Add existing work

.gitignore

@@ -0,0 +1 @@
+.vagrant

playbooks/kubernetes/Vagrantfile

@@ -0,0 +1,43 @@
+IMAGE_NAME = "bento/ubuntu-22.04"
+CONTROLPLANE_IP = "192.168.56.11"
+NODES = 1
+
+Vagrant.configure("2") do |config|
+    config.ssh.insert_key = false
+
+    config.vm.provider "virtualbox" do |v|
+        v.memory = 2048
+        v.cpus = 2
+    end
+
+    config.vm.define "controlplane" do |master|
+        master.vm.box = IMAGE_NAME
+        master.vm.network "private_network", ip: CONTROLPLANE_IP
+        master.vm.hostname = "controlplane"
+        master.vm.provision "ansible" do |ansible|
+            ansible.playbook = "playbook.yaml"
+            ansible.extra_vars = {
+                cluster_name: "gerar",
+                node_ip: CONTROLPLANE_IP,
+                is_controlplane: true,
+            }
+        end
+    end
+
+    (1..NODES).each do |i|
+        config.vm.define "node-#{i}" do |node|
+            node.vm.box = IMAGE_NAME
+            node.vm.network "private_network", ip: "192.168.56.#{20 + i}"
+            node.vm.hostname = "node-#{i}"
+            node.vm.provision "ansible" do |ansible|
+            ansible.playbook = "playbook.yaml"
+                ansible.extra_vars = {
+                    cluster_name: "gerar",
+                    node_ip: "192.168.56.#{20 + i}",
+                    controlplane_ip: CONTROLPLANE_IP,
+                    is_controlplane: false,
+                }
+            end
+        end
+    end
+end

playbooks/kubernetes/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+roles_path = ../../roles
+inventory  = ./inventory.yaml
+
+remote_tmp = $HOME/.ansible/tmp
+local_tmp  = $HOME/.ansible/tmp
+become = False
+host_key_checking = False
+deprecation_warnings = True

playbooks/kubernetes/group_vars/all.yml

@@ -0,0 +1,3 @@
+pod_network_cidr: "10.254.0.0/16"
+service_cidr: "10.255.0.0/16"
+kubeadmin_config: /etc/kubernetes/admin.conf

playbooks/kubernetes/inventory.yaml

@@ -0,0 +1,2 @@
+gerar:
+  hosts: []

playbooks/kubernetes/playbook.yaml

@@ -0,0 +1,25 @@
+---
+- hosts: all
+  gather_facts: yes
+  roles:
+    - include_role:
+      name: remove_swap
+    - include_role:
+      name: kubernetes/any
+    - include_role:
+      name: kubernetes/controlplane
+      when: is_controlplane
+    - include_role:
+      name: kubernetes/node
+      when: not is_controlplane
+
+# - hosts: controlplane
+#   gather_facts: yes
+#   become: yes
+#   tasks:
+#     - name: "MetalLB role"
+#       include_role:
+#         name: metallb
+#       when: "additional_features.metallb"
+#       run_once: yes
+#       tags: metallb

roles/kubernetes/any/files/etc/modules-load.d/k8s.conf

@@ -0,0 +1,2 @@
+overlay
+br_netfilter

roles/kubernetes/any/files/etc/sysctl.d/k8s.conf

@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-iptables  = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1

roles/kubernetes/any/tasks/main.yml

@@ -0,0 +1,137 @@
+---
+
+- name: Install packages that allow apt to be used over HTTPS
+  become: true
+  vars:
+    packages:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+  ansible.builtin.apt:
+    name: "{{ packages }}"
+    state: present
+    update_cache: yes
+
+- name: Setup Kubernetes repository
+  become: true
+  block:
+    - name: Add apt signing key for Google Cloud
+      ansible.builtin.get_url:
+        url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+        dest: /etc/apt/keyrings/kubernetes-archive-keyring.gpg
+
+    - name: Add Kubernetes repository
+      ansible.builtin.apt_repository:
+        repo: deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
+        state: present
+
+- name: Setup Kubernetes packages
+  become: true
+  vars:
+    packages:
+      - kubelet
+      - kubeadm
+      - kubectl
+  block:
+    - name: Install kubelet, kubeadm and kubectl
+      ansible.builtin.apt:
+        name: "{{ packages }}"
+        state: present
+        update_cache: yes
+
+    - name: Hold Kubernetes packages
+      loop: "{{ packages }}"
+      ansible.builtin.dpkg_selections:
+        name: "{{ item }}"
+        selection: hold
+
+# Container runtime configuration
+- name: Prepare for container runtime installation
+  become: true
+  vars:
+    mod_file: /etc/modules-load.d/k8s.conf
+    sysctl_file: /etc/sysctl.d/k8s.conf
+  block:
+    - name: Copy module config
+      ansible.builtin.copy:
+        src: "files{{ mod_file }}"
+        dest: "{{ mod_file }}"
+
+    - name: Load module
+      loop: "{{ lookup('file', 'files{{ mod_file }}').splitlines() }}"
+      community.general.modprobe:
+        name: "{{ item }}"
+        state: present
+
+    - name: Configure sysctl
+      ansible.posix.sysctl:
+        sysctl_file: "{{ sysctl_file }}"
+        name: "{{ item.name }}"
+        value: "{{ item.value }}"
+        state: present
+        reload: false
+      with_items:
+        - { name: "net.bridge.bridge-nf-call-iptables", value: "1" }
+        - { name: "net.bridge.bridge-nf-call-ip6tables", value: "1" }
+        - { name: "net.ipv4.ip_forward", value: "1" }
+        - { name: "vm.swappiness", value: "0" }
+      register: sysctl
+
+    - name: Reload sysctl
+      ansible.builtin.command: "sysctl --system"
+      when: sysctl.changed
+
+- name: Setup CRI-O
+  become: true
+  vars:
+    os: xUbuntu_22.04 # fetch this from os-release
+    version: 1.24
+    key_dir: /usr/share/keyrings
+    keys:
+      {
+        "libcontainers":
+          {
+            "url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key",
+            "name": "libcontainers-archive-keyring",
+          },
+        "libcontainers-crio":
+          {
+            "url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ version }}/{{ os }}/Release.key",
+            "name": "libcontainers-crio-archive-keyring",
+          },
+      }
+    repos:
+      - deb [signed-by={{ key_dir }}/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /
+      - deb [signed-by={{ key_dir }}/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ version }}/{{ os }}/ /
+  block:
+    - name: Download signing keys
+      with_dict: "{{ keys }}"
+      ansible.builtin.get_url:
+        url: "{{ item.value['url'] }}"
+        dest: "/tmp/{{ item.value['name'] }}.key"
+
+    - name: Install signing keys
+      with_dict: "{{ keys }}"
+      ansible.builtin.command: "gpg --batch --yes --dearmor -o {{ key_dir }}/{{ item.value['name'] }}.gpg /tmp/{{ item.value['name'] }}.key"
+
+    - name: Add libcontainer repositories
+      loop: "{{ repos }}"
+      ansible.builtin.apt_repository:
+        repo: "{{ item }}"
+        state: present
+
+    - name: Install CRI-O
+      vars:
+        packages:
+          - cri-o
+          - cri-o-runc
+      ansible.builtin.apt:
+        name: "{{ packages }}"
+        state: present
+        update_cache: yes
+
+    - name: Start and enable crio
+      ansible.builtin.service:
+        name: crio
+        state: started
+        enabled: true

roles/kubernetes/controlplane/files/calico/v3.24.5/custom-resources.yaml

@@ -0,0 +1,27 @@
+# This section includes base Calico installation configuration.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+    - blockSize: 26
+      cidr: 192.168.0.0/16
+      encapsulation: VXLANCrossSubnet
+      natOutgoing: Enabled
+      nodeSelector: all()
+
+---
+
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer 
+metadata: 
+  name: default 
+spec: {}
+

roles/kubernetes/controlplane/tasks/main.yml

@@ -0,0 +1,87 @@
+---
+- name: Setup Kubernetes control plane
+  block:
+    - name: Set cluster endpoint record
+      become: true
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        state: present
+        regexp: '^\d+\.\d+\.\d+\.\d+\ .*-cluster-endpoint$'
+        line: "127.0.0.1 {{ cluster_name }}-cluster-endpoint"
+
+    - name: Check if kubeadm has already run
+      become: true
+      ansible.builtin.stat:
+        path: "/etc/kubernetes/pki/ca.key"
+      register: kubeadm_ca
+
+    - name: Set up control plane
+      when: not kubeadm_ca.stat.exists
+      become: true
+      ansible.builtin.command: |
+        kubeadm init \
+          --service-cidr {{ service_cidr }} \
+          --pod-network-cidr {{ pod_network_cidr }} \
+          --control-plane-endpoint {{ cluster_name }}-cluster-endpoint \
+
+    - name: Create Kubernetes config directory
+      ansible.builtin.file:
+        path: ".kube/"
+        state: directory
+        owner: "{{ ansible_user | default(ansible_user_id) }}"
+        group: "{{ ansible_user | default(ansible_user_id) }}"
+
+    - name: Copy admin.conf to home
+      become: true
+      ansible.builtin.copy:
+        src: "{{ kubeadmin_config }}"
+        dest: "{{ ansible_env.HOME }}/.kube/config"
+        owner: "{{ ansible_user | default(ansible_user_id) }}"
+        group: "{{ ansible_user | default(ansible_user_id) }}"
+        mode: 0600
+        remote_src: true
+
+# Kubernetes module dependency installation
+- name: Install Kubernetes module dependencies
+  block:
+    - name: Install Pip3
+      become: true
+      vars:
+        packages:
+          - python3-pip
+      ansible.builtin.apt:
+        name: "{{ packages }}"
+        state: present
+        update_cache: yes
+
+    - name: Install Kubernetes module dependencies
+      ansible.builtin.pip:
+        name:
+          - kubernetes>12.0.0
+          - pyyaml>3.11
+          - jsonpatch
+
+# CNI plugin installation
+- name: Install CNI plugin
+  vars:
+    manifests:
+      - tigera-operator.yaml
+      - custom-resources.yaml
+  block:
+    - name: Copy Calico manifests
+      loop: "{{ manifests }}"
+      ansible.builtin.copy:
+        src: "files/calico/v3.24.5/{{ item }}"
+        dest: "/tmp/calico-{{ item }}"
+
+    - name: Update spec.calicoNetwork.ipPools.cidr
+      ansible.builtin.replace:
+        path: /tmp/calico-custom-resources.yaml
+        regexp: '192\.168\.0\.0\/16'
+        replace: "{{ pod_network_cidr }}"
+
+    - name: Apply Calico manifests
+      loop: "{{ manifests }}"
+      kubernetes.core.k8s:
+        src: /tmp/calico-{{ item }}
+        state: present

roles/kubernetes/node/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Join the cluster
+  block:
+    - name: Set cluster endpoint record
+      become: true
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        state: present
+        regexp: '^\d+\.\d+\.\d+\.\d+\ .*-cluster-endpoint$'
+        line: "{{ controlplane_ip }} {{ cluster_name }}-cluster-endpoint"
+
+    - name: Obtain join command from controlplane
+      ansible.builtin.command: "kubeadm token create --print-join-command"
+      when: inventory_hostname != "controlplane"
+      register: join_cmd
+      delegate_to: "{{ item }}"
+      delegate_facts: true
+      with_items: ["controlplane"]
+
+    - name: Execute join command
+      become: true
+      ansible.builtin.command: "{{ join_cmd.results[0].stdout }}"

roles/remove_swap/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Disable swap
+  block:
+    - name: Disable swap
+      become: true
+      ansible.builtin.command: "swapoff -a"
+      when: ansible_swaptotal_mb > 0
+
+    - name: Remove swap entry from fstab
+      become: true
+      mount:
+        name: "{{ item }}"
+        fstype: swap
+        state: absent
+      with_items:
+        - swap
+        - none