-
Notifications
You must be signed in to change notification settings - Fork 1
/
02-k8s_kubeadm_install.yaml
146 lines (125 loc) · 3.29 KB
/
02-k8s_kubeadm_install.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
- hosts: master
become: true
remote_user: root
vars:
tasks:
- name: Disable SWAP
shell: |
swapoff -a
- name: Remove SWAP from fstab
mount:
name: swap
fstype: swap
state: absent
# - name: Permanently set SELINUX to permissive
# selinux:
# policy: targeted
# state: permissive
- name: Setting sebool container_manage_cgroup
seboolean:
name: container_manage_cgroup
state: yes
persistent: yes
- name: firewalld port 6443 (API server)
firewalld:
port: 6443/tcp
permanent: yes
immediate: yes
state: enabled
- name: firewalld port 2379-2380 (ETCD)
firewalld:
port: 2379-2380/tcp
permanent: yes
immediate: yes
state: enabled
- name: firewalld port 10250 (Kubelet API)
firewalld:
port: 10250/tcp
permanent: yes
immediate: yes
state: enabled
- name: firewalld port 10251 (kube-scheduler)
firewalld:
port: 10251/tcp
permanent: yes
immediate: yes
state: enabled
- name: firewalld port 10252 (kube-controller-manager)
firewalld:
port: 10252/tcp
permanent: yes
immediate: yes
state: enabled
- name: Enable firewalld masquerading
firewalld:
masquerade: yes
permanent: true
immediate: yes
state: enabled
- name: Modprobe br_netfilter to set sysctls
modprobe:
name: br_netfilter
state: present
- name: Set sysctl bridge.bridge-nf-call-ip6tables
sysctl:
name: net.bridge.bridge-nf-call-ip6tables
value: '1'
sysctl_file: /etc/sysctl.d/k8s.conf
sysctl_set: yes
reload: yes
- name: Set sysctl bridge.bridge-nf-call-iptables
sysctl:
name: net.bridge.bridge-nf-call-iptables
value: '1'
sysctl_file: /etc/sysctl.d/k8s.conf
sysctl_set: yes
reload: yes
- name: Set sysctl net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_file: /etc/sysctl.d/k8s.conf
sysctl_set: yes
reload: yes
- name: Disable IPv6 (Optional)
sysctl:
name: net.ipv6.conf.all.disable_ipv6
value: '1'
sysctl_file: /etc/sysctl.d/k8s.conf
sysctl_set: yes
reload: yes
- name: Enable kubeadm repo
yum_repository:
name: kubernetes
description: Kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: yes
repo_gpgcheck: yes
gpgcheck: yes
gpgkey:
- https://packages.cloud.google.com/yum/doc/yum-key.gpg
- https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubeadm, kubectl & kubelet
dnf:
name:
- kubeadm
- kubectl
- kubelet
disable_excludes: kubernetes
state: present
- name: Enable kubelet
systemd:
name: kubelet
state: started
enabled: yes
- name: Enable cgroup driver
copy:
dest: /etc/sysconfig/kubelet
content: |
KUBELET_EXTRA_ARGS=--feature-gates="AllAlpha=false,RunAsGroup=true" --container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m
- name: Restart kubelet
systemd:
daemon_reload: yes
name: kubelet
state: restarted