ogrechko/IaC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0302e0b5045b446e643b9f846b806dbe261155f0
IaC/ansible/k8s_setup.yml

152 lines
5.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
- name: Подготовка всех узлов (Master и Workers)
hosts: masters,workers
become: true
gather_facts: true
tasks:
- name: 0. Ожидание разблокировки APT
shell: "while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 5; done;"
changed_when: false
- name: 1. Очистка старых репозиториев
shell: "rm -f /etc/apt/sources.list.d/kubernetes.list /etc/apt/sources.list.d/*k8s*"
changed_when: true
- name: 2. Настройка APT (Force IPv4 и MTU)
shell: |
echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4
ip link set dev eth0 mtu 1442 || true
changed_when: false
- name: 3. Установка базовых зависимостей
apt:
update_cache: yes
name: [apt-transport-https, ca-certificates, curl, gnupg, qemu-guest-agent, socat, conntrack]
state: present
- name: 4. Отключение SWAP
shell: |
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
when: ansible_swaptotal_mb > 0
- name: 5. Модули ядра
shell: |
modprobe overlay
modprobe br_netfilter
echo -e "overlay\nbr_netfilter" > /etc/modules-load.d/k8s.conf
changed_when: false
- name: 6. Настройка параметров sysctl
copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- name: 7. Применить sysctl
command: sysctl --system
changed_when: false
- name: 8. Установка Containerd
apt:
name: containerd
state: present
- name: 9. Конфигурация Containerd (SystemdCgroup)
shell: |
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
systemctl restart containerd
changed_when: true
- name: 10. Добавление ключа Kubernetes
shell: |
mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg --yes
register: key_res
until: key_res is success
retries: 5
delay: 5
- name: 11. Настройка репозитория Kubernetes
copy:
dest: /etc/apt/sources.list.d/kubernetes.list
content: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /"
- name: 12. Снятие блокировки версий (Unhold)
shell: apt-mark unhold kubelet kubeadm kubectl
ignore_errors: true # Если пакеты еще не были установлены
changed_when: false
- name: 13. Установка компонентов K8s (с переустановкой если надо)
apt:
name: [kubelet, kubeadm, kubectl]
state: present
update_cache: yes
register: apt_res
until: apt_res is success
retries: 5
delay: 10
- name: 14. Фиксация версий K8s (Hold)
shell: apt-mark hold kubelet kubeadm kubectl
changed_when: false
- name: Инициализация Master-ноды
hosts: masters
become: true
tasks:
- name: Проверка инициализации
stat:
path: /etc/kubernetes/admin.conf
register: kube_init
- name: Kubeadm Init (Абсолютный путь)
shell: /usr/bin/kubeadm init --pod-network-cidr=10.244.0.0/16 --skip-phases=addon/kube-proxy
when: not kube_init.stat.exists
- name: Настройка конфига для пользователя ubuntu
shell: |
mkdir -p /home/ubuntu/.kube
cp -f /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
chown ubuntu:ubuntu /home/ubuntu/.kube/config
args:
creates: /home/ubuntu/.kube/config
- name: Генерация команды Join
shell: /usr/bin/kubeadm token create --print-join-command
register: join_command_raw
- name: Сохранение факта Join
set_fact:
join_command: "{{ join_command_raw.stdout }}"
- name: Подключение Worker-нод
hosts: workers
become: true
tasks:
- name: Проверка подключения
stat:
path: /etc/kubernetes/kubelet.conf
register: kube_worker_init
- name: Join к кластеру (Абсолютный путь)
shell: "/usr/bin/{{ hostvars[groups['masters'][0]]['join_command'] }}"
when: not kube_worker_init.stat.exists
- name: Установка Cilium (eBPF)
hosts: masters
become: false
tasks:
- name: Установка Cilium CLI и CNI
shell: |
if [ ! -f /usr/local/bin/cilium ]; then
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
sudo tar xzvf cilium-linux-amd64.tar.gz -C /usr/local/bin
rm cilium-linux-amd64.tar.gz
fi
/usr/local/bin/cilium install --set kubeProxyReplacement=true
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink