Update role

2022-10-27 23:38:04 +02:00 · 2022-10-27 23:38:04 +02:00 · d4dac488f9
commit d4dac488f9
parent 48e99ac551
7 changed files with 298 additions and 279 deletions
--- a/tasks/cluster_kubeadm.yml
+++ b/tasks/cluster_kubeadm.yml
@ -1,27 +1,27 @@
 ---
 - name: Install Containerd
-  include_role:
+  ansible.builtin.include_role:
    name: containerd
  when:
    - kubernetes_cri == "containerd"
-  #register: kubernetes_cri_changed
+  # register: kubernetes_cri_changed

 - name: Install CRI-O
-  include_role:
+  ansible.builtin.include_role:
    name: cri-o
  when:
    - kubernetes_cri == "cri-o"
-  #register: kubernetes_cri_changed
+  # register: kubernetes_cri_changed

-#- name: Restart kubelet after kubernetes cri installation
-#  service:
-#    name: kubelet
-#    status: restarted
-#  when:
-#    - kubernetes_cri_changed is changed
+# - name: Restart kubelet after kubernetes cri installation
+#   ansible.builtin.service:
+#     name: kubelet
+#     status: restarted
+#   when:
+#     - kubernetes_cri_changed is changed

 - name: Configure NetworkManager for Calico
-  copy:
+  ansible.builtin.copy:
    src: "etc/NetworkManager/conf.d/calico.conf"
    dest: "/etc/NetworkManager/conf.d/calico.conf"
    group: root
@ -33,14 +33,14 @@
  register: kubernetes_network_networkmanager_changed

 - name: Restart kubelet after kubernetes cri installation
-  service:
+  ansible.builtin.service:
    name: NetworkManager
    status: reload
  when:
    - kubernetes_network_networkmanager_changed is changed

 - name: Configuring IPVS kernel module to be load on boot
-  template:
+  ansible.builtin.template:
    src: "etc/modules-load.d/ipvs.conf.j2"
    dest: "/etc/modules-load.d/ipvs.conf"
    group: root
@ -50,7 +50,7 @@
    - kubernetes_kubeproxy_mode == "ipvs"

 - name: Load IPVS kernel module for EL7
-  modprobe:
+  community.general.modprobe:
    name: "{{ item }}"
    state: present
  with_items:
@ -66,7 +66,7 @@
    - ansible_distribution_major_version == '7'

 - name: Load IPVS kernel module for EL8
-  modprobe:
+  community.general.modprobe:
    name: "{{ item }}"
    state: present
  with_items:
@ -81,7 +81,7 @@
    - ansible_distribution_major_version == '8'

 - name: Create thin volumes for kubernetes
-  lvol:
+  community.general.lvol:
    vg: "{{ item.vg }}"
    lv: "{{ item.name }}"
    thinpool: kubernetes
@ -93,8 +93,8 @@
  when:
    - kubernetes_master|bool

- name: create file system on containerd lv
-  filesystem:
+- name: Create file system on containerd lv
+  community.general.filesystem:
    fstype: ext4
    dev: "/dev/{{ item.vg }}/{{ item.name }}"
  with_items:
@ -104,8 +104,8 @@
  when:
    - kubernetes_master|bool

- name: mount logical volumes
-  mount:
+- name: Mount logical volumes
+  ansible.posix.mount:
    name: "{{ item.mount_point }}"
    src: "/dev/{{ item.vg }}/{{ item.name }}"
    fstype: ext4
@ -120,14 +120,14 @@
    - kubernetes_master|bool

 - name: Ensuring /var/lib/etcd/lost+found Folder does not exists
-  file:
+  ansible.builtin.file:
    path: "/var/lib/etcd/lost+found"
    state: "absent"
  when:
    - partition_formated is changed

 - name: Secure etcd directory
-  file:
+  ansible.builtin.file:
    path: "/var/lib/etcd"
    state: directory
    owner: root
@ -137,7 +137,7 @@
    - kubernetes_master|bool

 - name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
-  file:
+  ansible.builtin.file:
    path: "/etc/systemd/system/kubelet.service.d"
    state: "directory"
    group: root
@ -147,7 +147,7 @@
    - ansible_service_mgr == "systemd"

 - name: Configure kubelet service
-  template:
+  ansible.builtin.template:
    src: "etc/{{ item }}.j2"
    dest: "/etc/{{ item }}"
    group: root
@ -160,7 +160,7 @@
    - ansible_service_mgr == "systemd"

 - name: Configure kubelet service for CRI-O
-  template:
+  ansible.builtin.template:
    src: "etc/{{ item }}.j2"
    dest: "/etc/{{ item }}"
    group: root
@ -173,7 +173,7 @@
    - kubernetes_cri == "cri-o"

 - name: Configure kubelet service
-  template:
+  ansible.builtin.template:
    src: "etc/{{ item }}.j2"
    dest: "/etc/{{ item }}"
    group: root
@ -185,13 +185,13 @@
    - not ansible_service_mgr == "systemd"

 - name: Enable kubelet on boot
-  service:
+  ansible.builtin.service:
    name: kubelet
    state: started
-    enabled: yes
+    enabled: true

 - name: Audit policies directory
-  file:
+  ansible.builtin.file:
    path: "/etc/kubernetes/policies"
    state: directory
    owner: root
@ -205,7 +205,7 @@
 # Ou récupération de ces règles pour une utilisation avec falco

 - name: Configure audit policy
-  copy:
+  ansible.builtin.copy:
    src: "etc/kubernetes/policies/audit-policy.yaml"
    dest: "/etc/kubernetes/policies/audit-policy.yaml"
    group: root
@ -216,93 +216,102 @@

 # First controler
 - name: Check if /etc/kubernetes/admin.conf already existe
-  stat:
+  ansible.builtin.stat:
    path: /etc/kubernetes/admin.conf
  register: st
+  check_mode: false
  changed_when: False

 - name: Create KubernetesMasterConfigured group
-  group_by:
+  ansible.builtin.group_by:
    key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
+  check_mode: false
  when:
    - st.stat.exists

 - name: Retreive kubeadm Major version
-  shell: set -o pipefail && kubeadm version | sed 's/.*{Major:"\([0-9]\)".*/\1/'
+  ansible.builtin.shell: set -o pipefail && kubeadm version | sed 's/.*{Major:"\([0-9]\)".*/\1/'
  register: kubeadm_version_major
+  check_mode: false
  changed_when: False

 - name: Retreive kubeadm Minor version
-  shell: set -o pipefail && kubeadm version | sed -e 's/.* Minor:"\([0-9]*\)".*/\1/'
+  ansible.builtin.shell: set -o pipefail && kubeadm version | sed -e 's/.* Minor:"\([0-9]*\)".*/\1/'
  register: kubeadm_version_minor
+  check_mode: false
  changed_when: False

 - name: Defined a default lb_kubemaster
-  set_fact:
+  ansible.builtin.set_fact:
    lb_kubemaster: "{{ groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] }}"
  when:
    - lb_kubemaster is undefined
 #    - groups['KubernetesMasters'] | length > 1
  changed_when: False
+  check_mode: false

 - name: Deploy First controler
  block:
-  - name: Deploy initial kubeadm config
-    template:
-      src: kubeadm-config.yaml.j2
-      dest: /root/kubeadm-config.yaml
-      owner: root
-      group: root
-      mode: 0600
+    - name: Deploy initial kubeadm config
+      ansible.builtin.template:
+        src: kubeadm-config.yaml.j2
+        dest: /root/kubeadm-config.yaml
+        owner: root
+        group: root
+        mode: 0600

-  - name: Init Kubernetes on {{ groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] }}
-    command: kubeadm init --config=/root/kubeadm-config.yaml
+    - name: Init Kubernetes on {{ groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] }}
+      ansible.builtin.command: kubeadm init --config=/root/kubeadm-config.yaml

-  - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
-    group_by:
-      key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
+    - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
+      ansible.builtin.group_by:
+        key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
+      check_mode: false

-  when:
-    - groups['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined
-    - groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] == ansible_hostname
+    when:
+      - groups['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined
+      - groups['KubernetesMasters_' ~ kubernetes_cluster_name][0] == ansible_hostname

 # End of first controler

 - name: Test if server node already included
-  command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes {{ ansible_hostname | lower }}
+  ansible.builtin.command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes {{ ansible_hostname | lower }}
  delegate_to: "{{ lb_kubemaster }}"
  register: server_enrolled
  changed_when: False
  ignore_errors: yes
+  check_mode: false

-#- name: Deploy kubeadm config
-#  template:
-#    src: kubeadm-config.yaml.j2
-#    dest: /root/kubeadm-config.yaml
-#    owner: root
-#    group: root
-#    mode: 600
-#  when:
-#    - not groups['KubernetesMasters'][0] == ansible_hostname
-#    - server_enrolled.rc == 1
+# - name: Deploy kubeadm config
+#   ansible.builtin.template:
+#     src: kubeadm-config.yaml.j2
+#     dest: /root/kubeadm-config.yaml
+#     owner: root
+#     group: root
+#     mode: 600
+#   when:
+#     - not groups['KubernetesMasters'][0] == ansible_hostname
+#     - server_enrolled.rc == 1

 - name: Retreive certificats key on {{ lb_kubemaster }}
-  shell: set -o pipefail && kubeadm init phase upload-certs --upload-certs | grep -v upload-certs
+  ansible.builtin.shell: set -o pipefail && kubeadm init phase upload-certs --upload-certs | grep -v upload-certs
  register: kubernetes_certificateKey
+  check_mode: false
  delegate_to: "{{ lb_kubemaster }}"
  when:
    - server_enrolled.rc == 1
    - kubernetes_master|bool

 - name: Retreive token on "{{ lb_kubemaster }}"
-  command: kubeadm token create
+  ansible.builtin.command: kubeadm token create
  register: kubetoken
  delegate_to: "{{ lb_kubemaster }}"
+  check_mode: false
  when:
    - server_enrolled.rc == 1

 - name: Retreive hash certificat
-  shell: >
+  ansible.builtin.shell: >
    set -o pipefail &&
    openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt |
    openssl rsa -pubin -outform der 2>/dev/null |
@ -310,11 +319,12 @@
    sed 's/^.* //'
  register: cacerthash
  delegate_to: "{{ lb_kubemaster }}"
+  check_mode: false
  when:
    - server_enrolled.rc == 1

 - name: Deploy kubeadm config
-  template:
+  ansible.builtin.template:
    src: kubeadm-config.yaml.j2
    dest: /root/kubeadm-config.yaml
    owner: root
@ -324,6 +334,6 @@
    - server_enrolled.rc == 1

 - name: Join '{{ ansible_hostname }}' to Kubernetes cluster
-  command: kubeadm join --config=/root/kubeadm-config.yaml
+  ansible.builtin.command: kubeadm join --config=/root/kubeadm-config.yaml
  when:
    - server_enrolled.rc == 1