commit 89773a484b31dea5bccb9cdf8192fc8a275785f6 Author: BENEDEK László Date: Sat Apr 26 14:43:48 2025 +0200 node diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c701e61 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.vscode +.cache \ No newline at end of file diff --git a/inventory b/inventory new file mode 100644 index 0000000..f21d465 --- /dev/null +++ b/inventory @@ -0,0 +1,7 @@ +[nodes] +192.168.122.79 + +[masters] +192.168.122.79 + +[workers] diff --git a/node.yml b/node.yml new file mode 100644 index 0000000..ba9d560 --- /dev/null +++ b/node.yml @@ -0,0 +1,6 @@ +- name: Cluster node setup + hosts: nodes + become: true + gather_facts: true + roles: + - node diff --git a/roles/node/defaults/main.yml b/roles/node/defaults/main.yml new file mode 100644 index 0000000..0242a71 --- /dev/null +++ b/roles/node/defaults/main.yml @@ -0,0 +1,28 @@ +packages: + # downloading + - curl + - wget + - software-properties-common + # debugging tools + - net-tools + - dnsutils + - netcat-openbsd + - btop + - tcpdump + # storage + - nfs-common + - nfs-kernel-server + +# networking +hostnames: + - ip: 192.168.1.242 + name: orangepi4 + +interface_name: lan0 +gateway: 192.168.122.1 +nameservers: + - 192.168.1.1 + - 1.1.1.1 + +kubernetes_version: v1.32 +crio_version: v1.32 diff --git a/roles/node/files/kubernetes/20-cgroup.conf b/roles/node/files/kubernetes/20-cgroup.conf new file mode 100644 index 0000000..70af229 --- /dev/null +++ b/roles/node/files/kubernetes/20-cgroup.conf @@ -0,0 +1,3 @@ +[crio.runtime] +conmon_cgroup = "pod" +cgroup_manager = "systemd" diff --git a/roles/node/files/kubernetes/kubelet b/roles/node/files/kubernetes/kubelet new file mode 100644 index 0000000..aae7185 --- /dev/null +++ b/roles/node/files/kubernetes/kubelet @@ -0,0 +1 @@ +KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" diff --git a/roles/node/handlers/main.yml b/roles/node/handlers/main.yml new file mode 100644 index 0000000..4d5e24f --- /dev/null +++ b/roles/node/handlers/main.yml @@ -0,0 +1,12 @@ +- name: Update initramfs + listen: + - update initramfs + - update initrd + ansible.builtin.command: + cmd: > + update-initramfs -k all -u + +- name: Reboot + listen: + - reboot + ansible.builtin.reboot: diff --git a/roles/node/tasks/kubernetes.yml b/roles/node/tasks/kubernetes.yml new file mode 100644 index 0000000..340030e --- /dev/null +++ b/roles/node/tasks/kubernetes.yml @@ -0,0 +1,101 @@ +- name: Disable swap for current session + ansible.builtin.command: + cmd: swapoff -a + register: swap_off + changed_when: swap_off.rc == 0 + failed_when: swap_off.rc != 0 + become: true + +- name: Disable swap + ansible.builtin.replace: + path: /etc/fstab + regexp: '^.*swap.*$' + replace: '# \0' + backup: true + +- name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + +- name: Get Kubernetes apt key + ansible.builtin.get_url: + url: "https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key" + dest: /tmp/kubernetes-release.key + mode: '0644' + register: kubernetes_key + +- name: Dearmor Kubernetes Release key + ansible.builtin.command: + cmd: "gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg /tmp/kubernetes-release.key" + args: + creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + +- name: Add Kubernetes apt repository + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /" + filename: kubernetes + state: present + +- name: Get CRI-O apt key + ansible.builtin.get_url: + url: "https://download.opensuse.org/repositories/isv:/cri-o:/stable:/{{ crio_version }}/deb/Release.key" + dest: /tmp/cri-o-release.key + mode: '0644' + register: crio_key + +- name: Dearmor Kubernetes Release key + ansible.builtin.command: + cmd: "gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg /tmp/cri-o-release.key" + args: + creates: /etc/apt/keyrings/cri-o-apt-keyring.gpg + +- name: Add CRI-O apt repository + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://download.opensuse.org/repositories/isv:/cri-o:/stable:/{{ crio_version }}/deb/ /" + filename: crio + state: present + +- name: Update apt cache + ansible.builtin.apt: + update_cache: true + +- name: Install CRI-O and Kubernetes components + ansible.builtin.apt: + name: + - cri-o + - kubelet + - kubeadm + - kubectl + state: present + +- name: Enable overlay module + community.general.modprobe: + name: overlay + state: present + persistent: present + +- name: Use systemd as cgroup driver for CRI-O + ansible.builtin.copy: + src: kubernetes/20-cgroup.conf + dest: /etc/crio/crio.conf.d/20-cgroup.conf + mode: "644" + +- name: Use systemd as cgroup driver Kubelet + ansible.builtin.copy: + src: kubernetes/kubelet + dest: /etc/default/kubelet + mode: "644" + +- name: Enable CRI-O + ansible.builtin.systemd_service: + name: crio + enabled: true + state: restarted + +- name: Enable kubelet + ansible.builtin.systemd_service: + name: kubelet + enabled: true + state: restarted diff --git a/roles/node/tasks/main.yml b/roles/node/tasks/main.yml new file mode 100644 index 0000000..5b2788e --- /dev/null +++ b/roles/node/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Update and upgrade system + ansible.builtin.apt: + upgrade: true + update_cache: true + cache_valid_time: 86400 + +- name: Install packages + ansible.builtin.apt: + pkg: "{{ packages }}" + state: present + install_recommends: false + +- name: Remove unused dependencies + ansible.builtin.apt: + autoremove: true + +- name: Configure networking + ansible.builtin.include_tasks: + file: networking/main.yml + +- name: Configure networking + ansible.builtin.include_tasks: + file: kubernetes.yml diff --git a/roles/node/tasks/networking/hostname.yml b/roles/node/tasks/networking/hostname.yml new file mode 100644 index 0000000..d5b14e4 --- /dev/null +++ b/roles/node/tasks/networking/hostname.yml @@ -0,0 +1,9 @@ +- name: Set hostname + ansible.builtin.hostname: + name: "node-{{ groups['nodes'].index(inventory_hostname) + 1 }}" + +- name: Set hosts + ansible.builtin.template: + src: networking/etc-hosts.j2 + dest: /etc/hosts + mode: "0644" diff --git a/roles/node/tasks/networking/main.yml b/roles/node/tasks/networking/main.yml new file mode 100644 index 0000000..f45dd32 --- /dev/null +++ b/roles/node/tasks/networking/main.yml @@ -0,0 +1,21 @@ +- name: Configure hostname + ansible.builtin.include_tasks: + file: hostname.yml + +- name: Configure systemd-networkd + ansible.builtin.include_tasks: + file: networkd.yml + +- name: Enable IPv4 forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: 1 + state: present + sysctl_set: true + reload: true + +- name: Enable br_netfilter module + community.general.modprobe: + name: br_netfilter + state: present + persistent: present diff --git a/roles/node/tasks/networking/networkd.yml b/roles/node/tasks/networking/networkd.yml new file mode 100644 index 0000000..293843f --- /dev/null +++ b/roles/node/tasks/networking/networkd.yml @@ -0,0 +1,35 @@ +- name: Check if default interface is already configured + ansible.builtin.set_fact: + interface_configured: "{{ interface_name in ansible_interfaces }}" + +- name: Configure default interface name + ansible.builtin.template: + src: networking/etc-systemd-network-10-lan0.link.j2 + dest: /etc/systemd/network/10-lan0.link + mode: "0644" + notify: + - update initramfs + - reboot + when: not interface_configured + +- name: Configure network for default interface + ansible.builtin.template: + src: networking/etc-systemd-network-20-lan0.network.j2 + dest: /etc/systemd/network/20-lan0.network + mode: "0644" + when: not interface_configured + +- name: Configure nameservers + ansible.builtin.template: + src: networking/etc-resolv.conf.j2 + dest: /etc/resolv.conf + mode: "0644" + +- name: Enable systemd-networkd + ansible.builtin.systemd_service: + name: systemd-networkd + enabled: true + state: restarted + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/roles/node/templates/networking/etc-hosts.j2 b/roles/node/templates/networking/etc-hosts.j2 new file mode 100644 index 0000000..3e59d97 --- /dev/null +++ b/roles/node/templates/networking/etc-hosts.j2 @@ -0,0 +1,10 @@ +127.0.0.1 localhost +127.0.1.1 node-{{ groups['nodes'].index(inventory_hostname) + 1 }} + +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +{% for item in hostnames %} +{{ item.ip }} {{ item.name }} +{% endfor %} \ No newline at end of file diff --git a/roles/node/templates/networking/etc-resolv.conf.j2 b/roles/node/templates/networking/etc-resolv.conf.j2 new file mode 100644 index 0000000..a3e6d7c --- /dev/null +++ b/roles/node/templates/networking/etc-resolv.conf.j2 @@ -0,0 +1,3 @@ +{% for nameserver in nameservers %} +nameserver {{ nameserver }} +{% endfor %} \ No newline at end of file diff --git a/roles/node/templates/networking/etc-systemd-network-10-lan0.link.j2 b/roles/node/templates/networking/etc-systemd-network-10-lan0.link.j2 new file mode 100644 index 0000000..a6d5a43 --- /dev/null +++ b/roles/node/templates/networking/etc-systemd-network-10-lan0.link.j2 @@ -0,0 +1,5 @@ +[Match] +MACAddress={{ ansible_default_ipv4.macaddress }} + +[Link] +Name={{ interface_name }} \ No newline at end of file diff --git a/roles/node/templates/networking/etc-systemd-network-20-lan0.network.j2 b/roles/node/templates/networking/etc-systemd-network-20-lan0.network.j2 new file mode 100644 index 0000000..7f93467 --- /dev/null +++ b/roles/node/templates/networking/etc-systemd-network-20-lan0.network.j2 @@ -0,0 +1,9 @@ +[Match] +Name={{ interface_name }} + +[Network] +Address={{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}/24 +Gateway={{ gateway }} +{% for nameserver in nameservers %} +DNS={{ nameserver }} +{% endfor %} \ No newline at end of file