03000df1de
Bump k8s channel to 1.32-classic/stable Change-Id: I9b9faf4ade277ac1759626bc84a51af341a6d881
88 lines
2.6 KiB
YAML
88 lines
2.6 KiB
YAML
- name: Snapd is installed
|
|
ansible.builtin.apt:
|
|
name: snapd
|
|
become: true
|
|
|
|
- name: NFtables is installed
|
|
ansible.builtin.apt:
|
|
name: nftables
|
|
become: true
|
|
when:
|
|
- ansible_distribution_release in ('jammy', 'noble')
|
|
- nftables_enabled | default(true) | bool
|
|
|
|
- name: Allow packets from pod cir
|
|
ansible.builtin.command: nft insert rule filter openstack-INPUT ip saddr {{ k8s_pod_cidr }} accept
|
|
become: true
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution_release in ('jammy', 'noble')
|
|
- nftables_enabled | default(true) | bool
|
|
|
|
- name: Allow packets to pod cir
|
|
ansible.builtin.command: nft insert rule filter openstack-INPUT ip daddr {{ k8s_pod_cidr }} accept
|
|
become: true
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution_release in ('jammy', 'noble')
|
|
- nftables_enabled | default(true) | bool
|
|
|
|
- name: Allow packets to metallb cir
|
|
ansible.builtin.command: nft insert rule filter openstack-INPUT ip daddr {{ k8s_load_balancer_cidr }} accept
|
|
become: true
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution_release in ('jammy', 'noble')
|
|
- nftables_enabled | default(true) | bool
|
|
|
|
- name: Ensure k8s is installed
|
|
community.general.snap:
|
|
name: k8s
|
|
channel: '{{ k8s_channel }}'
|
|
classic: '{{ k8s_classic_mode }}'
|
|
become: true
|
|
|
|
- name: Template docker.io registry
|
|
ansible.builtin.include_tasks: registry.yaml
|
|
when: docker_mirror is defined
|
|
vars:
|
|
reg_server_name: docker.io
|
|
reg_server: https://docker.io
|
|
reg_mirror_location: '{{ docker_mirror }}'
|
|
|
|
- name: Template k8s bootstrap configuration
|
|
ansible.builtin.template:
|
|
src: k8s-bootstrap.yaml.j2
|
|
dest: k8s-bootstrap.yaml
|
|
mode: '0644'
|
|
become: true
|
|
|
|
- name: Bootstrap k8s
|
|
ansible.builtin.command:
|
|
cmd: k8s bootstrap --file k8s-bootstrap.yaml --timeout 300s --address {{ k8s_host_ip }}
|
|
become: true
|
|
register: res
|
|
failed_when: res.rc != 0 and "already part of a cluster" not in res.stderr
|
|
changed_when: res.rc == 0 and "Bootstrapped a new Kubernetes cluster" in res.stdout
|
|
|
|
- name: Wait for k8s readiness
|
|
ansible.builtin.command:
|
|
cmd: k8s status --wait-ready --timeout 300s
|
|
register: res
|
|
become: true
|
|
changed_when: false
|
|
failed_when: 'res.rc != 0 or not res.stdout is ansible.builtin.regex(multiline=true, match_type="search", pattern="cluster status:\ *ready")'
|
|
|
|
- name: Get k8s config
|
|
ansible.builtin.command:
|
|
cmd: k8s config
|
|
become: true
|
|
register: kubeconfig
|
|
|
|
- name: Copy kubeconfig to local
|
|
ansible.builtin.copy:
|
|
content: '{{ kubeconfig.stdout }}'
|
|
dest: '{{ ansible_env.HOME }}/kubeconfig'
|
|
mode: '0644'
|
|
owner: '{{ ansible_user }}'
|