feat: up to hetzner cloud controller creation

playbooks/install_k8s.yml

@@ -0,0 +1,198 @@
+# - name: Configure compute for the cluster.
+#   hosts: servers
+#   gather_facts: false
+#   vars:
+#     kubernetes_version: v1.30
+#   tasks:
+#     - name: Download Kubernetes key.
+#       ansible.builtin.apt_key:
+#         url: https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key
+#         state: present
+
+#     - name: Download Kubernetes repository.
+#       ansible.builtin.apt_repository:
+#         repo: "deb https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /"
+#         state: present
+
+#     - name: Download CRI-O key.
+#       ansible.builtin.apt_key:
+#         url: https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key
+#         state: present
+
+#     - name: Download CRI-O repository.
+#       ansible.builtin.apt_repository:
+#         repo: "deb https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /"
+#         state: present
+
+#     - name: Download Helm key.
+#       ansible.builtin.apt_key:
+#         url: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
+#         state: present
+
+#     - name: Download Helm repository.
+#       ansible.builtin.apt_repository:
+#         repo: "deb https://packages.buildkite.com/helm-linux/helm-debian/any/ any main"
+#         state: present
+
+#     - name: Install packages.
+#       ansible.builtin.apt:
+#         state: present
+#         update_cache: true
+#         name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm]
+
+#     - name: Install Kubernetes Python packages.
+#       ansible.builtin.pip:
+#         name: [kubernetes, pyyaml]
+#         state: present
+#         break_system_packages: true
+
+#     - name: Enable IPv4 forwarding.
+#       ansible.posix.sysctl:
+#         name: net.ipv4.ip_forward
+#         value: '1'
+#         sysctl_set: true
+#       notify: Reboot the nodes.
+
+#     - name: Enable `br_netfilter` module.
+#       community.general.modprobe:
+#         name: br_netfilter
+#         state: present
+#       notify: Reboot the nodes.
+
+#   handlers:
+#     - name: Reboot the nodes.
+#       ansible.builtin.reboot:
+
+# - name: Spawn new cluster on control node.
+#   hosts: control
+#   gather_facts: false
+#   vars:
+#     config_template: ../templates/InitConfiguration.yml.jinja2
+#     config:
+#       bootstrap_token: "{{ secrets.bootstrap_token }}"
+#       node_ip: 10.0.2.11
+#       node_name: control
+#   vars_files:
+#     - ../vault.yml
+#   tasks:
+#     - name: Test for cluster.
+#       kubernetes.core.k8s_cluster_info:
+#       register: api_status
+#       ignore_errors: true
+
+#     - name: Copy configuration over.
+#       ansible.builtin.template:
+#         src: "{{ config_template }}"
+#         dest: InitConfiguration.yml
+#         mode: preserve
+#       when: "api_status.failed"
+
+#     - name: Initialize cluster.
+#       ansible.builtin.command:
+#         kubeadm init --config InitConfiguration.yml
+#       changed_when: true
+#       when: "api_status.failed"
+
+#     - name: Apply the Kubernetes config to the shell.
+#       ansible.builtin.lineinfile:
+#         path: /etc/environment
+#         line: 'KUBECONFIG=/etc/kubernetes/admin.conf'
+#       when: "api_status.failed"
+
+# - name: Join worker nodes to cluster.
+#   hosts: [node-a, node-b]
+#   vars:
+#     join_template: ../templates/JoinConfiguration.yml.jinja2
+#     join_control_ip: 10.0.2.11
+#     join_bootstrap_token: "{{ secrets.bootstrap_token }}"
+#   vars_files:
+#     - ../vault.yml
+#   tasks:
+#     - name: Copy join configuration over.
+#       vars:
+#         join_worker_ip: "{{ ansible_default_ipv4.address }}"
+#         join_worker_name: "{{ ansible_hostname }}"
+#       ansible.builtin.template:
+#         src: "{{ join_template }}"
+#         dest: JoinConfiguration.yml
+#         mode: preserve
+
+#     - name: Join the nodes.
+#       ansible.builtin.command:
+#         kubeadm join --config JoinConfiguration.yml
+#       changed_when: true
+
+- name: Install CNI.
+  gather_facts: false
+  hosts: control
+  tasks:
+    - name: Create Flannel namespace.
+      kubernetes.core.k8s:
+        state: present
+        kind: Namespace
+        name: kube-flannel
+
+    - name: Add privilege to the namespace.
+      kubernetes.core.k8s:
+        state: patched
+        kind: Namespace
+        name: kube-flannel
+        definition:
+          metadata:
+            labels:
+              pod-security.kubernetes.io/enforce: privileged
+
+    - name: Add Flannel repository.
+      kubernetes.core.helm_repository:
+        name: flannel
+        url: https://flannel-io.github.io/flannel/
+        state: present
+
+    - name: Install Flannel.
+      kubernetes.core.helm:
+        name: flannel
+        chart_ref: flannel/flannel
+        namespace: kube-flannel
+        values:
+          podCidr: 10.244.0.0/16
+        state: present
+
+    - name: >
+        Patch CoreDNS deployment so it still runs, even though the nodes don't
+        have a external provider yet installed.
+      kubernetes.core.k8s:
+        name: coredns
+        namespace: kube-system
+        kind: Deployment
+        state: present
+        definition:
+          - op: add
+            path: /spec/template/spec/tolerations/-
+            value:
+              key: node.cloudprovider.kubernetes.io/uninitialized
+              value: "true"
+              effect: NoSchedule
+
+- name: Install Hetzner Cloud Controller.
+  gather_facts: false
+  hosts: control
+  vars_files:
+    - ../vault.yml
+    - ../secrets/tf_outputs.yml
+  tasks:
+    - name: Create `hcloud` secret.
+      kubernetes.core.k8s:
+        name: hcloud
+        namespace: kube-system
+        kind: Secret
+        state: present
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: hcloud
+            namespace: kube-system
+          type: Opaque
+          data:
+            token: "{{ secrets.hcloud_token }}"
+            network: "{{ private_network_id.value }}"