optimize creating new node with playbook

2024-10-19 13:53:46 +03:00
parent fb335a15cd
commit 2151eb0b5c
1 changed files with 65 additions and 17 deletions
--- a/kubernetes-nodes.yaml
+++ b/kubernetes-nodes.yaml
@@ -19,7 +19,6 @@
      register: grub_defaults
      when: ansible_architecture == 'x86_64'

-
    - name: Load grub defaults
      ansible.builtin.shell: update-grub
      when: grub_defaults.changed
@@ -66,10 +65,18 @@
        state: present        
        filename: crio

-    - name: Install cri-o
+    - name: Install cri-o and conntrack
      ansible.builtin.apt:
-        name: cri-o
-        state: latest        
+        name: "{{ item }}"
+        state: latest
+      loop:
+        - cri-o
+        - conntrack  
+
+    - name: Enable crio service
+      ansible.builtin.systemd_service:
+        name: crio
+        enabled: yes

    - name: Download kubectl, kubeadm, kubelet
      ansible.builtin.get_url:
@@ -92,12 +99,18 @@
        - kubeadm
      register: kubelet

-    - name: Restart Kubelet
-      service:
-        name: kubelet
-        enabled: true
-        state: restarted
-      when: kubelet.changed
+    - name: Download calicoctl
+      ansible.builtin.get_url:
+        url: "https://github.com/projectcalico/calico/releases/download/v3.28.1/calicoctl-linux-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+        dest: "/usr/bin/calicoctl"
+        mode: '0755'
+
+    - name: Install crictl
+      ansible.builtin.shell: |
+        VERSION="v1.31.1"
+        wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
+        sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
+        rm -f crictl-$VERSION-linux-amd64.tar.gz

    - name: Create /etc/systemd/system/kubelet.service
      ansible.builtin.copy:
@@ -108,25 +121,66 @@
          Wants=network-online.target
          After=network-online.target
          [Service]
-          ExecStart=/usr/local/bin/kubelet
+          ExecStart=/usr/bin/kubelet
          Restart=always
          StartLimitInterval=0
          RestartSec=10
          [Install]
          WantedBy=multi-user.target
        dest: /etc/systemd/system/kubelet.service
+      register: kubelet_service
+
+    - name: Create /etc/systemd/system/kubelet.service.d
+      ansible.builtin.file:
+        state: directory
+        path: /etc/systemd/system/kubelet.service.d
+      register: kubelet_service_directory
+
+    - name: Create /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+      ansible.builtin.copy:
+        content: |
+          # Note: This dropin only works with kubeadm and kubelet v1.11+
+          [Service]
+          Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
+          Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+          # This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
+          EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+          # This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
+          # the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
+          EnvironmentFile=-/etc/default/kubelet
+          ExecStart=
+          ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
+        dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+      register: kubelet_service_directory_conf      
+
+    - name: Enable kubelet service
+      ansible.builtin.systemd_service:
+        name: kubelet
+        enabled: yes
+        daemon_reload: true
+      when: kubelet_service.changed or kubelet_service_directory.changed or kubelet_service_directory_conf.changed
+      register: kubelet_service_reload
+
+    - name: Restart Kubelet
+      service:
+        name: kubelet
+        enabled: true
+        state: restarted
+      when: kubelet_service.changed or kubelet_service_reload.changed  

    - name: Reconfigure shutdownGracePeriod
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriod:'
        line: 'shutdownGracePeriod: 5m'
+      ignore_errors: true

    - name: Reconfigure shutdownGracePeriodCriticalPods
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriodCriticalPods:'
        line: 'shutdownGracePeriodCriticalPods: 5m'
+      ignore_errors: true

    - name: Work around unattended-upgrades
      ansible.builtin.lineinfile:
@@ -198,9 +252,3 @@
    - name: Restart kube-apiserver
      ansible.builtin.shell: "killall kube-apiserver"
      when: apiserver.changed
-
-    - name: Download calicoctl
-      ansible.builtin.get_url:
-        url: "https://github.com/projectcalico/calico/releases/download/v3.28.1/calicoctl-linux-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-        dest: "/usr/bin/calicoctl"
-        mode: '0755'