hetzner-cluster/playbooks/install_k8s.yml

- name: Configure compute for the cluster.
  hosts: servers
  gather_facts: false
  vars:
    kubernetes_version: v1.30
  tasks:
    - name: Download Kubernetes key.
      ansible.builtin.apt_key:
        url: https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key
        state: present

    - name: Download Kubernetes repository.
      ansible.builtin.apt_repository:
        repo: "deb https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /"
        state: present

    - name: Download CRI-O key.
      ansible.builtin.apt_key:
        url: https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key
        state: present

    - name: Download CRI-O repository.
      ansible.builtin.apt_repository:
        repo: "deb https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /"
        state: present

    - name: Download Helm key.
      ansible.builtin.apt_key:
        url: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
        state: present

    - name: Download Helm repository.
      ansible.builtin.apt_repository:
        repo: "deb https://packages.buildkite.com/helm-linux/helm-debian/any/ any main"
        state: present

    - name: Install packages.
      ansible.builtin.apt:
        state: present
        update_cache: true
        name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm, git]

    - name: Install Kubernetes Python packages.
      ansible.builtin.pip:
        name: [kubernetes, pyyaml]
        state: present
        break_system_packages: true

    - name: Enable IPv4 forwarding.
      ansible.posix.sysctl:
        name: net.ipv4.ip_forward
        value: '1'
        sysctl_set: true
      notify: Reboot the nodes.

    - name: Enable `br_netfilter` module.
      community.general.modprobe:
        name: br_netfilter
        state: present
      notify: Reboot the nodes.

  handlers:
    - name: Reboot the nodes.
      ansible.builtin.reboot:

- name: Spawn new cluster on control node.
  hosts: control
  gather_facts: false
  vars:
    config_template: ../templates/InitConfiguration.yml.jinja2
    config:
      bootstrap_token: "{{ secrets.bootstrap_token }}"
      node_ip: 10.0.2.11
      node_name: control
  vars_files:
    - ../vault.yml
  tasks:
    - name: Test for cluster.
      kubernetes.core.k8s_cluster_info:
      register: api_status
      ignore_errors: true

    - name: Copy configuration over.
      ansible.builtin.template:
        src: "{{ config_template }}"
        dest: InitConfiguration.yml
        mode: preserve
      when: "api_status.failed"

    - name: Initialize cluster.
      ansible.builtin.command:
        kubeadm init --config InitConfiguration.yml
      changed_when: true
      when: "api_status.failed"

    - name: Apply the Kubernetes config to the shell.
      ansible.builtin.lineinfile:
        path: /etc/environment
        line: 'KUBECONFIG=/etc/kubernetes/admin.conf'
      when: "api_status.failed"

- name: Join worker nodes to cluster.
  hosts: [node-a, node-b]
  vars:
    join_template: ../templates/JoinConfiguration.yml.jinja2
    join_control_ip: 10.0.2.11
    join_bootstrap_token: "{{ secrets.bootstrap_token }}"
  vars_files:
    - ../vault.yml
  tasks:
    - name: Copy join configuration over.
      vars:
        join_worker_ip: "{{ ansible_default_ipv4.address }}"
        join_worker_name: "{{ ansible_hostname }}"
      ansible.builtin.template:
        src: "{{ join_template }}"
        dest: JoinConfiguration.yml
        mode: preserve

    - name: Join the nodes.
      ansible.builtin.command:
        kubeadm join --config JoinConfiguration.yml
      changed_when: true

- name: Install Helm Diff.
  gather_facts: false
  hosts: control
  tasks:
    - name: Install it.
      kubernetes.core.helm_plugin:
        plugin_path: https://github.com/databus23/helm-diff
        state: present

- name: Install CNI.
  gather_facts: false
  hosts: control
  tasks:
    - name: Create Flannel namespace.
      kubernetes.core.k8s:
        state: present
        kind: Namespace
        name: kube-flannel

    - name: Add privilege to the namespace.
      kubernetes.core.k8s:
        state: patched
        kind: Namespace
        name: kube-flannel
        definition:
          metadata:
            labels:
              pod-security.kubernetes.io/enforce: privileged

    - name: Add Flannel repository.
      kubernetes.core.helm_repository:
        name: flannel
        url: https://flannel-io.github.io/flannel/
        state: present

    - name: Install Flannel.
      kubernetes.core.helm:
        name: flannel
        chart_ref: flannel/flannel
        namespace: kube-flannel
        values:
          podCidr: 10.244.0.0/16
        state: present

    - name: Patch CoreDNS deployment.
      kubernetes.core.k8s_json_patch:
        name: coredns
        namespace: kube-system
        kind: Deployment
        patch:
          - op: add
            path: /spec/template/spec/tolerations/-
            value:
              key: node.cloudprovider.kubernetes.io/uninitialized
              value: "true"
              effect: NoSchedule

- name: Install Hetzner Cloud Controller.
  gather_facts: false
  hosts: control
  vars_files:
    - ../vault.yml
    - ../secrets/tf_outputs.yml
  tasks:
    - name: Create `hcloud` secret.
      kubernetes.core.k8s:
        name: hcloud
        namespace: kube-system
        kind: Secret
        state: present
        definition:
          apiVersion: v1
          kind: Secret
          metadata:
            name: hcloud
            namespace: kube-system
          type: Opaque
          data:
            token: "{{ secrets.hcloud_token | b64encode }}"
            network: "{{ private_network_id.value | b64encode }}"

    - name: Add Cloud Controller repository.
      kubernetes.core.helm_repository:
        name: hcloud
        url: https://charts.hetzner.cloud
        state: present

    - name: Copy over values file.
      vars:
        values_template: ../templates/HCCMValues.yml.jinja2
      ansible.builtin.template:
        src: "{{ values_template }}"
        dest: HCCMValues.yml
        mode: preserve

    - name: Install it.
      kubernetes.core.helm:
        name: hccm
        chart_ref: hcloud/hcloud-cloud-controller-manager
        namespace: kube-system
        state: present
        update_repo_cache: true
        force: true
        values_files: [HCCMValues.yml]


- name: Install `nginx` Controller.
  gather_facts: false
  hosts: control
  tasks:
    - name: Remove schedule taint to nodes.
      kubernetes.core.k8s_taint:
        state: absent
        name: "{{ item }}"
        taints:
          - key: node.cloudprovider.kubernetes.io/uninitialized
            value: true
            effect: NoSchedule
      loop: [node-a, node-b]

    - name: Add `ingress-nginx` repository.
      kubernetes.core.helm_repository:
        name: ingress-nginx
        url: https://kubernetes.github.io/ingress-nginx
        state: present

    - name: Copy over values file.
      vars:
        values_template: ../templates/IngressValues.yml.jinja2
      ansible.builtin.template:
        src: "{{ values_template }}"
        dest: IngressValues.yml
        mode: preserve

    - name: Install it.
      kubernetes.core.helm:
        name: ingress-nginx-controller
        chart_ref: ingress-nginx/ingress-nginx
        namespace: kube-system
        state: present
        update_repo_cache: true
        values_files: [IngressValues.yml]