--- - name: write cluster api address to hosts file ansible.builtin.lineinfile: line: "{{ item }}" insertafter: EOF path: /etc/hosts with_items: - "{{ k8s_v4_address }} {{ k8s_endpoint }}" - "{{ k8s_v6_address }} {{ k8s_endpoint }}" - name: create containerd config dir ansible.builtin.file: path: /etc/containerd state: directory owner: root group: root mode: 0664 - name: create containerd default config ansible.builtin.shell: cmd: | containerd config default > /etc/containerd/config.toml creates: /etc/containerd/config.toml register: containerd_config - name: enable systemd cgroups in containerd config ansible.builtin.lineinfile: path: /etc/containerd/config.toml regexp: '^(.*)SystemdCgroup = false$' line: ' SystemdCgroup = true' backrefs: true state: present register: containerd_cgroup - name: restart containerd service if either of the above changed when: (containerd_config is changed) or (containerd_cgroup is changed) ansible.builtin.service: name: containerd state: restarted enabled: true - name: ensure containerd is running ansible.builtin.service: name: containerd state: started enabled: true - name: ensure ip forwarding is active ansible.posix.sysctl: name: "{{ item.key }}" value: "{{ item.value }}" state: present sysctl_set: true reload: true with_items: - key: net.ipv6.conf.all.forwarding value: '1' - key: net.ipv4.conf.all.forwarding value: '1' - name: kubeadm init master node when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host'] block: - name: init the master node ansible.builtin.shell: cmd: | kubeadm init \ --control-plane-endpoint {{ k8s_endpoint }} \ --cri-socket /run/containerd/containerd.sock \ --pod-network-cidr {{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }} \ --service-cidr {{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}} \ --apiserver-bind-port {{ k8s_api_port }} \ --apiserver-cert-extra-sans {{ k8s_endpoint }} \ --apiserver-cert-extra-sans {{ k8s_v4_address }} \ --apiserver-cert-extra-sans {{ k8s_v6_address }} \ --node-name {{ ansible_hostname }} \ --feature-gates IPv6DualStack=true \ --feature-gates PublicKeysECDSA=true \ --service-dns-domain {{ k8s_service_domain }} \ creates: /etc/kubernetes/admin.conf register: k8s_init # --skip-phases=addon/kube-proxy \ # TODO a check here to wait until node has finished init - name: register the control plane certificate key ansible.builtin.shell: cmd: | kubeadm init phase upload-certs --upload-certs --one-output register: join_key - name: register the join command ansible.builtin.shell: cmd: | kubeadm token create --print-join-command register: join_command - name: prepare local folder for kube config delegate_to: localhost ansible.builtin.file: path: /home/{{ local_user }}/.kube state: directory owner: "{{ local_user }}" group: "{{ local_user }}" mode: 0770 - name: retrieve kube config and store locally ansible.builtin.fetch: flat: true src: /etc/kubernetes/admin.conf dest: /home/{{ local_user }}/.kube/config fail_on_missing: true validate_checksum: true - name: set permissions on local kube config delegate_to: localhost ansible.builtin.file: path: /home/{{ local_user }}/.kube/config owner: "{{ local_user }}" group: "{{ local_user }}" mode: 0600 - name: kubeadm join remaining control plain nodes when: ansible_host != hostvars[groups['k8s_control'][0]]['ansible_host'] ansible.builtin.shell: cmd: | {{ hostvars[groups['k8s_control'][0]]['join_command']['stdout'] }} \ --control-plane \ --certificate-key {{ hostvars[groups['k8s_control'][0]]['join_key']['stdout_lines'][2] }} \ --cri-socket /run/containerd/containerd.sock \ --node-name {{ ansible_hostname }} creates: /etc/kubernetes/admin.conf # --skip-phases=addon/kube-proxy \ - name: set kubelet service to enabled at startup ansible.builtin.service: name: kubelet.service state: started enabled: true