--- - name: Install Software ansible.builtin.include_role: name: nfc_common vars: common_gather_facts: false aptInstall: - name: curl - name: iptables - name: jq - name: Create Required directories ansible.builtin.file: name: "{{ item.name }}" state: "{{ item.state }}" mode: "{{ item.mode }}" loop: "{{ dirs }}" vars: dirs: - name: /etc/rancher/k3s state: directory mode: 700 - name: /var/lib/rancher/k3s/server/logs state: directory mode: 700 - name: /var/lib/rancher/k3s/server/manifests state: directory mode: 700 - name: Add sysctl net.ipv4.ip_forward ansible.posix.sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: true state: present reload: true notify: reboot_host when: - ansible_os_family == 'Debian' # On change reboot - name: Check if K3s Installed ansible.builtin.shell: cmd: | if [[ $(service k3s status) ]]; then exit 0; else exit 1; fi executable: /bin/bash changed_when: false failed_when: false register: k3s_installed - name: Download K3s Binary ansible.builtin.uri: url: "{{ item.url }}" method: GET return_content: true status_code: - 200 - 304 dest: "{{ item.dest }}" mode: "744" register: k3s_download_files delegate_to: localhost run_once: true # no_log: true when: ansible_os_family == 'Debian' loop: "{{ download_files }}" vars: ansible_connection: local download_files: - dest: /tmp/install.sh url: https://get.k3s.io - dest: "/tmp/k3s" url: "https://github.com/k3s-io/k3s/releases/download/v{{ KubernetesVersion + KubernetesVersion_k3s_prefix | urlencode }}/k3s" - name: "[TRACE] Downloaded File SHA256" ansible.builtin.set_fact: hash_sha256_k3s_downloaded_binary: "{{ lookup('ansible.builtin.file', '/tmp/k3s') | hash('sha256') | string }}" delegate_to: localhost - name: Existing k3s File hash ansible.builtin.stat: checksum_algorithm: sha256 name: /usr/local/bin/k3s register: hash_sha256_k3s_existing_binary - name: Copy K3s binary to Host ansible.builtin.copy: src: "/tmp/k3s" dest: "/usr/local/bin/k3s" mode: '740' owner: root group: root when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary - name: Copy install script to Host ansible.builtin.copy: src: "/tmp/install.sh" dest: "/tmp/install.sh" mode: '755' owner: root group: root # when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary - name: Required Initial config files ansible.builtin.copy: content: | {{ item.content }} dest: "{{ item.path }}/{{ item.name }}" mode: '740' owner: root group: root loop: "{{ k3s.files }}" when: > item.when | default(true) | bool # kubernetes_config.cluster.prime.name == inventory_hostname - name: Copy Intial required templates ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root mode: '700' force: true notify: "{{ item.notify | default(omit) }}" loop: "{{ templates_to_apply }}" when: > item.when | default(true) | bool vars: templates_to_apply: - src: k3s-config.yaml.j2 dest: /etc/rancher/k3s/config.yaml notify: kubernetes_restart - src: "calico.yaml.j2" dest: /var/lib/rancher/k3s/server/manifests/calico.yaml when: "{{ kubernetes_config.cluster.prime.name == inventory_hostname }}" - src: k3s-registries.yaml.j2 dest: /etc/rancher/k3s/registries.yaml notify: kubernetes_restart # - name: Templates IPv6 # ansible.builtin.template: # src: iptables-kubernetes.rules.j2 # dest: "/etc/ip6tables.rules.d/ip6tables-kubernetes.rules" # owner: root # mode: '700' # force: true # vars: # ipv6: true - name: Set IPTables to legacy mode ansible.builtin.command: cmd: update-alternatives --set iptables /usr/sbin/iptables-legacy changed_when: false - name: Install K3s (prime master) ansible.builtin.shell: cmd: | INSTALL_K3S_SKIP_DOWNLOAD=true \ INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ /tmp/install.sh # curl -sfL https://get.k3s.io | \ # INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ # sh - changed_when: false when: kubernetes_config.cluster.prime.name == inventory_hostname - name: Wait for kubernetes prime to be ready ansible.builtin.shell: cmd: | set -o pipefail if [ `which jq` ]; then echo $(kubectl get no $(hostname) -o json | jq .status.conditions[4].status | tr -d '"'); else echo jq command not found; exit 127; fi executable: /bin/bash delegate_to: "{{ kubernetes_config.cluster.prime.name }}" run_once: true register: kubernetes_ready_check retries: 30 delay: 10 until: > kubernetes_ready_check.stdout | default(false) | bool or kubernetes_ready_check.rc != 0 changed_when: false failed_when: kubernetes_ready_check.rc != 0 - name: Fetch Join Token ansible.builtin.slurp: src: /var/lib/rancher/k3s/server/token delegate_to: "{{ kubernetes_config.cluster.prime.name }}" run_once: true register: k3s_join_token no_log: true # Value is sensitive - name: Create Token fact ansible.builtin.set_fact: k3s_join_token: "{{ k3s_join_token.content | b64decode | replace('\n', '') }}" delegate_to: "{{ kubernetes_config.cluster.prime.name }}" run_once: true no_log: true # Value is sensitive - name: Install K3s (worker nodes) ansible.builtin.shell: cmd: | set -o pipefail INSTALL_K3S_EXEC="agent" \ INSTALL_K3S_SKIP_DOWNLOAD=true \ INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ K3S_TOKEN="{{ k3s_join_token }}" \ K3S_URL="https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443" \ /tmp/install.sh - executable: /bin/bash changed_when: false when: > not Kubernetes_Master | default(false) | bool - name: Set Kubernetes Final Install Fact ansible.builtin.set_fact: kubernetes_installed: true # Clear Token as no llonger required and due to being a sensitive value k3s_join_token: null