kube-setup/roles/kube/tasks/main.yml at main · bracketttc/kube-setup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
---
- name: Add rule to load br_netfilter kernel module
  become: yes
  copy:
    src: k8s.modules-load.conf
    dest: /etc/modules-load.d/k8s.conf

- name: Load br_netfilter kernel module
  become: yes
  community.general.modprobe:
    name: br_netfilter
    state: present

- name: Add syscontrol rules for Kubernetes
  become: yes
  ansible.posix.sysctl:
    name: "{{ item }}"
    value: "1"
    sysctl_file: /etc/sysctl.d/k8s.conf
    reload: yes
  loop:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-ip6tables

- name: Turn off swap
  become: yes
  shell:
    cmd: swapoff -a

- name: Comment out swap partitions in fstab
  become: yes
  replace:
    path: /etc/fstab
    regexp: '(^[^#].*?\sswap\s+.*)$'
    replace: '# \1'

- name: Place SELinux in permissive mode
  become: yes
  ansible.posix.selinux:
    policy: targeted
    state: permissive
  ignore_errors: true

- name: Subscribe to Red Hat
  become: yes
  community.general.redhat_subscription:
    username: your.username.here
    password: your.password.here
    auto_attach: yes
    state: present
  when:
    - ansible_distribution == 'RedHat'

- name: Update package metadata
  become: yes
  apt:
    update_cache: yes
  when:
    - ansible_distribution == 'Debian'

- name: Upgrade packages
  become: yes
  package:
    name: '*'
    state: latest

- import_tasks: docker.yml
  when: container_runtime == 'docker'

- import_tasks: crio.yml
  when: container_runtime == 'crio'

- import_tasks: containerd.yml
  when: container_runtime == 'containerd'

- name: Disable FirewallD
  become: yes
  systemd:
    name: firewalld
    state: stopped
    enabled: no
  ignore_errors: true

- name: Add kubernetes yum repository
  become: yes
  yum_repository:
    name: Kubernetes
    description: Google k8s packages
    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
    enabled: yes
    gpgcheck: yes
    repo_gpgcheck: yes
    gpgkey:
      - https://packages.cloud.google.com/yum/doc/yum-key.gpg
      - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    exclude: "kubelet kubeadm kubectl"
  when:
    - ansible_distribution == 'RedHat'

- name: Add kubernetes apt repository
  become: yes
  block:
    - name: Fetch Kubernetes GPG key
      get_url:
        url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
        dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg

    - name: Add Kubernetes apt repository
      apt_repository:
        filename: kubernetes.list
        repo: "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main"
        state: present
        update_cache: yes
  when:
    - ansible_distribution == 'Debian'

- name: Install Kubernetes
  become: yes
  package:
    name:
      - kubelet
      - kubeadm
      - kubectl
    state: present

- name: Start Kubelet
  become: yes
  systemd:
    name: kubelet
    state: started
    enabled: yes

- name: Initialize a Kubernetes cluster
  become: yes
  shell:
    cmd: kubeadm init --pod-network-cidr=10.10.0.0/16
    creates: /etc/kubernetes/admin.conf

- name:
  block:
    - name: Create .kube dir
      file:
        path: "{{ ansible_env.HOME }}/.kube"
        state: directory
    - name: Copy config
      become: yes
      copy:
        remote_src: yes
        src: /etc/kubernetes/admin.conf
        dest: "{{ ansible_env.HOME }}/.kube/config"
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"

- name: Install Python
  become: yes
  package:
    name:
      - python3
      - python3-pip

- name: Install OpenShift bindings for Python
  become: yes
  yum:
    name:
      - python-openshift
    state: present
  when:
    - ansible_distribution == 'RedHat'

- import_tasks: cni.yml
- import_tasks: helm.yml