2023-01-02 00:41:41 +01:00
---
- name : Install packages that allow apt to be used over HTTPS
become : true
vars :
packages :
- apt-transport-https
- ca-certificates
- curl
ansible.builtin.apt :
name : "{{ packages }}"
2023-01-11 21:04:00 +01:00
state : latest
2023-01-02 00:41:41 +01:00
update_cache : yes
2023-01-11 21:04:00 +01:00
cache_valid_time : 3600
2023-01-02 00:41:41 +01:00
- name : Setup Kubernetes repository
become : true
block :
- name : Add apt signing key for Google Cloud
ansible.builtin.get_url :
url : https://packages.cloud.google.com/apt/doc/apt-key.gpg
dest : /etc/apt/keyrings/kubernetes-archive-keyring.gpg
- name : Add Kubernetes repository
ansible.builtin.apt_repository :
repo : deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
state : present
2023-01-11 21:04:00 +01:00
- name : Update apt cache
ansible.builtin.apt :
update_cache : yes
- name : Get Kubernetes package version
ansible.builtin.shell : "apt-cache show kubeadm | grep -F 'Version: {{ k8s_version }}.' | cut -d' ' -f2 | sort -n | tail -n 1"
register : k8s_pkg_ver
2023-01-02 00:41:41 +01:00
- name : Setup Kubernetes packages
become : true
vars :
packages :
2023-01-11 21:04:00 +01:00
- kubelet={{ k8s_pkg_ver.stdout }}
- kubeadm={{ k8s_pkg_ver.stdout }}
- kubectl={{ k8s_pkg_ver.stdout }}
2023-01-02 00:41:41 +01:00
block :
- name : Install kubelet, kubeadm and kubectl
ansible.builtin.apt :
name : "{{ packages }}"
state : present
update_cache : yes
2023-01-11 21:04:00 +01:00
allow_downgrade : no
cache_valid_time : 3600
2023-01-02 00:41:41 +01:00
- name : Hold Kubernetes packages
loop : "{{ packages }}"
ansible.builtin.dpkg_selections :
name : "{{ item }}"
selection : hold
# Container runtime configuration
- name : Prepare for container runtime installation
become : true
vars :
mod_file : /etc/modules-load.d/k8s.conf
sysctl_file : /etc/sysctl.d/k8s.conf
block :
- name : Copy module config
ansible.builtin.copy :
src : "files{{ mod_file }}"
dest : "{{ mod_file }}"
- name : Load module
loop : "{{ lookup('file', 'files{{ mod_file }}').splitlines() }}"
community.general.modprobe :
name : "{{ item }}"
state : present
- name : Configure sysctl
ansible.posix.sysctl :
sysctl_file : "{{ sysctl_file }}"
name : "{{ item.name }}"
value : "{{ item.value }}"
state : present
reload : false
with_items :
- { name : "net.bridge.bridge-nf-call-iptables" , value : "1" }
- { name : "net.bridge.bridge-nf-call-ip6tables" , value : "1" }
- { name : "net.ipv4.ip_forward" , value : "1" }
- { name : "vm.swappiness" , value : "0" }
register : sysctl
- name : Reload sysctl
ansible.builtin.command : "sysctl --system"
when : sysctl.changed
- name : Setup CRI-O
become : true
vars :
2023-01-10 21:46:19 +01:00
os : xUbuntu_{{ ansible_distribution_version}}
2023-01-02 00:41:41 +01:00
key_dir : /usr/share/keyrings
keys :
{
"libcontainers" :
{
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key" ,
"name": "libcontainers-archive-keyring" ,
},
"libcontainers-crio" :
{
2023-01-10 21:46:19 +01:00
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/Release.key" ,
2023-01-02 00:41:41 +01:00
"name": "libcontainers-crio-archive-keyring" ,
},
}
repos :
- deb [signed-by={{ key_dir }}/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /
2023-01-10 21:46:19 +01:00
- deb [signed-by={{ key_dir }}/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/ /
2023-01-02 00:41:41 +01:00
block :
- name : Download signing keys
with_dict : "{{ keys }}"
ansible.builtin.get_url :
url : "{{ item.value['url'] }}"
dest : "/tmp/{{ item.value['name'] }}.key"
- name : Install signing keys
with_dict : "{{ keys }}"
ansible.builtin.command : "gpg --batch --yes --dearmor -o {{ key_dir }}/{{ item.value['name'] }}.gpg /tmp/{{ item.value['name'] }}.key"
- name : Add libcontainer repositories
loop : "{{ repos }}"
ansible.builtin.apt_repository :
repo : "{{ item }}"
state : present
- name : Install CRI-O
vars :
packages :
- cri-o
- cri-o-runc
ansible.builtin.apt :
name : "{{ packages }}"
state : present
update_cache : yes
- name : Start and enable crio
ansible.builtin.service :
name : crio
state : started
enabled : true