--- # tasks file for kubeadm_install ############################### ### Pre-reqs ### ############################### # Check to see if these exist. If they do remove them. Not removing them will cause issues for every run of this playbook after the first - name: Remove existing gpg keys and repos to prevent issues file: path: "{{ item.path }}" state: absent with_items: - { path: /etc/apt/sources.list.d/kubernetes.list } - { path: /usr/share/keyrings/kubernetes-archive-keyring.gpg } - { path: /etc/apt/sources.list.d/docker.list } - { path: /usr/share/keyrings/docker-archive-keyring.gpg } ############################### ### Open Firewalld Ports ### ############################### # Install Firewalld and netfilter-persistent - name: Install firewalld and ( netfilter-persistent Debian only ) apt: pkg: - firewalld - netfilter-persistent state: present tags: - firewalld - iptables # Open Required Master Ports - name: open ports ( MASTERS ) firewalld: port: "{{ item.port }}" permanent: yes state: enabled with_items: - { port: 6443/tcp } - { port: 8285/udp } - { port: 8472/tcp } - { port: 8080/tcp } - { port: 2379-2380/tcp } - { port: 10250-10252/tcp } when: "'masters' in group_names" tags: - firewalld # Opern Required Worker Ports - name: open ports ( WORKERS ) firewalld: port: "{{ item.port }}" permanent: yes state: enabled with_items: - { port: 10250/tcp } - { port: 8285/udp } - { port: 8472/tcp } - { port: 8080/tcp } - { port: 30000-32767/tcp } when: "'workers' in group_names" tags: - firewalld # Turn on and Enable Firewalld - name: Turn on and enable firewalld service: name: firewalld state: restarted enabled: yes tags: - firewalld # Make it so iptables is configured to allow flannel and coredns pods to start and add iptables rules - name: iptables default policies need to be ACCEPT on all chains iptables: chain: '{{item}}' policy: ACCEPT with_items: - INPUT - FORWARD - OUTPUT tags: - iptables - name: save iptables rules (Debian) shell: netfilter-persistent save tags: - iptables ############################# ### Disable SWAP ### ############################# # Disable swap right now - name: disable swap NOW shell: /usr/sbin/swapoff -a # Use if you have swap in your /etc/fstab file to comment out the swap line for presistence #- name: Disable swap persistently # command: sudo sed -i '/ swap / s/^/#/' /etc/fstab ########################################## ## LETTING IPTABLES SEE BRIDGED TRAFFIC ## ######################################### # Load br_netfilter and overlay module - name: Load required modules modprobe: name: "{{ item.name }}" state: present with_items: - { name: br_netfilter } - { name: overlay } # Create config to ensure modules are loaded on reboots - name: Place k8s.conf in modules-load.d template: src: k8s_modules.conf.j2 dest: /etc/modules-load.d/k8s.conf # Ensure sysctl options are set to allow proper network operation - name: Adding /etc/sysctl.d/k8s.conf template: src: k8s_sysctl.conf.j2 dest: /etc/sysctl.d/k8s.conf # Apply the sysctl changes made right now - name: Apply sysctl changes command: /usr/sbin/sysctl --system # Add cgroups to cmdline - name: Add cgroups to cmdline template: src: cmdline.txt.j2 dest: /boot/firmware/cmdline.txt register: task_result - name: Reboot immediately if there was a change. shell: "sleep 5 && reboot" async: 1 poll: 0 when: task_result is changed - name: Wait for the reboot to complete if there was a change. wait_for_connection: connect_timeout: 20 sleep: 5 delay: 5 timeout: 300 when: task_result is changed ##################################### ## INSTALL CONTAINERD #### ##################################### # Install the required packages to perform the below operations - name: Install required software to setup containerd install repo apt: pkg: - bridge-utils - apt-transport-https - ca-certificates - curl - gnupg - lsb-release # Add official docker repo gpg key - name: Add docker official gpg key shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # Setup the repo file on the host - name: Setup Stable docker repository template: src: docker.list.j2 dest: /etc/apt/sources.list.d/docker.list # Update the repo based on the new repolist added and install containerd - name: Apt-get update and Install containerd apt: pkg: - containerd.io update_cache: yes # Build the containerd config directory - name: Make /etc/containerd directory file: path: /etc/containerd state: directory # Tell containerd the location of the config - name: Set containerd config default command: containerd config default | sudo tee /etc/containerd/config.toml # Restart containerd - name: Restart and enable containerd service: name: containerd state: restarted enabled: yes # Place the config file in the new config directory - name: Place config.toml file template: src: config.toml.j2 dest: /etc/containerd/config.toml # Restart containerd AGAIN - name: Restart and enable containerd service: name: containerd state: restarted enabled: yes ################################################ ### INSTALL KUBEADM, KUBELET, KUBECTL ###### ################################################ # Download google cloud GPG key - name: Download the google cloud public signing GPG key shell: sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg # setup kubernetes repo - name: Setup kubernetes repository template: src: kubernetes.list.j2 dest: /etc/apt/sources.list.d/kubernetes.list # Install kubectl on all nodes in the lab - name: Apt-get update and Install kubectl on entire lab apt: pkg: - kubectl update_cache: yes # Install kubeadm on all k8s nodes - name: Apt-get update and Install kubeadm on entire k8s cluster apt: pkg: - kubeadm update_cache: yes when: "'masters' or 'workers' in group_names" # Install kubelet on the workers - name: Apt-get update and Install kubelet on workers apt: pkg: - kubelet update_cache: yes when: "'workers' or 'masters' in group_names"