Create and stated write role for deploy k8s cluster

2025-08-24 21:12:59 +03:00
parent 69638a9a69
commit d32a39b1f1
11 changed files with 188 additions and 0 deletions
--- a/ansible/playbooks/k8s-deploy-cluster.yml
+++ b/ansible/playbooks/k8s-deploy-cluster.yml
@ -0,0 +1,7 @@
 ---
 - hosts: "{{ hosts_target }}"
  become: true
  gather_facts: true
  roles:
    - k8s-deploy-cluster
--- a/ansible/playbooks/k8s-ha-api.yaml
+++ b/ansible/playbooks/k8s-ha-api.yaml
--- a/ansible/roles/k8s-deploy-cluster/defaults/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/defaults/main.yml
@ -0,0 +1 @@
 ---
--- a/ansible/roles/k8s-deploy-cluster/files/.gitkeep
+++ b/ansible/roles/k8s-deploy-cluster/files/.gitkeep
--- a/ansible/roles/k8s-deploy-cluster/handlers/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/handlers/main.yml
@ -0,0 +1,10 @@
 ---
 - name: Reload_sysctl
  command: sysctl --system
 - name: Restart_containerd
  systemd:
    name: containerd
    enabled: yes
    state: restarted
--- a/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-control-plane-setup.yml
@ -0,0 +1,44 @@
 ---
 - name: Check if Kubernetes has already been initialized.
  stat:
    path: /etc/kubernetes/admin.conf
  register: k8s_init_stat
 - block:
  - block:
    - name: Create kubeadm-config.yaml
      template:
        src: kubeadm-config.yaml.j2
        dest: "/etc/kubernetes/kubeadm-kubelet-config.yaml"
        owner: root
        group: root
        mode: '0644'
    - name: Initialize Kubernetes control plane with kubeadm init
      command: >
        kubeadm init
        --config /etc/kubernetes/kubeadm-kubelet-config.yaml
        --upload-certs
      register: k8s_init
    when: hostvars[inventory_hostname].role_node == "control-first"
  - name: Ensure .kube directory exists.
    file:
      path: ~/.kube
      state: directory
      mode: 0755
  - name: Symlink the kubectl admin.conf to ~/.kube/conf.
    file:
      src: /etc/kubernetes/admin.conf
      dest: ~/.kube/config
      state: link
      mode: 0644
  when: not k8s_init_stat.stat.exists
--- a/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/k8s-pre.yml
@ -0,0 +1,79 @@
 ---
 - name: Turn off swap
  command: swapoff -a
  when: ansible_swaptotal_mb > 0
 - name: Delete swap from /etc/fstab
  replace:
    path: /etc/fstab
    regexp: '^\s*([^#\s]+\s+){2}swap\s+.*$'
    replace: '# \1swap was disabled by Ansible'
 - name: Setup sysctl for k8s
  copy:
    dest: /etc/sysctl.d/k8s.conf
    content: |
      net.bridge.bridge-nf-call-iptables=1
      net.ipv4.ip_forward=1
      net.bridge.bridge-nf-call-ip6tables=1
  notify: Reload_sysctl
 - name: Check if Kubernetes keyring already exists
  stat:
    path: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
  register: kube_keyring
 - name: Download Kubernetes apt GPG key
  get_url:
    url: "{{ k8s_apt_key_url }}"
    dest: "/tmp/kubernetes-apt-keyring.key"
  when: not kube_keyring.stat.exists
 - name: Convert Kubernetes key to GPG format
  command: >
    gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg /tmp/kubernetes-apt-keyring.key
  args:
    creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
  when: not kube_keyring.stat.exists
 - name: Add Kubernetes apt repository
  apt_repository:
    repo: "{{ k8s_repo_url }}"
    filename: "kubernetes"
    state: present
 - name: Run "apt update / upgrade"
  apt:
    upgrade: yes
    update_cache: yes
  retries: 10
  delay: 30
 - name: Install k8s pkgs
  apt:
    pkg: "{{ k8s_pkg_list }}"
    state: present
 - name: Configure containerd
  shell: |
    containerd config default > /etc/containerd/config.toml
  args:
    creates: /etc/containerd/config.toml
 - name: Ensure SystemdCgroup = true
  replace:
    path: /etc/containerd/config.toml
    regexp: '^(\s*SystemdCgroup\s*=\s*)false'
    replace: '\1true'
  notify: Restart_containerd
 - name: Update pause image to 3.9
  replace:
    path: /etc/containerd/config.toml
    regexp: 'registry.k8s.io/pause:3.6'
    replace: 'registry.k8s.io/pause:3.9'
  notify: Restart_containerd
--- a/ansible/roles/k8s-deploy-cluster/tasks/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/main.yml
@ -0,0 +1,10 @@
 ---
 - block:
 #  - include_tasks: k8s-pre.yml
  - include_tasks: k8s-control-plane-setup.yml
  when: ansible_distribution == "Debian" and ansible_distribution_major_version == "12"
--- a/ansible/roles/k8s-deploy-cluster/tasks/ping.yml
+++ b/ansible/roles/k8s-deploy-cluster/tasks/ping.yml
@ -0,0 +1,4 @@
 ---
 - name: ping
  ping:
--- a/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2
+++ b/ansible/roles/k8s-deploy-cluster/templates/kubeadm-config.yaml.j2
@ -0,0 +1,10 @@
 ---
 apiVersion: kubeadm.k8s.io/v1beta4
 kind: ClusterConfiguration
 caCertificateValidityPeriod: 87600h0m0s
 certificateValidityPeriod:   87600h0m0s
 clusterName: {{ k8s_clusterName }}
 controlPlaneEndpoint: {{ k8s_clusterApi }}
 networking:
  podSubnet: {{ k8s_podSubnet }}
  dnsDomain: {{ k8s_dnsDomain }}
--- a/ansible/roles/k8s-deploy-cluster/vars/main.yml
+++ b/ansible/roles/k8s-deploy-cluster/vars/main.yml
@ -0,0 +1,23 @@
 ---
 k8s_apt_key_url: "https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key"
 k8s_repo_url: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /"
 k8s_pkg_list:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release
  - containerd
  - kubelet
  - kubeadm
  - kubectl
 k8s_clusterApi: "k8s-cl01-api.k8s-test.local:6443"
 k8s_clusterName: "k8s-cl01.k8s-test.local"
 k8s_dnsDomain: "k8s-cl01.local"
 k8s_podSubnet: "10.111.111.0/16"