Add role kubernetes

role_kubernetes-rke2
Ruakij 2 years ago
parent 0d8d5e8528
commit 225c38df61

@ -0,0 +1,35 @@
# Copyright 2018-2022 Docker Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
disabled_plugins = []
#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0
#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0
#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true

@ -0,0 +1,9 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-canal
namespace: kube-system
spec:
valuesContent: |-
flannel:
backend: "wireguard"

@ -0,0 +1,19 @@
- name: reload_sysctl
command: sysctl --system
- name: restart_containerd
ansible.builtin.service:
name: containerd
state: restarted
- name: reload_networking
service:
name: networking
state: restarted
async: 5
poll: 0
notify: wait_for_connection
- name: wait_for_connection
wait_for_connection:
delay: 5

@ -0,0 +1,4 @@
---
dependencies:
- role: docker
- role: netmaker

@ -0,0 +1,17 @@
- name: Add Balto key
apt_key:
url: https://baltocdn.com/helm/signing.asc
state: present
- name: Add Balto Repository
apt_repository:
repo: "deb https://baltocdn.com/helm/stable/debian/ all main"
state: present
filename: kubernetes
update_cache: yes
- name: Install helm
package:
name:
- helm
state: latest

@ -0,0 +1,65 @@
- name: Create rke-helm-manifests-folder
ansible.builtin.file:
path: '/var/lib/rancher/rke2/server/manifests/'
state: directory
mode: '0755'
- name: Deploy helm-manifests
ansible.builtin.copy:
src: 'helm-manifests/'
dest: '/var/lib/rancher/rke2/server/manifests/'
- name: Create rke-folder
ansible.builtin.file:
path: /etc/rancher/rke2/
state: directory
mode: '0755'
- name: Deploy rke2 config
ansible.builtin.template:
src: rke2/config.yaml.template
dest: /etc/rancher/rke2/config.yaml
- name: Install RKE2
command: bash -c "curl -sfL https://get.rke2.io | sh -"
- name: Add RKE2 environment-vars to /etc/profile.d/
blockinfile:
path: /etc/profile.d/rke2-bin.sh
marker: "# {mark} ANSIBLE MANAGED BLOCK | rke2"
block: |
export PATH="/var/lib/rancher/rke2/bin/:$PATH"
export KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
create: true
- name: Enable and start rke2-server service for 1st-node
ansible.builtin.service:
name: rke2-server
enabled: yes
state: started
when: "inventory_hostname == groups['kubernetes'][0]"
- name: Waiting for kubelet to accept connections
ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
port: 10250
state: started
when: "inventory_hostname == groups['kubernetes'][0]"
- name: Enable and start rke2-server service for other nodes
ansible.builtin.service:
name: rke2-server
enabled: yes
state: started
when: "inventory_hostname != groups['kubernetes'][0]"
register: rke2_start
until: "rke2_start is not failed"
retries: 2
delay: 10
- name: Waiting for kubelet to accept connections on other nodes
ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
port: 10250
state: started
when: "inventory_hostname != groups['kubernetes'][0]"

@ -0,0 +1,6 @@
- import_tasks: ./prerequisites.yml
- import_tasks: ./install_helm.yml
- import_tasks: ./install_rke2.yml

@ -0,0 +1,89 @@
#- name: Load br_netfilter kernel-module
# modprobe:
# name: br_netfilter
# state: present
- name: Set sysctl settings for iptables bridged traffic
copy:
dest: "/etc/sysctl.d/kubernetes.conf"
content: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.all.forwarding=1
net.ipv6.conf.all.forwarding=1
notify: reload_sysctl
#- name: Disable swap
# command: swapoff -a
- name: Install iptables
package:
name:
#- containerd
- iptables
state: latest
- name: Check if containerd-service exists & is started
service:
name: containerd
state: started
ignore_errors: true
register: containerd_status
- name: Install containerd when not exists
package:
name:
- containerd
when: containerd_status is failed
- name: Create containerd config-folder
file:
path: /etc/containerd
state: directory
- name: Deploy containerd-config
ansible.builtin.copy:
src: containerd_config.toml
dest: /etc/containerd/config.toml
mode: u=rw,g=r,o=r
notify: restart_containerd
- name: Set control-plane-dns-endpoint towards local-ip
lineinfile:
dest: /etc/hosts
line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu"
- name: Setting network facts..
set_fact:
inventory_group_index: "{{ groups['kubernetes'].index(inventory_hostname) }}"
ipPool_ipv6_nodeip_cidr_only_prefix: '{{ kubernetes.ipPool.ipv6.nodeip_cidr | regex_replace ("(?<=:)[0-9a-f]{0,4}(\/[0-9]+)?$","") }}'
ipPool_ipv6_nodeip_cidr_cidr: '{{ kubernetes.ipPool.ipv6.nodeip_cidr | regex_replace ("^.*?\/","") }}'
ipPool_ipv4_nodeip_cidr_only_prefix: '{{ kubernetes.ipPool.ipv4.nodeip_cidr | regex_replace ("(?<=.)[0-9]{0,3}(\/[0-9]+)?$","") }}'
ipPool_ipv4_nodeip_cidr_cidr: '{{ kubernetes.ipPool.ipv4.nodeip_cidr | regex_replace ("^.*?\/","") }}'
- name: Setting more network_facts..
set_fact:
ipPool_ipv6_nodeip: "{{ ipPool_ipv6_nodeip_cidr_only_prefix }}{{ inventory_group_index|int +1 }}"
ipPool_ipv4_nodeip: "{{ ipPool_ipv4_nodeip_cidr_only_prefix }}{{ inventory_group_index|int +1 }}"
- name: Setup IPv4-Network
lineinfile:
insertafter: "iface {{ ansible_facts.default_ipv4.interface }} inet .+"
dest: "/etc/network/interfaces"
line: " up /usr/sbin/ip addr add {{ ipPool_ipv4_nodeip }} dev {{ ansible_facts.default_ipv4.interface }}"
register: setup_network_ipv4
- name: Setup IPv6-Network
lineinfile:
insertafter: "iface {{ ansible_facts.default_ipv4.interface }} inet6 .+"
dest: "/etc/network/interfaces"
line: " up /usr/sbin/ip -6 addr add {{ ipPool_ipv6_nodeip }} dev {{ ansible_facts.default_ipv4.interface }}"
register: setup_network_ipv6
- name: Force-Reload network-interface
command: "ifup --force {{ ansible_facts.default_ipv4.interface }}"
when: setup_network_ipv4.changed or setup_network_ipv6.changed
- name: Run handlers to reload configurations
meta: flush_handlers

@ -0,0 +1,16 @@
## Base ##
container-runtime-endpoint: unix:///run/containerd/containerd.sock
{% if inventory_hostname != groups['kubernetes'][0] %}
server: https://{{ kubernetes.control_plane.dns_name }}:9345
{% endif %}
token: {{ kubernetes.shared_token }}
tls-san:
- {{ kubernetes.control_plane.dns_name }}
## Networking ##
#cni: cilium
cluster-cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }},{{ kubernetes.ipPool.ipv6.cluster_cidr }}
service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv6.service_cidr }}
node-ip: {{ ipPool_ipv4_nodeip }},{{ ipPool_ipv6_nodeip }}
Loading…
Cancel
Save