Update kubeadm, kubectl, kubelet deployment

2024-07-27 01:05:55 +03:00 · 2024-07-27 01:05:55 +03:00 · ca623c11fd
commit ca623c11fd
parent 047cbb5c6b
1 changed files with 95 additions and 57 deletions
--- a/ansible-kubernetes.yml
+++ b/ansible-kubernetes.yml
@ -1,81 +1,119 @@
 ---
- name: Reconfigure graceful shutdown for kubelet
+- name: Reconfigure Kubernetes nodes
  hosts: kubernetes
  vars:
    KUBERNETES_VERSION: v1.27.16
  tasks:
    - name: Remove APT packages
      ansible.builtin.apt:
        name: "{{ item }}"
        state: absent
      loop:
        - kubelet
        - kubeadm
        - kubectl
    - name: Download kubectl
      ansible.builtin.get_url:
        url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/kubectl"
        dest: /usr/bin/kubectl
        mode: '0755'
    - name: Download kubeadm
      ansible.builtin.get_url:
        url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/kubeadm"
        dest: /usr/bin/kubeadm
        mode: '0755'
    - name: Download kubelet
      ansible.builtin.get_url:
        url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/kubelet"
        dest: /usr/bin/kubelet
        mode: '0755'
    - name: Create /etc/systemd/system/kubelet.service
      ansible.builtin.copy:
        content: |
          [Unit]
          Description=kubelet: The Kubernetes Node Agent
          Documentation=https://kubernetes.io/docs/home/
          Wants=network-online.target
          After=network-online.target
          [Service]
          ExecStart=/usr/local/bin/kubelet
          Restart=always
          StartLimitInterval=0
          RestartSec=10
          [Install]
          WantedBy=multi-user.target
        dest: /etc/systemd/system/kubelet.service
    - name: Reconfigure shutdownGracePeriod
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriod:'
        line: 'shutdownGracePeriod: 5m'
    - name: Reconfigure shutdownGracePeriodCriticalPods
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriodCriticalPods:'
        line: 'shutdownGracePeriodCriticalPods: 5m'
    - name: Work around unattended-upgrades
      ansible.builtin.lineinfile:
        path: /lib/systemd/logind.conf.d/unattended-upgrades-logind-maxdelay.conf
        regexp: '^InhibitDelayMaxSec='
        line: 'InhibitDelayMaxSec=5m0s'
- name: Pin kube components
+    - name: Disable unneccesary services
-  hosts: kubernetes
+      ignore_errors: true
  tasks:
    - name: Pin packages
      loop:
-        - kubeadm
+        - gdm3
-        - kubectl
+        - snapd
-        - kubelet
+        - bluetooth
        - multipathd
      service:
        name: "{{item}}"
        state: stopped
        enabled: no
    - name: Reset /etc/containers/registries.conf
      ansible.builtin.copy:
        content: "unqualified-search-registries = [\"docker.io\"]\n"
        dest: /etc/containers/registries.conf
      register: registries
    - name: Restart CRI-O
      service:
        name: cri-o
        state: restarted
      when: registries.changed
    - name: Reset /etc/modules
      ansible.builtin.copy:
        dest: "/etc/apt/preferences.d/{{ item }}"
        content: |
-          Package: {{ item }}
+          overlay
-          Pin: version 1.26.*
+          br_netfilter
-          Pin-Priority: 1001
+        dest: /etc/modules
      register: kernel_modules
    - name: Load kernel modules
      ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe"
      when: kernel_modules.changed
- name: Reset /etc/containers/registries.conf
+    - name: Reset /etc/sysctl.d/99-k8s.conf
-  hosts: kubernetes
+      ansible.builtin.copy:
-  tasks:
+        content: |
-  - name: Copy /etc/containers/registries.conf
+          net.ipv4.conf.all.accept_redirects  = 0
-    ansible.builtin.copy:
+          net.bridge.bridge-nf-call-iptables  = 1
-      content: "unqualified-search-registries = [\"docker.io\"]\n"
+          net.ipv4.ip_forward                 = 1
-      dest: /etc/containers/registries.conf
+          net.bridge.bridge-nf-call-ip6tables = 1
-    register: registries
+          vm.max_map_count                    = 524288
-  - name: Restart CRI-O
+          fs.inotify.max_user_instances       = 1280
-    service:
+          fs.inotify.max_user_watches         = 655360
-      name: cri-o
+        dest: /etc/sysctl.d/99-k8s.conf
-      state: restarted
+      register: sysctl
    when: registries.changed
- name: Reset /etc/modules
+    - name: Reload sysctl config
-  hosts: kubernetes
+      ansible.builtin.shell: "sysctl --system"
-  tasks:
+      when: sysctl.changed
  - name: Copy /etc/modules
    ansible.builtin.copy:
      content: |
        overlay
        br_netfilter
      dest: /etc/modules
    register: kernel_modules
  - name: Load kernel modules
    ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe"
    when: kernel_modules.changed
 - name: Reset /etc/sysctl.d/99-k8s.conf
  hosts: kubernetes
  tasks:
  - name: Copy /etc/sysctl.d/99-k8s.conf
    ansible.builtin.copy:
      content: |
        net.ipv4.conf.all.accept_redirects  = 0
        net.bridge.bridge-nf-call-iptables  = 1
        net.ipv4.ip_forward                 = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        vm.max_map_count                    = 524288
        fs.inotify.max_user_instances       = 1280
        fs.inotify.max_user_watches         = 655360
      dest: /etc/sysctl.d/99-k8s.conf
    register: sysctl
  - name: Reload sysctl config
    ansible.builtin.shell: "sysctl --system"
    when: sysctl.changed