fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2025-10-27 08:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
965d2d80c384b424564e7c51f91e141edb5d25b7
iac-ansible-public/roles/kubernetes/tasks/main.yml

162 lines
3.7 KiB
YAML
Raw Blame History

- name: disable UFW firewall for labs
service:
name: ufw
state: stopped
enabled: false
- name: Disable SWAP
shell: |
swapoff -a
- name: Disable SWAP in fstab
lineinfile:
path: /etc/fstab
regexp: '^.*swap.*$'
line: '#\0'
backrefs: yes
- name: ensure net.bridge.bridge-nf-call-ip6tables is set to 1
sysctl:
name: net.bridge.bridge-nf-call-iptables
value: '1'
state: present
reload: yes
- name: Installation of apt-utils
become: true
apt:
name:
- apt-transport-https
state: present
update_cache: yes
- name: Adding Docker GPG key
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Adding Docker Repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
state: present
- name: Installation of Docker
become: true
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose
state: present
update_cache: yes
- name: Setting value of SystemdCgroup
shell: |
containerd config default | sudo tee /etc/containerd/config.toml | grep SystemdCgroup
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
- name : Starting Service of Docker
service:
name: docker
state: started
enabled: yes
- name: Adicionar chave GPG do Kubernetes
become: true
ansible.builtin.shell: |
mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
args:
creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: Adicionar repositório oficial do Kubernetes
become: true
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/kubernetes.list
content: |
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /
- name: Install Kubernetes components
become: true
apt:
name:
- kubelet
- kubeadm
- kubectl
state: present
update_cache: yes
- name: Hold Kubernetes packages
become: true
ansible.builtin.shell: |
apt-mark hold kubelet kubeadm kubectl
- name: Desativar swap
become: true
ansible.builtin.command: swapoff -a
- name: Garantir que swap está desativado no fstab
become: true
ansible.builtin.lineinfile:
path: /etc/fstab
regexp: '.*swap.*'
state: absent
- name: Ativar ip_forward de forma idempotente
become: true
ansible.builtin.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
reload: yes
- name: Configurar sysctl para Kubernetes
become: true
ansible.builtin.copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- name: Reload sysctl
ansible.builtin.command: sysctl --system
when: ansible_facts['os_family'] == 'Debian'
changed_when: false
become: true
- name: Criar arquivo de configuração sysctl para Kubernetes
become: true
ansible.builtin.copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
owner: root
group: root
mode: '0644'
notify: Reload sysctl
- name: Carregar módulo br_netfilter se necessário
become: true
ansible.builtin.modprobe:
name: br_netfilter
state: present
- name: Garantir que o módulo br_netfilter seja carregado na inicialização
become: true
ansible.builtin.copy:
dest: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
owner: root
group: root
mode: '0644'
Reference in New Issue View Git Blame Copy Permalink