fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2025-10-27 08:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e4e4016a557b37114632608442f3f17dfb88071d
iac-ansible-public/roles/kubernetes/tasks/main.yml

157 lines
3.7 KiB
YAML
Raw Blame History

- name: Definir variáveis do CRI-O
set_fact:
cri_o_version: "1.24"
os_version: "xUbuntu_22.04"
- name: Criar diretório de logs do CRI-O
become: yes
file:
path: /var/log/crio
state: directory
owner: root
group: root
mode: '0755'
- name: Adicionar chave GPG do repositório CRI-O
become: yes
apt_key:
url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ cri_o_version }}/{{ os_version }}/Release.key"
state: present
- name: Adicionar repositório principal do CRI-O
become: yes
apt_repository:
repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ cri_o_version }}/{{ os_version }}/ /"
state: present
filename: "cri-o"
- name: Atualizar cache do APT
become: yes
apt:
update_cache: yes
- name: Instalar runc
become: yes
apt:
name: runc
state: present
- name: Corrigir caminho do runc no crio.conf
become: yes
replace:
path: /etc/crio/crio.conf
regexp: '^runtime_path =.*'
replace: 'runtime_path = "/usr/sbin/runc"'
- name: Instalar CRI-O e ferramentas
become: yes
apt:
name:
- cri-o
- cri-tools
state: present
- name: Reiniciar CRI-O
become: yes
systemd:
name: crio
state: restarted
enabled: yes
#- name: Add Kubernetes APT key
# apt_key:
# url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
# state: present
#- name: Add Kubernetes repo
# apt_repository:
# repo: deb http://apt.kubernetes.io/ kubernetes-jammy main
# state: present
- name: Adicionar chave GPG do Kubernetes
ansible.builtin.shell: |
mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
args:
creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: Adicionar repositório oficial do Kubernetes
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/kubernetes.list
content: |
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /
- name: Install Kubernetes components
apt:
name:
- kubelet
- kubeadm
- kubectl
state: present
update_cache: yes
- name: Hold Kubernetes packages
ansible.builtin.shell: |
apt-mark hold kubelet kubeadm kubectl
- name: Desativar swap
ansible.builtin.command: swapoff -a
- name: Garantir que swap está desativado no fstab
ansible.builtin.lineinfile:
path: /etc/fstab
regexp: '.*swap.*'
state: absent
- name: Ativar ip_forward de forma idempotente
ansible.builtin.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
reload: yes
- name: Configurar sysctl para Kubernetes
ansible.builtin.copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- name: Reload sysctl
ansible.builtin.command: sysctl --system
when: ansible_facts['os_family'] == 'Debian'
changed_when: false
- name: Criar arquivo de configuração sysctl para Kubernetes
ansible.builtin.copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
owner: root
group: root
mode: '0644'
notify: Reload sysctl
- name: Carregar módulo br_netfilter se necessário
ansible.builtin.modprobe:
name: br_netfilter
state: present
- name: Garantir que o módulo br_netfilter seja carregado na inicialização
ansible.builtin.copy:
dest: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
owner: root
group: root
mode: '0644'
Reference in New Issue View Git Blame Copy Permalink