kube/ansible-kubernetes.yml

---
- name: Pin kube components
  hosts: kubernetes
  tasks:
    - name: Pin packages
      loop:
        - kubeadm
        - kubectl
        - kubelet
      ansible.builtin.copy:
        dest: "/etc/apt/preferences.d/{{ item }}"
        content: |
          Package: {{ item }}
          Pin: version 1.26.*
          Pin-Priority: 1001

- name: Reset /etc/containers/registries.conf
  hosts: kubernetes
  tasks:
  - name: Copy /etc/containers/registries.conf
    ansible.builtin.copy:
      content: "unqualified-search-registries = [\"docker.io\"]\n"
      dest: /etc/containers/registries.conf
    register: registries
  - name: Restart CRI-O
    service:
      name: cri-o
      state: restarted
    when: registries.changed

- name: Reset /etc/modules
  hosts: kubernetes
  tasks:
  - name: Copy /etc/modules
    ansible.builtin.copy:
      content: |
        overlay
        br_netfilter
      dest: /etc/modules
    register: kernel_modules
  - name: Load kernel modules
    ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe"
    when: kernel_modules.changed

- name: Reset /etc/sysctl.d/99-k8s.conf
  hosts: kubernetes
  tasks:
  - name: Copy /etc/sysctl.d/99-k8s.conf
    ansible.builtin.copy:
      content: |
        cat > /etc/sysctl.d/99-k8s.conf << EOF
        net.ipv4.conf.all.accept_redirects  = 0
        net.bridge.bridge-nf-call-iptables  = 1
        net.ipv4.ip_forward                 = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        vm.max_map_count                    = 524288
        fs.inotify.max_user_instances       = 1280
        fs.inotify.max_user_watches         = 655360
      dest: /etc/sysctl.d/99-k8s.conf
    register: sysctl
  - name: Reload sysctl config
    ansible.builtin.shell: "sysctl --system"
    when: sysctl.changed
Move Kubernetes cluster bootstrap partially to Ansible 2023-08-13 17:21:15 +00:00			`---`
			`- name: Pin kube components`
			`hosts: kubernetes`
			`tasks:`
			`- name: Pin packages`
			`loop:`
			`- kubeadm`
			`- kubectl`
			`- kubelet`
			`ansible.builtin.copy:`
			`dest: "/etc/apt/preferences.d/{{ item }}"`
			`content: \|`
			`Package: {{ item }}`
			`Pin: version 1.26.*`
			`Pin-Priority: 1001`

			`- name: Reset /etc/containers/registries.conf`
			`hosts: kubernetes`
			`tasks:`
			`- name: Copy /etc/containers/registries.conf`
			`ansible.builtin.copy:`
			`content: "unqualified-search-registries = [\"docker.io\"]\n"`
			`dest: /etc/containers/registries.conf`
			`register: registries`
			`- name: Restart CRI-O`
			`service:`
			`name: cri-o`
			`state: restarted`
			`when: registries.changed`

			`- name: Reset /etc/modules`
			`hosts: kubernetes`
			`tasks:`
			`- name: Copy /etc/modules`
			`ansible.builtin.copy:`
			`content: \|`
			`overlay`
			`br_netfilter`
			`dest: /etc/modules`
			`register: kernel_modules`
			`- name: Load kernel modules`
			`ansible.builtin.shell: "cat /etc/modules \| xargs -L 1 -t modprobe"`
			`when: kernel_modules.changed`

			`- name: Reset /etc/sysctl.d/99-k8s.conf`
			`hosts: kubernetes`
			`tasks:`
			`- name: Copy /etc/sysctl.d/99-k8s.conf`
			`ansible.builtin.copy:`
			`content: \|`
			`cat > /etc/sysctl.d/99-k8s.conf << EOF`
			`net.ipv4.conf.all.accept_redirects = 0`
			`net.bridge.bridge-nf-call-iptables = 1`
			`net.ipv4.ip_forward = 1`
			`net.bridge.bridge-nf-call-ip6tables = 1`
			`vm.max_map_count = 524288`
			`fs.inotify.max_user_instances = 1280`
			`fs.inotify.max_user_watches = 655360`
			`dest: /etc/sysctl.d/99-k8s.conf`
			`register: sysctl`
			`- name: Reload sysctl config`
			`ansible.builtin.shell: "sysctl --system"`
			`when: sysctl.changed`