JILITS
/
ansible
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible/roles/kubernetes/any/tasks/main.yml

148 lines
4.5 KiB
YAML
Raw Blame History

---
- name: Install packages that allow apt to be used over HTTPS
become: true
vars:
packages:
- apt-transport-https
- ca-certificates
- curl
ansible.builtin.apt:
name: "{{ packages }}"
state: latest
update_cache: yes
cache_valid_time: 3600
- name: Setup Kubernetes repository
become: true
block:
- name: Add apt signing key for Google Cloud
ansible.builtin.get_url:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
dest: /etc/apt/keyrings/kubernetes-archive-keyring.gpg
- name: Add Kubernetes repository
ansible.builtin.apt_repository:
repo: deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
state: present
- name: Update apt cache
ansible.builtin.apt:
update_cache: yes
- name: Get Kubernetes package version
ansible.builtin.shell: "apt-cache show kubeadm | grep -F 'Version: {{ k8s_version }}.' | cut -d' ' -f2 | sort -n | tail -n 1"
register: k8s_pkg_ver
- name: Setup Kubernetes packages
become: true
vars:
packages:
- kubelet={{ k8s_pkg_ver.stdout }}
- kubeadm={{ k8s_pkg_ver.stdout }}
- kubectl={{ k8s_pkg_ver.stdout }}
block:
- name: Install kubelet, kubeadm and kubectl
ansible.builtin.apt:
name: "{{ packages }}"
state: present
update_cache: yes
allow_downgrade: no
cache_valid_time: 3600
- name: Hold Kubernetes packages
loop: "{{ packages }}"
ansible.builtin.dpkg_selections:
name: "{{ item }}"
selection: hold
# Container runtime configuration
- name: Prepare for container runtime installation
become: true
vars:
mod_file: /etc/modules-load.d/k8s.conf
sysctl_file: /etc/sysctl.d/k8s.conf
block:
- name: Copy module config
ansible.builtin.copy:
src: "files{{ mod_file }}"
dest: "{{ mod_file }}"
- name: Load module
loop: "{{ lookup('file', 'files{{ mod_file }}').splitlines() }}"
community.general.modprobe:
name: "{{ item }}"
state: present
- name: Configure sysctl
ansible.posix.sysctl:
sysctl_file: "{{ sysctl_file }}"
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: false
with_items:
- { name: "net.bridge.bridge-nf-call-iptables", value: "1" }
- { name: "net.bridge.bridge-nf-call-ip6tables", value: "1" }
- { name: "net.ipv4.ip_forward", value: "1" }
- { name: "vm.swappiness", value: "0" }
register: sysctl
- name: Reload sysctl
ansible.builtin.command: "sysctl --system"
when: sysctl.changed
- name: Setup CRI-O
become: true
vars:
os: xUbuntu_{{ ansible_distribution_version}}
key_dir: /usr/share/keyrings
keys:
{
"libcontainers":
{
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key",
"name": "libcontainers-archive-keyring",
},
"libcontainers-crio":
{
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/Release.key",
"name": "libcontainers-crio-archive-keyring",
},
}
repos:
- deb [signed-by={{ key_dir }}/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /
- deb [signed-by={{ key_dir }}/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/ /
block:
- name: Download signing keys
with_dict: "{{ keys }}"
ansible.builtin.get_url:
url: "{{ item.value['url'] }}"
dest: "/tmp/{{ item.value['name'] }}.key"
- name: Install signing keys
with_dict: "{{ keys }}"
ansible.builtin.command: "gpg --batch --yes --dearmor -o {{ key_dir }}/{{ item.value['name'] }}.gpg /tmp/{{ item.value['name'] }}.key"
- name: Add libcontainer repositories
loop: "{{ repos }}"
ansible.builtin.apt_repository:
repo: "{{ item }}"
state: present
- name: Install CRI-O
vars:
packages:
- cri-o
- cri-o-runc
ansible.builtin.apt:
name: "{{ packages }}"
state: present
update_cache: yes
- name: Start and enable crio
ansible.builtin.service:
name: crio
state: started
enabled: true
Reference in New Issue View Git Blame Copy Permalink