2022-10-18 22:18:54 +02:00
|
|
|
- name: Disable SWAP
|
|
|
|
when: ansible_memory_mb.swap.total != 0
|
|
|
|
register: swap_disable
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.command: swapoff -a
|
|
|
|
|
|
|
|
- name: Remove swapfile from /etc/fstab
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.posix.mount:
|
|
|
|
name: "{{ item }}"
|
|
|
|
fstype: swap
|
|
|
|
state: absent
|
|
|
|
with_items:
|
|
|
|
- swap
|
|
|
|
|
|
|
|
- name: Add propogation to systemd
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
community.general.ini_file:
|
|
|
|
path: /lib/systemd/system/docker.service
|
|
|
|
section: Service
|
|
|
|
option: MountFlags
|
|
|
|
value: shared
|
|
|
|
mode: "0644"
|
|
|
|
notify:
|
|
|
|
- kube | docker options changed
|
|
|
|
|
|
|
|
- name: Set up kmsg in LXC # https://kevingoos.medium.com/kubernetes-inside-proxmox-lxc-cce5c9927942
|
|
|
|
when: inventory_hostname in groups['lxc_guest']
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.copy:
|
|
|
|
content: |
|
|
|
|
#!/bin/sh -e
|
|
|
|
if [ ! -e /dev/kmsg ]; then
|
|
|
|
ln -s /dev/console /dev/kmsg
|
|
|
|
fi
|
|
|
|
mount --make-rshared /
|
|
|
|
dest: /etc/rc.local
|
|
|
|
mode: "0755"
|
|
|
|
notify:
|
|
|
|
- kube | boot options changed
|
|
|
|
|
|
|
|
- name: Add cgroup directives to boot command line config
|
|
|
|
when: inventory_hostname in groups['raspberries']
|
|
|
|
become: yes
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /boot/firmware/cmdline.txt
|
|
|
|
regexp: '((.)+?)(\scgroup_\w+=\w+)*$'
|
|
|
|
line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
|
|
|
|
backrefs: yes
|
|
|
|
notify:
|
|
|
|
- kube | boot options changed
|
|
|
|
|
|
|
|
- name: Set GPU memory split to 16 MB
|
|
|
|
when: inventory_hostname in groups['raspberries']
|
|
|
|
become: yes
|
|
|
|
community.general.ini_file:
|
|
|
|
path: /boot/firmware/config.txt
|
|
|
|
section: pi4
|
|
|
|
option: gpu_mem
|
|
|
|
value: 16
|
|
|
|
create: yes
|
|
|
|
notify:
|
|
|
|
- kube | boot options changed
|
|
|
|
|
|
|
|
- name: Tweak modeprobe entries
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.ini_file:
|
|
|
|
option: "{{ item.option }}"
|
|
|
|
state: "{{ item.state }}"
|
|
|
|
path: "/usr/lib/modules-load.d/kube.conf"
|
|
|
|
section: ""
|
|
|
|
mode: "0644"
|
|
|
|
allow_no_value: true
|
|
|
|
loop:
|
|
|
|
- { state: "present", option: "br_netfilter" }
|
|
|
|
- { state: "present", option: "overlay" }
|
|
|
|
notify:
|
|
|
|
- kube | systemctl restart systemd-modules-load.service
|
|
|
|
|
|
|
|
- name: Tweak sysctl entries
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.sysctl:
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
value: "{{ item.value }}"
|
|
|
|
state: "{{ item.state }}"
|
|
|
|
sysctl_file: "/etc/sysctl.conf"
|
|
|
|
reload: false
|
|
|
|
loop:
|
|
|
|
- { state: "present", name: "kernel.pid_max", value: "4194303" }
|
|
|
|
- {
|
|
|
|
state: "present",
|
|
|
|
name: "net.bridge.bridge-nf-call-arptables",
|
|
|
|
value: "1",
|
|
|
|
}
|
|
|
|
- {
|
|
|
|
state: "present",
|
|
|
|
name: "net.bridge.bridge-nf-call-ip6tables",
|
|
|
|
value: "1",
|
|
|
|
}
|
|
|
|
- {
|
|
|
|
state: "present",
|
|
|
|
name: "net.bridge.bridge-nf-call-iptables",
|
|
|
|
value: "1",
|
|
|
|
}
|
|
|
|
- { state: "present", name: "net.ipv4.ip_forward", value: "1" }
|
|
|
|
- { state: "present", name: "net.ipv6.conf.all.disable_ipv6", value: "1" }
|
|
|
|
- { state: "present", name: "net.ipv6.conf.all.forwarding", value: "0" }
|
|
|
|
- {
|
|
|
|
state: "present",
|
|
|
|
name: "net.ipv6.conf.default.disable_ipv6",
|
|
|
|
value: "1",
|
|
|
|
}
|
|
|
|
- { state: "present", name: "net.ipv6.conf.lo.disable_ipv6", value: "1" }
|
|
|
|
- { state: "present", name: "vm.min_free_kbytes", value: "65536" }
|
|
|
|
- { state: "present", name: "vm.swappiness", value: "0" }
|
|
|
|
notify:
|
|
|
|
- kube | sysctl --system
|
|
|
|
|
|
|
|
- name: Add Apt signing key for Google and Libcontainers
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.apt_key:
|
|
|
|
url: "{{ item }}"
|
|
|
|
state: present
|
|
|
|
loop:
|
|
|
|
- https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
|
|
|
|
|
|
- name: Add repo for Google and Libcontainers
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.apt_repository:
|
|
|
|
filename: Kubernetes
|
|
|
|
repo: "deb {{ item }}"
|
|
|
|
mode: "0666"
|
|
|
|
update_cache: yes
|
|
|
|
loop:
|
|
|
|
- https://apt.kubernetes.io/ kubernetes-xenial main
|
|
|
|
|
|
|
|
- name: Install kubernetes packages
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
ansible.builtin.apt:
|
2022-11-08 21:41:19 +01:00
|
|
|
name:
|
|
|
|
- kubelet={{ kube_apt }}
|
|
|
|
- kubeadm={{ kube_apt }}
|
2022-10-18 22:18:54 +02:00
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Hold kubernetes version
|
2022-10-19 00:16:16 +02:00
|
|
|
become: "{{ do_become }}"
|
2022-10-18 22:18:54 +02:00
|
|
|
when: ! is_controlplane is defined
|
|
|
|
ansible.builtin.dpkg_selections:
|
|
|
|
name: "{{ item }}"
|
|
|
|
selection: "hold"
|
|
|
|
with_items:
|
|
|
|
- kubelet
|
|
|
|
- kubeadm
|