build

hosts_init.yml

@@ -88,7 +88,6 @@ datacenter:
             ansible_python_interpreter: /usr/bin/python3
             ansible_ssh_user: jd
             ansible_ssh_password: q
-            ansible_become_method: su
             ansible_become_password: q
             ansible_ssh_pass: q
             ansible_become_user: root

hosts_roles.yml

@@ -203,6 +203,13 @@ datacenter:
           hosts:
             alma10-vm0[1:9].home.lan:
             # debian13-vm[10:27].home.lan:
+          vars:
+            ansible_python_interpreter: /usr/bin/python3
+            ansible_ssh_user: jd
+            ansible_ssh_private_key_file: ssh_key.pem
+        ubuntu24:
+          hosts:
+            ubuntu24-vm0[1:5].home.lan:
           vars:
             ansible_python_interpreter: /usr/bin/python3
             ansible_ssh_user: jd

roles/init/tasks/main.yml

@@ -1,6 +1,5 @@
 - name: Init
   become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
-  become_method: su
   block:
     
     - name: Include vault
@@ -25,10 +24,10 @@
         append: true
       when: group_check is succeeded
 
-    - name: Give deploy sudo access
-      ansible.builtin.copy:
+    - name: Give jd passwordless sudo
+      copy:
         dest: /etc/sudoers.d/jd
-        content: "jd ALL=(ALL:ALL) ALL\n"
+        content: "jd ALL=(ALL) NOPASSWD:ALL\n"
         owner: root
         group: root
         mode: '0440'
@@ -37,6 +36,7 @@
       ansible.builtin.user:
         name: root
         password: "{{ jd_password | password_hash('sha512') }}"
+
     - name: Update become password for subsequent tasks
       ansible.builtin.set_fact:
         ansible_become_password: "{{ jd_password }}"

roles/kubernetes/handlers/main.yml

@@ -0,0 +1,5 @@
+    - name: restart containerd
+      systemd:
+        name: containerd
+        state: restarted
+        enabled: yes

roles/kubernetes/tasks/Ubuntu.yml

@@ -0,0 +1,206 @@
+- name: Install Kubernetes on Ubuntu 24
+  become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
+  block:
+
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+
+    - name: Disable swap
+      command: swapoff -a
+      when: ansible_swaptotal_mb > 0
+
+    - name: Remove swap from fstab
+      replace:
+        path: /etc/fstab
+        regexp: '.*swap.*'
+        replace: ''
+
+    - name: Enable kernel modules
+      copy:
+        dest: /etc/modules-load.d/k8s.conf
+        content: |
+          overlay
+          br_netfilter
+
+    - name: Load kernel modules
+      modprobe:
+        name: "{{ item }}"
+        state: present
+      loop:
+        - overlay
+        - br_netfilter
+
+    - name: Set sysctl params
+      copy:
+        dest: /etc/sysctl.d/k8s.conf
+        content: |
+          net.bridge.bridge-nf-call-iptables = 1
+          net.bridge.bridge-nf-call-ip6tables = 1
+          net.ipv4.ip_forward = 1
+
+    - name: Apply sysctl
+      command: sysctl --system
+
+    - name: Install required packages
+      apt:
+        name:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - gpg
+        state: present
+
+    - name: Add Kubernetes apt key
+      shell: |
+        curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | \
+        gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+      args:
+        creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+
+    - name: Add Kubernetes repository
+      copy:
+        dest: /etc/apt/sources.list.d/kubernetes.list
+        content: |
+          deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /
+
+    - name: Install containerd
+      apt:
+        name: containerd
+        state: present
+
+    - name: Configure containerd
+      shell: |
+        mkdir -p /etc/containerd
+        containerd config default > /etc/containerd/config.toml
+        sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
+      args:
+        creates: /etc/containerd/config.toml
+
+    - name: Enable and start containerd
+      systemd:
+        name: containerd
+        enabled: yes
+        state: started
+
+    - name: Install Kubernetes packages
+      apt:
+        name:
+          - kubelet
+          - kubeadm
+          - kubectl
+        state: present
+        update_cache: yes
+      register: k8s_install
+      retries: 5
+      delay: 10
+      until: k8s_install is succeeded
+
+    - name: Hold Kubernetes packages
+      command: apt-mark hold kubelet kubeadm kubectl
+
+    - name: Enable kubelet
+      systemd:
+        name: kubelet
+        enabled: yes
+        state: started
+
+    # Optional UFW configuration
+    - name: Ensure UFW is installed
+      apt:
+        name: ufw
+        state: present
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+
+    - name: Allow Kubernetes ports
+      ufw:
+        rule: allow
+        port: "{{ item }}"
+        proto: tcp
+      loop:
+        - 6443
+        - 2379:2380
+        - 10250
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+
+    - name: Configure containerd for kubeadm
+      copy:
+        dest: /etc/containerd/config.toml
+        content: |
+          [plugins."io.containerd.grpc.v1.cri".containerd]
+            snapshotter = "overlayfs"
+
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+            runtime_type = "io.containerd.runc.v2"
+
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = true
+
+    - name: Enable and start containerd
+      systemd:
+        name: containerd
+        state: restarted
+
+    - name: Pause for 5 minutes to build app cache
+      ansible.builtin.pause:
+        minutes: 2
+
+    - name: Create .kube directory
+      file:
+        path: /home/{{ ansible_user }}/.kube
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0755'
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+
+    - name: Initialize Kubernetes
+      command: sudo kubeadm init --pod-network-cidr=10.244.0.0/16
+      args:
+        creates: /etc/kubernetes/admin.conf
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+
+
+    - name: Copy kubeconfig to user
+      copy:
+        remote_src: yes
+        src: /etc/kubernetes/admin.conf
+        dest: /home/{{ ansible_user }}/.kube/config
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0644'
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+    - name: Pause for 5 minutes to build app cache
+      ansible.builtin.pause:
+        minutes: 2
+
+    - name: Install Flannel CNI
+      ansible.builtin.command:
+        cmd: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
+      environment:
+        KUBECONFIG: /etc/kubernetes/admin.conf
+      when: inventory_hostname == "ubuntu24-vm01.home.lan"
+      register: flannel_result
+      changed_when: "'created' in flannel_result.stdout or 'configured' in flannel_result.stdout"
+
+    - name: Get join command
+      command: sudo kubeadm token create --print-join-command
+      register: join_command
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+
+
+
+
+
+
+
+    - name: Save join command
+      set_fact:
+        worker_join_cmd: "{{ join_command.stdout }}"
+      when: inventory_hostname == 'ubuntu24-vm01.home.lan'
+
+    - name: Join cluster
+      command: "{{ hostvars['ubuntu24-vm01.home.lan'].worker_join_cmd }}"
+      args:
+        creates: /etc/kubernetes/kubelet.conf
+      when: inventory_hostname != 'ubuntu24-vm01.home.lan'