Disable swap

kubernetes/defaults/main.yml

@@ -1,16 +0,0 @@
----
-kubernetes:
-  ipPool:
-    ipv4:
-      cluster_cidr: 10.42.0.0/16
-      service_cidr: 10.43.0.0/16
-      nodeip_cidr: 10.41.0.0/24
-    ipv6:
-      cluster_cidr: fd42::/56
-      service_cidr: fd43::/112
-      nodeip_cidr: fd41::/64
-
-  control_plane:
-    dns_name: <control-plane dns-reachable-name>
-
-  shared_token: <shared token for nodes to join>

kubernetes/files/containerd_config.toml

@@ -31,5 +31,6 @@ disabled_plugins = []
 #  level = "info"
 
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+  
   [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
     SystemdCgroup = true

kubernetes/files/helm-manifests/rke2-canal-config.yaml.disabled

@@ -1,9 +0,0 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChartConfig
-metadata:
-  name: rke2-canal
-  namespace: kube-system
-spec:
-  valuesContent: |-
-    flannel:
-      backend: "wireguard"

kubernetes/files/k8s-dqlite/Dockerfile

@@ -0,0 +1,15 @@
+FROM golang:1-buster
+
+# Add PPA
+RUN echo "deb http://ppa.launchpad.net/dqlite/dev/ubuntu bionic main" > /etc/apt/sources.list.d/ppa_dqlite_dev_bionic.list
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 50FB3D04
+# Install dependencies
+RUN apt update -y && apt install -y build-essential git libraft-dev libsqlite3-dev libdqlite-dev
+
+# Clone
+RUN git clone https://github.com/canonical/k8s-dqlite --branch v1.0.4 /k8s-dqlite
+WORKDIR /k8s-dqlite
+
+# Compile
+ENV CGO_LDFLAGS_ALLOW="-Wl,-z,now"
+RUN go build -o k8s-dqlite -tags libsqlite3,dqlite k8s-dqlite.go

kubernetes/handlers/main.yml

@@ -1,19 +1,3 @@
 - name: reload_sysctl
   command: sysctl --system
 
-- name: restart_containerd
-  ansible.builtin.service:
-    name: containerd
-    state: restarted
-
-- name: reload_networking
-  service:
-    name: networking
-    state: restarted
-  async: 5
-  poll: 0
-  notify: wait_for_connection
-
-- name: wait_for_connection
-  wait_for_connection:
-    delay: 5

kubernetes/meta/main.yml

@@ -1,4 +1,3 @@
 ---
-  dependencies:
-    - role: docker
-    - role: netmaker
+dependencies:
+    - { role: docker }

kubernetes/tasks/deploy_cilium.yml

@@ -0,0 +1,12 @@
+- name: Deploy Cilium-CLI
+  ansible.builtin.unarchive:
+    src: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
+    dest: /usr/local/bin
+    remote_src: yes
+    mode: u=rwx,g=rx,o=rx
+
+- name: Install Cilium
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: -cilium install
+  environment: 
+    KUBECONFIG: /etc/kubernetes/admin.conf

kubernetes/tasks/install_helm.yml

@@ -1,17 +0,0 @@
-- name: Add Balto key
-  apt_key:
-      url: https://baltocdn.com/helm/signing.asc
-      state: present
-
-- name: Add Balto Repository
-  apt_repository:
-      repo: "deb https://baltocdn.com/helm/stable/debian/ all main"
-      state: present
-      filename: kubernetes
-      update_cache: yes
-
-- name: Install helm
-  package:
-      name:
-          - helm
-      state: latest

kubernetes/tasks/install_rke2.yml

@@ -1,65 +0,0 @@
-- name: Create rke-helm-manifests-folder
-  ansible.builtin.file:
-    path: '/var/lib/rancher/rke2/server/manifests/'
-    state: directory
-    mode: '0755'
-
-- name: Deploy helm-manifests
-  ansible.builtin.copy:
-    src: 'helm-manifests/'
-    dest: '/var/lib/rancher/rke2/server/manifests/'
-
-- name: Create rke-folder
-  ansible.builtin.file:
-    path: /etc/rancher/rke2/
-    state: directory
-    mode: '0755'
-
-- name: Deploy rke2 config
-  ansible.builtin.template:
-    src: rke2/config.yaml.template
-    dest: /etc/rancher/rke2/config.yaml
-
-- name: Install RKE2
-  command: bash -c "curl -sfL https://get.rke2.io | sh -"
-
-- name: Add RKE2 environment-vars to /etc/profile.d/
-  blockinfile:
-    path: /etc/profile.d/rke2-bin.sh
-    marker: "# {mark} ANSIBLE MANAGED BLOCK | rke2"
-    block: |
-      export PATH="/var/lib/rancher/rke2/bin/:$PATH"
-      export KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
-    create: true
-
-- name: Enable and start rke2-server service for 1st-node
-  ansible.builtin.service:
-    name: rke2-server
-    enabled: yes
-    state: started
-  when: "inventory_hostname == groups['kubernetes'][0]"
-
-- name: Waiting for kubelet to accept connections
-  ansible.builtin.wait_for:
-    host: "{{ inventory_hostname }}"
-    port: 10250
-    state: started
-  when: "inventory_hostname == groups['kubernetes'][0]"
-
-- name: Enable and start rke2-server service for other nodes
-  ansible.builtin.service:
-    name: rke2-server
-    enabled: yes
-    state: started
-  when: "inventory_hostname != groups['kubernetes'][0]"
-  register: rke2_start
-  until: "rke2_start is not failed"
-  retries: 2
-  delay: 10
-
-- name: Waiting for kubelet to accept connections on other nodes
-  ansible.builtin.wait_for:
-    host: "{{ inventory_hostname }}"
-    port: 10250
-    state: started
-  when: "inventory_hostname != groups['kubernetes'][0]"

kubernetes/tasks/k8s_deploy.yml

@@ -0,0 +1,28 @@
+- name: Add Google-Cloud key
+  apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      state: present
+
+- name: Add Kubernetes Repository
+  apt_repository:
+      repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
+      state: present
+      filename: kubernetes
+      update_cache: yes
+
+- name: Install kubernetes-tools
+  package:
+      name:
+          - kubeadm
+          - kubelet
+          - kubectl
+      state: latest
+
+- name: Hold upgrades for kubernetes-tools
+  dpkg_selections:
+      name: "{{ item }}"
+      selection: hold
+  loop:
+      - kubeadm
+      - kubelet
+      - kubectl

kubernetes/tasks/k8s_setup-cluster.yml

@@ -0,0 +1,4 @@
+- name: Join other nodes to cluster
+  when: "inventory_hostname != groups['kubernetes'][0]"
+  command: 
+

kubernetes/tasks/k8s_setup.yml

@@ -0,0 +1,9 @@
+- name: Initialize Kubernetes Cluster
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: kubeadm init --control-plane-endpoint={{ control_plane.dns_name }}
+  #--upload-certs
+
+- name: Set environment-var for config
+  lineinfile:
+      dest: ~/.bashrc
+      line: "export KUBECONFIG=/etc/kubernetes/admin.conf"

kubernetes/tasks/main.yml

@@ -1,6 +1,9 @@
 - import_tasks: ./prerequisites.yml
 
-- import_tasks: ./install_helm.yml
+- import_tasks: ./k8s_deploy.yml
 
-- import_tasks: ./install_rke2.yml
+- import_tasks: ./k8s_setup.yml
 
+- import_tasks: ./deploy_cilium.yml
+
+#- import_tasks: ./k8s_setup-cluster.yml

kubernetes/tasks/prerequisites.yml

@@ -1,89 +1,21 @@
-#- name: Load br_netfilter kernel-module
-#  modprobe:
-#      name: br_netfilter
-#      state: present
+- name: Load br_netfilter kernel-module
+  modprobe:
+      name: br_netfilter
+      state: present
 
 - name: Set sysctl settings for iptables bridged traffic
   copy:
-    dest: "/etc/sysctl.d/kubernetes.conf"
-    content: |
-        net.bridge.bridge-nf-call-ip6tables = 1
-        net.bridge.bridge-nf-call-iptables = 1
-
-        net.ipv4.conf.all.forwarding=1
-        net.ipv6.conf.all.forwarding=1
+      dest: "/etc/sysctl.d/kubernetes.conf"
+      content: |
+          net.bridge.bridge-nf-call-ip6tables = 1
+          net.bridge.bridge-nf-call-iptables = 1
   notify: reload_sysctl
 
-#- name: Disable swap
-#  command: swapoff -a
+-  import_tasks: ./prerequisites/swap.yml
 
-- name: Install iptables
-  package:
-      name:
-          #- containerd
-          - iptables
-      state: latest
-
-- name: Check if containerd-service exists & is started
-  service:
-    name: containerd
-    state: started
-  ignore_errors: true
-  register: containerd_status
-  
-- name: Install containerd when not exists
-  package:
-    name:
-      - containerd
-  when: containerd_status is failed
-
-- name: Create containerd config-folder
-  file:
-    path: /etc/containerd
-    state: directory
-
-- name: Deploy containerd-config
-  ansible.builtin.copy:
-    src: containerd_config.toml
-    dest: /etc/containerd/config.toml
-    mode: u=rw,g=r,o=r
-  notify: restart_containerd
+-  import_tasks: ./prerequisites/containerd.yml
 
 - name: Set control-plane-dns-endpoint towards local-ip
   lineinfile:
-    dest: /etc/hosts
-    line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu" 
-
-- name: Setting network facts..
-  set_fact:
-    inventory_group_index: "{{ groups['kubernetes'].index(inventory_hostname) }}"
-    ipPool_ipv6_nodeip_cidr_only_prefix:  '{{ kubernetes.ipPool.ipv6.nodeip_cidr | regex_replace ("(?<=:)[0-9a-f]{0,4}(\/[0-9]+)?$","") }}'
-    ipPool_ipv6_nodeip_cidr_cidr:         '{{ kubernetes.ipPool.ipv6.nodeip_cidr | regex_replace ("^.*?\/","") }}'
-    ipPool_ipv4_nodeip_cidr_only_prefix:  '{{ kubernetes.ipPool.ipv4.nodeip_cidr | regex_replace ("(?<=.)[0-9]{0,3}(\/[0-9]+)?$","") }}'
-    ipPool_ipv4_nodeip_cidr_cidr:         '{{ kubernetes.ipPool.ipv4.nodeip_cidr | regex_replace ("^.*?\/","") }}'
-  
-- name: Setting more network_facts..
-  set_fact:
-    ipPool_ipv6_nodeip: "{{ ipPool_ipv6_nodeip_cidr_only_prefix }}{{ inventory_group_index|int +1 }}"
-    ipPool_ipv4_nodeip: "{{ ipPool_ipv4_nodeip_cidr_only_prefix }}{{ inventory_group_index|int +1 }}"
-
-- name: Setup IPv4-Network
-  lineinfile:
-    insertafter: "iface {{ ansible_facts.default_ipv4.interface }} inet .+"
-    dest: "/etc/network/interfaces"
-    line: "    up /usr/sbin/ip addr add {{ ipPool_ipv4_nodeip }} dev {{ ansible_facts.default_ipv4.interface }}"
-  register: setup_network_ipv4
-
-- name: Setup IPv6-Network
-  lineinfile:
-    insertafter: "iface {{ ansible_facts.default_ipv4.interface }} inet6 .+"
-    dest: "/etc/network/interfaces"
-    line: "    up /usr/sbin/ip -6 addr add {{ ipPool_ipv6_nodeip }} dev {{ ansible_facts.default_ipv4.interface }}"
-  register: setup_network_ipv6
-
-- name: Force-Reload network-interface
-  command: "ifup --force {{ ansible_facts.default_ipv4.interface }}"
-  when: setup_network_ipv4.changed or setup_network_ipv6.changed
-
-- name: Run handlers to reload configurations
-  meta: flush_handlers
+      dest: /etc/hosts
+      line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu" 

kubernetes/tasks/prerequisites/containerd.yml

@@ -0,0 +1,24 @@
+- name: Check if containerd-service exists & is started
+  service:
+    name: containerd
+    state: started
+  ignore_errors: true
+  register: containerd_status
+  
+- name: Install containerd when not exists
+  package:
+    name:
+      - containerd
+  when: containerd_status is failed
+
+- name: Create containerd config-folder
+  file:
+    path: /etc/containerd
+    state: directory
+
+- name: Deploy containerd-config
+  ansible.builtin.copy:
+    src: containerd_config.toml
+    dest: /etc/containerd/config.toml
+    mode: u=rw,g=r,o=r
+  notify: restart_containerd

kubernetes/tasks/prerequisites/swap.yml

@@ -0,0 +1,10 @@
+- name: Disable swap-mounts
+  replace:
+    path: /etc/fstab
+    regexp: '^([ \t]*(?!#)\S+[ \t]+swap[ \t]+.*)'
+    replace: '# \1'
+
+- name: Disable active swap immediately
+  command: swapoff -va
+  changed_when: "command.stdout != ''"
+  register: command

kubernetes/templates/k8s-dqlite/init.yaml.jinja2

@@ -0,0 +1,7 @@
+{% if inventory_hostname != groups['kubernetes'][0] %}
+Cluster:
+{% for node in groups['kubernetes'] if node != inventory_hostname %}
+  - {{ node }}:29001
+{% endfor %}
+{% endif %}
+Address: 0.0.0.0:29001

kubernetes/templates/rke2/config.yaml.template

@@ -1,16 +0,0 @@
-## Base ##
-container-runtime-endpoint: unix:///run/containerd/containerd.sock
-
-{% if inventory_hostname != groups['kubernetes'][0] %}
-server: https://{{ kubernetes.control_plane.dns_name }}:9345
-{% endif %}
-token: {{ kubernetes.shared_token }}
-tls-san:
-  - {{ kubernetes.control_plane.dns_name }}
-
-## Networking ##
-#cni: cilium
-
-cluster-cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }},{{ kubernetes.ipPool.ipv6.cluster_cidr }}
-service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv6.service_cidr }}
-node-ip:      {{ ipPool_ipv4_nodeip }},{{ ipPool_ipv6_nodeip }}