--- - name: Install, configure Kubernetes cluster, and join nodes hosts: all become: yes vars: kubernetes_version: 'v1.29' project_path: 'prerelease:/main' join_command: '' vars_files: - secrets.yaml tasks: - name: Set is_control_plane fact set_fact: is_control_plane: "{{ 'true' if inventory_hostname == groups['control_plane'][0] else 'false' }}" tags: - generate_secret - name: Install required packages ansible.builtin.apt: update_cache: yes name: - software-properties-common - curl - git state: present - name: Add Kubernetes APT keyring ansible.builtin.shell: | curl -fsSL https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg register: apt_keyring_result ignore_errors: yes - name: Post-task Debug Message for Add Kubernetes APT keyring ansible.builtin.debug: msg: 'Completed adding Kubernetes APT keyring with result: {{ apt_keyring_result }}' - name: Add Kubernetes APT repository ansible.builtin.lineinfile: path: /etc/apt/sources.list.d/kubernetes.list line: 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /' create: yes ignore_errors: yes - name: Add CRI-O APT keyring ansible.builtin.shell: | curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/{{ project_path }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg ignore_errors: yes - name: Add CRI-O APT repository ansible.builtin.lineinfile: path: /etc/apt/sources.list.d/cri-o.list line: 'deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/{{ project_path }}/deb/ /' create: yes ignore_errors: yes - name: Install Kubernetes components and CRI-O ansible.builtin.apt: update_cache: yes name: - cri-o - kubelet - kubeadm - kubectl state: latest - name: Start CRI-O service ansible.builtin.systemd: name: crio state: started enabled: yes - name: Disable swap ansible.builtin.shell: swapoff -a notify: Apply sysctl settings - name: Load br_netfilter module ansible.builtin.modprobe: name: br_netfilter state: present - name: Enable IP forwarding ansible.builtin.sysctl: name: net.ipv4.ip_forward value: '1' state: present reload: yes - name: Configure kubelet for external cloud provider ansible.builtin.lineinfile: path: /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf regexp: '^ExecStart=.*' line: 'ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --cloud-provider=external' backrefs: yes - name: Reload systemd daemon to apply kubelet configuration changes ansible.builtin.systemd: daemon_reload: yes - name: Restart kubelet to apply external cloud provider configuration ansible.builtin.service: name: kubelet state: restarted - name: Initialize the Kubernetes cluster ansible.builtin.shell: kubeadm init --pod-network-cidr=10.244.0.0/16 when: is_control_plane | bool register: init_output ignore_errors: yes - name: Capture the kubeadm join command set_fact: join_command: "{{ init_output.stdout_lines | select('search','kubeadm join') | list | first }}" when: is_control_plane | bool - name: Debug print the kubeadm join command ansible.builtin.debug: msg: 'The captured kubeadm join command is: {{ join_command }}' when: - is_control_plane | bool - join_command is defined - name: Join the node to the Kubernetes cluster ansible.builtin.shell: "{{ hostvars['control_plane'].join_command }} --discovery-token-unsafe-skip-ca-verification" when: not is_control_plane | bool and join_command != "" ignore_errors: yes - name: Label worker nodes ansible.builtin.shell: 'kubectl label nodes {{ inventory_hostname }} node-role.kubernetes.io/worker=worker' delegate_to: localhost when: inventory_hostname in groups['worker_nodes'] - name: Clone cloud-provider-cherry repository ansible.builtin.git: repo: 'https://github.com/cherryservers/cloud-provider-cherry' dest: '/tmp/cloud-provider-cherry' version: 'main' when: is_control_plane | bool - name: Ensure Kubernetes directory exists ansible.builtin.file: path: '/etc/kubernetes/' state: directory when: is_control_plane | bool - name: Ensure .kube directory exists in user's home ansible.builtin.file: path: '{{ ansible_env.HOME }}/.kube' state: directory mode: '0755' - name: Copy admin.conf to user's .kube directory ansible.builtin.copy: src: /etc/kubernetes/admin.conf dest: '{{ ansible_env.HOME }}/.kube/config' remote_src: yes owner: '{{ ansible_env.USER }}' group: '{{ ansible_env.USER }}' mode: '0644' when: is_control_plane | bool - name: Generate Kubernetes secret from template ansible.builtin.template: src: templates/secret.yaml.j2 dest: /etc/kubernetes/cherry-cloud-secret.yaml vars: apiKey: '{{ vault_apiKey }}' projectID: '{{ vault_projectID }}' when: is_control_plane | bool tags: - generate_secret - name: Apply the secret configuration to the Kubernetes cluster ansible.builtin.shell: cmd: kubectl apply -f /etc/kubernetes/cherry-cloud-secret.yaml when: is_control_plane | bool tags: - generate_secret - name: Apply deployment.yaml from cloned repository ansible.builtin.shell: cmd: 'kubectl apply -f /tmp/cloud-provider-cherry/deploy/template/deployment.yaml' when: inventory_hostname == groups['control_plane'][0] # Adjust based on your needs handlers: - name: Apply sysctl settings ansible.builtin.sysctl: sysctl_set: yes state: present reload: yes name: net.ipv4.ip_forward value: '1'