First commit

README.md

@@ -1,3 +1,3 @@
 # ansible-role-kubernetes
 
-Manage kubernetes stack
+Deploy kubernetes

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+kubernetes_cri: "containerd"
+kubernetes_server: false

handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Restart containerd
+  service: name=containerd state=restarted
+

meta/main.yml

@@ -0,0 +1,4 @@
+#---
+#dependencies:
+#  - { role: yumrepo }
+#  - { role: yum }

tasks/Debian.yml

@@ -0,0 +1,37 @@
+---
+- name: add docker apt key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+  when:
+    - docker_ver == "docker_ce"
+
+- name: add docker repository
+  apt_repository: repo='deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ansible_distribution_release}} stable' state=present update_cache=yes 
+  when:
+    - docker_ver == "docker_ce"
+
+- name: "Ensure GRUB_CMDLINE_LINUX is updated"
+  lineinfile: dest=/etc/default/grub regexp='^(GRUB_CMDLINE_LINUX=".*)"$' line='\1 cgroup_enable=memory swapaccount=1"' backrefs=yes
+  when:
+    - not docker_installed.stat.exists
+
+- name: "Update grub.conf"
+  command: update-grub
+  when:
+    - not docker_installed.stat.exists
+
+- name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated"
+  lineinfile: dest=/etc/default/ufw regexp='^(DEFAULT_FORWARD_POLICY=").*"$' line='\1ACCEPT"' backrefs=yes
+  notify: reload ufw
+  tags: [docker,firewall]
+
+# Need Certificat ? Only in local
+#- name: "Add docker port 2376/TCP "
+#  ufw: rule=allow port=2376 proto=tcp
+#  notify: reload ufw
+#  tags: [docker,firewall]
+
+#- name: "Start UFW rules"
+#  service: name=ufw state=started
+#  tags: [docker,firewall]

tasks/RedHat.yml

@@ -0,0 +1,51 @@
+---
+#- name: Add kubernetes repository
+#  yumrepo:
+#    name: kubernetes
+#    description: "Kubernetes Repository"
+#    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-$releasever-x86_64
+#    gpgcheck: yes
+#    enabled: yes
+#    gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg
+#    state: present
+
+- name: Add Official kubernetes's repo
+  template:
+    src: "etc/yum.repos.d/kubernetes.repo.j2"
+    dest: "/etc/yum.repos.d/kubernetes.repo"
+    group: root
+    owner: root
+    mode: 0644
+  when:
+    - not ansible_machine == "armv7l"
+    - not ansible_machine == "armv6l"
+
+- name: Register kubernetes firewalld service
+  template:
+    src: "etc/firewalld/services/kubernetes.xml.j2"
+    dest: "/etc/firewalld/services/kubernetes.xml"
+    group: root
+    owner: root
+    mode: 0644
+  register: need_firewalld_reload
+
+#- name: Reload firewalld configuration
+#  service:
+#    name: firewalld
+#    state: reloaded
+#    enabled: yes
+- name: reload firewalld to refresh service list
+  command: firewall-cmd --reload
+  when:
+    - need_firewalld_reload is changed
+
+# Définir interface
+#- name: Open Firewalld
+#  firewalld:
+#    service: kubernetes
+#    permanent: true
+#    state: enabled
+#    immediate: true
+#  when:
+#    - need_firewall == true
+#    - firewall_name == "firewalld"

tasks/install_server.yml

@@ -0,0 +1,36 @@
+---
+- name: Install Containerd
+  include_role:
+    name: containerd
+  when:
+    - kubernetes_cri == "containerd"
+  #register: kubernetes_cri_changed
+
+#- name: Restart kubelet after kubernetes cri installation
+#  service:
+#    name: kubelet
+#    status: restarted
+#  when:
+#    - kubernetes_cri_changed is changed
+
+- name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
+  file:
+    path: "/etc/systemd/system/kubelet.service.d"
+    state: "directory"
+    group: root
+    owner: root
+    mode: 0755
+
+- name: Configure kubelet service
+  template:
+    src: "etc/{{ item }}.j2"
+    dest: "/etc/{{ item }}"
+    group: root
+    owner: root
+    mode: 0644
+  with_items:
+    - "systemd/system/kubelet.service.d/0-containerd.conf"
+    - "sysconfig/kubelet"
+
+- name: Enable kubelet on boot
+  service: name=kubelet state=started enabled=yes

tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Include vars for {{ ansible_os_family }}
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install kubernetes rules for {{ ansible_os_family }} OS family
+  include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Install kubernetes tools
+  package: name="{{ kubernetes_package_name }}" state=latest update_cache=yes
+  notify: Restart kubelet
+
+- name: Include kubernetes server rules
+  include_tasks: "install_server.yml"
+
+#- name: Install python library for docker
+#  package: name="{{ python_openshift_lib }}" state=latest update_cache=yes

templates/etc/firewalld/services/kubernetes.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Kubernetes master</short>
+  <description>Open Kubernetes master ports.</description>
+  <port protocol="tcp" port="6443"/>
+  <port protocol="tcp" port="2379"/>
+  <port protocol="tcp" port="2380"/>
+  <port protocol="tcp" port="10250"/>
+  <port protocol="tcp" port="10251"/>
+  <port protocol="tcp" port="10252"/>
+  <port protocol="tcp" port="10255"/>
+</service>

templates/etc/sysconfig/kubelet.j2

@@ -0,0 +1 @@
+KUBELET_EXTRA_ARGS="--cgroup-driver=systemd --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --node-ip={{ ansible_eth0.ipv4.address }}"

templates/etc/systemd/system/kubelet.service.d/0-containerd.conf.j2

@@ -0,0 +1,2 @@
+[Service]
+Environment="KUBELET_EXTRA_ARGS=--cgroup-driver=systemd --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --node-ip="{{ ansible_eth0.ipv4.address }}"

templates/etc/yum.repos.d/kubernetes.repo.j2

@@ -0,0 +1,8 @@
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ ansible_machine }}
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+#exclude=kube*

vars/RedHat.yml

@@ -0,0 +1,7 @@
+---
+kubernetes_package_name: 
+  - kubectl
+  - kubelet
+  - kubeadm
+#kubernetes_remove_packages_name:
+#  - kubernetes.io