basic_provision.yaml

- name: Disable firewall on {{ role }} instances
  systemd:
    name: ufw
    state: stopped
    enabled: no

- name: Updating /etc/hosts
  lineinfile:
    dest: /etc/hosts
    regexp: '.*{{ item }}$'
    line: "{{ hostvars[item].ansible_secondary_address}} {{ item }}.example.com {{ item }} "
    state: present
  loop: "{{ groups.all }}"

- name: Install docker required packages
  package:
    name: "{{ item }}"
    state: present
  loop:
    - apt-transport-https
    - ca-certificates
    - curl
    - gnupg-agent
    - software-properties-common
    - bash-completion

- name: Ensure kernel modules loading
  lineinfile:
    path: "/etc/modules-load.d/containerd.conf"
    state: present
    line: "{{ item }}"
    create: yes
  loop:
    - overlay
    - br_netfilter
  notify:
    - kernel_mods_reload

- name: Ensure required sysctl params are enabled
  lineinfile:
    path: "/etc/sysctl.d/99-kubernetes-cri.conf"
    state: present
    line: "{{ item }}"
    create: yes
  loop:
    - 'net.bridge.bridge-nf-call-iptables = 1'
    - 'net.ipv4.ip_forward = 1'
    - 'net.bridge.bridge-nf-call-ip6tables = 1'
  notify:
    - reload_sysctl

- name: adding docker gpg key
  apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present

- name: adding docker community repository
  apt_repository:
    repo: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable'
    state: present

- name: Installing docker community
  package:
    name: "{{ item }}"
    state: present
  loop:
    - containerd.io
  when: "'worker' in group_names"

- name: Creating containerd config dir
  file:
    path: /etc/containerd
    state: directory
    owner: root
    group: root
  when: "'worker' in group_names"

- name: Getting pods CIDR
  shell: |
    curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/pod-cidr
  register: pods_cidr
  when: "'worker' in group_names"

- name: saving pods_cidr value
  set_fact:
    pods_cidr: "{{ pods_cidr.stdout }}"
  when: "'worker' in group_names"

- name: configuring cni
  file:
    path: /etc/cni/net.d
    state: directory
    owner: root
    group: root
  when: "'worker' in group_names"

- name: configuring cni bridge
  template:
    src: templates/cni-bridge.conf.j2
    dest: /etc/cni/net.d/10-bridge.conf
    owner: root
    group: root
  when: "'worker' in group_names"

- name: configuring cni loopback
  template:
    src: templates/cni-loopback.conf.j2
    dest: /etc/cni/net.d/99-loopback.conf
    owner: root
    group: root
  when: "'worker' in group_names"

- name: Configuring docker daemon
  copy:
    src: files/config.toml
    dest: /etc/containerd/config.toml
    owner: root
    group: root
  notify:
    - reload_systemd
    - restart_containerd
  when: "'worker' in group_names"