--- - name: Reconfigure Kubernetes worker nodes hosts: - storage - workers tasks: - name: Configure grub defaults copy: dest: "/etc/default/grub" content: | GRUB_DEFAULT=0 GRUB_TIMEOUT_STYLE=countdown GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="quiet splash memhp_default_state=online" GRUB_CMDLINE_LINUX="memhp_default_state=online rootflags=pquota" register: grub_defaults when: ansible_architecture == 'x86_64' - name: Load grub defaults ansible.builtin.shell: update-grub when: grub_defaults.changed - name: Ensure nfs-common is installed ansible.builtin.apt: name: nfs-common state: present - name: Reconfigure Kubernetes nodes hosts: kubernetes vars: KUBERNETES_VERSION: v1.30.3 IP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" tasks: - name: Remove APT packages ansible.builtin.apt: name: "{{ item }}" state: absent loop: - kubelet - kubeadm - kubectl - name: Download kubectl, kubeadm, kubelet ansible.builtin.get_url: url: "https://cdn.dl.k8s.io/release/{{ KUBERNETES_VERSION }}/bin/linux/{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}/{{ item }}" dest: "/usr/bin/{{ item }}-{{ KUBERNETES_VERSION }}" mode: '0755' loop: - kubelet - kubectl - kubeadm - name: Create symlinks for kubectl, kubeadm, kubelet ansible.builtin.file: src: "/usr/bin/{{ item }}-{{ KUBERNETES_VERSION }}" dest: "/usr/bin/{{ item }}" state: link loop: - kubelet - kubectl - kubeadm register: kubelet - name: Restart Kubelet service: name: kubelet enabled: true state: restarted when: kubelet.changed - name: Create /etc/systemd/system/kubelet.service ansible.builtin.copy: content: | [Unit] Description=kubelet: The Kubernetes Node Agent Documentation=https://kubernetes.io/docs/home/ Wants=network-online.target After=network-online.target [Service] ExecStart=/usr/local/bin/kubelet Restart=always StartLimitInterval=0 RestartSec=10 [Install] WantedBy=multi-user.target dest: /etc/systemd/system/kubelet.service - name: Reconfigure shutdownGracePeriod ansible.builtin.lineinfile: path: /var/lib/kubelet/config.yaml regexp: '^shutdownGracePeriod:' line: 'shutdownGracePeriod: 5m' - name: Reconfigure shutdownGracePeriodCriticalPods ansible.builtin.lineinfile: path: /var/lib/kubelet/config.yaml regexp: '^shutdownGracePeriodCriticalPods:' line: 'shutdownGracePeriodCriticalPods: 5m' - name: Work around unattended-upgrades ansible.builtin.lineinfile: path: /lib/systemd/logind.conf.d/unattended-upgrades-logind-maxdelay.conf regexp: '^InhibitDelayMaxSec=' line: 'InhibitDelayMaxSec=5m0s' - name: Disable unneccesary services ignore_errors: true loop: - gdm3 - snapd - bluetooth - multipathd service: name: "{{item}}" state: stopped enabled: no - name: Reset /etc/containers/registries.conf ansible.builtin.copy: content: "unqualified-search-registries = [\"docker.io\"]\n" dest: /etc/containers/registries.conf register: registries - name: Restart CRI-O service: name: cri-o state: restarted when: registries.changed - name: Reset /etc/modules ansible.builtin.copy: content: | overlay br_netfilter dest: /etc/modules register: kernel_modules - name: Load kernel modules ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe" when: kernel_modules.changed - name: Reset /etc/sysctl.d/99-k8s.conf ansible.builtin.copy: content: | net.ipv4.conf.all.accept_redirects = 0 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 vm.max_map_count = 524288 fs.inotify.max_user_instances = 1280 fs.inotify.max_user_watches = 655360 dest: /etc/sysctl.d/99-k8s.conf register: sysctl - name: Reload sysctl config ansible.builtin.shell: "sysctl --system" when: sysctl.changed - name: Reconfigure kube-apiserver to use Passmower OIDC endpoint ansible.builtin.template: src: kube-apiserver.j2 dest: /etc/kubernetes/manifests/kube-apiserver.yaml mode: 600 register: apiserver when: - inventory_hostname in groups["masters"] - name: Restart kube-apiserver ansible.builtin.shell: "killall kube-apiserver" when: apiserver.changed