--- - name: Install packages that allow apt to be used over HTTPS become: true vars: packages: - apt-transport-https - ca-certificates - curl ansible.builtin.apt: name: "{{ packages }}" state: latest update_cache: yes cache_valid_time: 3600 - name: Setup Kubernetes repository become: true block: - name: Add apt signing key for Google Cloud ansible.builtin.get_url: url: https://packages.cloud.google.com/apt/doc/apt-key.gpg dest: /etc/apt/keyrings/kubernetes-archive-keyring.gpg - name: Add Kubernetes repository ansible.builtin.apt_repository: repo: deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main state: present - name: Update apt cache ansible.builtin.apt: update_cache: yes - name: Get Kubernetes package version ansible.builtin.shell: "apt-cache show kubeadm | grep -F 'Version: {{ k8s_version }}.' | cut -d' ' -f2 | sort -n | tail -n 1" register: k8s_pkg_ver - name: Setup Kubernetes packages become: true vars: packages: - kubelet={{ k8s_pkg_ver.stdout }} - kubeadm={{ k8s_pkg_ver.stdout }} - kubectl={{ k8s_pkg_ver.stdout }} block: - name: Install kubelet, kubeadm and kubectl ansible.builtin.apt: name: "{{ packages }}" state: present update_cache: yes allow_downgrade: no cache_valid_time: 3600 - name: Hold Kubernetes packages loop: "{{ packages }}" ansible.builtin.dpkg_selections: name: "{{ item }}" selection: hold # Container runtime configuration - name: Prepare for container runtime installation become: true vars: mod_file: /etc/modules-load.d/k8s.conf sysctl_file: /etc/sysctl.d/k8s.conf block: - name: Copy module config ansible.builtin.copy: src: "files{{ mod_file }}" dest: "{{ mod_file }}" - name: Load module loop: "{{ lookup('file', 'files{{ mod_file }}').splitlines() }}" community.general.modprobe: name: "{{ item }}" state: present - name: Configure sysctl ansible.posix.sysctl: sysctl_file: "{{ sysctl_file }}" name: "{{ item.name }}" value: "{{ item.value }}" state: present reload: false with_items: - { name: "net.bridge.bridge-nf-call-iptables", value: "1" } - { name: "net.bridge.bridge-nf-call-ip6tables", value: "1" } - { name: "net.ipv4.ip_forward", value: "1" } - { name: "vm.swappiness", value: "0" } register: sysctl - name: Reload sysctl ansible.builtin.command: "sysctl --system" when: sysctl.changed - name: Setup CRI-O become: true vars: os: xUbuntu_{{ ansible_distribution_version}} key_dir: /usr/share/keyrings keys: { "libcontainers": { "url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key", "name": "libcontainers-archive-keyring", }, "libcontainers-crio": { "url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/Release.key", "name": "libcontainers-crio-archive-keyring", }, } repos: - deb [signed-by={{ key_dir }}/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ / - deb [signed-by={{ key_dir }}/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/ / block: - name: Download signing keys with_dict: "{{ keys }}" ansible.builtin.get_url: url: "{{ item.value['url'] }}" dest: "/tmp/{{ item.value['name'] }}.key" - name: Install signing keys with_dict: "{{ keys }}" ansible.builtin.command: "gpg --batch --yes --dearmor -o {{ key_dir }}/{{ item.value['name'] }}.gpg /tmp/{{ item.value['name'] }}.key" - name: Add libcontainer repositories loop: "{{ repos }}" ansible.builtin.apt_repository: repo: "{{ item }}" state: present - name: Install CRI-O vars: packages: - cri-o - cri-o-runc ansible.builtin.apt: name: "{{ packages }}" state: present update_cache: yes - name: Start and enable crio ansible.builtin.service: name: crio state: started enabled: true