init
This commit is contained in:
Hrankin, Aleksandr (contracted)
172
ansible/roles/k8s/install/02_common/tasks/main.yml
Normal file
172
ansible/roles/k8s/install/02_common/tasks/main.yml
Normal file
@@ -0,0 +1,172 @@
|
||||
# roles/k8s/k8scommon/tasks/main.yml
|
||||
---
|
||||
# === 1. Обновление пакетов и базовые утилиты ===
|
||||
- name: Install base packages
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
- gnupg
|
||||
- lsb-release
|
||||
state: present
|
||||
|
||||
# === 2. Отключить swap ===
|
||||
- name: Disable swap immediately
|
||||
ansible.builtin.command: swapoff -a
|
||||
changed_when: false
|
||||
|
||||
- name: Backup fstab
|
||||
ansible.builtin.copy:
|
||||
src: /etc/fstab
|
||||
dest: /etc/fstab.bak
|
||||
remote_src: yes
|
||||
force: no
|
||||
|
||||
- name: Comment out swap entries in fstab
|
||||
ansible.builtin.replace:
|
||||
path: /etc/fstab
|
||||
regexp: '^\s*([^#].*\s+swap\s+.*)$'
|
||||
replace: '# \1'
|
||||
|
||||
# === 3. Модули ядра ===
|
||||
- name: Write kernel modules config for Kubernetes
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/modules-load.d/k8s.conf
|
||||
content: |
|
||||
overlay
|
||||
br_netfilter
|
||||
|
||||
- name: Load overlay module
|
||||
ansible.builtin.command: modprobe overlay
|
||||
changed_when: false
|
||||
|
||||
- name: Load br_netfilter module
|
||||
ansible.builtin.command: modprobe br_netfilter
|
||||
changed_when: false
|
||||
|
||||
# === 4. sysctl для Kubernetes / containerd ===
|
||||
- name: Configure Kubernetes sysctl params
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/sysctl.d/99-kubernetes-cri.conf
|
||||
content: |
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.ipv4.ip_forward = 1
|
||||
|
||||
- name: Apply sysctl settings
|
||||
ansible.builtin.command: sysctl --system
|
||||
changed_when: false
|
||||
|
||||
# === 5. Установить containerd ===
|
||||
- name: Install containerd
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
name: containerd
|
||||
state: present
|
||||
|
||||
- name: Ensure containerd config directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/containerd
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
# ВАЖНО: всегда пересоздаём config.toml, как в manual script
|
||||
- name: Generate default containerd config (overwrite)
|
||||
ansible.builtin.shell: |
|
||||
set -o errexit
|
||||
containerd config default > /etc/containerd/config.toml
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: Enable SystemdCgroup in containerd config
|
||||
ansible.builtin.replace:
|
||||
path: /etc/containerd/config.toml
|
||||
regexp: 'SystemdCgroup = false'
|
||||
replace: 'SystemdCgroup = true'
|
||||
|
||||
- name: Set correct CNI bin_dir in containerd config
|
||||
ansible.builtin.replace:
|
||||
path: /etc/containerd/config.toml
|
||||
regexp: 'bin_dir = .*'
|
||||
replace: 'bin_dir = "/opt/cni/bin"'
|
||||
|
||||
- name: Set correct CNI conf_dir in containerd config
|
||||
ansible.builtin.replace:
|
||||
path: /etc/containerd/config.toml
|
||||
regexp: 'conf_dir = .*'
|
||||
replace: 'conf_dir = "/etc/cni/net.d"'
|
||||
|
||||
- name: Enable and restart containerd
|
||||
ansible.builtin.systemd:
|
||||
name: containerd
|
||||
enabled: true
|
||||
state: restarted
|
||||
|
||||
# === 6. Подготовить директории для CNI ===
|
||||
- name: Ensure CNI directories exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
loop:
|
||||
- /opt/cni/bin
|
||||
- /etc/cni/net.d
|
||||
|
||||
# /usr/lib/cni → /opt/cni/bin, только если /usr/lib/cni не существует
|
||||
- name: Check if /usr/lib/cni exists
|
||||
ansible.builtin.stat:
|
||||
path: /usr/lib/cni
|
||||
register: cni_usr_lib
|
||||
|
||||
- name: Create symlink /usr/lib/cni -> /opt/cni/bin (if not exists)
|
||||
ansible.builtin.file:
|
||||
src: /opt/cni/bin
|
||||
dest: /usr/lib/cni
|
||||
state: link
|
||||
when: not cni_usr_lib.stat.exists
|
||||
|
||||
# === 7. Репозиторий Kubernetes v1.34 ===
|
||||
- name: Ensure apt keyrings directory exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/keyrings
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Download Kubernetes repo key
|
||||
ansible.builtin.shell: |
|
||||
set -o errexit
|
||||
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.34/deb/Release.key \
|
||||
| gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
||||
args:
|
||||
executable: /bin/bash
|
||||
creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
||||
|
||||
- name: Add Kubernetes apt repository
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/apt/sources.list.d/kubernetes.list
|
||||
content: |
|
||||
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.34/deb/ /
|
||||
|
||||
- name: Update apt cache after adding Kubernetes repo
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
|
||||
# === 8. Установить kubelet, kubeadm, kubectl и зафиксировать версии ===
|
||||
- name: Install kubelet, kubeadm, kubectl
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- kubelet
|
||||
- kubeadm
|
||||
- kubectl
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Hold Kubernetes packages
|
||||
ansible.builtin.command: apt-mark hold kubelet kubeadm kubectl
|
||||
register: hold_result
|
||||
changed_when: >-
|
||||
'hold' in hold_result.stdout
|
||||
or 'marked' in hold_result.stdout
|
||||
or hold_result.rc == 0
|
||||
Reference in New Issue
Block a user