2022-10-30 07:56:06 -04:00
|
|
|
---
|
2022-11-01 05:13:56 -04:00
|
|
|
- name: write cluster api address to hosts file
|
|
|
|
ansible.builtin.lineinfile:
|
2022-12-05 07:56:55 -05:00
|
|
|
line: "{{ item }}"
|
2022-11-01 05:13:56 -04:00
|
|
|
insertafter: EOF
|
|
|
|
path: /etc/hosts
|
2022-12-05 07:56:55 -05:00
|
|
|
with_items:
|
|
|
|
- "{{ k8s_v4_address }} {{ k8s_endpoint }}"
|
|
|
|
- "{{ k8s_v6_address }} {{ k8s_endpoint }}"
|
2022-11-01 05:13:56 -04:00
|
|
|
|
2022-10-30 09:25:47 -04:00
|
|
|
- name: create containerd config dir
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /etc/containerd
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0664
|
|
|
|
|
|
|
|
- name: create containerd default config
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: |
|
|
|
|
containerd config default > /etc/containerd/config.toml
|
|
|
|
creates: /etc/containerd/config.toml
|
2022-10-31 09:56:41 -04:00
|
|
|
register: containerd_config
|
2022-10-30 09:25:47 -04:00
|
|
|
|
|
|
|
- name: enable systemd cgroups in containerd config
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /etc/containerd/config.toml
|
|
|
|
regexp: '^(.*)SystemdCgroup = false$'
|
|
|
|
line: ' SystemdCgroup = true'
|
|
|
|
backrefs: true
|
2022-10-30 10:01:23 -04:00
|
|
|
state: present
|
2022-10-31 09:56:41 -04:00
|
|
|
register: containerd_cgroup
|
2022-10-30 10:01:23 -04:00
|
|
|
|
2022-10-31 09:56:41 -04:00
|
|
|
- name: restart containerd service if either of the above changed
|
|
|
|
when: (containerd_config is changed) or (containerd_cgroup is changed)
|
2022-10-30 10:01:23 -04:00
|
|
|
ansible.builtin.service:
|
|
|
|
name: containerd
|
|
|
|
state: restarted
|
|
|
|
enabled: true
|
|
|
|
|
2022-10-31 09:56:41 -04:00
|
|
|
- name: ensure containerd is running
|
|
|
|
ansible.builtin.service:
|
|
|
|
name: containerd
|
|
|
|
state: started
|
|
|
|
enabled: true
|
|
|
|
|
2022-12-05 07:56:55 -05:00
|
|
|
- name: ensure ip forwarding is active
|
|
|
|
ansible.posix.sysctl:
|
|
|
|
name: "{{ item.key }}"
|
|
|
|
value: "{{ item.value }}"
|
|
|
|
state: present
|
|
|
|
sysctl_set: true
|
|
|
|
reload: true
|
|
|
|
with_items:
|
|
|
|
- key: net.ipv6.conf.all.forwarding
|
|
|
|
value: '1'
|
|
|
|
- key: net.ipv4.conf.all.forwarding
|
|
|
|
value: '1'
|
|
|
|
|
2022-10-31 09:56:41 -04:00
|
|
|
- name: kubeadm init master node
|
|
|
|
when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host']
|
|
|
|
block:
|
|
|
|
|
|
|
|
- name: init the master node
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: |
|
|
|
|
kubeadm init \
|
2022-12-05 07:56:55 -05:00
|
|
|
--control-plane-endpoint {{ k8s_endpoint }} \
|
2022-10-31 09:56:41 -04:00
|
|
|
--cri-socket /run/containerd/containerd.sock \
|
2022-12-05 07:56:55 -05:00
|
|
|
--pod-network-cidr {{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }} \
|
|
|
|
--service-cidr {{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}} \
|
2022-10-31 09:56:41 -04:00
|
|
|
--apiserver-bind-port {{ k8s_api_port }} \
|
|
|
|
--apiserver-cert-extra-sans {{ k8s_endpoint }} \
|
2022-12-05 08:01:33 -05:00
|
|
|
--apiserver-cert-extra-sans {{ k8s_v4_address }} \
|
|
|
|
--apiserver-cert-extra-sans {{ k8s_v6_address }} \
|
2022-10-31 09:56:41 -04:00
|
|
|
--node-name {{ ansible_hostname }} \
|
2022-12-05 07:56:55 -05:00
|
|
|
--feature-gates IPv6DualStack=true \
|
2022-10-31 09:56:41 -04:00
|
|
|
--feature-gates PublicKeysECDSA=true \
|
|
|
|
--service-dns-domain {{ k8s_service_domain }} \
|
|
|
|
creates: /etc/kubernetes/admin.conf
|
|
|
|
register: k8s_init
|
2022-10-30 10:01:23 -04:00
|
|
|
|
2022-11-02 10:59:42 -04:00
|
|
|
# --skip-phases=addon/kube-proxy \
|
|
|
|
|
|
|
|
# TODO a check here to wait until node has finished init
|
|
|
|
|
2022-10-31 09:56:41 -04:00
|
|
|
- name: register the control plane certificate key
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: |
|
|
|
|
kubeadm init phase upload-certs --upload-certs --one-output
|
|
|
|
register: join_key
|
|
|
|
|
|
|
|
- name: register the join command
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: |
|
|
|
|
kubeadm token create --print-join-command
|
|
|
|
register: join_command
|
|
|
|
|
|
|
|
- name: prepare local folder for kube config
|
|
|
|
delegate_to: localhost
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /home/{{ local_user }}/.kube
|
|
|
|
state: directory
|
|
|
|
owner: "{{ local_user }}"
|
|
|
|
group: "{{ local_user }}"
|
|
|
|
mode: 0770
|
|
|
|
|
|
|
|
- name: retrieve kube config and store locally
|
|
|
|
ansible.builtin.fetch:
|
|
|
|
flat: true
|
|
|
|
src: /etc/kubernetes/admin.conf
|
|
|
|
dest: /home/{{ local_user }}/.kube/config
|
|
|
|
fail_on_missing: true
|
|
|
|
validate_checksum: true
|
|
|
|
|
|
|
|
- name: set permissions on local kube config
|
|
|
|
delegate_to: localhost
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /home/{{ local_user }}/.kube/config
|
|
|
|
owner: "{{ local_user }}"
|
|
|
|
group: "{{ local_user }}"
|
|
|
|
mode: 0600
|
|
|
|
|
|
|
|
- name: kubeadm join remaining control plain nodes
|
|
|
|
when: ansible_host != hostvars[groups['k8s_control'][0]]['ansible_host']
|
2022-10-30 10:01:23 -04:00
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: |
|
2022-10-31 09:56:41 -04:00
|
|
|
{{ hostvars[groups['k8s_control'][0]]['join_command']['stdout'] }} \
|
|
|
|
--control-plane \
|
|
|
|
--certificate-key {{ hostvars[groups['k8s_control'][0]]['join_key']['stdout_lines'][2] }} \
|
|
|
|
--cri-socket /run/containerd/containerd.sock \
|
|
|
|
--node-name {{ ansible_hostname }}
|
|
|
|
creates: /etc/kubernetes/admin.conf
|
2022-11-02 05:18:55 -04:00
|
|
|
|
2022-11-02 10:59:42 -04:00
|
|
|
# --skip-phases=addon/kube-proxy \
|
|
|
|
|
2022-11-02 05:18:55 -04:00
|
|
|
- name: set kubelet service to enabled at startup
|
|
|
|
ansible.builtin.service:
|
|
|
|
name: kubelet.service
|
2022-11-02 10:59:42 -04:00
|
|
|
state: started
|
2022-11-02 05:18:55 -04:00
|
|
|
enabled: true
|