node

.gitignore

@@ -0,0 +1,2 @@
+.vscode
+.cache

inventory

@@ -0,0 +1,7 @@
+[nodes]
+192.168.122.79
+
+[masters]
+192.168.122.79
+
+[workers]

node.yml

@@ -0,0 +1,6 @@
+- name: Cluster node setup
+  hosts: nodes
+  become: true
+  gather_facts: true
+  roles:
+    - node

roles/node/defaults/main.yml

@@ -0,0 +1,28 @@
+packages:
+  # downloading
+  - curl
+  - wget
+  - software-properties-common
+  # debugging tools
+  - net-tools
+  - dnsutils
+  - netcat-openbsd
+  - btop
+  - tcpdump
+  # storage
+  - nfs-common
+  - nfs-kernel-server
+
+# networking
+hostnames:
+  - ip: 192.168.1.242
+    name: orangepi4
+
+interface_name: lan0
+gateway: 192.168.122.1
+nameservers:
+  - 192.168.1.1
+  - 1.1.1.1
+
+kubernetes_version: v1.32
+crio_version: v1.32

roles/node/files/kubernetes/20-cgroup.conf

@@ -0,0 +1,3 @@
+[crio.runtime]
+conmon_cgroup = "pod"
+cgroup_manager = "systemd"

roles/node/files/kubernetes/kubelet

@@ -0,0 +1 @@
+KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"

roles/node/handlers/main.yml

@@ -0,0 +1,12 @@
+- name: Update initramfs
+  listen:
+    - update initramfs
+    - update initrd
+  ansible.builtin.command:
+    cmd: >
+      update-initramfs -k all -u
+
+- name: Reboot
+  listen:
+    - reboot
+  ansible.builtin.reboot:

roles/node/tasks/kubernetes.yml

@@ -0,0 +1,101 @@
+- name: Disable swap for current session
+  ansible.builtin.command:
+    cmd: swapoff -a
+  register: swap_off
+  changed_when: swap_off.rc == 0
+  failed_when: swap_off.rc != 0
+  become: true
+
+- name: Disable swap
+  ansible.builtin.replace:
+    path: /etc/fstab
+    regexp: '^.*swap.*$'
+    replace: '# \0'
+    backup: true
+
+- name: Ensure /etc/apt/keyrings directory exists
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Get Kubernetes apt key
+  ansible.builtin.get_url:
+    url: "https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key"
+    dest: /tmp/kubernetes-release.key
+    mode: '0644'
+  register: kubernetes_key
+
+- name: Dearmor Kubernetes Release key
+  ansible.builtin.command:
+    cmd: "gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg /tmp/kubernetes-release.key"
+  args:
+    creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+
+- name: Add Kubernetes apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /"
+    filename: kubernetes
+    state: present
+
+- name: Get CRI-O apt key
+  ansible.builtin.get_url:
+    url: "https://download.opensuse.org/repositories/isv:/cri-o:/stable:/{{ crio_version }}/deb/Release.key"
+    dest: /tmp/cri-o-release.key
+    mode: '0644'
+  register: crio_key
+
+- name: Dearmor Kubernetes Release key
+  ansible.builtin.command:
+    cmd: "gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg /tmp/cri-o-release.key"
+  args:
+    creates: /etc/apt/keyrings/cri-o-apt-keyring.gpg
+
+- name: Add CRI-O apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://download.opensuse.org/repositories/isv:/cri-o:/stable:/{{ crio_version }}/deb/ /"
+    filename: crio
+    state: present
+
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install CRI-O and Kubernetes components
+  ansible.builtin.apt:
+    name:
+      - cri-o
+      - kubelet
+      - kubeadm
+      - kubectl
+    state: present
+
+- name: Enable overlay module
+  community.general.modprobe:
+    name: overlay
+    state: present
+    persistent: present
+
+- name: Use systemd as cgroup driver for CRI-O
+  ansible.builtin.copy:
+    src: kubernetes/20-cgroup.conf
+    dest: /etc/crio/crio.conf.d/20-cgroup.conf
+    mode: "644"
+
+- name: Use systemd as cgroup driver Kubelet
+  ansible.builtin.copy:
+    src: kubernetes/kubelet
+    dest: /etc/default/kubelet
+    mode: "644"
+
+- name: Enable CRI-O
+  ansible.builtin.systemd_service:
+    name: crio
+    enabled: true
+    state: restarted
+
+- name: Enable kubelet
+  ansible.builtin.systemd_service:
+    name: kubelet
+    enabled: true
+    state: restarted

roles/node/tasks/main.yml

@@ -0,0 +1,23 @@
+- name: Update and upgrade system
+  ansible.builtin.apt:
+    upgrade: true
+    update_cache: true
+    cache_valid_time: 86400
+
+- name: Install packages
+  ansible.builtin.apt:
+    pkg: "{{ packages }}"
+    state: present
+    install_recommends: false
+
+- name: Remove unused dependencies
+  ansible.builtin.apt:
+    autoremove: true
+
+- name: Configure networking
+  ansible.builtin.include_tasks:
+    file: networking/main.yml
+
+- name: Configure networking
+  ansible.builtin.include_tasks:
+    file: kubernetes.yml

roles/node/tasks/networking/hostname.yml

@@ -0,0 +1,9 @@
+- name: Set hostname
+  ansible.builtin.hostname:
+    name: "node-{{ groups['nodes'].index(inventory_hostname) + 1 }}"
+
+- name: Set hosts
+  ansible.builtin.template:
+    src: networking/etc-hosts.j2
+    dest: /etc/hosts
+    mode: "0644"

roles/node/tasks/networking/main.yml

@@ -0,0 +1,21 @@
+- name: Configure hostname
+  ansible.builtin.include_tasks:
+    file: hostname.yml
+
+- name: Configure systemd-networkd
+  ansible.builtin.include_tasks:
+    file: networkd.yml
+
+- name: Enable IPv4 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: 1
+    state: present
+    sysctl_set: true
+    reload: true
+
+- name: Enable br_netfilter module
+  community.general.modprobe:
+    name: br_netfilter
+    state: present
+    persistent: present

roles/node/tasks/networking/networkd.yml

@@ -0,0 +1,35 @@
+- name: Check if default interface is already configured
+  ansible.builtin.set_fact:
+    interface_configured: "{{ interface_name in ansible_interfaces }}"
+
+- name: Configure default interface name
+  ansible.builtin.template:
+    src: networking/etc-systemd-network-10-lan0.link.j2
+    dest: /etc/systemd/network/10-lan0.link
+    mode: "0644"
+  notify:
+    - update initramfs
+    - reboot
+  when: not interface_configured
+
+- name: Configure network for default interface
+  ansible.builtin.template:
+    src: networking/etc-systemd-network-20-lan0.network.j2
+    dest: /etc/systemd/network/20-lan0.network
+    mode: "0644"
+  when: not interface_configured
+
+- name: Configure nameservers
+  ansible.builtin.template:
+    src: networking/etc-resolv.conf.j2
+    dest: /etc/resolv.conf
+    mode: "0644"
+
+- name: Enable systemd-networkd
+  ansible.builtin.systemd_service:
+    name: systemd-networkd
+    enabled: true
+    state: restarted
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers

roles/node/templates/networking/etc-hosts.j2

@@ -0,0 +1,10 @@
+127.0.0.1  localhost
+127.0.1.1  node-{{ groups['nodes'].index(inventory_hostname) + 1 }}
+
+::1      localhost ip6-localhost ip6-loopback
+ff02::1  ip6-allnodes
+ff02::2  ip6-allrouters
+
+{% for item in hostnames %}
+{{ item.ip }}  {{ item.name }}
+{% endfor %}

roles/node/templates/networking/etc-resolv.conf.j2

@@ -0,0 +1,3 @@
+{% for nameserver in nameservers %}
+nameserver {{ nameserver }}
+{% endfor %}

roles/node/templates/networking/etc-systemd-network-10-lan0.link.j2

@@ -0,0 +1,5 @@
+[Match]
+MACAddress={{ ansible_default_ipv4.macaddress }}
+
+[Link]
+Name={{ interface_name }}

roles/node/templates/networking/etc-systemd-network-20-lan0.network.j2

@@ -0,0 +1,9 @@
+[Match]
+Name={{ interface_name }}
+
+[Network]
+Address={{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}/24
+Gateway={{ gateway }}
+{% for nameserver in nameservers %}
+DNS={{ nameserver }}
+{% endfor %}