kubernetes/tasks/k8s-dqlite_deploy.yml

@@ -0,0 +1,21 @@
+- name: Add Dqlite/dev Repository
+  ansible.builtin.apt_repository:
+    repo: ppa:dqlite/dev
+    codename: bionic
+
+- name: Install dependencies
+  package:
+      name:
+          #- musl-dev
+          - libraft-dev
+          - libsqlite3-dev
+          - libdqlite-dev
+          - dqlite
+      state: latest
+
+- name: Deploy binary
+  ansible.builtin.copy:
+    src: k8s-dqlite/k8s-dqlite
+    dest: /usr/local/bin/
+    mode: u=rwx,g=rx,o=rx
+

kubernetes/tasks/k8s-dqlite_setup.yml

@@ -0,0 +1,40 @@
+- name: Create folder for data
+  ansible.builtin.file:
+    path: /var/data/
+    state: directory
+    mode: '0755'
+
+- name: Deploy init.yaml from template
+  ansible.builtin.template:
+    src: k8s-dqlite/init.yaml.template
+    dest: /var/data/init.yaml
+
+- name: Deploy cert-config-file from template
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  ansible.builtin.template:
+    src: k8s-dqlite/csr-dqlite.conf.template
+    dest: /var/tmp/csr-dqlite.conf
+
+- name: dqlite Generate certificate
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /var/data/cluster.key -out /var/data/cluster.crt -subj "/CN=k8s" -config /var/tmp/csr-dqlite.conf -extensions v3_ext
+
+- name: Fetch cluster.crt and cluster.key
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  synchronize:
+    src: "{{ item }}"
+    dest: /tmp/
+    mode: pull
+  with_items:
+    - /var/data/cluster.crt
+    - /var/data/cluster.key
+
+- name: Copy cluster.crt and cluster.key to joining nodes
+  when: "inventory_hostname != groups['kubernetes'][0]"
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: /var/data/
+    mode: u=rw,g=r,o=r
+  with_items:
+    - /tmp/cluster.crt
+    - /tmp/cluster.key

kubernetes/tasks/prerequisites.yml

@@ -11,9 +11,19 @@
           net.bridge.bridge-nf-call-iptables = 1
   notify: reload_sysctl
 
--  import_tasks: ./prerequisites/swap.yml
+- name: Disable swap
+  command: swapoff -a
 
--  import_tasks: ./prerequisites/containerd.yml
+- name: Deploy containerd-config
+  ansible.builtin.copy:
+    src: containerd_config.toml
+    dest: /etc/containerd/config.toml
+    mode: u=rw,g=r,o=r
+
+- name: restart_containerd
+  ansible.builtin.service:
+    name: containerd
+    state: restarted
 
 - name: Set control-plane-dns-endpoint towards local-ip
   lineinfile:

kubernetes/tasks/prerequisites/containerd.yml

@@ -1,24 +0,0 @@
-- name: Check if containerd-service exists & is started
-  service:
-    name: containerd
-    state: started
-  ignore_errors: true
-  register: containerd_status
-  
-- name: Install containerd when not exists
-  package:
-    name:
-      - containerd
-  when: containerd_status is failed
-
-- name: Create containerd config-folder
-  file:
-    path: /etc/containerd
-    state: directory
-
-- name: Deploy containerd-config
-  ansible.builtin.copy:
-    src: containerd_config.toml
-    dest: /etc/containerd/config.toml
-    mode: u=rw,g=r,o=r
-  notify: restart_containerd

kubernetes/tasks/prerequisites/swap.yml

@@ -1,10 +0,0 @@
-- name: Disable swap-mounts
-  replace:
-    path: /etc/fstab
-    regexp: '^([ \t]*(?!#)\S+[ \t]+swap[ \t]+.*)'
-    replace: '# \1'
-
-- name: Disable active swap immediately
-  command: swapoff -va
-  changed_when: "command.stdout != ''"
-  register: command

kubernetes/templates/k8s-dqlite/csr-dqlite.conf.template

@@ -0,0 +1,28 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[ dn ]
+C = GB
+ST = Canonical
+L = Canonical
+O = Canonical
+OU = Canonical
+CN = k8s
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS = {{ ansible_facts.fqdn }}
+IP = {{ ansible_facts.default_ipv6.address }}
+
+[ v3_ext ]
+authorityKeyIdentifier=keyid,issuer:always
+basicConstraints=CA:FALSE
+keyUsage=keyEncipherment,dataEncipherment,digitalSignature
+extendedKeyUsage=serverAuth,clientAuth
+subjectAltName=@alt_names