Doddophonique/tah-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First prototype of Ansible playbooks to install k8s
Some checks reported errors
--> Linted: ANSIBLE Errors were detected, please view logs
Details
--> Linted: GITLEAKS No errors were found in the linting process
Details
--> Linted: JSCPD No errors were found in the linting process
Details
--> Linted: MARKDOWN Errors were detected, please view logs
Details
--> Linted: NATURAL_LANGUAGE No errors were found in the linting process
Details
--> Linted: YAML No errors were found in the linting process
Details
Lint Code Base / run-lint (push) Failing after 43s
Details

Browse Source
This commit is contained in:
Davide Oddone 2024-10-17 17:58:26 +02:00
parent f266b74a72
commit 82693a3389
4 changed files with 419 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/README.md
View File

@ -1,2 +1,5 @@
# TODO
- [] Generalize `inventory.ini` using `terraform output`
# Resources
Mainly used [Install Kubernetes Using Ansible on Ubuntu 24.04](https://infotechys.com/install-kubernetes-using-ansible-on-ubuntu-24-04/) guide paired with the [official Kubernetes blog post](https://kubernetes.io/blog/2019/03/15/kubernetes-setup-using-ansible-and-vagrant/).

236
ansible/kubernetes_master/tasks/main.yml Normal file
View File

@ -0,0 +1,236 @@
---
# tasks file for kubernetes_master
- name: Install required packages
apt:
name:
- curl
- gnupg2
- software-properties-common
- apt-transport-https
- ca-certificates
state: present
update_cache: yes
- name: Install Docker
apt:
name: docker.io
state: present
update_cache: yes
- name: Remove Keyrings Directory (if it exists)
ansible.builtin.shell: rm -rf /etc/apt/keyrings
- name: Remove Existing Kubernetes Directory (if it exists)
ansible.builtin.shell: sudo rm -rf /etc/apt/sources.list.d/pkgs_k8s_io_core_stable_v1_31_deb.list
- name: Disable swap
ansible.builtin.command:
cmd: swapoff -a
- name: Ensure swap is disabled on boot
ansible.builtin.command:
cmd: sudo sed -i -e '/\/swap.img\s\+none\s\+swap\s\+sw\s\+0\s\+0/s/^/#/' /etc/fstab
- name: Add kernel modules for Containerd
ansible.builtin.copy:
dest: /etc/modules-load.d/containerd.conf
content: |
overlay
br_netfilter
- name: Load kernel modules for Containerd
ansible.builtin.shell:
cmd: modprobe overlay && modprobe br_netfilter
become: true
- name: Add kernel parameters for Kubernetes
ansible.builtin.copy:
dest: /etc/sysctl.d/kubernetes.conf
content: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
- name: Load kernel parameter changes
ansible.builtin.command:
cmd: sudo sysctl --system
- name: Configuring Containerd (building the configuration file)
ansible.builtin.command:
cmd: sudo sh -c "containerd config default > /opt/containerd/config.toml"
- name: Configuring Containerd (Setting SystemdCgroup Variable to True)
ansible.builtin.command:
cmd: sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /opt/containerd/config.toml
- name: Reload systemd configuration
ansible.builtin.command:
cmd: systemctl daemon-reload
- name: Restart containerd service
ansible.builtin.service:
name: containerd
state: restarted
- name: Allow 6443/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 6443/tcp
- name: Allow 2379:2380/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 2379:2380/tcp
- name: Allow 22/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 22/tcp
- name: Allow 8080/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 8080/tcp
- name: Allow 10250/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10250/tcp
- name: Allow 10251/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10251/tcp
- name: Allow 10252/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10252/tcp
- name: Allow 10255/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10255/tcp
- name: Allow 5473/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 5473/tcp
- name: Enable the firewall
ansible.builtin.ufw:
state: enabled
- name: Reload the firewall
ansible.builtin.command:
cmd: sudo ufw reload
- name: Prepare keyrings directory and update permissions
file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
- name: Download Kubernetes GPG key securely
ansible.builtin.shell: curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: Add Kubernetes repository
ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /"
state: present
- name: Install kubeadm, kubelet, kubectl
ansible.builtin.apt:
name:
- kubelet
- kubeadm
- kubectl
state: present
update_cache: yes
- name: Hold kubelet, kubeadm, kubectl packages
ansible.builtin.command:
cmd: sudo apt-mark hold kubelet kubeadm kubectl
- name: Replace /etc/default/kubelet contents
ansible.builtin.copy:
dest: /etc/default/kubelet
content: 'KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs"'
- name: Reload systemd configuration
ansible.builtin.command:
cmd: systemctl daemon-reload
- name: Restart kubelet service
ansible.builtin.service:
name: kubelet
state: restarted
- name: Update System-Wide Profile for Kubernetes
ansible.builtin.copy:
dest: /etc/profile.d/kubernetes.sh
content: |
export KUBECONFIG=/etc/kubernetes/admin.conf
export ANSIBLE_USER="ansible"
- name: Reboot the system
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible for Kubernetes setup"
reboot_timeout: 150
- name: Replace Docker daemon.json configuration
ansible.builtin.copy:
dest: /etc/docker/daemon.json
content: |
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
- name: Reload systemd configuration
ansible.builtin.command:
cmd: systemctl daemon-reload
- name: Restart Docker service
ansible.builtin.service:
name: docker
state: restarted
- name: Update Kubeadm Environment Variable
ansible.builtin.command:
cmd: sudo sed -i -e '/^\[Service\]/a Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"' /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
- name: Reload systemd configuration
ansible.builtin.command:
cmd: systemctl daemon-reload
- name: Restart kubelet service
ansible.builtin.service:
name: kubelet
state: restarted
- name: Pull kubeadm container images
ansible.builtin.command:
cmd: sudo kubeadm config images pull
- name: Initialize Kubernetes control plane
ansible.builtin.command:
cmd: kubeadm init --pod-network-cidr=10.244.0.0/16
become: true
changed_when: false
- name: Set permissions for Kubernetes Admin
file:
path: /etc/kubernetes/admin.conf
state: file
owner: ansible
mode: '0755'
- name: Generate join command
command: kubeadm token create --print-join-command
register: join_command
- name: Copy join command to local file
local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="/tmp/join-command"
- name: Set permissions for the Join Executable
file:
path: /tmp/join-command
state: file
mode: '0755'
delegate_to: localhost

7
ansible/kubernetes_network/tasks/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
# tasks file for kubernetes_network
- name: Install Flannel network plugin
ansible.builtin.shell: su - $ANSIBLE_USER -c "kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml"
- name: Taint master node to prevent workload scheduling
ansible.builtin.shell: su - $ANSIBLE_USER -c "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"

173
ansible/kubernetes_worker/tasks/main.yml Normal file
View File

@ -0,0 +1,173 @@
---
# tasks file for kubernetes_worker
- name: Install required packages
apt:
name:
- curl
- gnupg2
- software-properties-common
- apt-transport-https
- ca-certificates
state: present
update_cache: yes
- name: Install Docker
apt:
name: docker.io
state: present
update_cache: yes
- name: Remove Keyrings Directory (if it exists)
ansible.builtin.shell: rm -rf /etc/apt/keyrings
- name: Remove Existing Kubernetes Directory (if it exists)
ansible.builtin.shell: sudo rm -rf /etc/apt/sources.list.d/pkgs_k8s_io_core_stable_v1_30_deb.list
- name: Disable swap
ansible.builtin.command:
cmd: swapoff -a
- name: Ensure swap is disabled on boot
ansible.builtin.command:
cmd: sudo sed -i -e '/\/swap.img\s\+none\s\+swap\s\+sw\s\+0\s\+0/s/^/#/' /etc/fstab
- name: Add kernel modules for Containerd
ansible.builtin.copy:
dest: /etc/modules-load.d/containerd.conf
content: |
overlay
br_netfilter
- name: Load kernel modules for Containerd
ansible.builtin.shell:
cmd: modprobe overlay && modprobe br_netfilter
become: true
- name: Add kernel parameters for Kubernetes
ansible.builtin.copy:
dest: /etc/sysctl.d/kubernetes.conf
content: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
- name: Load kernel parameter changes
ansible.builtin.command:
cmd: sudo sysctl --system
- name: Configuring Containerd (building the configuration file)
ansible.builtin.command:
cmd: sudo sh -c "containerd config default > /opt/containerd/config.toml"
- name: Configuring Containerd (Setting SystemdCgroup Variable to True)
ansible.builtin.command:
cmd: sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /opt/containerd/config.toml
- name: Reload systemd configuration
ansible.builtin.command:
cmd: systemctl daemon-reload
- name: Restart containerd service
ansible.builtin.service:
name: containerd
state: restarted
- name: Allow 6443/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 6443/tcp
- name: Allow 2379:2380/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 2379:2380/tcp
- name: Allow 22/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 22/tcp
- name: Allow 8080/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 8080/tcp
- name: Allow 10250/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10250/tcp
- name: Allow 10251/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10251/tcp
- name: Allow 10252/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10252/tcp
- name: Allow 10255/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 10255/tcp
- name: Allow 5473/tcp through firewall
ansible.builtin.command:
cmd: sudo ufw allow 5473/tcp
- name: Enable the firewall
ansible.builtin.ufw:
state: enabled
- name: Reload the firewall
ansible.builtin.command:
cmd: sudo ufw reload
- name: Prepare keyrings directory and update permissions
file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
- name: Download Kubernetes GPG key securely
ansible.builtin.shell: curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: Add Kubernetes repository
ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /"
state: present
- name: Install kubeadm, kubelet, kubectl
ansible.builtin.apt:
name:
- kubelet
- kubeadm
- kubectl
state: present
update_cache: yes
- name: Hold kubelet, kubeadm, kubectl packages
ansible.builtin.command:
cmd: sudo apt-mark hold kubelet kubeadm kubectl
- name: Replace /etc/default/kubelet contents
ansible.builtin.copy:
dest: /etc/default/kubelet
content: 'KUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs"'
- name: Reload systemd configuration
ansible.builtin.command:
cmd: systemctl daemon-reload
- name: Restart kubelet service
ansible.builtin.service:
name: kubelet
state: restarted
- name: Reboot the system
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible for Kubernetes setup"
reboot_timeout: 150
- name: Copy join-command file to worker nodes
copy:
src: /tmp/join-command
dest: /tmp/join-command
mode: 0755
- name: Join Worker Nodes
ansible.builtin.shell: sh /tmp/join-command
become: yes