From d32a39b1f13504254508620a539849bbc53d8b89 Mon Sep 17 00:00:00 2001 From: Sergei Bobkov Date: Sun, 24 Aug 2025 21:12:59 +0300 Subject: [PATCH] Create and stated write role for deploy k8s cluster --- ansible/playbooks/k8s-deploy-cluster.yml | 7 ++ .../{k8s-ha-api.yaml => k8s-ha-api.yml} | 0 .../k8s-deploy-cluster/defaults/main.yml | 1 + .../roles/k8s-deploy-cluster/files/.gitkeep | 0 .../k8s-deploy-cluster/handlers/main.yml | 10 +++ .../tasks/k8s-control-plane-setup.yml | 44 +++++++++++ .../k8s-deploy-cluster/tasks/k8s-pre.yml | 79 +++++++++++++++++++ .../roles/k8s-deploy-cluster/tasks/main.yml | 10 +++ .../roles/k8s-deploy-cluster/tasks/ping.yml | 4 + .../templates/kubeadm-config.yaml.j2 | 10 +++ .../roles/k8s-deploy-cluster/vars/main.yml | 23 ++++++ 11 files changed, 188 insertions(+) create mode 100644 ansible/playbooks/k8s-deploy-cluster.yml rename ansible/playbooks/{k8s-ha-api.yaml => k8s-ha-api.yml} (100%) create mode 100644 ansible/roles/k8s-deploy-cluster/defaults/main.yml create mode 100644 ansible/roles/k8s-deploy-cluster/files/.gitkeep create mode 100644 ansible/roles/k8s-deploy-cluster/handlers/main.yml create mode 100644 ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml create mode 100644 ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml create mode 100644 ansible/roles/k8s-deploy-cluster/tasks/main.yml create mode 100644 ansible/roles/k8s-deploy-cluster/tasks/ping.yml create mode 100644 ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2 create mode 100644 ansible/roles/k8s-deploy-cluster/vars/main.yml diff --git a/ansible/playbooks/k8s-deploy-cluster.yml b/ansible/playbooks/k8s-deploy-cluster.yml new file mode 100644 index 0000000..12ee293 --- /dev/null +++ b/ansible/playbooks/k8s-deploy-cluster.yml @@ -0,0 +1,7 @@ +--- + +- hosts: "{{ hosts_target }}" + become: true + gather_facts: true + roles: + - k8s-deploy-cluster diff --git a/ansible/playbooks/k8s-ha-api.yaml b/ansible/playbooks/k8s-ha-api.yml similarity index 100% rename from ansible/playbooks/k8s-ha-api.yaml rename to ansible/playbooks/k8s-ha-api.yml diff --git a/ansible/roles/k8s-deploy-cluster/defaults/main.yml b/ansible/roles/k8s-deploy-cluster/defaults/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/k8s-deploy-cluster/files/.gitkeep b/ansible/roles/k8s-deploy-cluster/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/k8s-deploy-cluster/handlers/main.yml b/ansible/roles/k8s-deploy-cluster/handlers/main.yml new file mode 100644 index 0000000..8cc5473 --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/handlers/main.yml @@ -0,0 +1,10 @@ +--- + +- name: Reload_sysctl + command: sysctl --system + +- name: Restart_containerd + systemd: + name: containerd + enabled: yes + state: restarted diff --git a/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml b/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml new file mode 100644 index 0000000..56dc23e --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml @@ -0,0 +1,44 @@ +--- + +- name: Check if Kubernetes has already been initialized. + stat: + path: /etc/kubernetes/admin.conf + register: k8s_init_stat + +- block: + - block: + - name: Create kubeadm-config.yaml + template: + src: kubeadm-config.yaml.j2 + dest: "/etc/kubernetes/kubeadm-kubelet-config.yaml" + owner: root + group: root + mode: '0644' + + + - name: Initialize Kubernetes control plane with kubeadm init + command: > + kubeadm init + --config /etc/kubernetes/kubeadm-kubelet-config.yaml + --upload-certs + register: k8s_init + + when: hostvars[inventory_hostname].role_node == "control-first" + + + + - name: Ensure .kube directory exists. + file: + path: ~/.kube + state: directory + mode: 0755 + + - name: Symlink the kubectl admin.conf to ~/.kube/conf. + file: + src: /etc/kubernetes/admin.conf + dest: ~/.kube/config + state: link + mode: 0644 + + + when: not k8s_init_stat.stat.exists diff --git a/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml b/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml new file mode 100644 index 0000000..9a42129 --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml @@ -0,0 +1,79 @@ +--- +- name: Turn off swap + command: swapoff -a + when: ansible_swaptotal_mb > 0 + +- name: Delete swap from /etc/fstab + replace: + path: /etc/fstab + regexp: '^\s*([^#\s]+\s+){2}swap\s+.*$' + replace: '# \1swap was disabled by Ansible' + +- name: Setup sysctl for k8s + copy: + dest: /etc/sysctl.d/k8s.conf + content: | + net.bridge.bridge-nf-call-iptables=1 + net.ipv4.ip_forward=1 + net.bridge.bridge-nf-call-ip6tables=1 + + notify: Reload_sysctl + +- name: Check if Kubernetes keyring already exists + stat: + path: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + register: kube_keyring + +- name: Download Kubernetes apt GPG key + get_url: + url: "{{ k8s_apt_key_url }}" + dest: "/tmp/kubernetes-apt-keyring.key" + when: not kube_keyring.stat.exists + +- name: Convert Kubernetes key to GPG format + command: > + gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg /tmp/kubernetes-apt-keyring.key + + args: + creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + when: not kube_keyring.stat.exists + + +- name: Add Kubernetes apt repository + apt_repository: + repo: "{{ k8s_repo_url }}" + filename: "kubernetes" + state: present + +- name: Run "apt update / upgrade" + apt: + upgrade: yes + update_cache: yes + retries: 10 + delay: 30 + +- name: Install k8s pkgs + apt: + pkg: "{{ k8s_pkg_list }}" + state: present + +- name: Configure containerd + shell: | + containerd config default > /etc/containerd/config.toml + + args: + creates: /etc/containerd/config.toml + +- name: Ensure SystemdCgroup = true + replace: + path: /etc/containerd/config.toml + regexp: '^(\s*SystemdCgroup\s*=\s*)false' + replace: '\1true' + notify: Restart_containerd + +- name: Update pause image to 3.9 + replace: + path: /etc/containerd/config.toml + regexp: 'registry.k8s.io/pause:3.6' + replace: 'registry.k8s.io/pause:3.9' + notify: Restart_containerd diff --git a/ansible/roles/k8s-deploy-cluster/tasks/main.yml b/ansible/roles/k8s-deploy-cluster/tasks/main.yml new file mode 100644 index 0000000..3000d21 --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- block: + +# - include_tasks: k8s-pre.yml + - include_tasks: k8s-control-plane-setup.yml + + + + when: ansible_distribution == "Debian" and ansible_distribution_major_version == "12" diff --git a/ansible/roles/k8s-deploy-cluster/tasks/ping.yml b/ansible/roles/k8s-deploy-cluster/tasks/ping.yml new file mode 100644 index 0000000..6529d9b --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/tasks/ping.yml @@ -0,0 +1,4 @@ +--- + +- name: ping + ping: diff --git a/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2 b/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2 new file mode 100644 index 0000000..1ff423a --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: kubeadm.k8s.io/v1beta4 +kind: ClusterConfiguration +caCertificateValidityPeriod: 87600h0m0s +certificateValidityPeriod: 87600h0m0s +clusterName: {{ k8s_clusterName }} +controlPlaneEndpoint: {{ k8s_clusterApi }} +networking: + podSubnet: {{ k8s_podSubnet }} + dnsDomain: {{ k8s_dnsDomain }} diff --git a/ansible/roles/k8s-deploy-cluster/vars/main.yml b/ansible/roles/k8s-deploy-cluster/vars/main.yml new file mode 100644 index 0000000..c980134 --- /dev/null +++ b/ansible/roles/k8s-deploy-cluster/vars/main.yml @@ -0,0 +1,23 @@ +--- + + +k8s_apt_key_url: "https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key" +k8s_repo_url: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /" + +k8s_pkg_list: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + - containerd + - kubelet + - kubeadm + - kubectl + + +k8s_clusterApi: "k8s-cl01-api.k8s-test.local:6443" +k8s_clusterName: "k8s-cl01.k8s-test.local" +k8s_dnsDomain: "k8s-cl01.local" +k8s_podSubnet: "10.111.111.0/16" +