1
0
IaC/ansible/roles/k8s_control/tasks/main.yaml
2022-11-03 03:59:42 +13:00

126 lines
3.8 KiB
YAML

---
- name: write cluster api address to hosts file
ansible.builtin.lineinfile:
line: "{{ k8s_address }} {{ k8s_endpoint }}"
insertafter: EOF
path: /etc/hosts
- name: create containerd config dir
ansible.builtin.file:
path: /etc/containerd
state: directory
owner: root
group: root
mode: 0664
- name: create containerd default config
ansible.builtin.shell:
cmd: |
containerd config default > /etc/containerd/config.toml
creates: /etc/containerd/config.toml
register: containerd_config
- name: enable systemd cgroups in containerd config
ansible.builtin.lineinfile:
path: /etc/containerd/config.toml
regexp: '^(.*)SystemdCgroup = false$'
line: ' SystemdCgroup = true'
backrefs: true
state: present
register: containerd_cgroup
- name: restart containerd service if either of the above changed
when: (containerd_config is changed) or (containerd_cgroup is changed)
ansible.builtin.service:
name: containerd
state: restarted
enabled: true
- name: ensure containerd is running
ansible.builtin.service:
name: containerd
state: started
enabled: true
- name: kubeadm init master node
when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host']
block:
- name: init the master node
ansible.builtin.shell:
cmd: |
kubeadm init \
--control-plane-endpoint {{ k8s_address }} \
--cri-socket /run/containerd/containerd.sock \
--pod-network-cidr {{ k8s_pod_cidr }} \
--service-cidr {{ k8s_service_cidr }} \
--apiserver-bind-port {{ k8s_api_port }} \
--apiserver-cert-extra-sans {{ k8s_endpoint }} \
--apiserver-cert-extra-sans {{ k8s_address }} \
--node-name {{ ansible_hostname }} \
--feature-gates IPv6DualStack=false \
--feature-gates PublicKeysECDSA=true \
--service-dns-domain {{ k8s_service_domain }} \
creates: /etc/kubernetes/admin.conf
register: k8s_init
# --skip-phases=addon/kube-proxy \
# TODO a check here to wait until node has finished init
- name: register the control plane certificate key
ansible.builtin.shell:
cmd: |
kubeadm init phase upload-certs --upload-certs --one-output
register: join_key
- name: register the join command
ansible.builtin.shell:
cmd: |
kubeadm token create --print-join-command
register: join_command
- name: prepare local folder for kube config
delegate_to: localhost
ansible.builtin.file:
path: /home/{{ local_user }}/.kube
state: directory
owner: "{{ local_user }}"
group: "{{ local_user }}"
mode: 0770
- name: retrieve kube config and store locally
ansible.builtin.fetch:
flat: true
src: /etc/kubernetes/admin.conf
dest: /home/{{ local_user }}/.kube/config
fail_on_missing: true
validate_checksum: true
- name: set permissions on local kube config
delegate_to: localhost
ansible.builtin.file:
path: /home/{{ local_user }}/.kube/config
owner: "{{ local_user }}"
group: "{{ local_user }}"
mode: 0600
- name: kubeadm join remaining control plain nodes
when: ansible_host != hostvars[groups['k8s_control'][0]]['ansible_host']
ansible.builtin.shell:
cmd: |
{{ hostvars[groups['k8s_control'][0]]['join_command']['stdout'] }} \
--control-plane \
--certificate-key {{ hostvars[groups['k8s_control'][0]]['join_key']['stdout_lines'][2] }} \
--cri-socket /run/containerd/containerd.sock \
--node-name {{ ansible_hostname }}
creates: /etc/kubernetes/admin.conf
# --skip-phases=addon/kube-proxy \
- name: set kubelet service to enabled at startup
ansible.builtin.service:
name: kubelet.service
state: started
enabled: true