fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2025-10-27 08:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0022c470db88c2d1b93a2fed143e2b8d53db954
iac-ansible-public/roles/kubernetes/tasks/main.yml

169 lines
3.8 KiB
YAML
Raw Blame History

- name: disable UFW firewall for labs
service:
name: ufw
state: stopped
enabled: false
- name: Disable SWAP
shell: |
swapoff -a
- name: Disable SWAP in fstab
lineinfile:
path: /etc/fstab
regexp: '^.*swap.*$'
line: '#\0'
backrefs: yes
- name: Installation of apt-utils
become: true
apt:
name:
- apt-transport-https
state: present
update_cache: yes
- name: Instalar containerd
become: true
apt:
name: containerd
state: present
update_cache: yes
- name: Criar diretório de configuração do containerd
become: true
file:
path: /etc/containerd
state: directory
mode: '0755'
- name: Gerar config.toml padrão do containerd
become: true
command: containerd config default > /etc/containerd/config.toml
args:
creates: /etc/containerd/config.toml
- name: Ativar SystemdCgroup no containerd
become: true
replace:
path: /etc/containerd/config.toml
regexp: 'SystemdCgroup = false'
replace: 'SystemdCgroup = true'
- name: Reiniciar e habilitar containerd
become: true
systemd:
name: containerd
state: restarted
enabled: true
- name: Setting value of SystemdCgroup
shell: |
containerd config default | sudo tee /etc/containerd/config.toml | grep SystemdCgroup
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
- name : Starting Service of Docker
service:
name: docker
state: started
enabled: yes
- name: Adicionar chave GPG do Kubernetes
become: true
ansible.builtin.shell: |
mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
args:
creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: Adicionar repositório oficial do Kubernetes
become: true
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/kubernetes.list
content: |
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /
- name: Install Kubernetes components
become: true
apt:
name:
- kubelet
- kubeadm
- kubectl
state: present
update_cache: yes
- name: Hold Kubernetes packages
become: true
ansible.builtin.shell: |
apt-mark hold kubelet kubeadm kubectl
- name: Desativar swap
become: true
ansible.builtin.command: swapoff -a
- name: Garantir que swap está desativado no fstab
become: true
ansible.builtin.lineinfile:
path: /etc/fstab
regexp: '.*swap.*'
state: absent
#- name: Ativar ip_forward de forma idempotente
# become: true
# ansible.builtin.sysctl:
# name: net.ipv4.ip_forward
# value: '1'
# state: present
# reload: yes
- name: Configurar sysctl para Kubernetes
become: true
ansible.builtin.copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- name: Reload sysctl
ansible.builtin.command: sysctl --system
when: ansible_facts['os_family'] == 'Debian'
changed_when: false
become: true
- name: Criar arquivo de configuração sysctl para Kubernetes
become: true
ansible.builtin.copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
owner: root
group: root
mode: '0644'
notify: Reload sysctl
- name: Carregar módulo br_netfilter se necessário
become: true
ansible.builtin.modprobe:
name: br_netfilter
state: present
- name: Garantir que o módulo br_netfilter seja carregado na inicialização
become: true
ansible.builtin.copy:
dest: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
owner: root
group: root
mode: '0644'
Reference in New Issue View Git Blame Copy Permalink