155 lines
4.0 KiB
YAML
155 lines
4.0 KiB
YAML
|
- name: Disable SWAP
|
||
|
when: ansible_memory_mb.swap.total != 0
|
||
|
register: swap_disable
|
||
|
become: true
|
||
|
ansible.builtin.command: swapoff -a
|
||
|
|
||
|
- name: Remove swapfile from /etc/fstab
|
||
|
become: true
|
||
|
ansible.posix.mount:
|
||
|
name: "{{ item }}"
|
||
|
fstype: swap
|
||
|
state: absent
|
||
|
with_items:
|
||
|
- swap
|
||
|
|
||
|
- name: Add propogation to systemd
|
||
|
become: true
|
||
|
community.general.ini_file:
|
||
|
path: /lib/systemd/system/docker.service
|
||
|
section: Service
|
||
|
option: MountFlags
|
||
|
value: shared
|
||
|
mode: "0644"
|
||
|
notify:
|
||
|
- kube | docker options changed
|
||
|
|
||
|
- name: Set up kmsg in LXC # https://kevingoos.medium.com/kubernetes-inside-proxmox-lxc-cce5c9927942
|
||
|
when: inventory_hostname in groups['lxc_guest']
|
||
|
become: true
|
||
|
ansible.builtin.copy:
|
||
|
content: |
|
||
|
#!/bin/sh -e
|
||
|
if [ ! -e /dev/kmsg ]; then
|
||
|
ln -s /dev/console /dev/kmsg
|
||
|
fi
|
||
|
mount --make-rshared /
|
||
|
dest: /etc/rc.local
|
||
|
mode: "0755"
|
||
|
notify:
|
||
|
- kube | boot options changed
|
||
|
|
||
|
- name: Add cgroup directives to boot command line config
|
||
|
when: inventory_hostname in groups['raspberries']
|
||
|
become: yes
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /boot/firmware/cmdline.txt
|
||
|
regexp: '((.)+?)(\scgroup_\w+=\w+)*$'
|
||
|
line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
|
||
|
backrefs: yes
|
||
|
notify:
|
||
|
- kube | boot options changed
|
||
|
|
||
|
- name: Set GPU memory split to 16 MB
|
||
|
when: inventory_hostname in groups['raspberries']
|
||
|
become: yes
|
||
|
community.general.ini_file:
|
||
|
path: /boot/firmware/config.txt
|
||
|
section: pi4
|
||
|
option: gpu_mem
|
||
|
value: 16
|
||
|
create: yes
|
||
|
notify:
|
||
|
- kube | boot options changed
|
||
|
|
||
|
- name: Tweak modeprobe entries
|
||
|
become: true
|
||
|
ansible.builtin.ini_file:
|
||
|
option: "{{ item.option }}"
|
||
|
state: "{{ item.state }}"
|
||
|
path: "/usr/lib/modules-load.d/kube.conf"
|
||
|
section: ""
|
||
|
mode: "0644"
|
||
|
allow_no_value: true
|
||
|
loop:
|
||
|
- { state: "present", option: "br_netfilter" }
|
||
|
- { state: "present", option: "overlay" }
|
||
|
notify:
|
||
|
- kube | systemctl restart systemd-modules-load.service
|
||
|
|
||
|
- name: Tweak sysctl entries
|
||
|
become: true
|
||
|
ansible.builtin.sysctl:
|
||
|
name: "{{ item.name }}"
|
||
|
value: "{{ item.value }}"
|
||
|
state: "{{ item.state }}"
|
||
|
sysctl_file: "/etc/sysctl.conf"
|
||
|
reload: false
|
||
|
loop:
|
||
|
- { state: "present", name: "kernel.pid_max", value: "4194303" }
|
||
|
- {
|
||
|
state: "present",
|
||
|
name: "net.bridge.bridge-nf-call-arptables",
|
||
|
value: "1",
|
||
|
}
|
||
|
- {
|
||
|
state: "present",
|
||
|
name: "net.bridge.bridge-nf-call-ip6tables",
|
||
|
value: "1",
|
||
|
}
|
||
|
- {
|
||
|
state: "present",
|
||
|
name: "net.bridge.bridge-nf-call-iptables",
|
||
|
value: "1",
|
||
|
}
|
||
|
- { state: "present", name: "net.ipv4.ip_forward", value: "1" }
|
||
|
- { state: "present", name: "net.ipv6.conf.all.disable_ipv6", value: "1" }
|
||
|
- { state: "present", name: "net.ipv6.conf.all.forwarding", value: "0" }
|
||
|
- {
|
||
|
state: "present",
|
||
|
name: "net.ipv6.conf.default.disable_ipv6",
|
||
|
value: "1",
|
||
|
}
|
||
|
- { state: "present", name: "net.ipv6.conf.lo.disable_ipv6", value: "1" }
|
||
|
- { state: "present", name: "vm.min_free_kbytes", value: "65536" }
|
||
|
- { state: "present", name: "vm.swappiness", value: "0" }
|
||
|
notify:
|
||
|
- kube | sysctl --system
|
||
|
|
||
|
- name: Add Apt signing key for Google and Libcontainers
|
||
|
become: true
|
||
|
ansible.builtin.apt_key:
|
||
|
url: "{{ item }}"
|
||
|
state: present
|
||
|
loop:
|
||
|
- https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
||
|
|
||
|
- name: Add repo for Google and Libcontainers
|
||
|
become: true
|
||
|
ansible.builtin.apt_repository:
|
||
|
filename: Kubernetes
|
||
|
repo: "deb {{ item }}"
|
||
|
mode: "0666"
|
||
|
update_cache: yes
|
||
|
loop:
|
||
|
- https://apt.kubernetes.io/ kubernetes-xenial main
|
||
|
|
||
|
- name: Install kubernetes packages
|
||
|
become: true
|
||
|
ansible.builtin.apt:
|
||
|
name: "{{ item }}={{ kube_apt }}"
|
||
|
state: present
|
||
|
with_items:
|
||
|
- kubelet
|
||
|
- kubeadm
|
||
|
|
||
|
- name: Hold kubernetes version
|
||
|
become: true
|
||
|
when: ! is_controlplane is defined
|
||
|
ansible.builtin.dpkg_selections:
|
||
|
name: "{{ item }}"
|
||
|
selection: "hold"
|
||
|
with_items:
|
||
|
- kubelet
|
||
|
- kubeadm
|