--- - hosts: all tasks: - name: deactivate swap command: swapoff -a when: - ansible_swaptotal_mb != 0 notify: disable swap - name: upgrade all the packages apt: name: '*' state: latest update_cache: yes tags: ['initial', 'never'] - name: install deps apt: name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'linux-headers-amd64'] state: present - name: import docker gpg key apt_key: url: "https://download.docker.com/linux/debian/gpg" state: present - name: add docker repository apt_repository: repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ansible_lsb.codename}} stable" state: present - name: install docker apt: update_cache: yes name: ['docker-ce', 'python-pip', 'python-setuptools'] state: present - name: configure docker template: src: templates/daemon.json dest: /etc/docker/daemon.json notify: restart docker - name: enable & start docker systemd: name: docker enabled: yes state: started - name: install wireguard repo apt_repository: repo: "deb http://deb.debian.org/debian/ unstable main" state: present - name: pin unstables blockinfile: path: /etc/apt/preferences.d/limit-unstable create: yes block: | Package: * Pin: release a=unstable Pin-Priority: 90 - name: install wireguard apt: update_cache: yes name: wireguard state: present - name: configure wireguard interface template: src: templates/wireguard.cfg dest: /etc/network/interfaces.d/wireguard.cfg notify: restart wireguard - name: configure wireguard connections template: src: templates/wg-k8s.conf dest: /etc/wireguard/wg-k8s.conf notify: restart wireguard - name: install k8s apt key apt_key: url: https://packages.cloud.google.com/apt/doc/apt-key.gpg state: present - name: add k8s repository apt_repository: repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main" state: present - name: install k8s apt: update_cache: yes name: ["kubelet", "kubeadm", "kubectl"] state: present - name: configure cgroup driver in kubelet lineinfile: path: /var/lib/kubelet/config.yaml line: 'cgroupDriver: systemd' regexp: '^cgroupDriver:.*' - name: configure kubeadm-env template: src: templates/kubeadm-flags.env dest: /var/lib/kubelet/kubeadm-flags.env - name: restart system command: reboot tags: ['initial', 'never'] handlers: - name: disable swap lineinfile: path: /etc/fstab regexp: '.*swap.*' state: absent - name: restart wireguard shell: ifdown wg-k8s; ifup wg-k8s - name: restart docker service: name: docker state: restarted - hosts: control tasks: - name: install haproxy apt: name: haproxy state: present notify: restart haproxy - name: copy haproxy template template: src: templates/haproxy.cfg dest: /etc/haproxy/haproxy.cfg notify: restart haproxy - name: enable haproxy service service: name: haproxy enabled: true notify: restart haproxy handlers: - name: restart haproxy service: name: haproxy state: restarted - hosts: cluster-control01 tasks: - name: init kubeadm shell: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log args: creates: kubeadm.log - name: fetch kubeadm.log from control fetch: src: kubeadm.log dest: kubeadm-{{ inventory_hostname }}.log flat: yes - name: configure kubectl shell: mkdir .kube; cp /etc/kubernetes/admin.conf $HOME/.kube/config args: creates: .kube/config - name: setup networking shell: kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml > canal.log && kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml >> canal.log args: creates: canal.log - hosts: worker tasks: - name: fetch join command command: tail -2 kubeadm-cluster-control01.log register: joincommand delegate_to: localhost - name: join cluster shell: "{{ joincommand.stdout }} > kubeadm.log" args: creates: kubeadm.log - name: fetch kubeadm.log fetch: src: kubeadm.log dest: kubeadm-{{ inventory_hostname }}.log flat: yes