diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..17df731 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +roles_path = ./roles +inventory = ./inventory/master/hosts.ini +become = True +user = root \ No newline at end of file diff --git a/inventory/master/group_vars/all.yml b/inventory/master/group_vars/all.yml new file mode 100644 index 0000000..ff28403 --- /dev/null +++ b/inventory/master/group_vars/all.yml @@ -0,0 +1,7 @@ +--- +k3s_version: v1.31.1+k3s1 +helm_version: v3.16.2 +extra_server_args: "--disable traefik" +ansible_user: root +ingress_controller_version: v1.11.2 +cert_manager_version: v1.16.1 \ No newline at end of file diff --git a/inventory/master/group_vars/hosts.ini b/inventory/master/group_vars/hosts.ini new file mode 100644 index 0000000..316f6bb --- /dev/null +++ b/inventory/master/group_vars/hosts.ini @@ -0,0 +1,2 @@ +[master] +your-host.tld \ No newline at end of file diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..b9cf762 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,10 @@ +--- +- name: Test + hosts: master + + roles: + - role: debian_setup + - role: k3s + - role: helm + - role: ingress + - role: cert_manager diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml new file mode 100644 index 0000000..c8d59f0 --- /dev/null +++ b/roles/cert_manager/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Deploy cert-manager + kubernetes.core.k8s: + src: "https://github.com/cert-manager/cert-manager/releases/download/{{ cert_manager_version }}/cert-manager.yaml" + wait: false + state: present diff --git a/roles/debian_setup/tasks/main.yml b/roles/debian_setup/tasks/main.yml new file mode 100644 index 0000000..d4146db --- /dev/null +++ b/roles/debian_setup/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Get indexes + apt: + update_cache: true + +- name: Update dist + apt: + upgrade: dist + +- name: Install K8S python library + apt: + name: + - python3-kubernetes + state: present diff --git a/roles/helm/tasks/main.yml b/roles/helm/tasks/main.yml new file mode 100644 index 0000000..d491fa3 --- /dev/null +++ b/roles/helm/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Get Helm binary + unarchive: + src: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz" + dest: /tmp + remote_src: true + +- name: Copy helm binary to /usr/local/bin + copy: + src: /tmp/linux-amd64/helm + dest: /usr/local/bin/helm + owner: root + group: root + mode: 755 + +- name: Cleanup + file: + path: /tmp/linux-amd64 + state: absent diff --git a/roles/ingress/tasks/main.yml b/roles/ingress/tasks/main.yml new file mode 100644 index 0000000..cf427b5 --- /dev/null +++ b/roles/ingress/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Get Nginx Ingress manifest + get_url: + url: "https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-{{ ingress_controller_version }}/deploy/static/provider/baremetal/deploy.yaml" + dest: /tmp/nginx_ingress.yml + +- name: Deplroy Nginx Ingress + kubernetes.core.k8s: + src: /tmp/nginx_ingress.yml + wait: false + state: present diff --git a/roles/k3s/defaults/main.yml b/roles/k3s/defaults/main.yml new file mode 100644 index 0000000..c56778f --- /dev/null +++ b/roles/k3s/defaults/main.yml @@ -0,0 +1,2 @@ +--- +k3s_server_location: /var/lib/rancher/k3s diff --git a/roles/k3s/tasks/main.yml b/roles/k3s/tasks/main.yml new file mode 100644 index 0000000..da3c19b --- /dev/null +++ b/roles/k3s/tasks/main.yml @@ -0,0 +1,52 @@ +--- + +- name: Enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: "1" + state: present + reload: true + +- name: Download k3s binary + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 755 + +- name: Copy SystemD service + template: + src: k3s.service.j2 + dest: /usr/lib/systemd/system/k3s.service + owner: root + mode: 644 + +- name: Enable k3s service + systemd: + name: k3s + daemon_reload: true + state: restarted + enabled: true + +- name: Create kubectl symlink + file: + src: /usr/local/bin/k3s + dest: /usr/local/bin/kubectl + state: link + +- name: Create directory .kube + file: + path: ~{{ ansible_user }}/.kube + state: directory + owner: "{{ ansible_user }}" + mode: "750" + +- name: Copy config file to user home directory + copy: + src: /etc/rancher/k3s/k3s.yaml + dest: ~{{ ansible_user }}/.kube/config + remote_src: true + owner: "{{ ansible_user }}" + mode: "600" diff --git a/roles/k3s/templates/k3s.service.j2 b/roles/k3s/templates/k3s.service.j2 new file mode 100644 index 0000000..ee560ae --- /dev/null +++ b/roles/k3s/templates/k3s.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {{ extra_server_args | default("") }} +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target \ No newline at end of file