mirror of
https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git
synced 2025-10-27 08:43:05 +00:00
124 lines
2.9 KiB
YAML
124 lines
2.9 KiB
YAML
- name: Instalar CRI-O
|
|
apt:
|
|
name:
|
|
- cri-o
|
|
- cri-tools
|
|
state: present
|
|
update_cache: yes
|
|
|
|
|
|
- name: Ativar CRI-O
|
|
systemd:
|
|
name: crio
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Configurar crictl para CRI-O
|
|
copy:
|
|
dest: /etc/crictl.yaml
|
|
content: |
|
|
runtime-endpoint: unix:///var/run/crio/crio.sock
|
|
image-endpoint: unix:///var/run/crio/crio.sock
|
|
timeout: 10
|
|
debug: false
|
|
|
|
- name: Hold Kubernetes packages
|
|
ansible.builtin.shell: |
|
|
apt-mark hold containerd
|
|
|
|
#- name: Add Kubernetes APT key
|
|
# apt_key:
|
|
# url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
# state: present
|
|
|
|
#- name: Add Kubernetes repo
|
|
# apt_repository:
|
|
# repo: deb http://apt.kubernetes.io/ kubernetes-jammy main
|
|
# state: present
|
|
|
|
- name: Adicionar chave GPG do Kubernetes
|
|
ansible.builtin.shell: |
|
|
mkdir -p /etc/apt/keyrings
|
|
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
|
args:
|
|
creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
|
|
|
- name: Adicionar repositório oficial do Kubernetes
|
|
ansible.builtin.copy:
|
|
dest: /etc/apt/sources.list.d/kubernetes.list
|
|
content: |
|
|
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /
|
|
|
|
|
|
- name: Install Kubernetes components
|
|
apt:
|
|
name:
|
|
- kubelet
|
|
- kubeadm
|
|
- kubectl
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Hold Kubernetes packages
|
|
ansible.builtin.shell: |
|
|
apt-mark hold kubelet kubeadm kubectl
|
|
|
|
|
|
- name: Desativar swap
|
|
ansible.builtin.command: swapoff -a
|
|
|
|
- name: Garantir que swap está desativado no fstab
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/fstab
|
|
regexp: '.*swap.*'
|
|
state: absent
|
|
|
|
|
|
- name: Ativar ip_forward de forma idempotente
|
|
ansible.builtin.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: Configurar sysctl para Kubernetes
|
|
ansible.builtin.copy:
|
|
dest: /etc/sysctl.d/k8s.conf
|
|
content: |
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
net.ipv4.ip_forward = 1
|
|
|
|
- name: Reload sysctl
|
|
ansible.builtin.command: sysctl --system
|
|
when: ansible_facts['os_family'] == 'Debian'
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Criar arquivo de configuração sysctl para Kubernetes
|
|
ansible.builtin.copy:
|
|
dest: /etc/sysctl.d/k8s.conf
|
|
content: |
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Reload sysctl
|
|
|
|
- name: Carregar módulo br_netfilter se necessário
|
|
ansible.builtin.modprobe:
|
|
name: br_netfilter
|
|
state: present
|
|
|
|
|
|
- name: Garantir que o módulo br_netfilter seja carregado na inicialização
|
|
ansible.builtin.copy:
|
|
dest: /etc/modules-load.d/k8s.conf
|
|
content: |
|
|
br_netfilter
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|