138 lines
4.1 KiB
YAML
138 lines
4.1 KiB
YAML
|
---
|
||
|
|
||
|
- name: Install packages that allow apt to be used over HTTPS
|
||
|
become: true
|
||
|
vars:
|
||
|
packages:
|
||
|
- apt-transport-https
|
||
|
- ca-certificates
|
||
|
- curl
|
||
|
ansible.builtin.apt:
|
||
|
name: "{{ packages }}"
|
||
|
state: present
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Setup Kubernetes repository
|
||
|
become: true
|
||
|
block:
|
||
|
- name: Add apt signing key for Google Cloud
|
||
|
ansible.builtin.get_url:
|
||
|
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
||
|
dest: /etc/apt/keyrings/kubernetes-archive-keyring.gpg
|
||
|
|
||
|
- name: Add Kubernetes repository
|
||
|
ansible.builtin.apt_repository:
|
||
|
repo: deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
|
||
|
state: present
|
||
|
|
||
|
- name: Setup Kubernetes packages
|
||
|
become: true
|
||
|
vars:
|
||
|
packages:
|
||
|
- kubelet
|
||
|
- kubeadm
|
||
|
- kubectl
|
||
|
block:
|
||
|
- name: Install kubelet, kubeadm and kubectl
|
||
|
ansible.builtin.apt:
|
||
|
name: "{{ packages }}"
|
||
|
state: present
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Hold Kubernetes packages
|
||
|
loop: "{{ packages }}"
|
||
|
ansible.builtin.dpkg_selections:
|
||
|
name: "{{ item }}"
|
||
|
selection: hold
|
||
|
|
||
|
# Container runtime configuration
|
||
|
- name: Prepare for container runtime installation
|
||
|
become: true
|
||
|
vars:
|
||
|
mod_file: /etc/modules-load.d/k8s.conf
|
||
|
sysctl_file: /etc/sysctl.d/k8s.conf
|
||
|
block:
|
||
|
- name: Copy module config
|
||
|
ansible.builtin.copy:
|
||
|
src: "files{{ mod_file }}"
|
||
|
dest: "{{ mod_file }}"
|
||
|
|
||
|
- name: Load module
|
||
|
loop: "{{ lookup('file', 'files{{ mod_file }}').splitlines() }}"
|
||
|
community.general.modprobe:
|
||
|
name: "{{ item }}"
|
||
|
state: present
|
||
|
|
||
|
- name: Configure sysctl
|
||
|
ansible.posix.sysctl:
|
||
|
sysctl_file: "{{ sysctl_file }}"
|
||
|
name: "{{ item.name }}"
|
||
|
value: "{{ item.value }}"
|
||
|
state: present
|
||
|
reload: false
|
||
|
with_items:
|
||
|
- { name: "net.bridge.bridge-nf-call-iptables", value: "1" }
|
||
|
- { name: "net.bridge.bridge-nf-call-ip6tables", value: "1" }
|
||
|
- { name: "net.ipv4.ip_forward", value: "1" }
|
||
|
- { name: "vm.swappiness", value: "0" }
|
||
|
register: sysctl
|
||
|
|
||
|
- name: Reload sysctl
|
||
|
ansible.builtin.command: "sysctl --system"
|
||
|
when: sysctl.changed
|
||
|
|
||
|
- name: Setup CRI-O
|
||
|
become: true
|
||
|
vars:
|
||
|
os: xUbuntu_22.04 # fetch this from os-release
|
||
|
version: 1.24
|
||
|
key_dir: /usr/share/keyrings
|
||
|
keys:
|
||
|
{
|
||
|
"libcontainers":
|
||
|
{
|
||
|
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key",
|
||
|
"name": "libcontainers-archive-keyring",
|
||
|
},
|
||
|
"libcontainers-crio":
|
||
|
{
|
||
|
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ version }}/{{ os }}/Release.key",
|
||
|
"name": "libcontainers-crio-archive-keyring",
|
||
|
},
|
||
|
}
|
||
|
repos:
|
||
|
- deb [signed-by={{ key_dir }}/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /
|
||
|
- deb [signed-by={{ key_dir }}/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ version }}/{{ os }}/ /
|
||
|
block:
|
||
|
- name: Download signing keys
|
||
|
with_dict: "{{ keys }}"
|
||
|
ansible.builtin.get_url:
|
||
|
url: "{{ item.value['url'] }}"
|
||
|
dest: "/tmp/{{ item.value['name'] }}.key"
|
||
|
|
||
|
- name: Install signing keys
|
||
|
with_dict: "{{ keys }}"
|
||
|
ansible.builtin.command: "gpg --batch --yes --dearmor -o {{ key_dir }}/{{ item.value['name'] }}.gpg /tmp/{{ item.value['name'] }}.key"
|
||
|
|
||
|
- name: Add libcontainer repositories
|
||
|
loop: "{{ repos }}"
|
||
|
ansible.builtin.apt_repository:
|
||
|
repo: "{{ item }}"
|
||
|
state: present
|
||
|
|
||
|
- name: Install CRI-O
|
||
|
vars:
|
||
|
packages:
|
||
|
- cri-o
|
||
|
- cri-o-runc
|
||
|
ansible.builtin.apt:
|
||
|
name: "{{ packages }}"
|
||
|
state: present
|
||
|
update_cache: yes
|
||
|
|
||
|
- name: Start and enable crio
|
||
|
ansible.builtin.service:
|
||
|
name: crio
|
||
|
state: started
|
||
|
enabled: true
|