147 lines
5.1 KiB
YAML
147 lines
5.1 KiB
YAML
---
|
||
- name: Подготовка всех узлов (Master и Workers)
|
||
hosts: masters,workers
|
||
become: true
|
||
gather_facts: true
|
||
tasks:
|
||
- name: 0. Ожидание разблокировки APT
|
||
shell: "while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 5; done;"
|
||
changed_when: false
|
||
|
||
- name: 1. Полная очистка старых репозиториев K8s (Удаление мусора)
|
||
shell: "rm -f /etc/apt/sources.list.d/kubernetes.list /etc/apt/sources.list.d/*k8s* /etc/apt/sources.list.d/*kubern*"
|
||
changed_when: true
|
||
|
||
- name: 2. Настройка APT (Force IPv4 и MTU)
|
||
shell: |
|
||
echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4
|
||
ip link set dev eth0 mtu 1442 || true
|
||
changed_when: false
|
||
|
||
- name: 3. Установка базовых зависимостей
|
||
apt:
|
||
update_cache: yes
|
||
name: [apt-transport-https, ca-certificates, curl, gnupg, qemu-guest-agent, socat, conntrack]
|
||
state: present
|
||
|
||
- name: 4. Отключение SWAP
|
||
shell: |
|
||
swapoff -a
|
||
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
|
||
when: ansible_swaptotal_mb > 0
|
||
|
||
- name: 5. Модули ядра
|
||
shell: |
|
||
modprobe overlay
|
||
modprobe br_netfilter
|
||
echo -e "overlay\nbr_netfilter" > /etc/modules-load.d/k8s.conf
|
||
changed_when: false
|
||
|
||
- name: 6. Настройка параметров sysctl
|
||
copy:
|
||
dest: /etc/sysctl.d/k8s.conf
|
||
content: |
|
||
net.bridge.bridge-nf-call-iptables = 1
|
||
net.bridge.bridge-nf-call-ip6tables = 1
|
||
net.ipv4.ip_forward = 1
|
||
|
||
- name: 7. Применить sysctl
|
||
command: sysctl --system
|
||
changed_when: false
|
||
|
||
- name: 8. Установка Containerd
|
||
apt:
|
||
name: containerd
|
||
state: present
|
||
|
||
- name: 9. Конфигурация Containerd (SystemdCgroup)
|
||
shell: |
|
||
mkdir -p /etc/containerd
|
||
containerd config default > /etc/containerd/config.toml
|
||
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
|
||
systemctl restart containerd
|
||
changed_when: true
|
||
|
||
- name: 10. Добавление ключа Kubernetes (Официальный)
|
||
shell: |
|
||
mkdir -p /etc/apt/keyrings
|
||
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg --yes
|
||
register: key_res
|
||
until: key_res is success
|
||
retries: 5
|
||
delay: 5
|
||
|
||
- name: 11. Настройка репозитория Kubernetes (Official Flat)
|
||
copy:
|
||
dest: /etc/apt/sources.list.d/kubernetes.list
|
||
content: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /"
|
||
|
||
- name: 12. Установка компонентов K8s (с проверкой)
|
||
apt:
|
||
name: [kubelet, kubeadm, kubectl]
|
||
state: present
|
||
update_cache: yes
|
||
register: apt_res
|
||
until: apt_res is success
|
||
retries: 5
|
||
delay: 10
|
||
|
||
- name: 13. Фиксация версий
|
||
shell: apt-mark hold kubelet kubeadm kubectl
|
||
changed_when: false
|
||
|
||
- name: Инициализация Master-ноды
|
||
hosts: masters
|
||
become: true
|
||
tasks:
|
||
- name: Проверка инициализации
|
||
stat:
|
||
path: /etc/kubernetes/admin.conf
|
||
register: kube_init
|
||
|
||
- name: Kubeadm Init (используем полный путь)
|
||
shell: /usr/bin/kubeadm init --pod-network-cidr=10.244.0.0/16 --skip-phases=addon/kube-proxy
|
||
when: not kube_init.stat.exists
|
||
|
||
- name: Настройка конфига для пользователя ubuntu
|
||
shell: |
|
||
mkdir -p /home/ubuntu/.kube
|
||
cp -f /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
|
||
chown ubuntu:ubuntu /home/ubuntu/.kube/config
|
||
args:
|
||
creates: /home/ubuntu/.kube/config
|
||
|
||
- name: Генерация команды Join
|
||
shell: /usr/bin/kubeadm token create --print-join-command
|
||
register: join_command_raw
|
||
|
||
- name: Сохранение факта Join
|
||
set_fact:
|
||
join_command: "{{ join_command_raw.stdout }}"
|
||
|
||
- name: Подключение Worker-нод
|
||
hosts: workers
|
||
become: true
|
||
tasks:
|
||
- name: Проверка подключения
|
||
stat:
|
||
path: /etc/kubernetes/kubelet.conf
|
||
register: kube_worker_init
|
||
|
||
- name: Join к кластеру (используем полный путь)
|
||
shell: "/usr/bin/{{ hostvars[groups['masters'][0]]['join_command'] }}"
|
||
when: not kube_worker_init.stat.exists
|
||
|
||
- name: Установка Cilium (eBPF)
|
||
hosts: masters
|
||
become: false
|
||
tasks:
|
||
- name: Установка Cilium CLI и CNI
|
||
shell: |
|
||
if [ ! -f /usr/local/bin/cilium ]; then
|
||
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
|
||
sudo tar xzvf cilium-linux-amd64.tar.gz -C /usr/local/bin
|
||
rm cilium-linux-amd64.tar.gz
|
||
fi
|
||
/usr/local/bin/cilium install --set kubeProxyReplacement=true
|
||
ignore_errors: true |