203 lines
4.8 KiB
YAML
203 lines
4.8 KiB
YAML
---
|
|
- name: Install Wireguard
|
|
include_role:
|
|
name: wireguard
|
|
# when:
|
|
# - kubernetes_cni == "wireguard"
|
|
|
|
- name: Install the k3s-selinux rpm from a remote repo for yum distro
|
|
yum:
|
|
name: "https://github.com/k3s-io/k3s-selinux/releases/download/v0.2.stable.1/k3s-selinux-0.2-1.el7_8.noarch.rpm"
|
|
state: present
|
|
disable_gpg_check: yes
|
|
when:
|
|
- ansible_pkg_mgr == "yum"
|
|
|
|
- name: Install the k3s-selinux rpm from a remote repo for dnf distro
|
|
dnf:
|
|
name: "https://github.com/k3s-io/k3s-selinux/releases/download/v0.2.stable.1/k3s-selinux-0.2-1.el7_8.noarch.rpm"
|
|
state: present
|
|
disable_gpg_check: yes
|
|
when:
|
|
- ansible_pkg_mgr == "dnf"
|
|
|
|
- name: Check if /usr/local/bin/k3s already existe
|
|
stat:
|
|
path: /usr/local/bin/k3s
|
|
register: k3s_bin
|
|
changed_when: False
|
|
|
|
- name: retreive k3s binary for x86_64
|
|
get_url:
|
|
url: "https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s"
|
|
dest: "/usr/local/bin/k3s"
|
|
group: root
|
|
owner: root
|
|
mode: 0755
|
|
when:
|
|
- not k3s_bin.stat.exists
|
|
- ansible_machine == "x86_64"
|
|
|
|
- name: retreive k3s binary for arm64
|
|
get_url:
|
|
url: "https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s-arm64"
|
|
dest: "/usr/local/bin/k3s"
|
|
group: root
|
|
owner: root
|
|
mode: 0755
|
|
when:
|
|
- not k3s_bin.stat.exists
|
|
- ansible_machine == "arm64"
|
|
|
|
- name: retreive k3s binary for armv6/armv7
|
|
get_url:
|
|
url: "https://github.com/rancher/k3s/releases/download/v1.22.2%2Bk3s2/k3s-armhf"
|
|
dest: "/usr/local/bin/k3s"
|
|
group: root
|
|
owner: root
|
|
mode: 0755
|
|
when:
|
|
- not k3s_bin.stat.exists
|
|
- (ansible_machine == "armv7l") or (ansible_machine == "armv6l")
|
|
|
|
- name: Create tools link
|
|
file:
|
|
src: "k3s"
|
|
dest: "/usr/local/bin/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
state: link
|
|
with_items:
|
|
- "kubectl"
|
|
- "crictl"
|
|
- "ctr"
|
|
|
|
- name: Create thin volumes for k3s
|
|
lvol:
|
|
vg: "{{ item.vg }}"
|
|
lv: "{{ item.name }}"
|
|
thinpool: kubernetes
|
|
size: "{{ item.size }}"
|
|
with_items:
|
|
- { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}
|
|
|
|
- name: create file system on containerd lv
|
|
filesystem:
|
|
fstype: ext4
|
|
dev: "/dev/{{ item.vg }}/{{ item.name }}"
|
|
with_items:
|
|
- { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}
|
|
|
|
- name: mount logical volumes
|
|
mount:
|
|
name: "{{ item.mount_point }}"
|
|
src: "/dev/{{ item.vg }}/{{ item.name }}"
|
|
fstype: ext4
|
|
opts: "{{ item.mount_opts }}"
|
|
state: mounted
|
|
with_items:
|
|
- { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}
|
|
|
|
- name: Audit policies directory
|
|
file:
|
|
path: "/etc/kubernetes/policies"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
when:
|
|
- kubernetes_master|bool
|
|
|
|
- name: Configure audit policy
|
|
copy:
|
|
src: "etc/kubernetes/policies/audit-policy.yaml"
|
|
dest: "/etc/kubernetes/policies/audit-policy.yaml"
|
|
group: root
|
|
owner: root
|
|
mode: 0644
|
|
when:
|
|
- kubernetes_master|bool
|
|
|
|
# Check controlers
|
|
- name: Check if /etc/rancher/k3s/k3s.yaml already existe
|
|
stat:
|
|
path: /etc/rancher/k3s/k3s.yaml
|
|
register: st
|
|
changed_when: False
|
|
when:
|
|
- kubernetes_master|bool
|
|
|
|
- name: Create KubernetesMasterConfigured group
|
|
group_by:
|
|
key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
|
|
when:
|
|
- kubernetes_master|bool
|
|
- st.stat.exists
|
|
|
|
# First controler
|
|
- name: Configure first controler
|
|
# run_once: true
|
|
block:
|
|
- name: Deploy systemd service
|
|
template:
|
|
src: "etc/systemd/system/{{ item }}.j2"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
with_items:
|
|
- "k3s.service"
|
|
- "k3s.service.env"
|
|
when:
|
|
- ansible_service_mgr == "systemd"
|
|
|
|
- name: Reload systemd
|
|
ansible.builtin.systemd:
|
|
daemon_reload: yes
|
|
|
|
- name: Enable k3s on boot
|
|
service:
|
|
name: k3s
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Wait for k3s.yaml
|
|
wait_for:
|
|
path: /etc/rancher/k3s/k3s.yaml
|
|
|
|
- name: Wait for token
|
|
wait_for:
|
|
path: /var/lib/rancher/k3s/server/token
|
|
|
|
- name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
|
|
group_by:
|
|
key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
|
|
|
|
when:
|
|
- kubernetes_master|bool
|
|
- vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined
|
|
|
|
|
|
|
|
# Manque kubernetes_server_token, kubernetes_master url
|
|
|
|
#- name: Deploy systemd service
|
|
# template:
|
|
# src: "etc/systemd/system/{{ item }}.j2"
|
|
# dest: "/etc/systemd/system/{{ item }}"
|
|
# owner: root
|
|
# group: root
|
|
# mode: 0600
|
|
# with_items:
|
|
# - "k3s.service"
|
|
# - "k3s.service.env"
|
|
# when:
|
|
# - ansible_service_mgr == "systemd"
|
|
|
|
|
|
|
|
- name: Enable k3s on boot
|
|
service:
|
|
name: k3s
|
|
state: started
|
|
enabled: yes
|