ogrechko/IaC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
675a14c3f5f300a353625a06650247bbb957eed6
IaC/ansible/k8s_setup.yml

129 lines
4.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
- name: Подготовка всех узлов (Master и Workers)
hosts: k8s_nodes
become: true
gather_facts: true
tasks:
- name: 0. Ожидание разблокировки APT (усиленное)
shell: "while fuser /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 5; done;"
changed_when: false
- name: 1. Очистка старых конфигов K8s
shell: "rm -f /etc/apt/sources.list.d/kubernetes.list /etc/apt/sources.list.d/*k8s*"
changed_when: true
- name: 2. Настройка APT (Force IPv4 и MTU)
shell: |
echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4
ip link set dev eth0 mtu 1442 || true
changed_when: false
- name: 3. Установка системных зависимостей (с повторами)
apt:
update_cache: yes
name: [apt-transport-https, ca-certificates, curl, gnupg, qemu-guest-agent, socat, conntrack]
state: present
register: apt_res
until: apt_res is success
retries: 20
delay: 10
- name: 4. Отключение SWAP
shell: |
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
when: ansible_swaptotal_mb > 0
- name: 5. Модули ядра и Sysctl
shell: |
modprobe overlay
modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
changed_when: false
- name: 6. Установка Containerd
apt:
name: containerd
state: present
register: cont_res
until: cont_res is success
retries: 10
delay: 5
- name: 7. Конфигурация Containerd (SystemdCgroup)
shell: |
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
systemctl restart containerd
changed_when: true
- name: 8. Добавление ключа Kubernetes
shell: |
mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg --yes
register: key_res
until: key_res is success
retries: 5
- name: 9. Настройка репозитория (Tsinghua)
copy:
dest: /etc/apt/sources.list.d/kubernetes.list
content: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb/ /"
- name: 10. Установка компонентов K8s
apt:
name: [kubelet, kubeadm, kubectl]
state: present
update_cache: yes
allow_change_held_packages: yes
register: k8s_res
until: k8s_res is success
retries: 10
delay: 10
- name: 11. Фиксация версий
shell: apt-mark hold kubelet kubeadm kubectl
changed_when: false
- name: Инициализация Master-ноды
hosts: masters_group
become: true
tasks:
- name: Kubeadm Init
shell: "kubeadm init --pod-network-cidr=10.244.0.0/16 --skip-phases=addon/kube-proxy"
args:
creates: /etc/kubernetes/admin.conf
- name: Настройка конфига для ubuntu
shell: |
mkdir -p /home/ubuntu/.kube
cp -f /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
chown ubuntu:ubuntu /home/ubuntu/.kube/config
args:
creates: /home/ubuntu/.kube/config
- name: Генерация команды Join
shell: "kubeadm token create --print-join-command"
register: join_command_raw
- name: Сохранение факта Join
set_fact:
join_command: "{{ join_command_raw.stdout }}"
- name: Подключение Worker-нод
hosts: workers_group
become: true
tasks:
- name: Join к кластеру
shell: "{{ hostvars[groups['masters_group'][0]]['join_command'] }}"
args:
creates: /etc/kubernetes/kubelet.conf
- name: Stage 4 - Post-install (CNI & MetalLB)
import_playbook: k8s_post_install.yml
Reference in New Issue View Git Blame Copy Permalink