diff --git a/ansible/inventory/host_vars/localhost/vault.yaml b/ansible/inventory/host_vars/localhost/vault.yaml new file mode 100644 index 0000000..e1c8138 --- /dev/null +++ b/ansible/inventory/host_vars/localhost/vault.yaml @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +62366563373934316433393435313132323662363838613262646237386332346564326531376335 +3436653065616663356263633632313530386661333134620a326132376466646537313039633834 +64653131623563383039373536363739313939393439306466643264323933346464326137333735 +3935373966333335320a363666663732353332373936666631346536393365643937313130393166 +30663636303133346439376361393532373363343035623864616533653733383236353538376362 +6161313334363461633436373737333263303666363333343464 diff --git a/ansible/playbooks/88_scratch.yaml b/ansible/playbooks/88_scratch.yaml new file mode 100644 index 0000000..630d646 --- /dev/null +++ b/ansible/playbooks/88_scratch.yaml @@ -0,0 +1,7 @@ +--- +- name: scratch testing + hosts: localhost + gather_facts: false + become: false + roles: + - scratch \ No newline at end of file diff --git a/ansible/roles/k8s_control/defaults/main.yaml b/ansible/roles/k8s_control/defaults/main.yaml index 64f21b2..3480aa9 100644 --- a/ansible/roles/k8s_control/defaults/main.yaml +++ b/ansible/roles/k8s_control/defaults/main.yaml @@ -1,2 +1,9 @@ --- -k8s_control_master_node: kube01.balsillie.net \ No newline at end of file +k8s_control_master_node: kube01.balsillie.net +k8s_endpoint: k8s.balsillie.net +k8s_api_port: "6443" +k8s_cri_socket: /run/containerd/containerd.sock +k8s_service_domain: cluster.internal +k8s_pod_cidr: 10.128.0.0/16 +k8s_service_cidr: 10.96.0.0/16 +local_user: michael \ No newline at end of file diff --git a/ansible/roles/k8s_control/tasks/main.yaml b/ansible/roles/k8s_control/tasks/main.yaml index 5ccd060..4b0d301 100644 --- a/ansible/roles/k8s_control/tasks/main.yaml +++ b/ansible/roles/k8s_control/tasks/main.yaml @@ -12,6 +12,7 @@ cmd: | containerd config default > /etc/containerd/config.toml creates: /etc/containerd/config.toml + register: containerd_config - name: enable systemd cgroups in containerd config ansible.builtin.lineinfile: @@ -20,27 +21,86 @@ line: ' SystemdCgroup = true' backrefs: true state: present + register: containerd_cgroup -- name: enable and start containerd service +- name: restart containerd service if either of the above changed + when: (containerd_config is changed) or (containerd_cgroup is changed) ansible.builtin.service: name: containerd state: restarted enabled: true -- name: kubeadm init - when: ansible_host == {{ k8s_control_master_node }} +- name: ensure containerd is running + ansible.builtin.service: + name: containerd + state: started + enabled: true + +- name: kubeadm init master node + when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host'] + block: + + - name: init the master node + ansible.builtin.shell: + cmd: | + kubeadm init \ + --control-plane-endpoint {{ k8s_endpoint }} \ + --cri-socket /run/containerd/containerd.sock \ + --pod-network-cidr {{ k8s_pod_cidr }} \ + --service-cidr {{ k8s_service_cidr }} \ + --apiserver-bind-port {{ k8s_api_port }} \ + --apiserver-cert-extra-sans {{ k8s_endpoint }} \ + --node-name {{ ansible_hostname }} \ + --feature-gates IPv6DualStack=false \ + --feature-gates PublicKeysECDSA=true \ + --service-dns-domain {{ k8s_service_domain }} \ + creates: /etc/kubernetes/admin.conf + register: k8s_init + + - name: register the control plane certificate key + ansible.builtin.shell: + cmd: | + kubeadm init phase upload-certs --upload-certs --one-output + register: join_key + + - name: register the join command + ansible.builtin.shell: + cmd: | + kubeadm token create --print-join-command + register: join_command + + - name: prepare local folder for kube config + delegate_to: localhost + ansible.builtin.file: + path: /home/{{ local_user }}/.kube + state: directory + owner: "{{ local_user }}" + group: "{{ local_user }}" + mode: 0770 + + - name: retrieve kube config and store locally + ansible.builtin.fetch: + flat: true + src: /etc/kubernetes/admin.conf + dest: /home/{{ local_user }}/.kube/config + fail_on_missing: true + validate_checksum: true + + - name: set permissions on local kube config + delegate_to: localhost + ansible.builtin.file: + path: /home/{{ local_user }}/.kube/config + owner: "{{ local_user }}" + group: "{{ local_user }}" + mode: 0600 + +- name: kubeadm join remaining control plain nodes + when: ansible_host != hostvars[groups['k8s_control'][0]]['ansible_host'] ansible.builtin.shell: cmd: | - kubeadm init \ - --apiserver-advertise-address="" \ - --apiserver-cert-extra-sans="" \ - --node-name k8s-master \ - --pod-network-cidr=192.168.0.0/16 + {{ hostvars[groups['k8s_control'][0]]['join_command']['stdout'] }} \ + --control-plane \ + --certificate-key {{ hostvars[groups['k8s_control'][0]]['join_key']['stdout_lines'][2] }} \ + --cri-socket /run/containerd/containerd.sock \ + --node-name {{ ansible_hostname }} creates: /etc/kubernetes/admin.conf - -- name: join remaining nodes - when: ansible_host != {{ k8s_control_master_node }} - ansible.builtin.shell: - cmd: | - - creates: diff --git a/ansible/roles/scratch/tasks/main.yaml b/ansible/roles/scratch/tasks/main.yaml new file mode 100644 index 0000000..bf657cb --- /dev/null +++ b/ansible/roles/scratch/tasks/main.yaml @@ -0,0 +1,8 @@ +--- +- name: debug hostname + ansible.builtin.debug: + msg: + - "{{ hostvars[groups['k8s_control'][0]]['ansible_host'] }}" + - "{{ ansible_host }}" + + # ['hosts'][0] \ No newline at end of file