256 lines
6.4 KiB
YAML
256 lines
6.4 KiB
YAML
---
|
|
# tasks file for kubeadm_install
|
|
###############################
|
|
### Pre-reqs ###
|
|
###############################
|
|
|
|
# Check to see if these exist. If they do remove them. Not removing them will cause issues for every run of this playbook after the first
|
|
- name: Remove existing gpg keys and repos to prevent issues
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
with_items:
|
|
- { path: /etc/apt/sources.list.d/kubernetes.list }
|
|
- { path: /usr/share/keyrings/kubernetes-archive-keyring.gpg }
|
|
- { path: /etc/apt/sources.list.d/docker.list }
|
|
- { path: /usr/share/keyrings/docker-archive-keyring.gpg }
|
|
|
|
###############################
|
|
### Open Firewalld Ports ###
|
|
###############################
|
|
|
|
# Install Firewalld and netfilter-persistent
|
|
- name: Install firewalld and ( netfilter-persistent Debian only )
|
|
apt:
|
|
pkg:
|
|
- firewalld
|
|
- netfilter-persistent
|
|
state: present
|
|
tags:
|
|
- firewalld
|
|
- iptables
|
|
|
|
# Open Required Master Ports
|
|
- name: open ports ( MASTERS )
|
|
firewalld:
|
|
port: "{{ item.port }}"
|
|
|
|
permanent: yes
|
|
state: enabled
|
|
with_items:
|
|
- { port: 6443/tcp }
|
|
- { port: 8285/udp }
|
|
- { port: 8472/tcp }
|
|
- { port: 8080/tcp }
|
|
- { port: 2379-2380/tcp }
|
|
- { port: 10250-10252/tcp }
|
|
when: "'masters' in group_names"
|
|
tags:
|
|
- firewalld
|
|
|
|
# Opern Required Worker Ports
|
|
- name: open ports ( WORKERS )
|
|
firewalld:
|
|
port: "{{ item.port }}"
|
|
permanent: yes
|
|
state: enabled
|
|
with_items:
|
|
- { port: 10250/tcp }
|
|
- { port: 8285/udp }
|
|
- { port: 8472/tcp }
|
|
- { port: 8080/tcp }
|
|
- { port: 30000-32767/tcp }
|
|
when: "'workers' in group_names"
|
|
tags:
|
|
- firewalld
|
|
|
|
# Turn on and Enable Firewalld
|
|
- name: Turn on and enable firewalld
|
|
service:
|
|
name: firewalld
|
|
state: restarted
|
|
enabled: yes
|
|
tags:
|
|
- firewalld
|
|
|
|
# Make it so iptables is configured to allow flannel and coredns pods to start and add iptables rules
|
|
- name: iptables default policies need to be ACCEPT on all chains
|
|
iptables:
|
|
chain: '{{item}}'
|
|
policy: ACCEPT
|
|
with_items:
|
|
- INPUT
|
|
- FORWARD
|
|
- OUTPUT
|
|
tags:
|
|
- iptables
|
|
|
|
- name: save iptables rules (Debian)
|
|
shell: netfilter-persistent save
|
|
tags:
|
|
- iptables
|
|
|
|
#############################
|
|
### Disable SWAP ###
|
|
#############################
|
|
|
|
# Disable swap right now
|
|
- name: disable swap NOW
|
|
shell: /usr/sbin/swapoff -a
|
|
|
|
# Use if you have swap in your /etc/fstab file to comment out the swap line for presistence
|
|
#- name: Disable swap persistently
|
|
# command: sudo sed -i '/ swap / s/^/#/' /etc/fstab
|
|
|
|
##########################################
|
|
## LETTING IPTABLES SEE BRIDGED TRAFFIC ##
|
|
#########################################
|
|
|
|
# Load br_netfilter and overlay module
|
|
- name: Load required modules
|
|
modprobe:
|
|
name: "{{ item.name }}"
|
|
state: present
|
|
with_items:
|
|
- { name: br_netfilter }
|
|
- { name: overlay }
|
|
|
|
# Create config to ensure modules are loaded on reboots
|
|
- name: Place k8s.conf in modules-load.d
|
|
template:
|
|
src: k8s_modules.conf.j2
|
|
dest: /etc/modules-load.d/k8s.conf
|
|
|
|
# Ensure sysctl options are set to allow proper network operation
|
|
- name: Adding /etc/sysctl.d/k8s.conf
|
|
template:
|
|
src: k8s_sysctl.conf.j2
|
|
dest: /etc/sysctl.d/k8s.conf
|
|
|
|
# Apply the sysctl changes made right now
|
|
- name: Apply sysctl changes
|
|
command: /usr/sbin/sysctl --system
|
|
|
|
# Add cgroups to cmdline
|
|
- name: Add cgroups to cmdline
|
|
template:
|
|
src: cmdline.txt.j2
|
|
dest: /boot/firmware/cmdline.txt
|
|
register: task_result
|
|
|
|
- name: Reboot immediately if there was a change.
|
|
shell: "sleep 5 && reboot"
|
|
async: 1
|
|
poll: 0
|
|
when: task_result is changed
|
|
|
|
- name: Wait for the reboot to complete if there was a change.
|
|
wait_for_connection:
|
|
connect_timeout: 20
|
|
sleep: 5
|
|
delay: 5
|
|
timeout: 300
|
|
when: task_result is changed
|
|
|
|
|
|
#####################################
|
|
## INSTALL CONTAINERD ####
|
|
#####################################
|
|
|
|
# Install the required packages to perform the below operations
|
|
- name: Install required software to setup containerd install repo
|
|
apt:
|
|
pkg:
|
|
- bridge-utils
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- gnupg
|
|
- lsb-release
|
|
|
|
# Add official docker repo gpg key
|
|
- name: Add docker official gpg key
|
|
shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
|
|
|
# Setup the repo file on the host
|
|
- name: Setup Stable docker repository
|
|
template:
|
|
src: docker.list.j2
|
|
dest: /etc/apt/sources.list.d/docker.list
|
|
|
|
# Update the repo based on the new repolist added and install containerd
|
|
- name: Apt-get update and Install containerd
|
|
apt:
|
|
pkg:
|
|
- containerd.io
|
|
update_cache: yes
|
|
|
|
# Build the containerd config directory
|
|
- name: Make /etc/containerd directory
|
|
file:
|
|
path: /etc/containerd
|
|
state: directory
|
|
|
|
# Tell containerd the location of the config
|
|
- name: Set containerd config default
|
|
command: containerd config default | sudo tee /etc/containerd/config.toml
|
|
|
|
# Restart containerd
|
|
- name: Restart and enable containerd
|
|
service:
|
|
name: containerd
|
|
state: restarted
|
|
enabled: yes
|
|
|
|
# Place the config file in the new config directory
|
|
- name: Place config.toml file
|
|
template:
|
|
src: config.toml.j2
|
|
dest: /etc/containerd/config.toml
|
|
|
|
# Restart containerd AGAIN
|
|
- name: Restart and enable containerd
|
|
service:
|
|
name: containerd
|
|
state: restarted
|
|
enabled: yes
|
|
|
|
################################################
|
|
### INSTALL KUBEADM, KUBELET, KUBECTL ######
|
|
################################################
|
|
|
|
# Download google cloud GPG key
|
|
- name: Download the google cloud public signing GPG key
|
|
shell: sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
|
|
# setup kubernetes repo
|
|
- name: Setup kubernetes repository
|
|
template:
|
|
src: kubernetes.list.j2
|
|
dest: /etc/apt/sources.list.d/kubernetes.list
|
|
|
|
# Install kubectl on all nodes in the lab
|
|
- name: Apt-get update and Install kubectl on entire lab
|
|
apt:
|
|
pkg:
|
|
- kubectl
|
|
update_cache: yes
|
|
|
|
# Install kubeadm on all k8s nodes
|
|
- name: Apt-get update and Install kubeadm on entire k8s cluster
|
|
apt:
|
|
pkg:
|
|
- kubeadm
|
|
update_cache: yes
|
|
when: "'masters' or 'workers' in group_names"
|
|
|
|
# Install kubelet on the workers
|
|
- name: Apt-get update and Install kubelet on workers
|
|
apt:
|
|
pkg:
|
|
- kubelet
|
|
update_cache: yes
|
|
when: "'workers' or 'masters' in group_names"
|
|
|
|
|