diff --git a/tasks/Debian.yml b/tasks/Debian.yml index 9952f0a..c4b91da 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,21 +1,21 @@ --- -- name: add docker apt key - apt_key: +- name: Add docker apt key + ansible.builtin.apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present when: - docker_ver == "docker_ce" -- name: add docker repository - apt_repository: +- name: Add docker repository + ansible.builtin.apt_repository: repo: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable' state: present - update_cache: yes + update_cache: true when: - docker_ver == "docker_ce" - name: "Ensure GRUB_CMDLINE_LINUX is updated" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX=".*)"$' line: '\1 cgroup_enable=memory swapaccount=1"' @@ -24,12 +24,12 @@ - not docker_installed.stat.exists - name: "Update grub.conf" - command: update-grub + ansible.builtin.command: update-grub when: - not docker_installed.stat.exists - name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/ufw regexp: '^(DEFAULT_FORWARD_POLICY=").*"$' line: '\1ACCEPT"' @@ -38,11 +38,11 @@ tags: [docker,firewall] # Need Certificat ? Only in local -#- name: "Add docker port 2376/TCP " -# ufw: rule=allow port=2376 proto=tcp -# notify: reload ufw -# tags: [docker,firewall] +# - name: "Add docker port 2376/TCP " +# ufw: rule=allow port=2376 proto=tcp +# notify: reload ufw +# tags: [docker,firewall] -#- name: "Start UFW rules" -# service: name=ufw state=started -# tags: [docker,firewall] +# - name: "Start UFW rules" +# service: name=ufw state=started +# tags: [docker,firewall] diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index 4c469ed..2494722 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,28 +1,28 @@ --- -#- name: Add kubernetes repository -# yumrepo: -# name: kubernetes -# description: "Kubernetes Repository" -# baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-$releasever-x86_64 -# gpgcheck: yes -# enabled: yes -# gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg -# state: present +# - name: Add kubernetes repository +# yumrepo: +# name: kubernetes +# description: "Kubernetes Repository" +# baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-$releasever-x86_64 +# gpgcheck: yes +# enabled: true +# gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg +# state: present -#- name: Add Official kubernetes's repo -# template: -# src: "etc/yum.repos.d/kubernetes.repo.j2" -# dest: "/etc/yum.repos.d/kubernetes.repo" -# group: root -# owner: root -# mode: 0644 -# when: -# - not ansible_machine == "armv7l" -# - not ansible_machine == "armv6l" -# - kubernetes_cri != "k3s" +# - name: Add Official kubernetes's repo +# ansible.builtin.template: +# src: "etc/yum.repos.d/kubernetes.repo.j2" +# dest: "/etc/yum.repos.d/kubernetes.repo" +# group: root +# owner: root +# mode: 0644 +# when: +# - not ansible_machine == "armv7l" +# - not ansible_machine == "armv6l" +# - kubernetes_cri != "k3s" - name: Add Official kubernetes's repo on servers - yum_repository: + ansible.builtin.yum_repository: name: kubernetes description: Kubernetes baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch @@ -39,7 +39,7 @@ - kubernetes_cri != "k3s" - name: Add Official kubernetes's repo for Desktop - yum_repository: + ansible.builtin.yum_repository: name: kubernetes description: Kubernetes baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch @@ -53,62 +53,62 @@ - not ansible_machine == "armv6l" - not kubernetes_server|bool -#- name: redhat | Installing K8s Packages -# package: -# name: -# - kubectl -# - kubelet -# - kubeadm -# - iproute-tc -# - ipvsadm -# state: present -# disable_excludes: kubernetes -# become: true -# register: result -# until: result is successful +# - name: Redhat | Installing K8s Packages +# ansible.builtin.package: +# name: +# - kubectl +# - kubelet +# - kubeadm +# - iproute-tc +# - ipvsadm +# state: present +# disable_excludes: kubernetes +# become: true +# register: result +# until: result is successful -#- name: Register kubernetes firewalld service -# template: -# src: "etc/firewalld/services/kubernetes.xml.j2" -# dest: "/etc/firewalld/services/kubernetes.xml" -# group: root -# owner: root -# mode: 0644 -# register: need_firewalld_reload -# when: -# - kubernetes_server|bool -# -#- name: Reload firewalld configuration -# service: -# name: firewalld -# state: reloaded -# enabled: yes -# when: -# - kubernetes_server|bool -# - need_firewalld_reload is changed -# -## Définir interface -#- name: Open Firewalld -# firewalld: -# zone: external -# service: kubernetes -# permanent: true -# state: enabled -# immediate: true -# when: -## - need_firewall|bool -## - firewall_name == "firewalld" -# - kubernetes_server|bool +# - name: Register kubernetes firewalld service +# ansible.builtin.template: +# src: "etc/firewalld/services/kubernetes.xml.j2" +# dest: "/etc/firewalld/services/kubernetes.xml" +# group: root +# owner: root +# mode: 0644 +# register: need_firewalld_reload +# when: +# - kubernetes_server|bool +# +# - name: Reload firewalld configuration +# ansible.builtin.service: +# name: firewalld +# state: reloaded +# enabled: true +# when: +# - kubernetes_server|bool +# - need_firewalld_reload is changed +# +## Définir interface +# - name: Open Firewalld +# ansible.posix.firewalld: +# zone: external +# service: kubernetes +# permanent: true +# state: enabled +# immediate: true +# when: +## - need_firewall|bool +## - firewall_name == "firewalld" +# - kubernetes_server|bool -#- name: Create kubernetes firewalld zone -# firewalld: -# zone: kubernetes -# permanent: true -# state: present -# when: -# - kubernetes_server|bool +# - name: Create kubernetes firewalld zone +# ansible.posix.firewalld: +# zone: kubernetes +# permanent: true +# state: present +# when: +# - kubernetes_server|bool - name: Add kubernetes networks to trusted firewalld zone - firewalld: + ansible.posix.firewalld: # zone: kubernetes zone: trusted permanent: true @@ -122,11 +122,11 @@ - "10.96.0.0/12" - name: Install kubernetes tools - dnf: + ansible.builtin.dnf: name: "{{ kubernetes_package_name }}" enablerepo: "kubernetes" state: present - update_cache: yes + update_cache: true disable_excludes: kubernetes # notify: Restart kubelet when: @@ -134,11 +134,11 @@ - (not kubernetes_server|bool) or ( kubernetes_server|bool and kubernetes_cri != "k3s") - name: Install kubernetes tools - yum: + ansible.builtin.yum: name: "{{ kubernetes_package_name }}" enablerepo: "kubernetes" state: present - update_cache: yes + update_cache: true # notify: Restart kubelet when: - ansible_pkg_mgr == "yum" diff --git a/tasks/cluster_k3s.yml b/tasks/cluster_k3s.yml index 32aa7f6..ce10294 100644 --- a/tasks/cluster_k3s.yml +++ b/tasks/cluster_k3s.yml @@ -1,6 +1,6 @@ --- - name: Install Wireguard - include_role: + ansible.builtin.include_role: name: wireguard # when: # - kubernetes_cni == "wireguard" @@ -13,7 +13,7 @@ - ansible_os_family == "RedHat" - name: Install the k3s-selinux rpm from a remote repo for yum distro - yum: + ansible.builtin.yum: name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.2.stable.2/k3s-selinux-1.2-2.el7.noarch.rpm" state: present when: @@ -22,7 +22,7 @@ - ansible_distribution_major_version == '7' - name: Install the k3s-selinux rpm from a remote repo for dnf distro - dnf: + ansible.builtin.dnf: name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.2.stable.2/k3s-selinux-1.2-2.el8.noarch.rpm" state: present when: @@ -31,13 +31,14 @@ - ansible_distribution_major_version == '8' - name: Check if /usr/local/bin/k3s already existe - stat: + ansible.builtin.stat: path: /usr/local/bin/k3s register: k3s_bin + check_mode: false changed_when: False -- name: retreive k3s binary for x86_64 - get_url: +- name: Retreive k3s binary for x86_64 + ansible.builtin.get_url: url: "https://github.com/rancher/k3s/releases/download/v1.25.3%2Bk3s1/k3s" dest: "/usr/local/bin/k3s" group: root @@ -47,8 +48,8 @@ - not k3s_bin.stat.exists - ansible_machine == "x86_64" -- name: retreive k3s binary for arm64 - get_url: +- name: Retreive k3s binary for arm64 + ansible.builtin.get_url: url: "https://github.com/rancher/k3s/releases/download/v1.25.3%2Bk3s1/k3s-arm64" dest: "/usr/local/bin/k3s" group: root @@ -58,8 +59,8 @@ - not k3s_bin.stat.exists - ansible_machine == "arm64" -- name: retreive k3s binary for armv6/armv7 - get_url: +- name: Retreive k3s binary for armv6/armv7 + ansible.builtin.get_url: url: "https://github.com/rancher/k3s/releases/download/v1.25.3%2Bk3s1/k3s-armhf" dest: "/usr/local/bin/k3s" group: root @@ -70,7 +71,7 @@ - (ansible_machine == "armv7l") or (ansible_machine == "armv6l") - name: Create tools link - file: + ansible.builtin.file: src: "k3s" dest: "/usr/local/bin/{{ item }}" owner: root @@ -82,7 +83,7 @@ - "ctr" - name: Create thin volumes for k3s - lvol: + community.general.lvol: vg: "{{ item.vg }}" lv: "{{ item.name }}" thinpool: kubernetes @@ -90,15 +91,15 @@ with_items: - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} -- name: create file system on containerd lv - filesystem: +- name: Create file system on containerd lv + community.general.filesystem: fstype: ext4 dev: "/dev/{{ item.vg }}/{{ item.name }}" with_items: - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} -- name: mount logical volumes - mount: +- name: Mount logical volumes + ansible.posix.mount: name: "{{ item.mount_point }}" src: "/dev/{{ item.vg }}/{{ item.name }}" fstype: ext4 @@ -108,7 +109,7 @@ - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} - name: Audit policies directory - file: + ansible.builtin.file: path: "/etc/kubernetes/policies" state: directory owner: root @@ -118,7 +119,7 @@ - kubernetes_master|bool - name: Configure audit policy - copy: + ansible.builtin.copy: src: "etc/kubernetes/policies/audit-policy.yaml" dest: "/etc/kubernetes/policies/audit-policy.yaml" group: root @@ -129,16 +130,18 @@ # Check controlers - name: Check if /etc/rancher/k3s/k3s.yaml already existe - stat: + ansible.builtin.stat: path: /etc/rancher/k3s/k3s.yaml register: st + check_mode: false changed_when: False when: - kubernetes_master|bool - name: Create KubernetesMasterConfigured group - group_by: + ansible.builtin.group_by: key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} + check_mode: false when: - kubernetes_master|bool - st.stat.exists @@ -148,7 +151,7 @@ # run_once: true block: - name: Deploy systemd service - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: "{{ item }}" owner: root @@ -166,7 +169,7 @@ daemon_reload: true - name: Enable k3s on boot - service: + ansible.builtin.service: name: k3s state: started enabled: true @@ -180,8 +183,9 @@ path: /var/lib/rancher/k3s/server/token - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group - group_by: + ansible.builtin.group_by: key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} + check_mode: false when: - kubernetes_master|bool @@ -191,23 +195,23 @@ # Manque kubernetes_server_token, kubernetes_master url -#- name: Deploy systemd service -# template: -# src: "etc/systemd/system/{{ item }}.j2" -# dest: "/etc/systemd/system/{{ item }}" -# owner: root -# group: root -# mode: 0600 -# with_items: -# - "k3s.service" -# - "k3s.service.env" -# when: -# - ansible_service_mgr == "systemd" +# - name: Deploy systemd service +# ansible.builtin.template: +# src: "etc/systemd/system/{{ item }}.j2" +# dest: "/etc/systemd/system/{{ item }}" +# owner: root +# group: root +# mode: 0600 +# with_items: +# - "k3s.service" +# - "k3s.service.env" +# when: +# - ansible_service_mgr == "systemd" - name: Enable k3s on boot - service: + ansible.builtin.service: name: k3s state: started enabled: true diff --git a/tasks/cluster_kubeadm.yml b/tasks/cluster_kubeadm.yml index 8c6969c..22ccc9a 100644 --- a/tasks/cluster_kubeadm.yml +++ b/tasks/cluster_kubeadm.yml @@ -1,27 +1,27 @@ --- - name: Install Containerd - include_role: + ansible.builtin.include_role: name: containerd when: - kubernetes_cri == "containerd" - #register: kubernetes_cri_changed + # register: kubernetes_cri_changed - name: Install CRI-O - include_role: + ansible.builtin.include_role: name: cri-o when: - kubernetes_cri == "cri-o" - #register: kubernetes_cri_changed + # register: kubernetes_cri_changed -#- name: Restart kubelet after kubernetes cri installation -# service: -# name: kubelet -# status: restarted -# when: -# - kubernetes_cri_changed is changed +# - name: Restart kubelet after kubernetes cri installation +# ansible.builtin.service: +# name: kubelet +# status: restarted +# when: +# - kubernetes_cri_changed is changed - name: Configure NetworkManager for Calico - copy: + ansible.builtin.copy: src: "etc/NetworkManager/conf.d/calico.conf" dest: "/etc/NetworkManager/conf.d/calico.conf" group: root @@ -33,14 +33,14 @@ register: kubernetes_network_networkmanager_changed - name: Restart kubelet after kubernetes cri installation - service: + ansible.builtin.service: name: NetworkManager status: reload when: - kubernetes_network_networkmanager_changed is changed - name: Configuring IPVS kernel module to be load on boot - template: + ansible.builtin.template: src: "etc/modules-load.d/ipvs.conf.j2" dest: "/etc/modules-load.d/ipvs.conf" group: root @@ -50,7 +50,7 @@ - kubernetes_kubeproxy_mode == "ipvs" - name: Load IPVS kernel module for EL7 - modprobe: + community.general.modprobe: name: "{{ item }}" state: present with_items: @@ -66,7 +66,7 @@ - ansible_distribution_major_version == '7' - name: Load IPVS kernel module for EL8 - modprobe: + community.general.modprobe: name: "{{ item }}" state: present with_items: @@ -81,7 +81,7 @@ - ansible_distribution_major_version == '8' - name: Create thin volumes for kubernetes - lvol: + community.general.lvol: vg: "{{ item.vg }}" lv: "{{ item.name }}" thinpool: kubernetes @@ -93,8 +93,8 @@ when: - kubernetes_master|bool -- name: create file system on containerd lv - filesystem: +- name: Create file system on containerd lv + community.general.filesystem: fstype: ext4 dev: "/dev/{{ item.vg }}/{{ item.name }}" with_items: @@ -104,8 +104,8 @@ when: - kubernetes_master|bool -- name: mount logical volumes - mount: +- name: Mount logical volumes + ansible.posix.mount: name: "{{ item.mount_point }}" src: "/dev/{{ item.vg }}/{{ item.name }}" fstype: ext4 @@ -120,14 +120,14 @@ - kubernetes_master|bool - name: Ensuring /var/lib/etcd/lost+found Folder does not exists - file: + ansible.builtin.file: path: "/var/lib/etcd/lost+found" state: "absent" when: - partition_formated is changed - name: Secure etcd directory - file: + ansible.builtin.file: path: "/var/lib/etcd" state: directory owner: root @@ -137,7 +137,7 @@ - kubernetes_master|bool - name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists - file: + ansible.builtin.file: path: "/etc/systemd/system/kubelet.service.d" state: "directory" group: root @@ -147,7 +147,7 @@ - ansible_service_mgr == "systemd" - name: Configure kubelet service - template: + ansible.builtin.template: src: "etc/{{ item }}.j2" dest: "/etc/{{ item }}" group: root @@ -160,7 +160,7 @@ - ansible_service_mgr == "systemd" - name: Configure kubelet service for CRI-O - template: + ansible.builtin.template: src: "etc/{{ item }}.j2" dest: "/etc/{{ item }}" group: root @@ -173,7 +173,7 @@ - kubernetes_cri == "cri-o" - name: Configure kubelet service - template: + ansible.builtin.template: src: "etc/{{ item }}.j2" dest: "/etc/{{ item }}" group: root @@ -185,13 +185,13 @@ - not ansible_service_mgr == "systemd" - name: Enable kubelet on boot - service: + ansible.builtin.service: name: kubelet state: started - enabled: yes + enabled: true - name: Audit policies directory - file: + ansible.builtin.file: path: "/etc/kubernetes/policies" state: directory owner: root @@ -205,7 +205,7 @@ # Ou récupération de ces règles pour une utilisation avec falco - name: Configure audit policy - copy: + ansible.builtin.copy: src: "etc/kubernetes/policies/audit-policy.yaml" dest: "/etc/kubernetes/policies/audit-policy.yaml" group: root @@ -216,93 +216,102 @@ # First controler - name: Check if /etc/kubernetes/admin.conf already existe - stat: + ansible.builtin.stat: path: /etc/kubernetes/admin.conf register: st + check_mode: false changed_when: False - name: Create KubernetesMasterConfigured group - group_by: + ansible.builtin.group_by: key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} + check_mode: false when: - st.stat.exists - name: Retreive kubeadm Major version - shell: set -o pipefail && kubeadm version | sed 's/.*{Major:"\([0-9]\)".*/\1/' + ansible.builtin.shell: set -o pipefail && kubeadm version | sed 's/.*{Major:"\([0-9]\)".*/\1/' register: kubeadm_version_major + check_mode: false changed_when: False - name: Retreive kubeadm Minor version - shell: set -o pipefail && kubeadm version | sed -e 's/.* Minor:"\([0-9]*\)".*/\1/' + ansible.builtin.shell: set -o pipefail && kubeadm version | sed -e 's/.* Minor:"\([0-9]*\)".*/\1/' register: kubeadm_version_minor + check_mode: false changed_when: False - name: Defined a default lb_kubemaster - set_fact: + ansible.builtin.set_fact: lb_kubemaster: "{{ groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] }}" when: - lb_kubemaster is undefined # - groups['KubernetesMasters'] | length > 1 changed_when: False + check_mode: false - name: Deploy First controler block: - - name: Deploy initial kubeadm config - template: - src: kubeadm-config.yaml.j2 - dest: /root/kubeadm-config.yaml - owner: root - group: root - mode: 0600 + - name: Deploy initial kubeadm config + ansible.builtin.template: + src: kubeadm-config.yaml.j2 + dest: /root/kubeadm-config.yaml + owner: root + group: root + mode: 0600 - - name: Init Kubernetes on {{ groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] }} - command: kubeadm init --config=/root/kubeadm-config.yaml + - name: Init Kubernetes on {{ groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] }} + ansible.builtin.command: kubeadm init --config=/root/kubeadm-config.yaml - - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group - group_by: - key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} + - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group + ansible.builtin.group_by: + key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} + check_mode: false - when: - - groups['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined - - groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] == ansible_hostname + when: + - groups['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined + - groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] == ansible_hostname # End of first controler - name: Test if server node already included - command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes {{ ansible_hostname | lower }} + ansible.builtin.command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes {{ ansible_hostname | lower }} delegate_to: "{{ lb_kubemaster }}" register: server_enrolled changed_when: False ignore_errors: yes + check_mode: false -#- name: Deploy kubeadm config -# template: -# src: kubeadm-config.yaml.j2 -# dest: /root/kubeadm-config.yaml -# owner: root -# group: root -# mode: 600 -# when: -# - not groups['KubernetesMasters'][0] == ansible_hostname -# - server_enrolled.rc == 1 +# - name: Deploy kubeadm config +# ansible.builtin.template: +# src: kubeadm-config.yaml.j2 +# dest: /root/kubeadm-config.yaml +# owner: root +# group: root +# mode: 600 +# when: +# - not groups['KubernetesMasters'][0] == ansible_hostname +# - server_enrolled.rc == 1 - name: Retreive certificats key on {{ lb_kubemaster }} - shell: set -o pipefail && kubeadm init phase upload-certs --upload-certs | grep -v upload-certs + ansible.builtin.shell: set -o pipefail && kubeadm init phase upload-certs --upload-certs | grep -v upload-certs register: kubernetes_certificateKey + check_mode: false delegate_to: "{{ lb_kubemaster }}" when: - server_enrolled.rc == 1 - kubernetes_master|bool - name: Retreive token on "{{ lb_kubemaster }}" - command: kubeadm token create + ansible.builtin.command: kubeadm token create register: kubetoken delegate_to: "{{ lb_kubemaster }}" + check_mode: false when: - server_enrolled.rc == 1 - name: Retreive hash certificat - shell: > + ansible.builtin.shell: > set -o pipefail && openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | @@ -310,11 +319,12 @@ sed 's/^.* //' register: cacerthash delegate_to: "{{ lb_kubemaster }}" + check_mode: false when: - server_enrolled.rc == 1 - name: Deploy kubeadm config - template: + ansible.builtin.template: src: kubeadm-config.yaml.j2 dest: /root/kubeadm-config.yaml owner: root @@ -324,6 +334,6 @@ - server_enrolled.rc == 1 - name: Join '{{ ansible_hostname }}' to Kubernetes cluster - command: kubeadm join --config=/root/kubeadm-config.yaml + ansible.builtin.command: kubeadm join --config=/root/kubeadm-config.yaml when: - server_enrolled.rc == 1 diff --git a/tasks/install_server.yml b/tasks/install_server.yml index c50cc8c..1d53902 100644 --- a/tasks/install_server.yml +++ b/tasks/install_server.yml @@ -1,51 +1,53 @@ --- - name: Include vars for not taint Kubernetes masters - include_vars: masters.yml + ansible.builtin.include_vars: masters.yml when: - kubernetes_master|bool - not kubernetes_master_taint|bool - name: Add master to KubernetesMasters_ClusterName group - group_by: + ansible.builtin.group_by: key: KubernetesMasters_{{ kubernetes_cluster_name }} + check_mode: false when: - "'KubernetesMasters' in group_names" - name: Add node to KubernetesNodes_ClusterName group - group_by: + ansible.builtin.group_by: key: KubernetesNodes_{{ kubernetes_cluster_name }} + check_mode: false when: - "'KubernetesNodes' in group_names" - name: Disable SWAP since kubernetes can't work with swap enabled (1/2) - command: swapoff -a + ansible.builtin.command: swapoff -a changed_when: false - name: Remove swapfile from /etc/fstab (2/2) - mount: + ansible.posix.mount: name: swap fstype: swap state: absent - name: Create a thin pool for kubernetes - lvol: + community.general.lvol: vg: vg_sys thinpool: kubernetes size: "{{ lv_kubernetes_size | default('20g') }}" ## Install API loadbalancer -#- include_tasks: "load_balancer.yml" -# when: -# - kubernetes_master|bool -# - groups['KubernetesMasters'] | length > 1 +# - ansible.builtin.include_tasks: "load_balancer.yml" +# when: +# - kubernetes_master|bool +# - groups['KubernetesMasters'] | length > 1 - name: Kubernetes cluster with kubeadm - include_tasks: "cluster_kubeadm.yml" + ansible.builtin.include_tasks: "cluster_kubeadm.yml" when: - kubernetes_cri != "k3s" - name: Kubernetes cluster with k3s - include_tasks: "cluster_k3s.yml" + ansible.builtin.include_tasks: "cluster_k3s.yml" when: - kubernetes_cri == "k3s" @@ -54,7 +56,7 @@ # - name: Make /root/.kube directory - file: + ansible.builtin.file: path: "/root/.kube" owner: root group: root @@ -64,10 +66,10 @@ - kubernetes_master|bool - name: Copy kubeconfig file from /etc/kubernetes/admin.conf - copy: + ansible.builtin.copy: src: "/etc/kubernetes/admin.conf" dest: /root/.kube/config - remote_src: yes + remote_src: true owner: root group: root mode: 0600 @@ -76,10 +78,10 @@ - kubernetes_cri != "k3s" - name: Copy kubeconfig file from /etc/rancher/k3s/k3s.yaml - copy: + ansible.builtin.copy: src: "/etc/rancher/k3s/k3s.yaml" dest: /root/.kube/config - remote_src: yes + remote_src: true owner: root group: root mode: 0600 @@ -91,24 +93,23 @@ # Manque autoconfig de .kube/config local # -#- name: Fetching CA certificat -# copy: -# src: /etc/kubernetes/pki/ca.crt -# dest: /root/.kube/{{ kubernetes_cluster_name }}/ca.crt -# when: -# - kubernetes_master|bigip_pool +# - name: Fetching CA certificat +# ansible.builtin.copy: +# src: /etc/kubernetes/pki/ca.crt +# dest: /root/.kube/{{ kubernetes_cluster_name }}/ca.crt +# when: +# - kubernetes_master|bigip_pool - name: Check if a node is still tainted - command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes '{{ ansible_hostname | lower }}' -o jsonpath='{.spec.taints}' + ansible.builtin.command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes '{{ ansible_hostname | lower }}' -o jsonpath='{.spec.taints}' register: current_taint - check_mode: no + check_mode: false when: - kubernetes_master_taint|bool -- name: taint the machine if needed -# command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master- - command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes '{{ ansible_hostname | lower }}' node-role.kubernetes.io/master- +- name: Taint the machine if needed +# ansible.builtin.command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master- + ansible.builtin.command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes '{{ ansible_hostname | lower }}' node-role.kubernetes.io/master- when: - kubernetes_master_taint|bool - current_taint.stdout - diff --git a/tasks/load_balancer.yml b/tasks/load_balancer.yml index 8b6765c..d557058 100644 --- a/tasks/load_balancer.yml +++ b/tasks/load_balancer.yml @@ -1,21 +1,21 @@ --- - name: Install needed packages - package: + ansible.builtin.package: name: - keepalived - curl state: present - update_cache: yes + update_cache: true notify: Restart keepalived - name: Install check_apiserver.sh script for keepalived - template: + ansible.builtin.template: src: etc/keepalived/check_apiserver.sh.j2 dest: /etc/keepalived/check_apiserver.sh owner: root group: root mode: 0755 - name: Install keepalived config file - template: + ansible.builtin.template: src: etc/keepalived/keepalived.conf.j2 dest: /etc/keepalived/keepalived.conf owner: root @@ -27,7 +27,7 @@ - groups['KubernetesMasters'][0] == ansible_hostname notify: Restart keepalived - name: Install keepalived config file - template: + ansible.builtin.template: src: etc/keepalived/keepalived.conf.j2 dest: /etc/keepalived/keepalived.conf owner: root @@ -40,4 +40,4 @@ notify: Restart keepalived - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/main.yml b/tasks/main.yml index c13136d..9283b29 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,59 +3,63 @@ tags: - kubernetes block: - - name: Include vars for {{ ansible_os_family }} - include_vars: "{{ ansible_os_family }}.yml" + - name: Include vars for {{ ansible_os_family }} + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" - - name: Define vars for master - set_fact: - kubernetes_server: true - kubernetes_master: true - kubernetes_master_taint: false - when: - - "'KubernetesMasters' in group_names" - - "'KubernetesNodes' not in group_names" + - name: Define vars for master + ansible.builtin.set_fact: + kubernetes_server: true + kubernetes_master: true + kubernetes_master_taint: false + check_mode: false + when: + - "'KubernetesMasters' in group_names" + - "'KubernetesNodes' not in group_names" - - name: Define vars for node - set_fact: - kubernetes_server: true - kubernetes_master: false - kubernetes_master_taint: false - when: - - "'KubernetesNodes' in group_names" - - "'KubernetesMasters' not in group_names" + - name: Define vars for node + ansible.builtin.set_fact: + kubernetes_server: true + kubernetes_master: false + kubernetes_master_taint: false + check_mode: false + when: + - "'KubernetesNodes' in group_names" + - "'KubernetesMasters' not in group_names" - - name: Define vars for taint master - set_fact: - kubernetes_server: true - kubernetes_master: true - kubernetes_master_taint: true - when: - - "'KubernetesNodes' in group_names" - - "'KubernetesMasters' in group_names" + - name: Define vars for taint master + ansible.builtin.set_fact: + kubernetes_server: true + kubernetes_master: true + kubernetes_master_taint: true + check_mode: false + when: + - "'KubernetesNodes' in group_names" + - "'KubernetesMasters' in group_names" - - name: Define vars for tooling - set_fact: - kubernetes_sever: false - when: - - "'KubernetesMasters' not in group_names" - - "'KubernetesNodes' not in group_names" + - name: Define vars for tooling + ansible.builtin.set_fact: + kubernetes_sever: false + check_mode: false + when: + - "'KubernetesMasters' not in group_names" + - "'KubernetesNodes' not in group_names" - - name: Install kubernetes rules for {{ ansible_os_family }} OS family - include_tasks: "{{ ansible_os_family }}.yml" + - name: Install kubernetes rules for {{ ansible_os_family }} OS family + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - #- name: Install kubernetes tools - # package: - # name: "{{ kubernetes_package_name }}" - # state: present - # update_cache: yes - ## notify: Restart kubelet - # when: - # - (not kubernetes_server|bool) or ( kubernetes_server|bool and kubernetes_cri != "k3s") + # - name: Install kubernetes tools + # ansible.builtin.package: + # name: "{{ kubernetes_package_name }}" + # state: present + # update_cache: true + ## notify: Restart kubelet + # when: + # - (not kubernetes_server|bool) or ( kubernetes_server|bool and kubernetes_cri != "k3s") - - name: Include kubernetes server rules - include_tasks: "install_server.yml" - when: - - kubernetes_server|bool + - name: Include kubernetes server rules + ansible.builtin.include_tasks: "install_server.yml" + when: + - kubernetes_server|bool - #- name: Install python library for docker - # package: name="{{ python_openshift_lib }}" state=latest update_cache=yes + # - name: Install python library for docker + # package: name="{{ python_openshift_lib }}" state=latest update_cache=yes