build

all.yml

@@ -38,6 +38,9 @@
     - name: docker
       role: docker
       tags: docker
+    - name: kubernetes
+      role: kubernetes
+      tags: kubernetes
     - name: timeshift
       role: timeshift
       tags: timeshift

group_vars/main.yml

@@ -0,0 +1,2 @@
+dnf_proxy_host: "192.168.77.101"
+dnf_proxy_port: "3128"

hosts_roles.yml

@@ -198,6 +198,7 @@ datacenter:
             ansible_python_interpreter: /usr/bin/python3
             ansible_ssh_user: jd
             ansible_ssh_private_key_file: ssh_key.pem
+            ansible_user: jd
         alma10:
           hosts:
             alma10-vm0[1:9].home.lan:

roles/kubernetes/tasks/Rocky.yml

@@ -0,0 +1,205 @@
+- name: Install kubernetes on Rocky 9
+  become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
+  block:
+
+    - name: Include role
+      ansible.builtin.include_role:
+        name: proxy_repo
+
+    - name: Disable SELinux
+      ansible.posix.selinux:
+        state: permissive
+        policy: targeted
+
+    - name: Disable swap
+      command: swapoff -a
+      when: ansible_swaptotal_mb > 0
+
+    - name: Remove swap from fstab
+      replace:
+        path: /etc/fstab
+        regexp: '.*swap.*'
+        replace: ''
+
+    - name: Enable kernel modules
+      copy:
+        dest: /etc/modules-load.d/k8s.conf
+        content: |
+          overlay
+          br_netfilter
+
+    - name: Load kernel modules
+      shell: |
+        modprobe overlay
+        modprobe br_netfilter
+
+    - name: Set sysctl params
+      copy:
+        dest: /etc/sysctl.d/k8s.conf
+        content: |
+          net.bridge.bridge-nf-call-iptables = 1
+          net.bridge.bridge-nf-call-ip6tables = 1
+          net.ipv4.ip_forward = 1
+
+    - name: Apply sysctl
+      command: sysctl --system
+
+    - name: Install required packages
+      dnf:
+        name:
+          - yum-utils
+          - device-mapper-persistent-data
+          - lvm2
+        state: present
+
+    - name: Add Kubernetes repo
+      copy:
+        dest: /etc/yum.repos.d/kubernetes.repo
+        content: |
+          [kubernetes]
+          name=Kubernetes
+          baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
+          enabled=1
+          gpgcheck=1
+          gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
+
+    - name: Add Docker CE repository
+      get_url:
+        url: https://download.docker.com/linux/centos/docker-ce.repo
+        dest: /etc/yum.repos.d/docker-ce.repo
+        mode: '0644'
+
+    - name: Install containerd
+      dnf:
+        name: containerd.io
+        state: present
+
+    - name: Configure containerd
+      shell: |
+        mkdir -p /etc/containerd
+        containerd config default > /etc/containerd/config.toml
+        sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
+
+    - name: Enable and start containerd
+      systemd:
+        name: containerd
+        enabled: yes
+        state: started
+
+    - name: Install Kubernetes packages
+      dnf:
+        name:
+          - kubelet
+          - kubeadm
+          - kubectl
+        disable_excludes: kubernetes
+        state: present
+
+    - name: Enable kubelet
+      systemd:
+        name: kubelet
+        enabled: yes
+        state: started
+
+    - name: Initialize Kubernetes
+      command: kubeadm init --pod-network-cidr=10.244.0.0/16
+      args:
+        creates: /etc/kubernetes/admin.conf
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+
+    - name: Wait for Kubernetes API to be available
+      wait_for:
+        host: 127.0.0.1
+        port: 6443
+        delay: 10
+        timeout: 300
+        state: started
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Create .kube directory
+      file:
+        path: /home/{{ ansible_user }}/.kube
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0755'
+
+    - name: Copy kubeconfig to user
+      copy:
+        remote_src: yes
+        src: /etc/kubernetes/admin.conf
+        dest: /home/{{ ansible_user }}/.kube/config
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0644'
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Install Flannel CNI
+      become_user: "{{ ansible_user }}"
+      command: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Get join command
+      command: kubeadm token create --print-join-command
+      register: join_command
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Ensure firewalld is running
+      ansible.builtin.service:
+        name: firewalld
+        state: started
+        enabled: true
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open Kubernetes API server port (6443)
+      ansible.posix.firewalld:
+        port: 6443/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open etcd ports (2379-2380)
+      ansible.posix.firewalld:
+        port: 2379-2380/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open kubelet and scheduler ports (10250-10252)
+      ansible.posix.firewalld:
+        port: 10250-10252/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+      
+    - name: Save join command
+      set_fact:
+        worker_join_cmd: "{{ join_command.stdout }}"
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Print join command
+      debug:
+        msg: "{{ worker_join_cmd }}"
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Wait for Kubernetes API
+      uri:
+        url: https://localhost:6443/healthz
+        method: GET
+        status_code: 200
+        validate_certs: no
+      register: api_health
+      until: api_health.status == 200
+      retries: 10
+      delay: 15
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Join cluster
+      command: "{{ hostvars['rocky9-vm01.home.lan'].worker_join_cmd }}"
+      args:
+        creates: /etc/kubernetes/kubelet.conf
+      when: inventory_hostname != 'rocky9-vm01.home.lan'

roles/kubernetes/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: Include vault
+  ansible.builtin.include_vars:
+    file: jaydee.yml
+    
+- name: Facts
+  ansible.builtin.setup:
+  when: ansible_facts.architecture is not defined
+
+- name: Include OS-specific tasks
+  ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"

roles/proxy_repo/tasks/Rocky.yml

@@ -0,0 +1,12 @@
+
+- name: Setup DNF proxy
+  become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
+  block:
+    - name: Configure global DNF proxy
+      ansible.builtin.lineinfile:
+        path: /etc/dnf/dnf.conf
+        regexp: '^proxy='
+        line: 'proxy=http://{{ dnf_proxy_host }}:{{ dnf_proxy_port }}'
+        insertafter: '^\[main\]'
+        state: present
+        backup: yes

roles/proxy_repo/tasks/main.yml

@@ -0,0 +1,2 @@
+- name: Include OS-specific tasks
+  ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"