feat: up to final step

playbooks/install_k8s.yml

@@ -1,126 +1,126 @@
-# - name: Configure compute for the cluster.
-#   hosts: servers
-#   gather_facts: false
-#   vars:
-#     kubernetes_version: v1.30
-#   tasks:
-#     - name: Download Kubernetes key.
-#       ansible.builtin.apt_key:
-#         url: https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key
-#         state: present
+- name: Configure compute for the cluster.
+  hosts: servers
+  gather_facts: false
+  vars:
+    kubernetes_version: v1.30
+  tasks:
+    - name: Download Kubernetes key.
+      ansible.builtin.apt_key:
+        url: https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key
+        state: present
 
-#     - name: Download Kubernetes repository.
-#       ansible.builtin.apt_repository:
-#         repo: "deb https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /"
-#         state: present
+    - name: Download Kubernetes repository.
+      ansible.builtin.apt_repository:
+        repo: "deb https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /"
+        state: present
 
-#     - name: Download CRI-O key.
-#       ansible.builtin.apt_key:
-#         url: https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key
-#         state: present
+    - name: Download CRI-O key.
+      ansible.builtin.apt_key:
+        url: https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key
+        state: present
 
-#     - name: Download CRI-O repository.
-#       ansible.builtin.apt_repository:
-#         repo: "deb https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /"
-#         state: present
+    - name: Download CRI-O repository.
+      ansible.builtin.apt_repository:
+        repo: "deb https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /"
+        state: present
 
-#     - name: Download Helm key.
-#       ansible.builtin.apt_key:
-#         url: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
-#         state: present
+    - name: Download Helm key.
+      ansible.builtin.apt_key:
+        url: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
+        state: present
 
-#     - name: Download Helm repository.
-#       ansible.builtin.apt_repository:
-#         repo: "deb https://packages.buildkite.com/helm-linux/helm-debian/any/ any main"
-#         state: present
+    - name: Download Helm repository.
+      ansible.builtin.apt_repository:
+        repo: "deb https://packages.buildkite.com/helm-linux/helm-debian/any/ any main"
+        state: present
 
-#     - name: Install packages.
-#       ansible.builtin.apt:
-#         state: present
-#         update_cache: true
-#         name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm]
+    - name: Install packages.
+      ansible.builtin.apt:
+        state: present
+        update_cache: true
+        name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm]
 
-#     - name: Install Kubernetes Python packages.
-#       ansible.builtin.pip:
-#         name: [kubernetes, pyyaml]
-#         state: present
-#         break_system_packages: true
+    - name: Install Kubernetes Python packages.
+      ansible.builtin.pip:
+        name: [kubernetes, pyyaml]
+        state: present
+        break_system_packages: true
 
-#     - name: Enable IPv4 forwarding.
-#       ansible.posix.sysctl:
-#         name: net.ipv4.ip_forward
-#         value: '1'
-#         sysctl_set: true
-#       notify: Reboot the nodes.
+    - name: Enable IPv4 forwarding.
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: true
+      notify: Reboot the nodes.
 
-#     - name: Enable `br_netfilter` module.
-#       community.general.modprobe:
-#         name: br_netfilter
-#         state: present
-#       notify: Reboot the nodes.
+    - name: Enable `br_netfilter` module.
+      community.general.modprobe:
+        name: br_netfilter
+        state: present
+      notify: Reboot the nodes.
 
-#   handlers:
-#     - name: Reboot the nodes.
-#       ansible.builtin.reboot:
+  handlers:
+    - name: Reboot the nodes.
+      ansible.builtin.reboot:
 
-# - name: Spawn new cluster on control node.
-#   hosts: control
-#   gather_facts: false
-#   vars:
-#     config_template: ../templates/InitConfiguration.yml.jinja2
-#     config:
-#       bootstrap_token: "{{ secrets.bootstrap_token }}"
-#       node_ip: 10.0.2.11
-#       node_name: control
-#   vars_files:
-#     - ../vault.yml
-#   tasks:
-#     - name: Test for cluster.
-#       kubernetes.core.k8s_cluster_info:
-#       register: api_status
-#       ignore_errors: true
+- name: Spawn new cluster on control node.
+  hosts: control
+  gather_facts: false
+  vars:
+    config_template: ../templates/InitConfiguration.yml.jinja2
+    config:
+      bootstrap_token: "{{ secrets.bootstrap_token }}"
+      node_ip: 10.0.2.11
+      node_name: control
+  vars_files:
+    - ../vault.yml
+  tasks:
+    - name: Test for cluster.
+      kubernetes.core.k8s_cluster_info:
+      register: api_status
+      ignore_errors: true
 
-#     - name: Copy configuration over.
-#       ansible.builtin.template:
-#         src: "{{ config_template }}"
-#         dest: InitConfiguration.yml
-#         mode: preserve
-#       when: "api_status.failed"
+    - name: Copy configuration over.
+      ansible.builtin.template:
+        src: "{{ config_template }}"
+        dest: InitConfiguration.yml
+        mode: preserve
+      when: "api_status.failed"
 
-#     - name: Initialize cluster.
-#       ansible.builtin.command:
-#         kubeadm init --config InitConfiguration.yml
-#       changed_when: true
-#       when: "api_status.failed"
+    - name: Initialize cluster.
+      ansible.builtin.command:
+        kubeadm init --config InitConfiguration.yml
+      changed_when: true
+      when: "api_status.failed"
 
-#     - name: Apply the Kubernetes config to the shell.
-#       ansible.builtin.lineinfile:
-#         path: /etc/environment
-#         line: 'KUBECONFIG=/etc/kubernetes/admin.conf'
-#       when: "api_status.failed"
+    - name: Apply the Kubernetes config to the shell.
+      ansible.builtin.lineinfile:
+        path: /etc/environment
+        line: 'KUBECONFIG=/etc/kubernetes/admin.conf'
+      when: "api_status.failed"
 
-# - name: Join worker nodes to cluster.
-#   hosts: [node-a, node-b]
-#   vars:
-#     join_template: ../templates/JoinConfiguration.yml.jinja2
-#     join_control_ip: 10.0.2.11
-#     join_bootstrap_token: "{{ secrets.bootstrap_token }}"
-#   vars_files:
-#     - ../vault.yml
-#   tasks:
-#     - name: Copy join configuration over.
-#       vars:
-#         join_worker_ip: "{{ ansible_default_ipv4.address }}"
-#         join_worker_name: "{{ ansible_hostname }}"
-#       ansible.builtin.template:
-#         src: "{{ join_template }}"
-#         dest: JoinConfiguration.yml
-#         mode: preserve
+- name: Join worker nodes to cluster.
+  hosts: [node-a, node-b]
+  vars:
+    join_template: ../templates/JoinConfiguration.yml.jinja2
+    join_control_ip: 10.0.2.11
+    join_bootstrap_token: "{{ secrets.bootstrap_token }}"
+  vars_files:
+    - ../vault.yml
+  tasks:
+    - name: Copy join configuration over.
+      vars:
+        join_worker_ip: "{{ ansible_default_ipv4.address }}"
+        join_worker_name: "{{ ansible_hostname }}"
+      ansible.builtin.template:
+        src: "{{ join_template }}"
+        dest: JoinConfiguration.yml
+        mode: preserve
 
-#     - name: Join the nodes.
-#       ansible.builtin.command:
-#         kubeadm join --config JoinConfiguration.yml
-#       changed_when: true
+    - name: Join the nodes.
+      ansible.builtin.command:
+        kubeadm join --config JoinConfiguration.yml
+      changed_when: true
 
 - name: Install CNI.
   gather_facts: false
@@ -157,15 +157,12 @@
           podCidr: 10.244.0.0/16
         state: present
 
-    - name: >
-        Patch CoreDNS deployment so it still runs, even though the nodes don't
-        have a external provider yet installed.
-      kubernetes.core.k8s:
+    - name: Patch CoreDNS deployment.
+      kubernetes.core.k8s_json_patch:
         name: coredns
         namespace: kube-system
         kind: Deployment
-        state: present
-        definition:
+        patch:
           - op: add
             path: /spec/template/spec/tolerations/-
             value:
@@ -194,5 +191,19 @@
             namespace: kube-system
           type: Opaque
           data:
-            token: "{{ secrets.hcloud_token }}"
-            network: "{{ private_network_id.value }}"
+            token: "{{ secrets.hcloud_token | b64encode }}"
+            network: "{{ private_network_id.value | b64encode }}"
+
+    - name: Add Cloud Controller repository.
+      kubernetes.core.helm_repository:
+        name: hcloud
+        url: https://charts.hetzner.cloud
+        state: present
+
+    - name: Install it.
+      kubernetes.core.helm:
+        name: hccm
+        chart_ref: hcloud/hcloud-cloud-controller-manager
+        namespace: kube-system
+        state: present
+        update_repo_cache: true