mirror of
https://github.com/batonogov/learn-devops.git
synced 2025-11-29 00:33:02 +00:00
175 lines
5.9 KiB
YAML
175 lines
5.9 KiB
YAML
# Подготовка к запуску Kubernetes кластера
|
||
- name: Подготоваливаю узлы для kubernetes кластера
|
||
become: true
|
||
hosts:
|
||
- kubeadm
|
||
tasks:
|
||
- name: Добавляю модули br_netfilter и overlay
|
||
community.general.modprobe:
|
||
name: "{{ item }}"
|
||
state: present
|
||
with_items:
|
||
- br_netfilter
|
||
- overlay
|
||
|
||
- name: Добавляю модули br_netfilter и overlay в /etc/modules
|
||
ansible.builtin.lineinfile:
|
||
path: /etc/modules
|
||
line: "{{ item }}"
|
||
create: true
|
||
with_items:
|
||
- br_netfilter
|
||
- overlay
|
||
|
||
- name: Включаю маршрутизацию IP и iptables для моста
|
||
ansible.posix.sysctl:
|
||
name: "{{ item }}"
|
||
value: 1
|
||
state: present
|
||
with_items:
|
||
- net.ipv4.ip_forward
|
||
- net.bridge.bridge-nf-call-iptables
|
||
|
||
- name: Устанавливаю пакеты
|
||
ansible.builtin.apt:
|
||
name:
|
||
- apt-transport-https
|
||
- ca-certificates
|
||
- curl
|
||
- gpg
|
||
- software-properties-common
|
||
update_cache: true
|
||
register: apt_res
|
||
retries: 5
|
||
until: apt_res is success
|
||
|
||
- name: Добавляю gpg ключ для репозиториев Kubernetes и cri-o
|
||
ansible.builtin.apt_key:
|
||
url: '{{ item["url"] }}'
|
||
state: present
|
||
keyring: '{{ item["keyring"] }}'
|
||
with_items:
|
||
- {
|
||
url: "https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key",
|
||
keyring: "/etc/apt/keyrings/kubernetes-apt-keyring.gpg",
|
||
}
|
||
- {
|
||
url: "https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key",
|
||
keyring: "/etc/apt/keyrings/cri-o-apt-keyring.gpg",
|
||
}
|
||
|
||
- name: Добавляю репозитории Kubernetes и cri-o
|
||
ansible.builtin.apt_repository:
|
||
repo: "{{ item }}"
|
||
state: present
|
||
with_items:
|
||
- deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/v1.30/deb/ /
|
||
- deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /
|
||
|
||
- name: Устанавливаю пакеты kubelet, kubeadm, kubectl и cri-o
|
||
ansible.builtin.apt:
|
||
name:
|
||
- kubelet
|
||
- kubeadm
|
||
- kubectl
|
||
- cri-o
|
||
state: present
|
||
update_cache: true
|
||
|
||
- name: Предотвращаю обновление kubelet, kubeadm и kubectl
|
||
ansible.builtin.dpkg_selections:
|
||
name: "{{ item }}"
|
||
selection: hold
|
||
with_items:
|
||
- kubelet
|
||
- kubeadm
|
||
- kubectl
|
||
|
||
- name: Включаю и запускаю службы kubelet и cri-o
|
||
ansible.builtin.systemd:
|
||
name: "{{ item }}"
|
||
enabled: true
|
||
state: started
|
||
with_items:
|
||
- kubelet
|
||
- crio
|
||
|
||
# Запуск сервисов keepalived и haproxy как статических подсистем
|
||
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#option-2-run-the-services-as-static-pods
|
||
- name: Настраиваю keepalived + haproxy и инициализирую кластер
|
||
become: true
|
||
hosts:
|
||
- kubeadm_control_plane
|
||
roles:
|
||
- haproxy_static_pods
|
||
tasks:
|
||
- name: Инициализирую высокодоступный кластер
|
||
run_once: true
|
||
ansible.builtin.command: |
|
||
kubeadm init \
|
||
--pod-network-cidr=10.244.0.0/16 \
|
||
--control-plane-endpoint=10.0.75.80:8888 \
|
||
--upload-certs \
|
||
--skip-phases=addon/kube-proxy
|
||
args:
|
||
creates: /etc/kubernetes/kubelet.conf
|
||
notify:
|
||
- Создаю token для control-plane
|
||
- Создаю token для node
|
||
- Добавляю control-plane узлы в кластер
|
||
- Добавляю node узлы в кластер
|
||
handlers:
|
||
- name: Создаю token для control-plane
|
||
ansible.builtin.shell:
|
||
cmd: |
|
||
set -o pipefail
|
||
echo $(kubeadm token create --print-join-command) \
|
||
--control-plane \
|
||
--certificate-key \
|
||
$(kubeadm init phase upload-certs --upload-certs | grep -vw -e certificate -e Namespace)
|
||
executable: /bin/bash
|
||
register: join_control_plane_raw
|
||
- name: Создаю token для node
|
||
ansible.builtin.command: kubeadm token create --print-join-command
|
||
register: join_node_raw
|
||
- name: Добавляю control-plane узлы в кластер
|
||
ansible.builtin.command: "{{ join_control_plane_raw.stdout }}"
|
||
args:
|
||
creates: /etc/kubernetes/kubelet.conf
|
||
delegate_to: "{{ item }}"
|
||
loop: "{{ groups['kubeadm_control_plane'] }}"
|
||
- name: Добавляю node узлы в кластер
|
||
ansible.builtin.command: "{{ join_node_raw.stdout }}"
|
||
args:
|
||
creates: /etc/kubernetes/kubelet.conf
|
||
delegate_to: "{{ item }}"
|
||
loop: "{{ groups['kubeadm_nodes'] }}"
|
||
|
||
# Подготовка control-plane узлов
|
||
- name: Подготовка control-plane узлов для работы с kubectl
|
||
become: true
|
||
gather_facts: false
|
||
hosts:
|
||
- kubeadm_control_plane
|
||
tasks:
|
||
- name: Создаю директорию .kube
|
||
become_user: infra
|
||
ansible.builtin.file:
|
||
path: $HOME/.kube
|
||
state: directory
|
||
mode: "755"
|
||
- name: Копирую admin.conf в директорию .kube
|
||
ansible.builtin.copy:
|
||
src: /etc/kubernetes/admin.conf
|
||
dest: /home/infra/.kube/config
|
||
remote_src: true
|
||
owner: infra
|
||
group: infra
|
||
mode: "600"
|
||
- name: Копирую kube/config
|
||
run_once: true
|
||
ansible.posix.synchronize:
|
||
src: "~/.kube/config" # remote host
|
||
dest: "~/.kube/config" # localhost
|
||
mode: pull
|