Create and stated write role for deploy k8s cluster

2025-08-24 21:12:59 +03:00
parent 69638a9a69
commit d32a39b1f1
11 changed files with 188 additions and 0 deletions
--- a/ansible/roles/k8s-deploy-cluster/defaults/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/defaults/main.yml
@ -0,0 +1 @@
+---
--- a/ansible/roles/k8s-deploy-cluster/files/.gitkeep
+++ b/ansible/roles/k8s-deploy-cluster/files/.gitkeep
--- a/ansible/roles/k8s-deploy-cluster/handlers/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/handlers/main.yml
@ -0,0 +1,10 @@
+---
+
+- name: Reload_sysctl
+  command: sysctl --system
+
+- name: Restart_containerd
+  systemd:
+    name: containerd
+    enabled: yes
+    state: restarted
--- a/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
@ -0,0 +1,44 @@
+---
+
+- name: Check if Kubernetes has already been initialized.
+  stat:
+    path: /etc/kubernetes/admin.conf
+  register: k8s_init_stat
+
+- block:
+  - block:
+    - name: Create kubeadm-config.yaml
+      template:
+        src: kubeadm-config.yaml.j2
+        dest: "/etc/kubernetes/kubeadm-kubelet-config.yaml"
+        owner: root
+        group: root
+        mode: '0644'
+
+
+    - name: Initialize Kubernetes control plane with kubeadm init
+      command: >
+        kubeadm init
+        --config /etc/kubernetes/kubeadm-kubelet-config.yaml
+        --upload-certs
+      register: k8s_init
+
+    when: hostvars[inventory_hostname].role_node == "control-first"
+
+
+
+  - name: Ensure .kube directory exists.
+    file:
+      path: ~/.kube
+      state: directory
+      mode: 0755
+
+  - name: Symlink the kubectl admin.conf to ~/.kube/conf.
+    file:
+      src: /etc/kubernetes/admin.conf
+      dest: ~/.kube/config
+      state: link
+      mode: 0644
+
+
+  when: not k8s_init_stat.stat.exists
--- a/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml
@ -0,0 +1,79 @@
+---
+- name: Turn off swap
+  command: swapoff -a
+  when: ansible_swaptotal_mb > 0
+
+- name: Delete swap from /etc/fstab
+  replace:
+    path: /etc/fstab
+    regexp: '^\s*([^#\s]+\s+){2}swap\s+.*$'
+    replace: '# \1swap was disabled by Ansible'
+
+- name: Setup sysctl for k8s
+  copy:
+    dest: /etc/sysctl.d/k8s.conf
+    content: |
+      net.bridge.bridge-nf-call-iptables=1
+      net.ipv4.ip_forward=1
+      net.bridge.bridge-nf-call-ip6tables=1
+
+  notify: Reload_sysctl
+
+- name: Check if Kubernetes keyring already exists
+  stat:
+    path: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+  register: kube_keyring
+
+- name: Download Kubernetes apt GPG key
+  get_url:
+    url: "{{ k8s_apt_key_url }}"
+    dest: "/tmp/kubernetes-apt-keyring.key"
+  when: not kube_keyring.stat.exists
+
+- name: Convert Kubernetes key to GPG format
+  command: >
+    gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg /tmp/kubernetes-apt-keyring.key
+
+  args:
+    creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+  when: not kube_keyring.stat.exists
+
+
+- name: Add Kubernetes apt repository
+  apt_repository:
+    repo: "{{ k8s_repo_url }}"
+    filename: "kubernetes"
+    state: present
+
+- name: Run "apt update / upgrade"
+  apt:
+    upgrade: yes
+    update_cache: yes
+  retries: 10
+  delay: 30
+
+- name: Install k8s pkgs
+  apt:
+    pkg: "{{ k8s_pkg_list }}"
+    state: present
+
+- name: Configure containerd
+  shell: |
+    containerd config default > /etc/containerd/config.toml
+
+  args:
+    creates: /etc/containerd/config.toml
+
+- name: Ensure SystemdCgroup = true
+  replace:
+    path: /etc/containerd/config.toml
+    regexp: '^(\s*SystemdCgroup\s*=\s*)false'
+    replace: '\1true'
+  notify: Restart_containerd
+
+- name: Update pause image to 3.9
+  replace:
+    path: /etc/containerd/config.toml
+    regexp: 'registry.k8s.io/pause:3.6'
+    replace: 'registry.k8s.io/pause:3.9'
+  notify: Restart_containerd
--- a/ansible/roles/k8s-deploy-cluster/tasks/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/main.yml
@ -0,0 +1,10 @@
+---
+
+- block:
+
+#  - include_tasks: k8s-pre.yml
+  - include_tasks: k8s-control-plane-setup.yml
+
+
+
+  when: ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
--- a/ansible/roles/k8s-deploy-cluster/tasks/ping.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/ping.yml
@ -0,0 +1,4 @@
+---
+
+- name: ping
+  ping:
--- a/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2
+++ b/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2
@ -0,0 +1,10 @@
+---
+apiVersion: kubeadm.k8s.io/v1beta4
+kind: ClusterConfiguration
+caCertificateValidityPeriod: 87600h0m0s
+certificateValidityPeriod:   87600h0m0s
+clusterName: {{ k8s_clusterName }}
+controlPlaneEndpoint: {{ k8s_clusterApi }}
+networking:
+  podSubnet: {{ k8s_podSubnet }}
+  dnsDomain: {{ k8s_dnsDomain }}
--- a/ansible/roles/k8s-deploy-cluster/vars/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/vars/main.yml
@ -0,0 +1,23 @@
+---
+
+
+k8s_apt_key_url: "https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key"
+k8s_repo_url: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /"
+
+k8s_pkg_list:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - gnupg
+  - lsb-release
+  - containerd
+  - kubelet
+  - kubeadm
+  - kubectl
+
+
+k8s_clusterApi: "k8s-cl01-api.k8s-test.local:6443"
+k8s_clusterName: "k8s-cl01.k8s-test.local"
+k8s_dnsDomain: "k8s-cl01.local"
+k8s_podSubnet: "10.111.111.0/16"
+