167 lines
4.9 KiB
YAML
167 lines
4.9 KiB
YAML
---
|
|
- hosts: all
|
|
tasks:
|
|
- name: deactivate swap
|
|
command: swapoff -a
|
|
when:
|
|
- ansible_swaptotal_mb != 0
|
|
notify: disable swap
|
|
- name: upgrade all the packages
|
|
apt:
|
|
name: '*'
|
|
state: latest
|
|
update_cache: yes
|
|
tags: ['initial', 'never']
|
|
- name: install deps
|
|
apt:
|
|
name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'linux-headers-amd64']
|
|
state: present
|
|
- name: import docker gpg key
|
|
apt_key:
|
|
url: "https://download.docker.com/linux/debian/gpg"
|
|
state: present
|
|
- name: add docker repository
|
|
apt_repository:
|
|
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ansible_lsb.codename}} stable"
|
|
state: present
|
|
- name: install docker
|
|
apt:
|
|
update_cache: yes
|
|
name: ['docker-ce', 'python-pip', 'python-setuptools']
|
|
state: present
|
|
- name: configure docker
|
|
template:
|
|
src: templates/daemon.json
|
|
dest: /etc/docker/daemon.json
|
|
notify: restart docker
|
|
- name: enable & start docker
|
|
systemd:
|
|
name: docker
|
|
enabled: yes
|
|
state: started
|
|
- name: install wireguard repo
|
|
apt_repository:
|
|
repo: "deb http://deb.debian.org/debian/ unstable main"
|
|
state: present
|
|
- name: pin unstables
|
|
blockinfile:
|
|
path: /etc/apt/preferences.d/limit-unstable
|
|
create: yes
|
|
block: |
|
|
Package: *
|
|
Pin: release a=unstable
|
|
Pin-Priority: 90
|
|
- name: install wireguard
|
|
apt:
|
|
update_cache: yes
|
|
name: wireguard
|
|
state: present
|
|
- name: configure wireguard interface
|
|
template:
|
|
src: templates/wireguard.cfg
|
|
dest: /etc/network/interfaces.d/wireguard.cfg
|
|
notify: restart wireguard
|
|
- name: configure wireguard connections
|
|
template:
|
|
src: templates/wg-k8s.conf
|
|
dest: /etc/wireguard/wg-k8s.conf
|
|
notify: restart wireguard
|
|
|
|
- name: install k8s apt key
|
|
apt_key:
|
|
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
state: present
|
|
- name: add k8s repository
|
|
apt_repository:
|
|
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
|
|
state: present
|
|
- name: install k8s
|
|
apt:
|
|
update_cache: yes
|
|
name: ["kubelet", "kubeadm", "kubectl"]
|
|
state: present
|
|
- name: configure cgroup driver in kubelet
|
|
lineinfile:
|
|
path: /var/lib/kubelet/config.yaml
|
|
line: 'cgroupDriver: systemd'
|
|
regexp: '^cgroupDriver:.*'
|
|
- name: configure kubeadm-env
|
|
template:
|
|
src: templates/kubeadm-flags.env
|
|
dest: /var/lib/kubelet/kubeadm-flags.env
|
|
- name: restart system
|
|
command: reboot
|
|
tags: ['initial', 'never']
|
|
|
|
handlers:
|
|
- name: disable swap
|
|
lineinfile:
|
|
path: /etc/fstab
|
|
regexp: '.*swap.*'
|
|
state: absent
|
|
- name: restart wireguard
|
|
shell: ifdown wg-k8s; ifup wg-k8s
|
|
- name: restart docker
|
|
service:
|
|
name: docker
|
|
state: restarted
|
|
|
|
- hosts: master
|
|
tasks:
|
|
- name: install haproxy
|
|
apt:
|
|
name: haproxy
|
|
state: present
|
|
notify: restart haproxy
|
|
- name: copy haproxy template
|
|
template:
|
|
src: templates/haproxy.cfg
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
notify: restart haproxy
|
|
- name: enable haproxy service
|
|
service:
|
|
name: haproxy
|
|
enabled: true
|
|
notify: restart haproxy
|
|
handlers:
|
|
- name: restart haproxy
|
|
service:
|
|
name: haproxy
|
|
state: restarted
|
|
|
|
- hosts: cluster-master01
|
|
tasks:
|
|
- name: init kubeadm
|
|
shell: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log
|
|
args:
|
|
creates: kubeadm.log
|
|
- name: fetch kubeadm.log from master
|
|
fetch:
|
|
src: kubeadm.log
|
|
dest: kubeadm-{{ inventory_hostname }}.log
|
|
flat: yes
|
|
- name: configure kubectl
|
|
shell: mkdir .kube; cp /etc/kubernetes/admin.conf $HOME/.kube/config
|
|
args:
|
|
creates: .kube/config
|
|
- name: setup networking
|
|
shell: kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml > canal.log && kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml >> canal.log
|
|
args:
|
|
creates: canal.log
|
|
|
|
- hosts: worker
|
|
tasks:
|
|
- name: fetch join command
|
|
command: tail -2 kubeadm-cluster-master01.log
|
|
register: joincommand
|
|
delegate_to: localhost
|
|
|
|
- name: join cluster
|
|
shell: "{{ joincommand.stdout }} > kubeadm.log"
|
|
args:
|
|
creates: kubeadm.log
|
|
- name: fetch kubeadm.log
|
|
fetch:
|
|
src: kubeadm.log
|
|
dest: kubeadm-{{ inventory_hostname }}.log
|
|
flat: yes
|