From be5a779a7862f82da1c472658caf9c9c085c3301 Mon Sep 17 00:00:00 2001 From: Xander Harris Date: Sun, 11 Aug 2024 13:36:52 -0700 Subject: [PATCH] Add missing steps Closes #18 --- readme.md | 8 ++++++-- roles/join/files/modules-k8s.conf | 2 ++ roles/join/files/sysctl-k8s.conf | 3 +++ roles/join/tasks/main.yml | 32 +++++++++++++++++++++++++++++++ roles/reset/tasks/main.yml | 23 ++++++++++++++++++++++ 5 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 roles/join/files/modules-k8s.conf create mode 100644 roles/join/files/sysctl-k8s.conf diff --git a/readme.md b/readme.md index 0011d8c..d9e76ae 100644 --- a/readme.md +++ b/readme.md @@ -2,11 +2,15 @@ abstract: >- The readme for some Ansible roles for managing bare metal k8s clusters. -authors: Xander Harris +authors: + - name: Xander Harris + email: xandertheharris@gmail.com date: 2024-03-08 -title: Ansible Bare Metal K8S +title: Readme --- +[![wakatime](https://wakatime.com/badge/github/edwardtheharris/ansible-kcp.svg)](https://wakatime.com/badge/github/edwardtheharris/ansible-kcp) + ## Assumptions The default configuration assumes a vault password exists at diff --git a/roles/join/files/modules-k8s.conf b/roles/join/files/modules-k8s.conf new file mode 100644 index 0000000..43dd543 --- /dev/null +++ b/roles/join/files/modules-k8s.conf @@ -0,0 +1,2 @@ +overlay +br_netfilter diff --git a/roles/join/files/sysctl-k8s.conf b/roles/join/files/sysctl-k8s.conf new file mode 100644 index 0000000..8df03f1 --- /dev/null +++ b/roles/join/files/sysctl-k8s.conf @@ -0,0 +1,3 @@ +net.bridge.bridge-nf-call-iptables = 1 +net.bridge.bridge-nf-call-ip6tables = 1 +net.ipv4.ip_forward = 1 diff --git a/roles/join/tasks/main.yml b/roles/join/tasks/main.yml index 33781a1..fa4bf75 100644 --- a/roles/join/tasks/main.yml +++ b/roles/join/tasks/main.yml @@ -1,4 +1,24 @@ --- +- name: Configure netfilter and ip + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: ug+rw,o-rwx + loop: + - src: modules-k8s.conf + dest: /etc/modules-load.d/k8s.conf + - src: sysctl-k8s.conf + dest: /etc/sysctl.d/k8s.conf +- name: Enable deployed updates + ansible.builtin.shell: + cmd: sysctl --system +- name: Enable kubelet + ansible.builtin.service: + state: restarted + name: kubelet + enabled: true - name: Load join command ansible.builtin.shell: cmd: grep -A 3 'kubeadm join' roles/join/files/join.md | head -3 @@ -13,6 +33,18 @@ src: /root/join_result.md dest: "roles/join/files/{{ inventory_hostname }}/join_result.md" flat: true +- name: Ensure .kube exists + ansible.builtin.file: + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: kube + mode: u+rwx,g+rx,o-rwx + state: directory + loop: + - owner: root + dest: /root/.kube + - owner: "{{ join_nonroot }}" + dest: "/home/{{ join_nonroot }}/.kube" - name: Copy admin.conf ansible.builtin.copy: src: roles/init/files/admin.conf diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index f46203f..c71013e 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -10,6 +10,29 @@ # :start-at: "- name: Reset existing cluster\n" # :end-at: " register: reset_out\n" # ``` +- name: Ensure required programs + community.general.pacman: + executable: yay + extra_args: '--noconfirm' + name: "{{ item }}" + state: present + loop: + - kubeadm + - kubelet + - kubectl + - kubie +- name: Make sure the kube group exists + ansible.builtin.group: + name: kube + state: present +- name: Add required users to group + ansible.builtin.user: + name: "{{ item }}" + groups: kube + append: true + loop: + - root + - "{{ nonroot_user }}" - name: Reset existing cluster ansible.builtin.command: cmd: kubeadm reset -f &> /root/reset.md