1
0
IaC/ansible/roles/k8s_control/tasks/main.yaml

158 lines
4.7 KiB
YAML
Raw Permalink Normal View History

2022-10-30 07:56:06 -04:00
---
2022-11-01 05:13:56 -04:00
- name: write cluster api address to hosts file
ansible.builtin.lineinfile:
2022-12-05 07:56:55 -05:00
line: "{{ item }}"
2022-11-01 05:13:56 -04:00
insertafter: EOF
path: /etc/hosts
2022-12-05 07:56:55 -05:00
with_items:
- "{{ k8s_v4_address }} {{ k8s_endpoint }}"
- "{{ k8s_v6_address }} {{ k8s_endpoint }}"
2022-11-01 05:13:56 -04:00
2022-10-30 09:25:47 -04:00
- name: create containerd config dir
ansible.builtin.file:
path: /etc/containerd
state: directory
owner: root
group: root
mode: 0664
- name: create containerd default config
ansible.builtin.shell:
cmd: |
containerd config default > /etc/containerd/config.toml
creates: /etc/containerd/config.toml
2022-10-31 09:56:41 -04:00
register: containerd_config
2022-10-30 09:25:47 -04:00
- name: enable systemd cgroups in containerd config
ansible.builtin.lineinfile:
path: /etc/containerd/config.toml
regexp: '^(.*)SystemdCgroup = false$'
line: ' SystemdCgroup = true'
backrefs: true
2022-10-30 10:01:23 -04:00
state: present
2022-10-31 09:56:41 -04:00
register: containerd_cgroup
2022-10-30 10:01:23 -04:00
2022-10-31 09:56:41 -04:00
- name: restart containerd service if either of the above changed
when: (containerd_config is changed) or (containerd_cgroup is changed)
2022-10-30 10:01:23 -04:00
ansible.builtin.service:
name: containerd
state: restarted
enabled: true
2022-10-31 09:56:41 -04:00
- name: ensure containerd is running
ansible.builtin.service:
name: containerd
state: started
enabled: true
2022-12-05 07:56:55 -05:00
- name: ensure ip forwarding is active
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
state: present
sysctl_set: true
reload: true
with_items:
- key: net.ipv6.conf.all.forwarding
value: '1'
- key: net.ipv4.conf.all.forwarding
value: '1'
2022-10-31 09:56:41 -04:00
- name: kubeadm init master node
when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host']
block:
- name: init the master node
ansible.builtin.shell:
cmd: |
kubeadm init \
2022-12-06 05:06:44 -05:00
--control-plane-endpoint="{{ k8s_endpoint }}" \
--cri-socket="/run/containerd/containerd.sock" \
--pod-network-cidr="{{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }}" \
--service-cidr="{{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}}" \
--apiserver-advertise-address="{{ ansible_default_ipv4.address }}" \
--apiserver-bind-port={{ k8s_api_port }} \
--apiserver-cert-extra-sans="{{ k8s_endpoint }}" \
--apiserver-cert-extra-sans="{{ k8s_v4_address }}" \
--apiserver-cert-extra-sans="{{ k8s_v6_address }}" \
--node-name="{{ ansible_hostname }}" \
--service-dns-domain="{{ k8s_service_domain }}" \
2022-10-31 09:56:41 -04:00
creates: /etc/kubernetes/admin.conf
register: k8s_init
2022-10-30 10:01:23 -04:00
2022-11-02 10:59:42 -04:00
# --skip-phases=addon/kube-proxy \
# TODO a check here to wait until node has finished init
2022-10-31 09:56:41 -04:00
- name: register the control plane certificate key
ansible.builtin.shell:
cmd: |
kubeadm init phase upload-certs --upload-certs --one-output
register: join_key
- name: register the join command
ansible.builtin.shell:
cmd: |
kubeadm token create --print-join-command
register: join_command
- name: prepare local folder for kube config
delegate_to: localhost
ansible.builtin.file:
path: /home/{{ local_user }}/.kube
state: directory
owner: "{{ local_user }}"
group: "{{ local_user }}"
mode: 0770
- name: retrieve kube config and store locally
ansible.builtin.fetch:
flat: true
src: /etc/kubernetes/admin.conf
dest: /home/{{ local_user }}/.kube/config
fail_on_missing: true
validate_checksum: true
- name: set permissions on local kube config
delegate_to: localhost
ansible.builtin.file:
path: /home/{{ local_user }}/.kube/config
owner: "{{ local_user }}"
group: "{{ local_user }}"
mode: 0600
2022-12-05 18:48:15 -05:00
- name: fix core-dns resolution
delegate_to: localhost
run_once: true
become: false
block:
- name: template out core-dns configmap
ansible.builtin.template:
src: core-dns_configmap.yaml.j2
dest: "{{ ansible_search_path[0] }}/files/core-dns/core-dns_configmap.yaml"
- name: configure coredns to resolve directly from upstream
kubernetes.core.k8s:
src: "{{ ansible_search_path[0] }}/files/core-dns/core-dns_configmap.yaml"
state: present
2022-10-31 09:56:41 -04:00
- name: kubeadm join remaining control plain nodes
when: ansible_host != hostvars[groups['k8s_control'][0]]['ansible_host']
2022-10-30 10:01:23 -04:00
ansible.builtin.shell:
cmd: |
2022-10-31 09:56:41 -04:00
{{ hostvars[groups['k8s_control'][0]]['join_command']['stdout'] }} \
--control-plane \
--certificate-key {{ hostvars[groups['k8s_control'][0]]['join_key']['stdout_lines'][2] }} \
--cri-socket /run/containerd/containerd.sock \
--node-name {{ ansible_hostname }}
creates: /etc/kubernetes/admin.conf
2022-11-02 05:18:55 -04:00
2022-11-02 10:59:42 -04:00
# --skip-phases=addon/kube-proxy \
2022-11-02 05:18:55 -04:00
- name: set kubelet service to enabled at startup
ansible.builtin.service:
name: kubelet.service
2022-11-02 10:59:42 -04:00
state: started
2022-11-02 05:18:55 -04:00
enabled: true