# - name: Configure compute for the cluster. # hosts: servers # gather_facts: false # vars: # kubernetes_version: v1.30 # tasks: # - name: Download Kubernetes key. # ansible.builtin.apt_key: # url: https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key # state: present # - name: Download Kubernetes repository. # ansible.builtin.apt_repository: # repo: "deb https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /" # state: present # - name: Download CRI-O key. # ansible.builtin.apt_key: # url: https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key # state: present # - name: Download CRI-O repository. # ansible.builtin.apt_repository: # repo: "deb https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /" # state: present # - name: Download Helm key. # ansible.builtin.apt_key: # url: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey # state: present # - name: Download Helm repository. # ansible.builtin.apt_repository: # repo: "deb https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" # state: present # - name: Install packages. # ansible.builtin.apt: # state: present # update_cache: true # name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm, git] # - name: Install Kubernetes Python packages. # ansible.builtin.pip: # name: [kubernetes, pyyaml] # state: present # break_system_packages: true # - name: Enable `br_netfilter` module. # community.general.modprobe: # name: br_netfilter # state: present # notify: Reboot the nodes. # - name: Configure `sysctl` permanently. # ansible.posix.sysctl: # name: '{{ item }}' # value: '1' # state: present # reload: true # loop: # - net.bridge.bridge-nf-call-iptables # - net.ipv4.ip_forward # handlers: # - name: Reboot the nodes. # ansible.builtin.reboot: # - name: Spawn new cluster on control node. # hosts: control # gather_facts: false # vars: # config_template: ../templates/InitConfiguration.yml.jinja2 # config: # bootstrap_token: "{{ secrets.bootstrap_token }}" # node_ip: 10.0.2.11 # node_name: control # vars_files: # - ../vault.yml # tasks: # - name: Test for cluster. # kubernetes.core.k8s_cluster_info: # register: api_status # ignore_errors: true # - name: Copy configuration over. # ansible.builtin.template: # src: "{{ config_template }}" # dest: InitConfiguration.yml # mode: preserve # when: "api_status.failed" # - name: Initialize cluster. # ansible.builtin.command: # kubeadm init --config InitConfiguration.yml # changed_when: true # when: "api_status.failed" # - name: Apply the Kubernetes config to the shell. # ansible.builtin.lineinfile: # path: /etc/environment # line: 'KUBECONFIG=/etc/kubernetes/admin.conf' # when: "api_status.failed" # - name: Join worker nodes to cluster. # hosts: [node-a, node-b] # vars: # join_template: ../templates/JoinConfiguration.yml.jinja2 # join_control_ip: 10.0.2.11 # join_bootstrap_token: "{{ secrets.bootstrap_token }}" # vars_files: # - ../vault.yml # tasks: # - name: Copy join configuration over. # vars: # join_worker_ip: "{{ ansible_default_ipv4.address }}" # join_worker_name: "{{ ansible_hostname }}" # ansible.builtin.template: # src: "{{ join_template }}" # dest: JoinConfiguration.yml # mode: preserve # - name: Join the nodes. # ansible.builtin.command: # kubeadm join --config JoinConfiguration.yml # changed_when: true # - name: Install Helm Diff. # gather_facts: false # hosts: control # tasks: # - name: Install it. # kubernetes.core.helm_plugin: # plugin_path: https://github.com/databus23/helm-diff # state: present - name: Install CNI. gather_facts: false hosts: control tasks: - name: Assign nodes as workers. kubernetes.core.k8s: state: patched kind: Node name: "{{ item }}" definition: metadata: labels: node-role.kubernetes.io/worker: worker loop: [node-a, node-b] - name: Create Flannel namespace. kubernetes.core.k8s: state: present kind: Namespace name: kube-flannel - name: Add privilege to the namespace. kubernetes.core.k8s: state: patched kind: Namespace name: kube-flannel definition: metadata: labels: pod-security.kubernetes.io/enforce: privileged - name: Add Flannel repository. kubernetes.core.helm_repository: name: flannel url: https://flannel-io.github.io/flannel/ state: present - name: Install Flannel. kubernetes.core.helm: name: flannel chart_ref: flannel/flannel namespace: kube-flannel values: podCidr: 10.244.0.0/16 state: present - name: Patch CoreDNS deployment. kubernetes.core.k8s_json_patch: name: coredns namespace: kube-system kind: Deployment patch: - op: add path: /spec/template/spec/tolerations/- value: key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - name: Install `nginx` Controller. gather_facts: false hosts: control vars_files: - ../vault.yml - ../secrets/tf_outputs.yml tasks: - name: Remove schedule taint to nodes. kubernetes.core.k8s_taint: state: absent name: "{{ item }}" taints: - key: node.cloudprovider.kubernetes.io/uninitialized value: true effect: NoSchedule loop: [node-a, node-b] - name: Add `ingress-nginx` repository. kubernetes.core.helm_repository: name: ingress-nginx url: https://kubernetes.github.io/ingress-nginx state: present - name: Copy over values file. vars: values_template: ../templates/IngressValues.yml.jinja2 load_balancer_name: "{{ variables.load_balancer_name }}" network_zone: "{{ variables.network_zone }}" certificate_name: "test" ansible.builtin.template: src: "{{ values_template }}" dest: IngressValues.yml mode: preserve - name: Install it. kubernetes.core.helm: name: ingress-nginx-controller chart_ref: ingress-nginx/ingress-nginx namespace: kube-system state: present update_repo_cache: true values_files: [IngressValues.yml]