: task_result is changed
|
||||
|
||||
- name: Wait for the reboot to complete if there was a change.
|
||||
wait_for_connection:
|
||||
connect_timeout: 20
|
||||
sleep: 5
|
||||
delay: 5
|
||||
timeout: 300
|
||||
when: task_result is changed
|
||||
|
||||
|
||||
#####################################
|
||||
## INSTALL CONTAINERD ####
|
||||
#####################################
|
||||
|
||||
# Install the required packages to perform the below operations
|
||||
- name: Install required software to setup containerd install repo
|
||||
apt:
|
||||
pkg:
|
||||
- bridge-utils
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
- gnupg
|
||||
- lsb-release
|
||||
|
||||
# Add official docker repo gpg key
|
||||
- name: Add docker official gpg key
|
||||
shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
||||
|
||||
# Setup the repo file on the host
|
||||
- name: Setup Stable docker repository
|
||||
template:
|
||||
src: docker.list.j2
|
||||
dest: /etc/apt/sources.list.d/docker.list
|
||||
|
||||
# Update the repo based on the new repolist added and install containerd
|
||||
- name: Apt-get update and Install containerd
|
||||
apt:
|
||||
pkg:
|
||||
- containerd.io
|
||||
update_cache: yes
|
||||
|
||||
# Build the containerd config directory
|
||||
- name: Make /etc/containerd directory
|
||||
file:
|
||||
path: /etc/containerd
|
||||
state: directory
|
||||
|
||||
# Tell containerd the location of the config
|
||||
- name: Set containerd config default
|
||||
command: containerd config default | sudo tee /etc/containerd/config.toml
|
||||
|
||||
# Restart containerd
|
||||
- name: Restart and enable containerd
|
||||
service:
|
||||
name: containerd
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
# Place the config file in the new config directory
|
||||
- name: Place config.toml file
|
||||
template:
|
||||
src: config.toml.j2
|
||||
dest: /etc/containerd/config.toml
|
||||
|
||||
# Restart containerd AGAIN
|
||||
- name: Restart and enable containerd
|
||||
service:
|
||||
name: containerd
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
################################################
|
||||
### INSTALL KUBEADM, KUBELET, KUBECTL ######
|
||||
################################################
|
||||
|
||||
# Download google cloud GPG key
|
||||
- name: Download the google cloud public signing GPG key
|
||||
shell: sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
||||
|
||||
# setup kubernetes repo
|
||||
- name: Setup kubernetes repository
|
||||
template:
|
||||
src: kubernetes.list.j2
|
||||
dest: /etc/apt/sources.list.d/kubernetes.list
|
||||
|
||||
# Install kubectl on all nodes in the lab
|
||||
- name: Apt-get update and Install kubectl on entire lab
|
||||
apt:
|
||||
pkg:
|
||||
- kubectl
|
||||
update_cache: yes
|
||||
|
||||
# Install kubeadm on all k8s nodes
|
||||
- name: Apt-get update and Install kubeadm on entire k8s cluster
|
||||
apt:
|
||||
pkg:
|
||||
- kubeadm
|
||||
update_cache: yes
|
||||
when: "'masters' or 'workers' in group_names"
|
||||
|
||||
# Install kubelet on the workers
|
||||
- name: Apt-get update and Install kubelet on workers
|
||||
apt:
|
||||
pkg:
|
||||
- kubelet
|
||||
update_cache: yes
|
||||
when: "'workers' or 'masters' in group_names"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user