Merge branch 'main' of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private

inventory.ini

@@ -1,9 +1,9 @@
 [kube-master]
-master1 ansible_host=192.168.1.10 ansible_user=ubuntu
+master1 ansible_host=192.168.1.10 ansible_user=ubuntu ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 
 [kube-node]
-node1 ansible_host=192.168.1.11 ansible_user=ubuntu
+node1 ansible_host=192.168.1.11 ansible_user=ubuntu ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-node2 ansible_host=192.168.1.12 ansible_user=ubuntu
+node2 ansible_host=192.168.1.12 ansible_user=ubuntu ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 
-[all:vars]
+#[all:vars]
-ansible_python_interpreter=/usr/bin/python3
+#ansible_python_interpreter=/usr/bin/python3

playbook.yml

@@ -3,6 +3,7 @@
   become: yes
   roles:
     - common
+    - vaultwarden
     - kubernetes
     - kube-master
 

roles/kube-master/tasks/main.yml

@@ -22,7 +22,7 @@
   replace:
     path: /tmp/kube-flannel.yml
     regexp: '10\.244\.0\.0/16'
-    replace: '192.168.2.0/24' # .3.
+    replace: '10.244.0.0/16' # .3.
 
 - name: Corrigir net-conf.json no manifest do Flannel
   become: true
@@ -40,12 +40,12 @@
   debug:
     var: flannel_manifest.stdout
 
-- name: Adicionar --iface=eth1 ao flanneld
+- name: Adicionar --iface=eth0 ao flanneld
   become: true
   ansible.builtin.lineinfile:
     path: /tmp/kube-flannel.yml
     insertafter: '        - --kube-subnet-mgr'
-    line: '        - --iface=eth1'
+    line: '        - --iface=eth0'
         
 
 
@@ -55,7 +55,7 @@
     argv:
       - kubeadm
       - init
-      - --pod-network-cidr=192.168.2.0/24 # .3. 
+      - --pod-network-cidr=10.244.0.0/16 # .3. 
       - --apiserver-advertise-address=192.168.1.150
     creates: /etc/kubernetes/admin.conf 
 

roles/kube-master/tasks/patch_netconf.py

@@ -10,11 +10,11 @@ with open("/tmp/kube-flannel.yml", "r") as f:
 for doc in docs:
     if doc.get("kind") == "ConfigMap" and doc.get("metadata", {}).get("name") == "kube-flannel-cfg":
         doc["data"]["net-conf.json"] = '''{
-  "Network": "192.168.2.0/24",
+  "Network": "10.244.0.0/16",
   "Backend": {
     "Type": "vxlan"
   },
-  "Interface": "eth1"
+  "Interface": "eth0"
 }'''
 
 with open("/tmp/kube-flannel.yml", "w") as f:

roles/kube-node/tasks/main.yml

@@ -23,9 +23,9 @@
     - node_status.stdout | trim == "NOT_IN_CLUSTER"
 
 
-- name: Atribuir podCIDR ao nó via hostname real
+#- name: Atribuir podCIDR ao nó via hostname real
-  shell: |
+#  shell: |
-    kubectl patch node {{ node_hostname.stdout }} -p '{"spec":{"podCIDR":"192.168.2.0/24"}}'
+#    kubectl patch node {{ node_hostname.stdout }} -p '{"spec":{"podCIDR":"192.168.2.0/24"}}'
-  when: 
+#  when: 
-    - hostvars['master1']['kubeadm_join_command'] is defined
+#    - hostvars['master1']['kubeadm_join_command'] is defined
-    - node_status.stdout | trim == "NOT_IN_CLUSTER"
+#    - node_status.stdout | trim == "NOT_IN_CLUSTER"

roles/vaultwarden/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: Buscar secret do Vaultwarden
+  command: "bw get item 'nome-do-secret'"
+  register: secret_raw
+  #no_log: true