Update kubeadm, kubectl, kubelet deployment

2024-07-27 01:05:55 +03:00 · 2024-07-27 01:05:55 +03:00 · ca623c11fd
commit ca623c11fd
parent 047cbb5c6b
1 changed files with 95 additions and 57 deletions
--- a/ansible-kubernetes.yml
+++ b/ansible-kubernetes.yml
@ -1,81 +1,119 @@
 ---
- name: Reconfigure graceful shutdown for kubelet
+- name: Reconfigure Kubernetes nodes
  hosts: kubernetes
+  vars:
+    KUBERNETES_VERSION: v1.27.16
  tasks:
+    - name: Remove APT packages
+      ansible.builtin.apt:
+        name: "{{ item }}"
+        state: absent
+      loop:
+        - kubelet
+        - kubeadm
+        - kubectl
+
+    - name: Download kubectl
+      ansible.builtin.get_url:
+        url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/kubectl"
+        dest: /usr/bin/kubectl
+        mode: '0755'
+
+    - name: Download kubeadm
+      ansible.builtin.get_url:
+        url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/kubeadm"
+        dest: /usr/bin/kubeadm
+        mode: '0755'
+
+    - name: Download kubelet
+      ansible.builtin.get_url:
+        url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/kubelet"
+        dest: /usr/bin/kubelet
+        mode: '0755'
+
+    - name: Create /etc/systemd/system/kubelet.service
+      ansible.builtin.copy:
+        content: |
+          [Unit]
+          Description=kubelet: The Kubernetes Node Agent
+          Documentation=https://kubernetes.io/docs/home/
+          Wants=network-online.target
+          After=network-online.target
+          [Service]
+          ExecStart=/usr/local/bin/kubelet
+          Restart=always
+          StartLimitInterval=0
+          RestartSec=10
+          [Install]
+          WantedBy=multi-user.target
+        dest: /etc/systemd/system/kubelet.service
+
    - name: Reconfigure shutdownGracePeriod
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriod:'
        line: 'shutdownGracePeriod: 5m'
+
    - name: Reconfigure shutdownGracePeriodCriticalPods
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriodCriticalPods:'
        line: 'shutdownGracePeriodCriticalPods: 5m'
+
    - name: Work around unattended-upgrades
      ansible.builtin.lineinfile:
        path: /lib/systemd/logind.conf.d/unattended-upgrades-logind-maxdelay.conf
        regexp: '^InhibitDelayMaxSec='
        line: 'InhibitDelayMaxSec=5m0s'

- name: Pin kube components
-  hosts: kubernetes
-  tasks:
-    - name: Pin packages
+    - name: Disable unneccesary services
+      ignore_errors: true
      loop:
-        - kubeadm
-        - kubectl
-        - kubelet
+        - gdm3
+        - snapd
+        - bluetooth
+        - multipathd
+      service:
+        name: "{{item}}"
+        state: stopped
+        enabled: no
+
+    - name: Reset /etc/containers/registries.conf
+      ansible.builtin.copy:
+        content: "unqualified-search-registries = [\"docker.io\"]\n"
+        dest: /etc/containers/registries.conf
+      register: registries
+
+    - name: Restart CRI-O
+      service:
+        name: cri-o
+        state: restarted
+      when: registries.changed
+
+    - name: Reset /etc/modules
      ansible.builtin.copy:
-        dest: "/etc/apt/preferences.d/{{ item }}"
        content: |
-          Package: {{ item }}
-          Pin: version 1.26.*
-          Pin-Priority: 1001
+          overlay
+          br_netfilter
+        dest: /etc/modules
+      register: kernel_modules
+    - name: Load kernel modules
+      ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe"
+      when: kernel_modules.changed

- name: Reset /etc/containers/registries.conf
-  hosts: kubernetes
-  tasks:
-  - name: Copy /etc/containers/registries.conf
-    ansible.builtin.copy:
-      content: "unqualified-search-registries = [\"docker.io\"]\n"
-      dest: /etc/containers/registries.conf
-    register: registries
-  - name: Restart CRI-O
-    service:
-      name: cri-o
-      state: restarted
-    when: registries.changed
+    - name: Reset /etc/sysctl.d/99-k8s.conf
+      ansible.builtin.copy:
+        content: |
+          net.ipv4.conf.all.accept_redirects  = 0
+          net.bridge.bridge-nf-call-iptables  = 1
+          net.ipv4.ip_forward                 = 1
+          net.bridge.bridge-nf-call-ip6tables = 1
+          vm.max_map_count                    = 524288
+          fs.inotify.max_user_instances       = 1280
+          fs.inotify.max_user_watches         = 655360
+        dest: /etc/sysctl.d/99-k8s.conf
+      register: sysctl

- name: Reset /etc/modules
-  hosts: kubernetes
-  tasks:
-  - name: Copy /etc/modules
-    ansible.builtin.copy:
-      content: |
-        overlay
-        br_netfilter
-      dest: /etc/modules
-    register: kernel_modules
-  - name: Load kernel modules
-    ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe"
-    when: kernel_modules.changed
-
- name: Reset /etc/sysctl.d/99-k8s.conf
-  hosts: kubernetes
-  tasks:
-  - name: Copy /etc/sysctl.d/99-k8s.conf
-    ansible.builtin.copy:
-      content: |
-        net.ipv4.conf.all.accept_redirects  = 0
-        net.bridge.bridge-nf-call-iptables  = 1
-        net.ipv4.ip_forward                 = 1
-        net.bridge.bridge-nf-call-ip6tables = 1
-        vm.max_map_count                    = 524288
-        fs.inotify.max_user_instances       = 1280
-        fs.inotify.max_user_watches         = 655360
-      dest: /etc/sysctl.d/99-k8s.conf
-    register: sysctl
-  - name: Reload sysctl config
-    ansible.builtin.shell: "sysctl --system"
-    when: sysctl.changed
+    - name: Reload sysctl config
+      ansible.builtin.shell: "sysctl --system"
+      when: sysctl.changed