From 5cef7d19b1d7a186ef00e8bd8ac120bd8690364e Mon Sep 17 00:00:00 2001
From: Adrien <adrien@reslinger.net>
Date: Mon, 1 Jul 2019 19:33:54 +0200
Subject: [PATCH] First commit

---
 README.md                                     |  2 +-
 defaults/main.yml                             |  3 ++
 handlers/main.yml                             |  4 ++
 meta/main.yml                                 |  4 ++
 tasks/Debian.yml                              | 37 ++++++++++++++
 tasks/RedHat.yml                              | 51 +++++++++++++++++++
 tasks/install_server.yml                      | 36 +++++++++++++
 tasks/main.yml                                | 16 ++++++
 .../etc/firewalld/services/kubernetes.xml.j2  | 12 +++++
 templates/etc/sysconfig/kubelet.j2            |  1 +
 .../kubelet.service.d/0-containerd.conf.j2    |  2 +
 templates/etc/yum.repos.d/kubernetes.repo.j2  |  8 +++
 vars/RedHat.yml                               |  7 +++
 13 files changed, 182 insertions(+), 1 deletion(-)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/Debian.yml
 create mode 100644 tasks/RedHat.yml
 create mode 100644 tasks/install_server.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/etc/firewalld/services/kubernetes.xml.j2
 create mode 100644 templates/etc/sysconfig/kubelet.j2
 create mode 100644 templates/etc/systemd/system/kubelet.service.d/0-containerd.conf.j2
 create mode 100644 templates/etc/yum.repos.d/kubernetes.repo.j2
 create mode 100644 vars/RedHat.yml

diff --git a/README.md b/README.md
index 3fd09f1..50402db 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,3 @@
 # ansible-role-kubernetes
 
-Manage kubernetes stack
\ No newline at end of file
+Deploy kubernetes
\ No newline at end of file
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..d71259f
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+kubernetes_cri: "containerd"
+kubernetes_server: false
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..f9a3cad
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: Restart containerd
+  service: name=containerd state=restarted
+
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..68cb2ed
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,4 @@
+#---
+#dependencies:
+#  - { role: yumrepo }
+#  - { role: yum }
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
new file mode 100644
index 0000000..14320d0
--- /dev/null
+++ b/tasks/Debian.yml
@@ -0,0 +1,37 @@
+---
+- name: add docker apt key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+  when:
+    - docker_ver == "docker_ce"
+
+- name: add docker repository
+  apt_repository: repo='deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ansible_distribution_release}} stable' state=present update_cache=yes 
+  when:
+    - docker_ver == "docker_ce"
+
+- name: "Ensure GRUB_CMDLINE_LINUX is updated"
+  lineinfile: dest=/etc/default/grub regexp='^(GRUB_CMDLINE_LINUX=".*)"$' line='\1 cgroup_enable=memory swapaccount=1"' backrefs=yes
+  when:
+    - not docker_installed.stat.exists
+
+- name: "Update grub.conf"
+  command: update-grub
+  when:
+    - not docker_installed.stat.exists
+
+- name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated"
+  lineinfile: dest=/etc/default/ufw regexp='^(DEFAULT_FORWARD_POLICY=").*"$' line='\1ACCEPT"' backrefs=yes
+  notify: reload ufw
+  tags: [docker,firewall]
+
+# Need Certificat ? Only in local
+#- name: "Add docker port 2376/TCP "
+#  ufw: rule=allow port=2376 proto=tcp
+#  notify: reload ufw
+#  tags: [docker,firewall]
+
+#- name: "Start UFW rules"
+#  service: name=ufw state=started
+#  tags: [docker,firewall]
diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml
new file mode 100644
index 0000000..cc4f5a7
--- /dev/null
+++ b/tasks/RedHat.yml
@@ -0,0 +1,51 @@
+---
+#- name: Add kubernetes repository
+#  yumrepo:
+#    name: kubernetes
+#    description: "Kubernetes Repository"
+#    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-$releasever-x86_64
+#    gpgcheck: yes
+#    enabled: yes
+#    gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg
+#    state: present
+
+- name: Add Official kubernetes's repo
+  template:
+    src: "etc/yum.repos.d/kubernetes.repo.j2"
+    dest: "/etc/yum.repos.d/kubernetes.repo"
+    group: root
+    owner: root
+    mode: 0644
+  when:
+    - not ansible_machine == "armv7l"
+    - not ansible_machine == "armv6l"
+
+- name: Register kubernetes firewalld service
+  template:
+    src: "etc/firewalld/services/kubernetes.xml.j2"
+    dest: "/etc/firewalld/services/kubernetes.xml"
+    group: root
+    owner: root
+    mode: 0644
+  register: need_firewalld_reload
+
+#- name: Reload firewalld configuration
+#  service:
+#    name: firewalld
+#    state: reloaded
+#    enabled: yes
+- name: reload firewalld to refresh service list
+  command: firewall-cmd --reload
+  when:
+    - need_firewalld_reload is changed
+
+# Définir interface
+#- name: Open Firewalld
+#  firewalld:
+#    service: kubernetes
+#    permanent: true
+#    state: enabled
+#    immediate: true
+#  when:
+#    - need_firewall == true
+#    - firewall_name == "firewalld"
diff --git a/tasks/install_server.yml b/tasks/install_server.yml
new file mode 100644
index 0000000..8bc9fc9
--- /dev/null
+++ b/tasks/install_server.yml
@@ -0,0 +1,36 @@
+---
+- name: Install Containerd
+  include_role:
+    name: containerd
+  when:
+    - kubernetes_cri == "containerd"
+  #register: kubernetes_cri_changed
+
+#- name: Restart kubelet after kubernetes cri installation
+#  service:
+#    name: kubelet
+#    status: restarted
+#  when:
+#    - kubernetes_cri_changed is changed
+
+- name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
+  file:
+    path: "/etc/systemd/system/kubelet.service.d"
+    state: "directory"
+    group: root
+    owner: root
+    mode: 0755
+
+- name: Configure kubelet service
+  template:
+    src: "etc/{{ item }}.j2"
+    dest: "/etc/{{ item }}"
+    group: root
+    owner: root
+    mode: 0644
+  with_items:
+    - "systemd/system/kubelet.service.d/0-containerd.conf"
+    - "sysconfig/kubelet"
+
+- name: Enable kubelet on boot
+  service: name=kubelet state=started enabled=yes
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..bfd59f0
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: Include vars for {{ ansible_os_family }}
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install kubernetes rules for {{ ansible_os_family }} OS family
+  include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Install kubernetes tools
+  package: name="{{ kubernetes_package_name }}" state=latest update_cache=yes
+  notify: Restart kubelet
+
+- name: Include kubernetes server rules
+  include_tasks: "install_server.yml"
+
+#- name: Install python library for docker
+#  package: name="{{ python_openshift_lib }}" state=latest update_cache=yes
diff --git a/templates/etc/firewalld/services/kubernetes.xml.j2 b/templates/etc/firewalld/services/kubernetes.xml.j2
new file mode 100644
index 0000000..380d893
--- /dev/null
+++ b/templates/etc/firewalld/services/kubernetes.xml.j2
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Kubernetes master</short>
+  <description>Open Kubernetes master ports.</description>
+  <port protocol="tcp" port="6443"/>
+  <port protocol="tcp" port="2379"/>
+  <port protocol="tcp" port="2380"/>
+  <port protocol="tcp" port="10250"/>
+  <port protocol="tcp" port="10251"/>
+  <port protocol="tcp" port="10252"/>
+  <port protocol="tcp" port="10255"/>
+</service>
diff --git a/templates/etc/sysconfig/kubelet.j2 b/templates/etc/sysconfig/kubelet.j2
new file mode 100644
index 0000000..973f8c5
--- /dev/null
+++ b/templates/etc/sysconfig/kubelet.j2
@@ -0,0 +1 @@
+KUBELET_EXTRA_ARGS="--cgroup-driver=systemd --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --node-ip={{ ansible_eth0.ipv4.address }}"
diff --git a/templates/etc/systemd/system/kubelet.service.d/0-containerd.conf.j2 b/templates/etc/systemd/system/kubelet.service.d/0-containerd.conf.j2
new file mode 100644
index 0000000..9cf7b5d
--- /dev/null
+++ b/templates/etc/systemd/system/kubelet.service.d/0-containerd.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+Environment="KUBELET_EXTRA_ARGS=--cgroup-driver=systemd --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --node-ip="{{ ansible_eth0.ipv4.address }}"
diff --git a/templates/etc/yum.repos.d/kubernetes.repo.j2 b/templates/etc/yum.repos.d/kubernetes.repo.j2
new file mode 100644
index 0000000..7ac0fdb
--- /dev/null
+++ b/templates/etc/yum.repos.d/kubernetes.repo.j2
@@ -0,0 +1,8 @@
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ ansible_machine }}
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+#exclude=kube*
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
new file mode 100644
index 0000000..f75fc30
--- /dev/null
+++ b/vars/RedHat.yml
@@ -0,0 +1,7 @@
+---
+kubernetes_package_name: 
+  - kubectl
+  - kubelet
+  - kubeadm
+#kubernetes_remove_packages_name:
+#  - kubernetes.io