Created
March 6, 2025 08:34
-
-
Save vancanhuit/d26502fd96a55e31c2af83bc6a6eb0e2 to your computer and use it in GitHub Desktop.
Ansible playbook for configuring Kubernetes nodes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [defaults] | |
| interpreter_python = /usr/bin/python3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| k8s: | |
| hosts: | |
| k8s-node-01: | |
| k8s-node-02: | |
| k8s-node-03: | |
| k8s-node-04: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # This playbook assumes that we use RHEL-based distributions (AlmaLinux, Rocky Linux, Oracle Linux, CentOS Stream) | |
| - name: Configure all nodes | |
| remote_user: root | |
| hosts: k8s | |
| tasks: | |
| - name: Disable firewalld for Calico networking | |
| ansible.builtin.systemd_service: | |
| name: firewalld.service | |
| enabled: false | |
| state: stopped | |
| tags: disable_firewalld | |
| - name: Enable ipv4 packet forwarding | |
| ansible.posix.sysctl: | |
| name: net.ipv4.ip_forward | |
| value: '1' | |
| state: present | |
| reload: true | |
| - name: Install containerd | |
| ansible.builtin.unarchive: | |
| remote_src: true | |
| src: https://github.com/containerd/containerd/releases/download/v1.6.36/containerd-1.6.36-linux-amd64.tar.gz | |
| dest: /usr/local | |
| - name: Install runc | |
| ansible.builtin.get_url: | |
| url: https://github.com/opencontainers/runc/releases/download/v1.2.3/runc.amd64 | |
| dest: /usr/local/sbin/runc | |
| mode: 0755 | |
| - name: Create CNI directory | |
| ansible.builtin.file: | |
| path: /opt/cni/bin | |
| state: directory | |
| - name: Install CNI plugins | |
| ansible.builtin.unarchive: | |
| remote_src: true | |
| src: https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz | |
| dest: /opt/cni/bin | |
| - name: Create systemd directory | |
| ansible.builtin.file: | |
| path: /usr/local/lib/systemd/system | |
| state: directory | |
| - name: Download containerd.service | |
| ansible.builtin.get_url: | |
| url: https://raw.githubusercontent.com/containerd/containerd/main/containerd.service | |
| dest: /usr/local/lib/systemd/system/containerd.service | |
| - name: Start containerd service | |
| ansible.builtin.systemd_service: | |
| daemon_reload: true | |
| name: containerd.service | |
| enabled: true | |
| state: started | |
| - name: Create containerd config directory | |
| ansible.builtin.file: | |
| path: /etc/containerd | |
| state: directory | |
| - name: Generate default containerd config file | |
| ansible.builtin.shell: containerd config default > /etc/containerd/config.toml | |
| - name: Configure the systemd cgroup driver | |
| ansible.builtin.lineinfile: | |
| backrefs: true | |
| path: /etc/containerd/config.toml | |
| regexp: '^(\s*)(SystemdCgroup) = false$' | |
| line: '\1\2 = true' | |
| - name: Override the sandbox (pause) image | |
| ansible.builtin.lineinfile: | |
| backrefs: true | |
| path: /etc/containerd/config.toml | |
| regexp: '^(\s*)(sandbox_image) = (.*)$' | |
| line: '\1\2 = "registry.k8s.io/pause:3.10"' | |
| tags: override_sandbox_image | |
| - name: Restart containerd service | |
| ansible.builtin.systemd_service: | |
| name: containerd.service | |
| state: restarted | |
| tags: reload_containerd_service | |
| - name: Add Kubernetes yum repository | |
| ansible.builtin.yum_repository: | |
| name: kubernetes | |
| description: Kubernetes | |
| baseurl: https://pkgs.k8s.io/core:/stable:/v1.31/rpm/ | |
| enabled: true | |
| gpgcheck: true | |
| gpgkey: https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key | |
| exclude: kubelet kubeadm kubectl cri-tools kubernetes-cni | |
| tags: add_k8s_yum_repo | |
| - name: Install kubeadm, kubelet and kubectl | |
| ansible.builtin.dnf: | |
| update_cache: true | |
| name: "{{ item }}" | |
| disable_excludes: kubernetes | |
| loop: | |
| - kubeadm | |
| - kubelet | |
| - kubectl | |
| - iproute-tc | |
| tags: install_k8s_tools | |
| - name: Enable and start kubelet service | |
| ansible.builtin.systemd_service: | |
| name: kubelet.service | |
| state: started | |
| enabled: true | |
| daemon_reload: true | |
| tags: enable_and_start_kubelet | |
| - name: Write configuration for crictl | |
| ansible.builtin.shell: | | |
| cat <<EOF | tee /etc/crictl.yaml | |
| runtime-endpoint: unix:///run/containerd/containerd.sock | |
| image-endpoint: unix:///run/containerd/containerd.sock | |
| timeout: 10 | |
| debug: false | |
| pull-image-on-create: false | |
| EOF | |
| tags: write_crictl_config | |
| - name: Configure NetworkManager for Calico networking | |
| ansible.builtin.shell: | | |
| cat <<EOF | tee /etc/NetworkManager/conf.d/calico.conf | |
| [keyfile] | |
| unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico;interface-name:wireguard.cali;interface-name:wg-v6.cali | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment