- name: Disable SWAP when: ansible_memory_mb.swap.total != 0 register: swap_disable become: "{{ do_become }}" ansible.builtin.command: swapoff -a - name: Remove swapfile from /etc/fstab become: "{{ do_become }}" ansible.posix.mount: name: "{{ item }}" fstype: swap state: absent with_items: - swap - name: Add propogation to systemd become: "{{ do_become }}" community.general.ini_file: path: /lib/systemd/system/docker.service section: Service option: MountFlags value: shared mode: "0644" notify: - kube | docker options changed - name: Set up kmsg in LXC # https://kevingoos.medium.com/kubernetes-inside-proxmox-lxc-cce5c9927942 when: inventory_hostname in groups['lxc_guest'] become: "{{ do_become }}" ansible.builtin.copy: content: | #!/bin/sh -e if [ ! -e /dev/kmsg ]; then ln -s /dev/console /dev/kmsg fi mount --make-rshared / dest: /etc/rc.local mode: "0755" notify: - kube | boot options changed - name: Add cgroup directives to boot command line config when: inventory_hostname in groups['raspberries'] become: yes ansible.builtin.lineinfile: path: /boot/firmware/cmdline.txt regexp: '((.)+?)(\scgroup_\w+=\w+)*$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' backrefs: yes notify: - kube | boot options changed - name: Set GPU memory split to 16 MB when: inventory_hostname in groups['raspberries'] become: yes community.general.ini_file: path: /boot/firmware/config.txt section: pi4 option: gpu_mem value: 16 create: yes notify: - kube | boot options changed - name: Tweak modeprobe entries become: "{{ do_become }}" ansible.builtin.ini_file: option: "{{ item.option }}" state: "{{ item.state }}" path: "/usr/lib/modules-load.d/kube.conf" section: "" mode: "0644" allow_no_value: true loop: - { state: "present", option: "br_netfilter" } - { state: "present", option: "overlay" } notify: - kube | systemctl restart systemd-modules-load.service - name: Tweak sysctl entries become: "{{ do_become }}" ansible.builtin.sysctl: name: "{{ item.name }}" value: "{{ item.value }}" state: "{{ item.state }}" sysctl_file: "/etc/sysctl.conf" reload: false loop: - { state: "present", name: "kernel.pid_max", value: "4194303" } - { state: "present", name: "net.bridge.bridge-nf-call-arptables", value: "1", } - { state: "present", name: "net.bridge.bridge-nf-call-ip6tables", value: "1", } - { state: "present", name: "net.bridge.bridge-nf-call-iptables", value: "1", } - { state: "present", name: "net.ipv4.ip_forward", value: "1" } - { state: "present", name: "net.ipv6.conf.all.disable_ipv6", value: "1" } - { state: "present", name: "net.ipv6.conf.all.forwarding", value: "0" } - { state: "present", name: "net.ipv6.conf.default.disable_ipv6", value: "1", } - { state: "present", name: "net.ipv6.conf.lo.disable_ipv6", value: "1" } - { state: "present", name: "vm.min_free_kbytes", value: "65536" } - { state: "present", name: "vm.swappiness", value: "0" } notify: - kube | sysctl --system - name: Add Apt signing key for Google and Libcontainers become: "{{ do_become }}" ansible.builtin.apt_key: url: "{{ item }}" state: present loop: - https://packages.cloud.google.com/apt/doc/apt-key.gpg - name: Add repo for Google and Libcontainers become: "{{ do_become }}" ansible.builtin.apt_repository: filename: Kubernetes repo: "deb {{ item }}" mode: "0666" update_cache: yes loop: - https://apt.kubernetes.io/ kubernetes-xenial main - name: Install kubernetes packages become: "{{ do_become }}" ansible.builtin.apt: name: - kubectl={{ kube_apt }} - kubelet={{ kube_apt }} - kubeadm={{ kube_apt }} state: present allow_downgrade: yes - name: Hold kubernetes version become: "{{ do_become }}" when: ! is_controlplane is defined ansible.builtin.dpkg_selections: name: "{{ item }}" selection: "hold" with_items: - kubelet - kubeadm - kubectl