- name: Configure compute for the cluster. hosts: servers gather_facts: false vars: kubernetes_version: v1.30 tasks: - name: Download Kubernetes key. ansible.builtin.apt_key: url: https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key state: present - name: Download Kubernetes repository. ansible.builtin.apt_repository: repo: "deb https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /" state: present - name: Download CRI-O key. ansible.builtin.apt_key: url: https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key state: present - name: Download CRI-O repository. ansible.builtin.apt_repository: repo: "deb https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /" state: present - name: Download Helm key. ansible.builtin.apt_key: url: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey state: present - name: Download Helm repository. ansible.builtin.apt_repository: repo: "deb https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" state: present - name: Install packages. ansible.builtin.apt: state: present update_cache: true name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm, git] - name: Install Kubernetes Python packages. ansible.builtin.pip: name: [kubernetes, pyyaml] state: present break_system_packages: true - name: Enable IPv4 forwarding. ansible.posix.sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: true notify: Reboot the nodes. - name: Enable `br_netfilter` module. community.general.modprobe: name: br_netfilter state: present notify: Reboot the nodes. handlers: - name: Reboot the nodes. ansible.builtin.reboot: - name: Spawn new cluster on control node. hosts: control gather_facts: false vars: config_template: ../templates/InitConfiguration.yml.jinja2 config: bootstrap_token: "{{ secrets.bootstrap_token }}" node_ip: 10.0.2.11 node_name: control vars_files: - ../vault.yml tasks: - name: Test for cluster. kubernetes.core.k8s_cluster_info: register: api_status ignore_errors: true - name: Copy configuration over. ansible.builtin.template: src: "{{ config_template }}" dest: InitConfiguration.yml mode: preserve when: "api_status.failed" - name: Initialize cluster. ansible.builtin.command: kubeadm init --config InitConfiguration.yml changed_when: true when: "api_status.failed" - name: Apply the Kubernetes config to the shell. ansible.builtin.lineinfile: path: /etc/environment line: 'KUBECONFIG=/etc/kubernetes/admin.conf' when: "api_status.failed" - name: Join worker nodes to cluster. hosts: [node-a, node-b] vars: join_template: ../templates/JoinConfiguration.yml.jinja2 join_control_ip: 10.0.2.11 join_bootstrap_token: "{{ secrets.bootstrap_token }}" vars_files: - ../vault.yml tasks: - name: Copy join configuration over. vars: join_worker_ip: "{{ ansible_default_ipv4.address }}" join_worker_name: "{{ ansible_hostname }}" ansible.builtin.template: src: "{{ join_template }}" dest: JoinConfiguration.yml mode: preserve - name: Join the nodes. ansible.builtin.command: kubeadm join --config JoinConfiguration.yml changed_when: true - name: Install Helm Diff. gather_facts: false hosts: control tasks: - name: Install it. kubernetes.core.helm_plugin: plugin_path: https://github.com/databus23/helm-diff state: present - name: Install CNI. gather_facts: false hosts: control tasks: - name: Create Flannel namespace. kubernetes.core.k8s: state: present kind: Namespace name: kube-flannel - name: Add privilege to the namespace. kubernetes.core.k8s: state: patched kind: Namespace name: kube-flannel definition: metadata: labels: pod-security.kubernetes.io/enforce: privileged - name: Add Flannel repository. kubernetes.core.helm_repository: name: flannel url: https://flannel-io.github.io/flannel/ state: present - name: Install Flannel. kubernetes.core.helm: name: flannel chart_ref: flannel/flannel namespace: kube-flannel values: podCidr: 10.244.0.0/16 state: present - name: Patch CoreDNS deployment. kubernetes.core.k8s_json_patch: name: coredns namespace: kube-system kind: Deployment patch: - op: add path: /spec/template/spec/tolerations/- value: key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - name: Install `nginx` Controller. gather_facts: false hosts: control vars_files: - ../vault.yml - ../secrets/tf_outputs.yml tasks: - name: Remove schedule taint to nodes. kubernetes.core.k8s_taint: state: absent name: "{{ item }}" taints: - key: node.cloudprovider.kubernetes.io/uninitialized value: true effect: NoSchedule loop: [node-a, node-b] - name: Add `ingress-nginx` repository. kubernetes.core.helm_repository: name: ingress-nginx url: https://kubernetes.github.io/ingress-nginx state: present - name: Copy over values file. vars: values_template: ../templates/IngressValues.yml.jinja2 load_balancer_name: "{{ variables.load_balancer_name }}" network_zone: "{{ variables.network_zone }}" certificate_name: "{{ certificate_name.value }}" ansible.builtin.template: src: "{{ values_template }}" dest: IngressValues.yml mode: preserve - name: Install it. kubernetes.core.helm: name: ingress-nginx-controller chart_ref: ingress-nginx/ingress-nginx namespace: kube-system state: present update_repo_cache: true values_files: [IngressValues.yml]