Grab local-IP from specified interface instead

common/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: reload_sysctl
+  command: sysctl --system

common/tasks/aliases.yml

@@ -0,0 +1,20 @@
+- name: General aliases
+  blockinfile:
+      path: "{{ ansible_facts.env.HOME }}/.bashrc"
+      marker: "# {mark} ANSIBLE MANAGED BLOCK | General aliases"
+      block: |
+        alias clr="clear"
+        alias hgrep="history | grep"
+        alias syslog="tail -f --lines=100 /var/log/syslog"
+        alias cp="rsync -hlAXEptgoDS --numeric-ids --info=progress2"
+
+- name: ls aliases and colors
+  blockinfile:
+      path: "{{ ansible_facts.env.HOME }}/.bashrc"
+      marker: "# {mark} ANSIBLE MANAGED BLOCK | ls aliases and colors"
+      block: |
+        export LS_OPTIONS='--color=auto'
+        eval "`dircolors`"
+        alias ls='ls $LS_OPTIONS'
+        alias ll='ls $LS_OPTIONS -l'
+        alias l='ls $LS_OPTIONS -la'

common/tasks/main.yml

@@ -0,0 +1,7 @@
+- import_tasks: ./packages.yml
+
+- import_tasks: ./ssh.yml
+
+- import_tasks: ./packages.yml
+
+- import_tasks: ./aliases.yml

common/tasks/packages.yml

@@ -0,0 +1,20 @@
+- name: Update Packages
+  apt:
+      update_cache: yes
+      upgrade: yes
+  when: ansible_facts.distribution == "Debian"
+
+- name: Install Packages
+  package:
+      name:
+          - gpg
+          - htop
+          - iotop
+          - slurm
+          - sudo
+          - screen
+          - curl
+          - rsync
+          - zstd
+      state: latest
+  when: ansible_facts.distribution == "Debian"

common/tasks/ssh.yml

@@ -0,0 +1,12 @@
+- name: Disable SSH password auth
+  lineinfile:
+      dest: /etc/ssh/sshd_config
+      regexp: '^PasswordAuthentication\s*yes'
+      line: "PasswordAuthentication no"
+  register: sshd_config
+
+- name: Restart SSH daemon
+  service:
+      name: sshd
+      state: restarted
+  when: sshd_config.changed

docker/files/docker-compose

@@ -0,0 +1,2 @@
+#!/bin/sh
+docker compose $@

docker/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart_docker
+  service:
+      name: "docker"
+      state: restarted

docker/tasks/main.yml

@@ -0,0 +1,40 @@
+#- name: Check if docker is already installed
+#  stat:
+#    path: /usr/bin/docker
+#  register: docker_file
+
+- name: Install Packages
+#  when: docker_file.stat.exists == False
+  package:
+      name:
+          - gpg
+          - gpg-agent
+
+- name: Add docker-key
+  apt_key:
+      url: https://download.docker.com/linux/debian/gpg
+      state: present
+
+- name: Add docker-repository
+  apt_repository:
+      repo: "deb https://download.docker.com/linux/{{ ansible_facts.distribution | lower }} {{ ansible_facts.distribution_release }} stable"
+      state: present
+      filename: docker
+      update_cache: yes
+
+- name: Install docker
+  package:
+      name:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-compose-plugin
+          - pass
+      state: latest
+
+- name: Deploy docker-compose command to new docker compose plugin
+  ansible.builtin.copy:
+    src: docker-compose
+    dest: "/usr/local/bin/docker-compose"
+    mode: preserve
+

kubernetes/defaults/main.yml

@@ -0,0 +1,17 @@
+---
+kubernetes:
+  ipPool:
+    ipv4:
+      cluster_cidr: 10.42.0.0/16
+      service_cidr: 10.43.0.0/16
+      nodeip_cidr: 10.41.0.0/24
+    ipv6:
+      cluster_cidr: fd42::/56
+      service_cidr: fd43::/112
+
+    nodeIp_interface: <interface to grab nodeIp from>
+
+  control_plane:
+    dns_name: <control-plane dns-reachable-name>
+
+  shared_token: <shared token for nodes to join>

kubernetes/docs/architecture.puml

@@ -0,0 +1,30 @@
+@startuml
+
+component netmaker as nm1
+component netmaker as nm2
+component ... as nm3
+
+interface interface as if1
+interface interface as if2
+interface ... as if3
+
+component kubernetes as kn1
+component kubernetes as kn2
+component ... as kn3
+
+nm1 -up- if1
+kn1 -down-( if1
+
+nm2 -up- if2
+kn2 -down-( if2
+
+nm3 -up- if3
+kn3 -down-( if3
+
+nm1 -right- nm2
+nm2 -right- nm3
+
+kn1 .right. kn2
+kn2 .right. kn3
+
+@enduml

kubernetes/files/containerd_config.toml

@@ -0,0 +1,35 @@
+#   Copyright 2018-2022 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+disabled_plugins = []
+
+#root = "/var/lib/containerd"
+#state = "/run/containerd"
+#subreaper = true
+#oom_score = 0
+
+#[grpc]
+#  address = "/run/containerd/containerd.sock"
+#  uid = 0
+#  gid = 0
+
+#[debug]
+#  address = "/run/containerd/debug.sock"
+#  uid = 0
+#  gid = 0
+#  level = "info"
+
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+    SystemdCgroup = true

kubernetes/files/helm-manifests/rke2-canal-config.yaml.disabled

@@ -0,0 +1,9 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: rke2-canal
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    flannel:
+      backend: "wireguard"

kubernetes/handlers/main.yml

@@ -0,0 +1,19 @@
+- name: reload_sysctl
+  command: sysctl --system
+
+- name: restart_containerd
+  ansible.builtin.service:
+    name: containerd
+    state: restarted
+
+- name: reload_networking
+  service:
+    name: networking
+    state: restarted
+  async: 5
+  poll: 0
+  notify: wait_for_connection
+
+- name: wait_for_connection
+  wait_for_connection:
+    delay: 5

kubernetes/meta/main.yml

@@ -0,0 +1,4 @@
+---
+  dependencies:
+    - role: docker
+    - role: netmaker

kubernetes/tasks/install_helm.yml

@@ -0,0 +1,17 @@
+- name: Add Balto key
+  apt_key:
+      url: https://baltocdn.com/helm/signing.asc
+      state: present
+
+- name: Add Balto Repository
+  apt_repository:
+      repo: "deb https://baltocdn.com/helm/stable/debian/ all main"
+      state: present
+      filename: kubernetes
+      update_cache: yes
+
+- name: Install helm
+  package:
+      name:
+          - helm
+      state: latest

kubernetes/tasks/install_rke2.yml

@@ -0,0 +1,65 @@
+- name: Create rke-helm-manifests-folder
+  ansible.builtin.file:
+    path: '/var/lib/rancher/rke2/server/manifests/'
+    state: directory
+    mode: '0755'
+
+- name: Deploy helm-manifests
+  ansible.builtin.copy:
+    src: 'helm-manifests/'
+    dest: '/var/lib/rancher/rke2/server/manifests/'
+
+- name: Create rke-folder
+  ansible.builtin.file:
+    path: /etc/rancher/rke2/
+    state: directory
+    mode: '0755'
+
+- name: Deploy rke2 config
+  ansible.builtin.template:
+    src: rke2/config.yaml.template
+    dest: /etc/rancher/rke2/config.yaml
+
+- name: Install RKE2
+  command: bash -c "curl -sfL https://get.rke2.io | sh -"
+
+- name: Add RKE2 environment-vars to /etc/profile.d/
+  blockinfile:
+    path: /etc/profile.d/rke2-bin.sh
+    marker: "# {mark} ANSIBLE MANAGED BLOCK | rke2"
+    block: |
+      export PATH="/var/lib/rancher/rke2/bin/:$PATH"
+      export KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
+    create: true
+
+- name: Enable and start rke2-server service for 1st-node
+  ansible.builtin.service:
+    name: rke2-server
+    enabled: yes
+    state: started
+  when: "inventory_hostname == groups['kubernetes'][0]"
+
+- name: Waiting for kubelet to accept connections
+  ansible.builtin.wait_for:
+    host: "{{ inventory_hostname }}"
+    port: 10250
+    state: started
+  when: "inventory_hostname == groups['kubernetes'][0]"
+
+- name: Enable and start rke2-server service for other nodes
+  ansible.builtin.service:
+    name: rke2-server
+    enabled: yes
+    state: started
+  when: "inventory_hostname != groups['kubernetes'][0]"
+  register: rke2_start
+  until: "rke2_start is not failed"
+  retries: 2
+  delay: 10
+
+- name: Waiting for kubelet to accept connections on other nodes
+  ansible.builtin.wait_for:
+    host: "{{ inventory_hostname }}"
+    port: 10250
+    state: started
+  when: "inventory_hostname != groups['kubernetes'][0]"

kubernetes/tasks/main.yml

@@ -0,0 +1,6 @@
+- import_tasks: ./prerequisites.yml
+
+- import_tasks: ./install_helm.yml
+
+- import_tasks: ./install_rke2.yml
+

kubernetes/tasks/prerequisites.yml

@@ -0,0 +1,69 @@
+#- name: Load br_netfilter kernel-module
+#  modprobe:
+#      name: br_netfilter
+#      state: present
+
+- name: Set sysctl settings for iptables bridged traffic
+  copy:
+    dest: "/etc/sysctl.d/kubernetes.conf"
+    content: |
+        net.bridge.bridge-nf-call-ip6tables = 1
+        net.bridge.bridge-nf-call-iptables = 1
+
+        net.ipv4.conf.all.forwarding=1
+        net.ipv6.conf.all.forwarding=1
+  notify: reload_sysctl
+
+#- name: Disable swap
+#  command: swapoff -a
+
+- name: Install iptables
+  package:
+      name:
+          #- containerd
+          - iptables
+      state: latest
+
+- name: Check if containerd-service exists & is started
+  service:
+    name: containerd
+    state: started
+  ignore_errors: true
+  register: containerd_status
+  
+- name: Install containerd when not exists
+  package:
+    name:
+      - containerd
+  when: containerd_status is failed
+
+- name: Create containerd config-folder
+  file:
+    path: /etc/containerd
+    state: directory
+
+- name: Deploy containerd-config
+  ansible.builtin.copy:
+    src: containerd_config.toml
+    dest: /etc/containerd/config.toml
+    mode: u=rw,g=r,o=r
+  notify: restart_containerd
+
+# todo: Move to netmaker-role as handler?
+- name: Gather facts to get changes
+  ansible.builtin.gather_facts:
+
+- name: Getting nodeIp-data from interface
+  set_fact:
+    nodeip_ipv4: "{{ ansible_facts[ kubernetes.ipPool.nodeIp_interface ].ipv4.address }}"
+    nodeip_ipv6: "{{ ansible_facts[ kubernetes.ipPool.nodeIp_interface ].ipv6[0].address }}"
+
+- name: Set control-plane-dns-endpoint towards local-ip
+  blockinfile:
+      path: /etc/hosts
+      marker: "# {mark} ANSIBLE MANAGED BLOCK | k8s"
+      block: |
+        {{ nodeip_ipv4 }} {{ kubernetes.control_plane.dns_name }}
+
+- name: Run handlers to reload configurations
+  meta: flush_handlers

kubernetes/templates/rke2/config.yaml.template

@@ -0,0 +1,16 @@
+## Base ##
+container-runtime-endpoint: unix:///run/containerd/containerd.sock
+
+{% if inventory_hostname != groups['kubernetes'][0] %}
+server: https://{{ kubernetes.control_plane.dns_name }}:9345
+{% endif %}
+token: {{ kubernetes.shared_token }}
+tls-san:
+  - {{ kubernetes.control_plane.dns_name }}
+
+## Networking ##
+#cni: cilium
+
+cluster-cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }},{{ kubernetes.ipPool.ipv6.cluster_cidr }}
+service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv6.service_cidr }}
+node-ip:      {{ nodeip_ipv4 }},{{ nodeip_ipv6 }}