Add role kubernetes TODO: fix role

kubernetes/tasks/deploy_cilium.yml

@@ -0,0 +1,12 @@
+- name: Deploy Cilium-CLI
+  ansible.builtin.unarchive:
+    src: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
+    dest: /usr/local/bin
+    remote_src: yes
+    mode: u=rwx,g=rx,o=rx
+
+- name: Install Cilium
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: -cilium install
+  environment: 
+    KUBECONFIG: /etc/kubernetes/admin.conf

kubernetes/tasks/k8s-dqlite_deploy.yml

@@ -0,0 +1,21 @@
+- name: Add Dqlite/dev Repository
+  ansible.builtin.apt_repository:
+    repo: ppa:dqlite/dev
+    codename: bionic
+
+- name: Install dependencies
+  package:
+      name:
+          #- musl-dev
+          - libraft-dev
+          - libsqlite3-dev
+          - libdqlite-dev
+          - dqlite
+      state: latest
+
+- name: Deploy binary
+  ansible.builtin.copy:
+    src: k8s-dqlite/k8s-dqlite
+    dest: /usr/local/bin/
+    mode: u=rwx,g=rx,o=rx
+

kubernetes/tasks/k8s-dqlite_setup.yml

@@ -0,0 +1,40 @@
+- name: Create folder for data
+  ansible.builtin.file:
+    path: /var/data/
+    state: directory
+    mode: '0755'
+
+- name: Deploy init.yaml from template
+  ansible.builtin.template:
+    src: k8s-dqlite/init.yaml.template
+    dest: /var/data/init.yaml
+
+- name: Deploy cert-config-file from template
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  ansible.builtin.template:
+    src: k8s-dqlite/csr-dqlite.conf.template
+    dest: /var/tmp/csr-dqlite.conf
+
+- name: dqlite Generate certificate
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /var/data/cluster.key -out /var/data/cluster.crt -subj "/CN=k8s" -config /var/tmp/csr-dqlite.conf -extensions v3_ext
+
+- name: Fetch cluster.crt and cluster.key
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  synchronize:
+    src: "{{ item }}"
+    dest: /tmp/
+    mode: pull
+  with_items:
+    - /var/data/cluster.crt
+    - /var/data/cluster.key
+
+- name: Copy cluster.crt and cluster.key to joining nodes
+  when: "inventory_hostname != groups['kubernetes'][0]"
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: /var/data/
+    mode: u=rw,g=r,o=r
+  with_items:
+    - /tmp/cluster.crt
+    - /tmp/cluster.key

kubernetes/tasks/k8s_deploy.yml

@@ -0,0 +1,28 @@
+- name: Add Google-Cloud key
+  apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      state: present
+
+- name: Add Kubernetes Repository
+  apt_repository:
+      repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
+      state: present
+      filename: kubernetes
+      update_cache: yes
+
+- name: Install kubernetes-tools
+  package:
+      name:
+          - kubeadm
+          - kubelet
+          - kubectl
+      state: latest
+
+- name: Hold upgrades for kubernetes-tools
+  dpkg_selections:
+      name: "{{ item }}"
+      selection: hold
+  loop:
+      - kubeadm
+      - kubelet
+      - kubectl

kubernetes/tasks/k8s_setup-cluster.yml

@@ -0,0 +1,4 @@
+- name: Join other nodes to cluster
+  when: "inventory_hostname != groups['kubernetes'][0]"
+  command: 
+

kubernetes/tasks/k8s_setup.yml

@@ -0,0 +1,9 @@
+- name: Initialize Kubernetes Cluster
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: kubeadm init --control-plane-endpoint={{ control_plane.dns_name }}
+  #--upload-certs
+
+- name: Set environment-var for config
+  lineinfile:
+      dest: ~/.bashrc
+      line: "export KUBECONFIG=/etc/kubernetes/admin.conf"

kubernetes/tasks/main.yml

@@ -0,0 +1,9 @@
+- import_tasks: ./prerequisites.yml
+
+- import_tasks: ./k8s_deploy.yml
+
+- import_tasks: ./k8s_setup.yml
+
+- import_tasks: ./deploy_cilium.yml
+
+#- import_tasks: ./k8s_setup-cluster.yml

kubernetes/tasks/prerequisites.yml

@@ -0,0 +1,31 @@
+- name: Load br_netfilter kernel-module
+  modprobe:
+      name: br_netfilter
+      state: present
+
+- name: Set sysctl settings for iptables bridged traffic
+  copy:
+      dest: "/etc/sysctl.d/kubernetes.conf"
+      content: |
+          net.bridge.bridge-nf-call-ip6tables = 1
+          net.bridge.bridge-nf-call-iptables = 1
+  notify: reload_sysctl
+
+- name: Disable swap
+  command: swapoff -a
+
+- name: Deploy containerd-config
+  ansible.builtin.copy:
+    src: containerd_config.toml
+    dest: /etc/containerd/config.toml
+    mode: u=rw,g=r,o=r
+
+- name: restart_containerd
+  ansible.builtin.service:
+    name: containerd
+    state: restarted
+
+- name: Set control-plane-dns-endpoint towards local-ip
+  lineinfile:
+      dest: /etc/hosts
+      line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu"