Update .gitea/workflows/deploy-k8s.yml

.gitea/workflows/deploy-k8s.yml

@@ -2,7 +2,7 @@ name: IACAnsible
 
 on: 
   push:
-    branches: [ main ]
+    branches: [ kubernetes-vazio ]
   workflow_dispatch:
 
 jobs:

inventory.ini

@@ -1,9 +1,9 @@
 [kube-master]
-master1 ansible_host=192.168.1.10 ansible_user=ubuntu
+master1 ansible_host=192.168.1.10 ansible_user=ubuntu ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 
 [kube-node]
-node1 ansible_host=192.168.1.11 ansible_user=ubuntu
-node2 ansible_host=192.168.1.12 ansible_user=ubuntu
+node1 ansible_host=192.168.1.11 ansible_user=ubuntu ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+node2 ansible_host=192.168.1.12 ansible_user=ubuntu ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 
-[all:vars]
-ansible_python_interpreter=/usr/bin/python3
+#[all:vars]
+#ansible_python_interpreter=/usr/bin/python3

roles/kube-master/tasks/main.yml

@@ -1,73 +1,76 @@
 - name: Instalar pip3 no host remoto
+  become: true
   ansible.builtin.apt:
     name: python3-pip
     state: present
     update_cache: true
 
 - name: Instalar ruamel.yaml no host remoto
+  become: true
   ansible.builtin.pip:
     name: ruamel.yaml
     executable: pip3
 
 - name: Fazer download do manifest oficial do Flannel
+  become: true
   get_url:
     url: https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
     dest: /tmp/kube-flannel.yml
 
 - name: Substituir o CIDR da rede no manifest
+  become: true
   replace:
     path: /tmp/kube-flannel.yml
     regexp: '10\.244\.0\.0/16'
-    replace: '192.168.3.0/16'
+    replace: '10.244.0.0/16' # .3.
 
 - name: Corrigir net-conf.json no manifest do Flannel
+  become: true
   ansible.builtin.script:
     cmd: patch_netconf.py
 
 - name: cat flannel
+  become: true
   shell: |
     cat /tmp/kube-flannel.yml
   register: flannel_manifest
 
 - name: Mostrar conteúdo do manifest
+  become: true
   debug:
     var: flannel_manifest.stdout
 
-- name: Forçar uso da interface correta
-  replace:
+- name: Adicionar --iface=eth0 ao flanneld
+  become: true
+  ansible.builtin.lineinfile:
     path: /tmp/kube-flannel.yml
-    regexp: 'command: 
-\[.*?flanneld.*?\]
-'
-    replace: |
-      command:
-        - /opt/bin/flanneld
-        - --ip-masq
-        - --kube-subnet-mgr
-        - --iface=eth1
+    insertafter: '        - --kube-subnet-mgr'
+    line: '        - --iface=eth0'
         
 
 
 - name: Inicializar o cluster com kubeadm
+  become: true
   command:
     argv:
       - kubeadm
       - init
-      - --pod-network-cidr=192.168.3.0/16
+      - --pod-network-cidr=10.244.0.0/16 # .3. 
       - --apiserver-advertise-address=192.168.1.150
-      - --cri-socket=unix:///run/containerd/containerd.sock
     creates: /etc/kubernetes/admin.conf 
 
 
 
 
 - name: Verificar se o diretório .kube já existe
+  become: true
   stat:
     path: /home/fenix/.kube
   register: kube_dir
   
 
 - name: Criar diretório .kube para o usuário ubuntu
+  become: true
   ansible.builtin.file:
     path: /home/fenix/.kube
     state: directory
@@ -77,6 +80,7 @@
   when: not kube_dir.stat.exists
   
 - name: Set up kubeconfig for user
+  become: true
   copy:
     src: /etc/kubernetes/admin.conf
     dest: /home/fenix/.kube/config
@@ -87,6 +91,7 @@
   when: not kube_dir.stat.exists
 
 - name: 33 Wait for Kubernetes API to be ready
+  become: true
   shell: |
     kubectl get --raw='/healthz'
   environment:
@@ -98,11 +103,13 @@
   become: yes
 
 - name: cat flannel
+  become: true
   shell: |
     cat /tmp/kube-flannel.yml
   register: flannel_manifest2
 
 - name: Mostrar conteúdo do manifest
+  become: true
   debug:
     var: flannel_manifest2.stdout
 
@@ -115,6 +122,7 @@
     KUBECONFIG:  /home/fenix/.kube/config
 
 - name: 34 Wait for Kubernetes API to be ready
+  become: true
   shell: |
     kubectl get --raw='/healthz'
   environment:
@@ -126,9 +134,11 @@
   become: yes
 
 - name: Get kubeadm join command
+  become: true
   shell: kubeadm token create --print-join-command
   register: join_cmd
   
 - name: Set join command as fact
+  become: true
   set_fact:
     kubeadm_join_command: "{{ join_cmd.stdout }}"

roles/kube-master/tasks/patch_netconf.py

@@ -10,11 +10,11 @@ with open("/tmp/kube-flannel.yml", "r") as f:
 for doc in docs:
     if doc.get("kind") == "ConfigMap" and doc.get("metadata", {}).get("name") == "kube-flannel-cfg":
         doc["data"]["net-conf.json"] = '''{
-  "Network": "192.168.3.0/16",
+  "Network": "10.244.0.0/16",
   "Backend": {
     "Type": "vxlan"
   },
-  "Interface": "eth1"
+  "Interface": "eth0"
 }'''
 
 with open("/tmp/kube-flannel.yml", "w") as f:

roles/kube-node/tasks/main.yml

@@ -2,6 +2,30 @@
   hostname:
     name: "ubuntu-{{ ansible_play_hosts.index(inventory_hostname) }}"
 
+
+- name: Obter hostname real do nó
+  become: true
+  command: hostname
+  register: node_hostname
+
+- name: Verificar se o nó já está no cluster
+  shell: |
+    kubectl get nodes --no-headers | grep -w {{ node_hostname.stdout }} || echo "NOT_IN_CLUSTER"
+  register: node_status
+  environment:
+    KUBECONFIG: /etc/kubernetes/kubelet.conf
+
+
 - name: Join Kubernetes cluster
   shell: "{{ hostvars['master1']['kubeadm_join_command'] }}"
-  when: hostvars['master1']['kubeadm_join_command'] is defined
+  when: 
+    - hostvars['master1']['kubeadm_join_command'] is defined
+    - node_status.stdout | trim == "NOT_IN_CLUSTER"
+
+
+#- name: Atribuir podCIDR ao nó via hostname real
+#  shell: |
+#    kubectl patch node {{ node_hostname.stdout }} -p '{"spec":{"podCIDR":"192.168.2.0/24"}}'
+#  when: 
+#    - hostvars['master1']['kubeadm_join_command'] is defined
+#    - node_status.stdout | trim == "NOT_IN_CLUSTER"

roles/kubernetes/tasks/main.yml

@@ -1,24 +1,72 @@
-- name: Install containerd
+- name: disable UFW firewall for labs
+  service:
+    name: ufw
+    state: stopped
+    enabled: false
+
+- name: Disable SWAP
+  shell: |
+    swapoff -a
+
+- name: Disable SWAP in fstab
+  lineinfile:
+    path: /etc/fstab
+    regexp: '^.*swap.*$'
+    line: '#\0'
+    backrefs: yes
+
+- name: Installation of apt-utils
+  become: true
+  apt:
+    name:
+      - apt-transport-https
+    state: present
+    update_cache: yes
+
+
+- name: Instalar containerd
+  become: true
   apt:
     name: containerd
     state: present
-    update_cache: no
+    update_cache: yes
 
-- name: Hold Kubernetes packages
-  ansible.builtin.shell: |
-    apt-mark hold containerd
+- name: Criar diretório de configuração do containerd
+  become: true
+  file:
+    path: /etc/containerd
+    state: directory
+    mode: '0755'
 
-#- name: Add Kubernetes APT key
-#  apt_key:
-#    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-#    state: present
+- name: Gerar config.toml padrão do containerd
+  become: true
+  shell: containerd config default > /etc/containerd/config.toml
+  args:
+    creates: /etc/containerd/config.toml
+
+- name: Ativar SystemdCgroup no containerd
+  become: true
+  replace:
+    path: /etc/containerd/config.toml
+    regexp: 'SystemdCgroup = false'
+    replace: 'SystemdCgroup = true'
+
+- name: Reiniciar e habilitar containerd
+  become: true
+  systemd:
+    name: containerd
+    state: restarted
+    enabled: true
+    
+
+- name: Setting value of SystemdCgroup
+  shell: |
+    containerd config default | sudo tee /etc/containerd/config.toml | grep SystemdCgroup
+    sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
 
-#- name: Add Kubernetes repo
-#  apt_repository:
-#    repo: deb http://apt.kubernetes.io/ kubernetes-jammy main
-#    state: present
     
 - name: Adicionar chave GPG do Kubernetes
+  become: true
   ansible.builtin.shell: |
     mkdir -p /etc/apt/keyrings
     curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
@@ -26,6 +74,7 @@
     creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
 
 - name: Adicionar repositório oficial do Kubernetes
+  become: true
   ansible.builtin.copy:
     dest: /etc/apt/sources.list.d/kubernetes.list
     content: |
@@ -33,6 +82,7 @@
 
 
 - name: Install Kubernetes components
+  become: true
   apt:
     name:
       - kubelet
@@ -42,28 +92,33 @@
     update_cache: yes
 
 - name: Hold Kubernetes packages
+  become: true
   ansible.builtin.shell: |
     apt-mark hold kubelet kubeadm kubectl
 
 
 - name: Desativar swap
+  become: true
   ansible.builtin.command: swapoff -a
 
 - name: Garantir que swap está desativado no fstab
+  become: true
   ansible.builtin.lineinfile:
     path: /etc/fstab
     regexp: '.*swap.*'
     state: absent
 
 
-- name: Ativar ip_forward de forma idempotente
-  ansible.builtin.sysctl:
-    name: net.ipv4.ip_forward
-    value: '1'
-    state: present
-    reload: yes
+#- name: Ativar ip_forward de forma idempotente
+#  become: true
+#  ansible.builtin.sysctl:
+#    name: net.ipv4.ip_forward
+#    value: '1'
+#    state: present
+#    reload: yes
 
 - name: Configurar sysctl para Kubernetes
+  become: true
   ansible.builtin.copy:
     dest: /etc/sysctl.d/k8s.conf
     content: |
@@ -75,10 +130,12 @@
   ansible.builtin.command: sysctl --system
   when: ansible_facts['os_family'] == 'Debian'
   changed_when: false
+  become: true
 
 
   
 - name: Criar arquivo de configuração sysctl para Kubernetes
+  become: true
   ansible.builtin.copy:
     dest: /etc/sysctl.d/k8s.conf
     content: |
@@ -90,12 +147,13 @@
   notify: Reload sysctl
 
 - name: Carregar módulo br_netfilter se necessário
+  become: true
   ansible.builtin.modprobe:
     name: br_netfilter
     state: present
 
-
 - name: Garantir que o módulo br_netfilter seja carregado na inicialização
+  become: true
   ansible.builtin.copy:
     dest: /etc/modules-load.d/k8s.conf
     content: |