From 61f83b4567e9b158258de6fb8ea0af9f4d26072f Mon Sep 17 00:00:00 2001
From: Sergei Bobkov <sergant@git.aassdd.ru>
Date: Mon, 25 Aug 2025 19:10:31 +0300
Subject: [PATCH] Added code

---
 .../{k8s-ha-api.yml => k8s-api-ha.yml}        |  2 +-
 .../defaults/main.yml                         |  0
 .../{k8s-ha-api => k8s-api-ha}/files/.gitkeep |  0
 .../handlers/main.yml                         |  0
 .../{k8s-ha-api => k8s-api-ha}/tasks/main.yml |  0
 .../{k8s-ha-api => k8s-api-ha}/tasks/ping.yml |  0
 .../templates/haproxy.cfg.j2                  |  0
 .../templates/keepalived.conf.j2              |  0
 .../{k8s-ha-api => k8s-api-ha}/vars/main.yml  |  2 +-
 .../tasks/k8s-control-plane-setup.yml         | 73 +++++++++++++++----
 .../roles/k8s-deploy-cluster/vars/main.yml    |  2 +
 11 files changed, 61 insertions(+), 18 deletions(-)
 rename ansible/playbooks/{k8s-ha-api.yml => k8s-api-ha.yml} (82%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/defaults/main.yml (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/files/.gitkeep (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/handlers/main.yml (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/tasks/main.yml (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/tasks/ping.yml (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/templates/haproxy.cfg.j2 (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/templates/keepalived.conf.j2 (100%)
 rename ansible/roles/{k8s-ha-api => k8s-api-ha}/vars/main.yml (91%)

diff --git a/ansible/playbooks/k8s-ha-api.yml b/ansible/playbooks/k8s-api-ha.yml
similarity index 82%
rename from ansible/playbooks/k8s-ha-api.yml
rename to ansible/playbooks/k8s-api-ha.yml
index 641b12e..7088665 100644
--- a/ansible/playbooks/k8s-ha-api.yml
+++ b/ansible/playbooks/k8s-api-ha.yml
@@ -4,4 +4,4 @@
   become: true
   gather_facts: true
   roles:
-    - k8s-ha-api
+    - k8s-api-ha
diff --git a/ansible/roles/k8s-ha-api/defaults/main.yml b/ansible/roles/k8s-api-ha/defaults/main.yml
similarity index 100%
rename from ansible/roles/k8s-ha-api/defaults/main.yml
rename to ansible/roles/k8s-api-ha/defaults/main.yml
diff --git a/ansible/roles/k8s-ha-api/files/.gitkeep b/ansible/roles/k8s-api-ha/files/.gitkeep
similarity index 100%
rename from ansible/roles/k8s-ha-api/files/.gitkeep
rename to ansible/roles/k8s-api-ha/files/.gitkeep
diff --git a/ansible/roles/k8s-ha-api/handlers/main.yml b/ansible/roles/k8s-api-ha/handlers/main.yml
similarity index 100%
rename from ansible/roles/k8s-ha-api/handlers/main.yml
rename to ansible/roles/k8s-api-ha/handlers/main.yml
diff --git a/ansible/roles/k8s-ha-api/tasks/main.yml b/ansible/roles/k8s-api-ha/tasks/main.yml
similarity index 100%
rename from ansible/roles/k8s-ha-api/tasks/main.yml
rename to ansible/roles/k8s-api-ha/tasks/main.yml
diff --git a/ansible/roles/k8s-ha-api/tasks/ping.yml b/ansible/roles/k8s-api-ha/tasks/ping.yml
similarity index 100%
rename from ansible/roles/k8s-ha-api/tasks/ping.yml
rename to ansible/roles/k8s-api-ha/tasks/ping.yml
diff --git a/ansible/roles/k8s-ha-api/templates/haproxy.cfg.j2 b/ansible/roles/k8s-api-ha/templates/haproxy.cfg.j2
similarity index 100%
rename from ansible/roles/k8s-ha-api/templates/haproxy.cfg.j2
rename to ansible/roles/k8s-api-ha/templates/haproxy.cfg.j2
diff --git a/ansible/roles/k8s-ha-api/templates/keepalived.conf.j2 b/ansible/roles/k8s-api-ha/templates/keepalived.conf.j2
similarity index 100%
rename from ansible/roles/k8s-ha-api/templates/keepalived.conf.j2
rename to ansible/roles/k8s-api-ha/templates/keepalived.conf.j2
diff --git a/ansible/roles/k8s-ha-api/vars/main.yml b/ansible/roles/k8s-api-ha/vars/main.yml
similarity index 91%
rename from ansible/roles/k8s-ha-api/vars/main.yml
rename to ansible/roles/k8s-api-ha/vars/main.yml
index 685cdcf..d71108b 100644
--- a/ansible/roles/k8s-ha-api/vars/main.yml
+++ b/ansible/roles/k8s-api-ha/vars/main.yml
@@ -10,6 +10,6 @@ haproxy_backend_server:
   - { backend_name: "k8s-cr02", backend_ip: "192.168.111.192", backend_port: "6443"}
   - { backend_name: "k8s-cr03", backend_ip: "192.168.111.193", backend_port: "6443"}
 
-keepalived_vip: "192.168.111.100/24"
+keepalived_vip: "192.168.111.190/24"
 keepalived_auth_pass: "1q2w3e4r"
 
diff --git a/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml b/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
index 56dc23e..d6865f1 100644
--- a/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
@@ -15,30 +15,71 @@
         group: root
         mode: '0644'
 
-
-    - name: Initialize Kubernetes control plane with kubeadm init
+    - name: Initialize Kubernetes control plane with kubeadm init ( !!! WAITING !!! )
       command: >
         kubeadm init
         --config /etc/kubernetes/kubeadm-kubelet-config.yaml
         --upload-certs
       register: k8s_init
 
+
+    - name: Ensure .kube directory exists.
+      file:
+        path: ~/.kube
+        state: directory
+        mode: 0755
+
+    - name: Symlink the kubectl admin.conf to ~/.kube/conf
+      file:
+        src: /etc/kubernetes/admin.conf
+        dest: ~/.kube/config
+        state: link
+        mode: 0644
+
+    - name: Configure Calico networking.
+      command: "kubectl apply -f  {{ k8s_calico_manifest_file }}"
+      register: calico_result
+
+    - name: Initialize Kubernetes control plane
+      command: kubeadm init --upload-certs
+      register: k8s_init
+      args:
+        creates: /etc/kubernetes/manifests/kube-apiserver.yaml
+
+    - name: Upload certs to get certificate key
+      command: kubeadm init phase upload-certs --upload-certs
+      register: certs_out
+
+    - name: Create new join token (worker)
+      command: kubeadm token create --print-join-command
+      register: join_cmd
+
+    - name: Extract join command base (without --control-plane)
+      set_fact:
+        join_command_base: "{{ join_cmd.stdout.split('--control-plane')[0] | default('') | trim }}"
+
+    - name: Extract certificate key
+      set_fact:
+        certificate_key: "{{ (certs_out.stdout_lines | last) | default('') | trim }}"
+
+    - name: Full control-plane join command
+      set_fact:
+        controlplane_join_cmd: "{{ join_command_base }} --control-plane --certificate-key {{ certificate_key }}"
+
+    - name: Full worker join command
+      set_fact:
+        worker_join_cmd: "{{ join_command_base }}"
+
+    - name: Show join commands
+      debug:
+        msg:
+          controlplane: "{{ controlplane_join_cmd }}"
+          worker: "{{ worker_join_cmd }}"
+
+
     when: hostvars[inventory_hostname].role_node == "control-first"
 
 
 
-  - name: Ensure .kube directory exists.
-    file:
-      path: ~/.kube
-      state: directory
-      mode: 0755
-
-  - name: Symlink the kubectl admin.conf to ~/.kube/conf.
-    file:
-      src: /etc/kubernetes/admin.conf
-      dest: ~/.kube/config
-      state: link
-      mode: 0644
-
-
   when: not k8s_init_stat.stat.exists
+#  when: k8s_init_stat.stat.exists
diff --git a/ansible/roles/k8s-deploy-cluster/vars/main.yml b/ansible/roles/k8s-deploy-cluster/vars/main.yml
index c980134..d0e5810 100644
--- a/ansible/roles/k8s-deploy-cluster/vars/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/vars/main.yml
@@ -21,3 +21,5 @@ k8s_clusterName: "k8s-cl01.k8s-test.local"
 k8s_dnsDomain: "k8s-cl01.local"
 k8s_podSubnet: "10.111.111.0/16"
 
+k8s_calico_manifest_file: "https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/calico.yaml"
+