You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
178 lines
4.3 KiB
YAML
178 lines
4.3 KiB
YAML
---
|
|
- hosts: "k3s_cluster"
|
|
|
|
tasks:
|
|
|
|
# Prerequisites
|
|
- name: "Install Dependencies"
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- "container-selinux"
|
|
- "selinux-policy-base"
|
|
state: "present"
|
|
become: true
|
|
|
|
- name: "Install k3s SELinux"
|
|
ansible.builtin.dnf:
|
|
name: "https://rpm.rancher.io/k3s/latest/common/centos/7/noarch/k3s-selinux-0.2-1.el7_8.noarch.rpm"
|
|
disable_gpg_check: true
|
|
state: "present"
|
|
become: true
|
|
|
|
- name: "Enable IPv4 forwarding"
|
|
ansible.builtin.sysctl:
|
|
name: "net.ipv4.ip_forward"
|
|
value: 1
|
|
state: "present"
|
|
reload: true
|
|
become: true
|
|
|
|
- name: "Enable IPv6 forwarding"
|
|
ansible.builtin.sysctl:
|
|
name: "net.ipv6.conf.all.forwarding"
|
|
value: 1
|
|
state: "present"
|
|
reload: true
|
|
become: true
|
|
|
|
- name: "Manage br_netfilter Module File"
|
|
ansible.builtin.copy:
|
|
dest: "/etc/modules-load.d/br_netfilter.conf"
|
|
content: "br_netfilter"
|
|
mode: "u=rw,g=,o="
|
|
become: true
|
|
|
|
- name: "Load br_netfilter Module"
|
|
community.general.modprobe:
|
|
name: "br_netfilter"
|
|
state: "present"
|
|
become: true
|
|
|
|
- name: "Manage bridge-nf-call-iptables Sysctl"
|
|
ansible.builtin.sysctl:
|
|
name: "{{ item }}"
|
|
value: "1"
|
|
state: "present"
|
|
reload: true
|
|
become: true
|
|
loop:
|
|
- "net.bridge.bridge-nf-call-iptables"
|
|
- "net.bridge.bridge-nf-call-ip6tables"
|
|
|
|
# K3S Installation
|
|
- name: "Download k3s Binary"
|
|
ansible.builtin.get_url:
|
|
url: "https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s"
|
|
checksum: "sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt"
|
|
dest: "/usr/local/bin/k3s"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0755
|
|
become: true
|
|
|
|
- hosts: "k3s_servers"
|
|
|
|
tasks:
|
|
|
|
- name: "Create kubectl symlink"
|
|
ansible.builtin.file:
|
|
src: "/usr/local/bin/k3s"
|
|
dest: "/usr/local/bin/kubectl"
|
|
state: "link"
|
|
become: true
|
|
|
|
- name: "Create crictl symlink"
|
|
ansible.builtin.file:
|
|
src: "/usr/local/bin/k3s"
|
|
dest: "/usr/local/bin/crictl"
|
|
state: "link"
|
|
become: true
|
|
|
|
- name: "Create ctr symlink"
|
|
ansible.builtin.file:
|
|
src: "/usr/local/bin/k3s"
|
|
dest: "/usr/local/bin/ctr"
|
|
state: "link"
|
|
become: true
|
|
|
|
- hosts: "k3s_server1"
|
|
|
|
tasks:
|
|
|
|
- name: "Manage k3s Service Unit File"
|
|
ansible.builtin.template:
|
|
src: "k3s.service.j2"
|
|
dest: "/etc/systemd/system/k3s.service"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
become: true
|
|
|
|
- name: "Manage k3s Service"
|
|
ansible.builtin.systemd:
|
|
name: "k3s.service"
|
|
state: "started"
|
|
enabled: true
|
|
daemon_reload: true
|
|
become: true
|
|
|
|
- name: "Wait for etcd"
|
|
ansible.builtin.wait_for:
|
|
port: 2379
|
|
timeout: 120
|
|
|
|
- name: "Create kubeconfig"
|
|
ansible.builtin.template:
|
|
src: "admin.kubeconfig.j2"
|
|
dest: "output/admin.kubeconfig"
|
|
delegate_to: "localhost"
|
|
|
|
- name: "Fetch CA"
|
|
ansible.builtin.fetch:
|
|
src: "/var/lib/rancher/k3s/server/tls/server-ca.crt"
|
|
dest: "output/"
|
|
flat: true
|
|
become: true
|
|
|
|
- name: "Fetch CRT"
|
|
ansible.builtin.fetch:
|
|
src: "/var/lib/rancher/k3s/server/tls/client-admin.crt"
|
|
dest: "output/"
|
|
flat: true
|
|
become: true
|
|
|
|
- name: "Fetch KEY"
|
|
ansible.builtin.fetch:
|
|
src: "/var/lib/rancher/k3s/server/tls/client-admin.key"
|
|
dest: "output/"
|
|
flat: true
|
|
become: true
|
|
|
|
- hosts: "all !k3s_server1"
|
|
|
|
tasks:
|
|
|
|
- name: "Wait for etcd on server 1"
|
|
ansible.builtin.wait_for:
|
|
host: "{{ hostvars['k3s_server1']['ansible_host'] }}"
|
|
port: 2379
|
|
timeout: 120
|
|
|
|
- name: "Manage k3s Service Unit File"
|
|
ansible.builtin.template:
|
|
src: "k3s.service.j2"
|
|
dest: "/etc/systemd/system/k3s.service"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: 0644
|
|
become: true
|
|
|
|
- name: "Manage k3s Service"
|
|
ansible.builtin.systemd:
|
|
name: "k3s.service"
|
|
state: "started"
|
|
enabled: true
|
|
daemon_reload: true
|
|
become: true
|
|
...
|