diff --git a/playbook.yaml b/playbook.yaml index f6d0500..344d322 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -5,9 +5,8 @@ vars: arch: "amd64" - os: "Debian_11" - k8s_version: "1.27" - k_version: "{{ k8s_version }}.2" + os: "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}" + k8s_version: "1.25" tasks: - name: Copy conf @@ -20,53 +19,67 @@ update_cache: true cache_valid_time: 604800 # 60s * 60m * 24h * 7d upgrade: full + autoremove: true + purge: true - name: Install deps apt: name: + - conntrack - gpg - vim - - name: Add libcontainers repo key (CRI-O) + - name: Add libcontainers public key (CRI-O) apt_key: url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key" keyring: /etc/apt/trusted.gpg.d/libcontainers-archive-keyring.gpg - - name: Add libcontainers-crio repo key (CRI-O) + - name: Add libcontainers-crio public key (CRI-O) apt_key: url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/Release.key" keyring: /etc/apt/trusted.gpg.d/libcontainers-crio-archive-keyring.gpg + - name: Add k8s public key + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + keyring: /etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg + - name: Add libcontainers repo (CRI-O) apt_repository: repo: "deb [signed-by=/etc/apt/trusted.gpg.d/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /" - filename: devel:kubic:libcontainers:stable.list + filename: devel:kubic:libcontainers:stable - name: Add libcontainers-crio repo (CRI-O) apt_repository: repo: "deb [signed-by=/etc/apt/trusted.gpg.d/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/ /" - filename: "devel:kubic:libcontainers:stable:cri-o:{{ k8s_version }}.list" - - name: Install cri-o + filename: "devel:kubic:libcontainers:stable:cri-o:{{ k8s_version }}" + - name: Add k8s repo + apt_repository: + repo: "deb [signed-by=/etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" + filename: kubernetes + + - name: Install k8s apt: name: - cri-o - cri-o-runc + - kubeadm={{ k8s_version}}* + - kubectl={{ k8s_version}}* + - kubelet={{ k8s_version}}* update_cache: true + - name: Hold k8s pkg + shell: apt-mark hold cri-o cri-o-runc kubeadm kubectl kubelet + - name: Install crictl + unarchive: + remote_src: yes + src: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ k8s_version }}.0/crictl-v{{ k8s_version }}.0-linux-{{ arch }}.tar.gz" + dest: /usr/local/bin/ + mode: 755 - - name: Install kubectl - get_url: - url: "https://dl.k8s.io/release/v{{ k_version }}/bin/linux/{{ arch }}/kubectl" - dest: /usr/local/bin/kubectl - mode: 755 - - name: Install kubeadm - get_url: - url: "https://dl.k8s.io/release/v{{ k_version}}/bin/linux/{{ arch }}/kubeadm" - dest: /usr/local/bin/kubeadm - mode: 755 - - name: Install kubelet - get_url: - url: "https://dl.k8s.io/release/v{{ k_version }}/bin/linux/{{ arch }}/kubelet" - dest: /usr/local/bin/kubelet - mode: 755 - - name: Start kubelet service + - name: Enable crio service + service: + name: crio.service + enabled: true + - name: Enable kubelet service service: name: kubelet.service enabled: true - state: started + - name: Reboot + reboot: diff --git a/rootfs/etc/modules-load.d/k8s.conf b/rootfs/etc/modules-load.d/k8s.conf new file mode 100644 index 0000000..43dd543 --- /dev/null +++ b/rootfs/etc/modules-load.d/k8s.conf @@ -0,0 +1,2 @@ +overlay +br_netfilter diff --git a/rootfs/etc/sysctl.d/k8s.conf b/rootfs/etc/sysctl.d/k8s.conf new file mode 100644 index 0000000..8df03f1 --- /dev/null +++ b/rootfs/etc/sysctl.d/k8s.conf @@ -0,0 +1,3 @@ +net.bridge.bridge-nf-call-iptables = 1 +net.bridge.bridge-nf-call-ip6tables = 1 +net.ipv4.ip_forward = 1 diff --git a/rootfs/etc/systemd/system/kubelet.service b/rootfs/etc/systemd/system/kubelet.service deleted file mode 100644 index 5ee4050..0000000 --- a/rootfs/etc/systemd/system/kubelet.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=kubelet: The Kubernetes Node Agent -Documentation=https://kubernetes.io/docs/home/ -Wants=network-online.target -After=network-online.target - -[Service] -ExecStart=/usr/local/bin/kubelet -Restart=always -StartLimitInterval=0 -RestartSec=10 - -[Install] -WantedBy=multi-user.target diff --git a/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf b/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf index 67f3a7d..bd1b077 100644 --- a/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf +++ b/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf @@ -1,3 +1,4 @@ +# Note: This dropin only works with kubeadm and kubelet v1.11+ [Service] Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" @@ -6,4 +7,5 @@ EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env # This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use # the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file. EnvironmentFile=-/etc/default/kubelet -ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS +ExecStart= +ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS