klal

roles/kubernetes/tasks/Rocky.yml

@@ -50,6 +50,8 @@
           - yum-utils
           - device-mapper-persistent-data
           - lvm2
+          - epel-release
+          - git
         state: present
 
     - name: Add Kubernetes repo
@@ -146,7 +148,7 @@
         permanent: yes
         state: enabled
         immediate: yes
-      when: inventory_hostname.endswith('-vm01.home.lan')
+
 
     - name: Restart containerd
       systemd:
@@ -221,9 +223,80 @@
       delay: 15
       when: inventory_hostname.endswith('-vm01.home.lan')
 
-- name: Join cluster
+    - name: Join cluster
-  command: >-
+      command: >-
-    {{ hostvars['rocky' ~ ansible_distribution_major_version ~ '-vm01.home.lan'].worker_join_cmd }}
+        {{ hostvars['rocky' ~ ansible_distribution_major_version ~ '-vm01.home.lan'].worker_join_cmd }}
-  args:
+      args:
-    creates: /etc/kubernetes/kubelet.conf
+        creates: /etc/kubernetes/kubelet.conf
-  when: not inventory_hostname.endswith('-vm01.home.lan')
+      when: not inventory_hostname.endswith('-vm01.home.lan')
+
+    - name: get repository
+      git: 
+        repo: 'https://github.com/ahmetb/kubectx'
+        dest: /opt/kubectx
+      when: inventory_hostname.endswith('-vm01.home.lan')
+
+    - name: Create symbolic links for kubectx and kubens
+      file:
+        src: /opt/kubectx/{{ item }}
+        dest: /usr/local/bin/{{ item }}
+        state: link
+      loop:
+        - kubectx
+        - kubens
+      when: inventory_hostname.endswith('-vm01.home.lan')
+
+    - name: Install Additional packages
+      dnf:
+        name:
+          - nfs-utils
+          - tmux
+          - telnet
+        state: present
+
+    - name: Ensure aliases exist in user's .bashrc
+      lineinfile:
+        path: "/home/{{ user_name }}/.bashrc"
+        line: "alias {{ item.key }}='{{ item.value }}'"
+        state: present
+        create: yes
+      loop: "{{ aliases | dict2items }}"
+      when: inventory_hostname.endswith('-vm01.home.lan')
+      
+    - name: Allow TCP 10250 from 192.168.77.0/24
+      firewalld:
+        source: 192.168.77.0/24
+        port: 10250/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="10250" protocol="tcp" accept'
+
+    - name: Allow UDP 8472 from 192.168.77.0/24
+      firewalld:
+        source: 192.168.77.0/24
+        port: 8472/udp
+        permanent: yes
+        state: enabled
+        immediate: yes
+        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="8472" protocol="udp" accept'
+
+    - name: Add flannel.1 interface to trusted zone
+      firewalld:
+        interface: flannel.1
+        zone: trusted
+        permanent: yes
+        state: enabled
+        immediate: yes
+
+    - name: Add cni0 interface to trusted zone
+      firewalld:
+        interface: cni0
+        zone: trusted
+        permanent: yes
+        state: enabled
+        immediate: yes
+
+    - name: Reload firewalld
+      firewalld:
+        state: reloaded

roles/kubernetes/vars/main.yml

@@ -0,0 +1,6 @@
+user_name: jd
+aliases:
+  ll: "ls -la"
+  gs: "git status"
+  k: "kubectl"
+  gk: "git clone git@gitlab.sectorq.eu:jaydee/kubernetes.git"