From 6b7514bdd391ef13816dfcff3dba272d57a1b6ba Mon Sep 17 00:00:00 2001 From: Ashrockzzz2003 Date: Mon, 14 Apr 2025 11:23:17 +0530 Subject: [PATCH 1/5] play to install kubectl, kubeadm and kubelet done. --- ansible/playbook.yaml | 140 +++++++++++++++++++++++++++++------------- 1 file changed, 99 insertions(+), 41 deletions(-) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index fc946b7..6c9a153 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -58,65 +58,123 @@ register: docker_version changed_when: docker_version.rc != 0 -- name: Install Kubernetes +- name: Manually Install Kubernetes Binaries and Dependencies hosts: all become: true + gather_facts: false + + vars: + cni_base_url: "https://github.com/containernetworking/plugins/releases/download" + cni_plugins_version: "v1.3.0" + arch: "amd64" + cni_dest_dir: "/opt/cni/bin" + download_dir: "/usr/local/bin" + crictl_version: "v1.31.0" + k8s_release_utils_version: "v0.16.2" + systemd_unit_dir: "/usr/lib/systemd/system" + kubelet_service_file: "{{ systemd_unit_dir }}/kubelet.service" + kubelet_conf_dir: "{{ systemd_unit_dir }}/kubelet.service.d" + kubelet_conf_file: "{{ kubelet_conf_dir }}/10-kubeadm.conf" + tasks: - - name: Delete kubectl binary from home directory + - name: Ensure CNI destination directory exists ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl - state: absent + path: "{{ cni_dest_dir }}" + state: directory + mode: "0755" - - name: Delete checksum file from home directory + - name: Download and extract CNI plugins + ansible.builtin.unarchive: + src: "{{ cni_base_url }}/{{ cni_plugins_version }}/cni-plugins-linux-{{ arch }}-{{ cni_plugins_version }}.tgz" + dest: "{{ cni_dest_dir }}" + remote_src: true + creates: "{{ cni_dest_dir }}/bridge" + + - name: Ensure binary download directory exists ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl.sha256 - state: absent + path: "{{ download_dir }}" + state: directory + mode: "0755" - - name: Get latest kubectl version + - name: Download and extract crictl + ansible.builtin.unarchive: + src: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-linux-{{ arch }}.tar.gz" + dest: "{{ download_dir }}" + remote_src: true + mode: "0755" + creates: "{{ download_dir }}/crictl" + + - name: Get latest stable Kubernetes release version string ansible.builtin.uri: url: https://dl.k8s.io/release/stable.txt return_content: true - status_code: 200, 304 - register: version + register: k8s_stable_release + check_mode: false - - name: Download the latest kubectl release - ansible.builtin.uri: - url: https://dl.k8s.io/release/{{ version.content }}/bin/linux/amd64/kubectl - dest: /home/{{ lookup('env', 'USER') }} - status_code: 200, 304 - register: kubectl + - name: Set stable release fact + ansible.builtin.set_fact: + k8s_release: "{{ k8s_stable_release.content | trim }}" + + - name: Download kubeadm binary + ansible.builtin.get_url: + url: "https://dl.k8s.io/release/{{ k8s_release }}/bin/linux/{{ arch }}/kubeadm" + dest: "{{ download_dir }}/kubeadm" + mode: "0755" + force: false + + - name: Download kubelet binary + ansible.builtin.get_url: + url: "https://dl.k8s.io/release/{{ k8s_release }}/bin/linux/{{ arch }}/kubelet" + dest: "{{ download_dir }}/kubelet" + mode: "0755" + force: false - - name: Download the kubectl checksum file + - name: Fetch kubelet systemd service template content ansible.builtin.uri: - url: https://dl.k8s.io/{{ version.content }}/bin/linux/amd64/kubectl.sha256 - dest: /home/{{ lookup('env', 'USER') }} - status_code: 200, 304 + url: "https://raw.githubusercontent.com/kubernetes/release/{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubelet/kubelet.service" + return_content: true + register: kubelet_service_template + check_mode: false - - name: Copy kubectl and change permissions + - name: Create kubelet systemd service file from template ansible.builtin.copy: - src: "{{ kubectl.path }}" - remote_src: true - dest: /usr/local/bin/kubectl - owner: root - group: root - mode: "+x" - - - name: Check if kubectl is installed - ansible.builtin.command: - cmd: kubectl version --client - register: client - failed_when: client.rc > 1 - changed_when: client.rc != 0 + content: "{{ kubelet_service_template.content | replace('/usr/bin', download_dir) }}" + dest: "{{ kubelet_service_file }}" + mode: "0644" + notify: Reload systemd and restart kubelet - - name: Remove downloaded binaries from home + - name: Ensure kubelet systemd drop-in directory exists ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl - state: absent + path: "{{ kubelet_conf_dir }}" + state: directory + mode: "0755" - - name: Remove downloaded checksums from home - ansible.builtin.file: - path: /home/{{ lookup('env', 'USER') }}/kubectl.sha256 - state: absent + - name: Fetch kubeadm systemd drop-in template content + ansible.builtin.uri: + url: "https://raw.githubusercontent.com/kubernetes/release/{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" + return_content: true + register: kubeadm_conf_template + check_mode: false + + - name: Create kubeadm systemd drop-in file from template + ansible.builtin.copy: + content: "{{ kubeadm_conf_template.content | replace('/usr/bin', download_dir) }}" + dest: "{{ kubelet_conf_file }}" + mode: "0644" + notify: Reload systemd and restart kubelet + + - name: Ensure kubelet service is enabled and started + ansible.builtin.systemd: + name: kubelet + enabled: true + state: started + + handlers: + - name: Reload systemd and restart kubelet + ansible.builtin.systemd: + name: kubelet + daemon_reload: true + state: restarted - name: Install and Configure CockroachDB Cluster hosts: cockroachdb From d9c5f305f17429799242003cd56d79e8678de089 Mon Sep 17 00:00:00 2001 From: Abhinav Ramakrishnan <76396917+Abhinav-ark@users.noreply.github.com> Date: Mon, 14 Apr 2025 23:18:05 +0530 Subject: [PATCH 2/5] Updated Image tags in docker-compose --- docker/docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 5152345..3df9d39 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -39,7 +39,7 @@ services: retries: 5 auth: - image: ghcr.io/evolutionary-algorithms-on-click/auth_microservice:main + image: ghcr.io/evolutionary-algorithms-on-click/auth_microservice:latest container_name: auth depends_on: cockroachdb: @@ -56,7 +56,7 @@ services: GRPC_PORT : ${AUTH_GRPC_PORT} runner_controller: - image: ghcr.io/evolutionary-algorithms-on-click/runner_controller_microservice:main + image: ghcr.io/evolutionary-algorithms-on-click/runner_controller_microservice:latest container_name: runner_controller depends_on: cockroachdb: @@ -78,7 +78,7 @@ services: AUTH_GRPC_ADDRESS : ${AUTH_GRPC_ADDRESS} runner: - image: ghcr.io/evolutionary-algorithms-on-click/runner:main + image: ghcr.io/evolutionary-algorithms-on-click/runner:latest container_name: runner depends_on: cockroachdb: @@ -98,7 +98,7 @@ services: RABBITMQ_QUEUE: ${RABBITMQ_QUEUE_NAME} evolve_frontend: - image: ghcr.io/evolutionary-algorithms-on-click/evolve_frontend:main + image: ghcr.io/evolutionary-algorithms-on-click/evolve_frontend:latest container_name: evolve_frontend depends_on: cockroachdb: From ba4a342173ff2744d3b62f2bd00cb0de6b638cfb Mon Sep 17 00:00:00 2001 From: Abhinav R <76396917+Abhinav-ark@users.noreply.github.com> Date: Tue, 15 Apr 2025 00:03:53 +0530 Subject: [PATCH 3/5] Current development in k8s deployment scripts. --- kubernetes/auth-deployment.yaml | 74 ++++++++++++++++++ kubernetes/evolve-secrets.yaml | 24 ++++++ kubernetes/frontend-deployment.yaml | 66 ++++++++++++++++ kubernetes/runner-controller-deployment.yaml | 80 ++++++++++++++++++++ kubernetes/runner-deployment.yaml | 55 ++++++++++++++ 5 files changed, 299 insertions(+) create mode 100644 kubernetes/auth-deployment.yaml create mode 100644 kubernetes/evolve-secrets.yaml create mode 100644 kubernetes/frontend-deployment.yaml create mode 100644 kubernetes/runner-controller-deployment.yaml create mode 100644 kubernetes/runner-deployment.yaml diff --git a/kubernetes/auth-deployment.yaml b/kubernetes/auth-deployment.yaml new file mode 100644 index 0000000..e905361 --- /dev/null +++ b/kubernetes/auth-deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: auth-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: auth + template: + metadata: + labels: + app: auth + spec: + containers: + - name: auth + image: ghcr.io/evolutionary-algorithms-on-click/auth_microservice:latest + ports: + - containerPort: 5000 + - containerPort: 5001 + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "256Mi" + cpu: "500m" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: cockroachdb-url + - name: MAILER_EMAIL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: mailer-email + - name: MAILER_PASSWORD + valueFrom: + secretKeyRef: + name: evolve-secrets + key: mailer-password + - name: FRONTEND_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: frontend-url + - name: HTTP_PORT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: auth-http-port + - name: GRPC_PORT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: auth-grpc-port +--- +apiVersion: v1 +kind: Service +metadata: + name: auth-service +spec: + selector: + app: auth + ports: + - protocol: TCP + port: 5000 + targetPort: 5000 + - protocol: TCP + port: 5001 + targetPort: 5001 + type: NodePort \ No newline at end of file diff --git a/kubernetes/evolve-secrets.yaml b/kubernetes/evolve-secrets.yaml new file mode 100644 index 0000000..43ee9b9 --- /dev/null +++ b/kubernetes/evolve-secrets.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Secret +metadata: + name: evolve-secrets +type: Opaque +data: + cockroachdb-url: + mailer-email: + mailer-password: + frontend-url: + auth-http-port: + auth-grpc-port: + minio-endpoint: + minio-access-key: + minio-secret-key: + rabbitmq-url: + rabbitmq-queue-name: + runner-controller-http-port: + auth-grpc-address: + next-public-backend-base-url: + next-public-auth-base-url: + next-public-minio-base-url: + next-public-ai: + google-generative-ai-api-key: \ No newline at end of file diff --git a/kubernetes/frontend-deployment.yaml b/kubernetes/frontend-deployment.yaml new file mode 100644 index 0000000..8d9294d --- /dev/null +++ b/kubernetes/frontend-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: evolve-frontend-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: evolve-frontend + template: + metadata: + labels: + app: evolve-frontend + spec: + containers: + - name: evolve-frontend + image: ghcr.io/evolutionary-algorithms-on-click/evolve_frontend:latest + ports: + - containerPort: 3000 + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "512Mi" + cpu: "500m" + env: + - name: NEXT_PUBLIC_BACKEND_BASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-backend-base-url + - name: NEXT_PUBLIC_AUTH_BASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-auth-base-url + - name: NEXT_PUBLIC_MINIO_BASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-minio-base-url + - name: NEXT_PUBLIC_AI + valueFrom: + secretKeyRef: + name: evolve-secrets + key: next-public-ai + - name: GOOGLE_GENERATIVE_AI_API_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: google-generative-ai-api-key + +--- +apiVersion: v1 +kind: Service +metadata: + name: evolve-frontend-service +spec: + selector: + app: evolve-frontend + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + type: NodePort \ No newline at end of file diff --git a/kubernetes/runner-controller-deployment.yaml b/kubernetes/runner-controller-deployment.yaml new file mode 100644 index 0000000..4d5bff2 --- /dev/null +++ b/kubernetes/runner-controller-deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: runner-controller-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: runner-controller + template: + metadata: + labels: + app: runner-controller + spec: + containers: + - name: runner-controller + image: ghcr.io/evolutionary-algorithms-on-click/runner_controller_microservice:latest + ports: + - containerPort: 5002 + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "256Mi" + cpu: "500m" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: cockroachdb-url + - name: MINIO_ENDPOINT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-endpoint + - name: MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-secret-key + - name: RABBITMQ_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: rabbitmq-url + - name: FRONTEND_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: frontend-url + - name: HTTP_PORT + valueFrom: + secretKeyRef: + name: evolve-secrets + key: runner-controller-http-port + - name: AUTH_GRPC_ADDRESS + valueFrom: + secretKeyRef: + name: evolve-secrets + key: auth-grpc-address +--- +apiVersion: v1 +kind: Service +metadata: + name: runner-controller-service +spec: + selector: + app: runner-controller + ports: + - protocol: TCP + port: 5002 + targetPort: 5002 + type: NodePort \ No newline at end of file diff --git a/kubernetes/runner-deployment.yaml b/kubernetes/runner-deployment.yaml new file mode 100644 index 0000000..6a4ef03 --- /dev/null +++ b/kubernetes/runner-deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: runner-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: runner + template: + metadata: + labels: + app: runner + spec: + containers: + - name: runner + image: ghcr.io/evolutionary-algorithms-on-click/runner:latest + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "512Mi" + cpu: "500m" + env: + - name: COCKROACHDB_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: cockroachdb-url + - name: MINIO_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-endpoint + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: evolve-secrets + key: minio-secret-key + - name: RABBITMQ_URL + valueFrom: + secretKeyRef: + name: evolve-secrets + key: rabbitmq-url + - name: RABBITMQ_QUEUE + valueFrom: + secretKeyRef: + name: evolve-secrets + key: rabbitmq-queue-name \ No newline at end of file From 725e54c8887670dbd81e0c1bea86cdb057e26cc6 Mon Sep 17 00:00:00 2001 From: Ashrockzzz2003 Date: Tue, 15 Apr 2025 20:39:02 +0530 Subject: [PATCH 4/5] Fix kubeadm installation and init cluster. --- ansible/playbook.yaml | 285 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 271 insertions(+), 14 deletions(-) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 6c9a153..c22a611 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -58,25 +58,169 @@ register: docker_version changed_when: docker_version.rc != 0 -- name: Manually Install Kubernetes Binaries and Dependencies +- name: Install cri-dockerd and Kubernetes Binaries Manually hosts: all become: true - gather_facts: false + gather_facts: true vars: - cni_base_url: "https://github.com/containernetworking/plugins/releases/download" cni_plugins_version: "v1.3.0" + crictl_version: "v1.31.0" + k8s_release_utils_version: "v0.16.2" + arch: "amd64" + cri_dockerd_arch: "amd64" cni_dest_dir: "/opt/cni/bin" download_dir: "/usr/local/bin" - crictl_version: "v1.31.0" - k8s_release_utils_version: "v0.16.2" - systemd_unit_dir: "/usr/lib/systemd/system" - kubelet_service_file: "{{ systemd_unit_dir }}/kubelet.service" - kubelet_conf_dir: "{{ systemd_unit_dir }}/kubelet.service.d" + cri_dockerd_bin_path: "{{ download_dir }}/cri-dockerd" + systemd_dir: "/etc/systemd/system" + + # cri-dockerd Prefixes + cri_dockerd_api_url: "https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest" + cri_dockerd_release_prefix: "https://github.com/Mirantis/cri-dockerd/releases/download" + cri_dockerd_raw_prefix: "https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd" + + # CNI Plugins Prefix + cni_plugins_release_prefix: "https://github.com/containernetworking/plugins/releases/download" + + # cri-tools (crictl) Prefix + crictl_release_prefix: "https://github.com/kubernetes-sigs/cri-tools/releases/download" + + # K8s Release Utils (Templates) Prefix + k8s_release_raw_prefix: "https://raw.githubusercontent.com/kubernetes/release" + + # --- Filenames and Paths (still useful) --- + cni_plugins_archive_filename: "cni-plugins-linux-{{ arch }}-{{ cni_plugins_version }}.tgz" + crictl_archive_filename: "crictl-{{ crictl_version }}-linux-{{ arch }}.tar.gz" + kubelet_service_template_path: "{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubelet/kubelet.service" + kubeadm_conf_template_path: "{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" + + # --- Systemd unit file paths for kubelet --- + kubelet_service_file: "{{ systemd_dir }}/kubelet.service" + kubelet_conf_dir: "{{ systemd_dir }}/kubelet.service.d" kubelet_conf_file: "{{ kubelet_conf_dir }}/10-kubeadm.conf" tasks: + # Install cri-dockerd + - name: Check if cri-dockerd is already installed + ansible.builtin.stat: + path: "{{ cri_dockerd_bin_path }}" + register: cri_dockerd_binary_stat + + - name: Block for cri-dockerd installation tasks + when: not cri_dockerd_binary_stat.stat.exists + block: + - name: Install prerequisites (curl/wget, tar) + ansible.builtin.package: + name: + - curl + - tar + - ca-certificates + state: present + + - name: Get latest cri-dockerd release tag from GitHub API + ansible.builtin.uri: + url: "{{ cri_dockerd_api_url }}" + return_content: true + headers: + Accept: application/vnd.github.v3+json + register: cri_dockerd_latest_release + check_mode: false + + - name: Exit if GitHub API call failed + ansible.builtin.fail: + msg: "Failed to retrieve cri-dockerd latest release info from {{ cri_dockerd_api_url }}. Status: {{ cri_dockerd_latest_release.status }}" + when: cri_dockerd_latest_release.status != 200 + + - name: Extract cri-dockerd version from tag + ansible.builtin.set_fact: + cri_dockerd_version: "{{ (cri_dockerd_latest_release.content | from_json).tag_name | regex_replace('^v', '') }}" + + - name: Define cri-dockerd download URL and paths + ansible.builtin.set_fact: + cri_dockerd_tmp_archive: "/tmp/cri-dockerd-{{ cri_dockerd_version }}.{{ cri_dockerd_arch }}.tgz" + cri_dockerd_tmp_extract_dir: "/tmp/cri-dockerd-extract-{{ cri_dockerd_version }}" + + - name: Download cri-dockerd archive + ansible.builtin.get_url: + url: "{{ cri_dockerd_release_prefix }}/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ cri_dockerd_arch }}.tgz" + dest: "{{ cri_dockerd_tmp_archive }}" + mode: "0644" + + - name: Ensure temporary extraction directory exists and is empty + ansible.builtin.file: + path: "{{ cri_dockerd_tmp_extract_dir }}" + state: absent + check_mode: false + + - name: Ensure temporary extraction directory exists + ansible.builtin.file: + path: "{{ cri_dockerd_tmp_extract_dir }}" + state: directory + mode: "0755" + + - name: Extract cri-dockerd archive + ansible.builtin.unarchive: + src: "{{ cri_dockerd_tmp_archive }}" + dest: "{{ cri_dockerd_tmp_extract_dir }}" + remote_src: true + + - name: Ensure destination directory for binary exists + ansible.builtin.file: + path: "{{ cri_dockerd_bin_path | dirname }}" + state: directory + mode: "0755" + + - name: Move cri-dockerd binary to final destination + ansible.builtin.copy: + src: "{{ cri_dockerd_tmp_extract_dir }}/cri-dockerd/cri-dockerd" + dest: "{{ cri_dockerd_bin_path }}" + remote_src: true + mode: "0755" + owner: root + group: root + notify: Clean up cri-dockerd temp files + + - name: Download cri-docker.service systemd file + ansible.builtin.get_url: + url: "{{ cri_dockerd_raw_prefix }}/cri-docker.service" + dest: "{{ systemd_dir }}/cri-docker.service" + mode: "0644" + register: cri_service_download + + - name: Download cri-docker.socket systemd file + ansible.builtin.get_url: + url: "{{ cri_dockerd_raw_prefix }}/cri-docker.socket" + dest: "{{ systemd_dir }}/cri-docker.socket" + mode: "0644" + register: cri_socket_download + + - name: Modify cri-docker.service to point to correct binary path + ansible.builtin.replace: + path: "{{ systemd_dir }}/cri-docker.service" + regexp: "/usr/bin/cri-dockerd" + replace: "{{ cri_dockerd_bin_path }}" + when: cri_service_download.changed or cri_socket_download.changed + notify: Reload systemd and restart cri-dockerd + + # --- Systemd Handling for cri-dockerd --- + - name: Force systemd daemon-reload (cri-dockerd) + ansible.builtin.systemd: + daemon_reload: true + when: cri_service_download.changed or cri_socket_download.changed + + - name: Enable cri-docker service + ansible.builtin.systemd: + name: cri-docker.service + enabled: true + + - name: Enable and start cri-docker socket + ansible.builtin.systemd: + name: cri-docker.socket + enabled: true + state: started + + # Install CNI / crictl / kubeadm / kubelet - name: Ensure CNI destination directory exists ansible.builtin.file: path: "{{ cni_dest_dir }}" @@ -85,7 +229,7 @@ - name: Download and extract CNI plugins ansible.builtin.unarchive: - src: "{{ cni_base_url }}/{{ cni_plugins_version }}/cni-plugins-linux-{{ arch }}-{{ cni_plugins_version }}.tgz" + src: "{{ cni_plugins_release_prefix }}/{{ cni_plugins_version }}/{{ cni_plugins_archive_filename }}" dest: "{{ cni_dest_dir }}" remote_src: true creates: "{{ cni_dest_dir }}/bridge" @@ -98,7 +242,7 @@ - name: Download and extract crictl ansible.builtin.unarchive: - src: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-linux-{{ arch }}.tar.gz" + src: "{{ crictl_release_prefix }}/{{ crictl_version }}/{{ crictl_archive_filename }}" dest: "{{ download_dir }}" remote_src: true mode: "0755" @@ -129,9 +273,10 @@ mode: "0755" force: false + # --- Kubelet Systemd Setup --- - name: Fetch kubelet systemd service template content ansible.builtin.uri: - url: "https://raw.githubusercontent.com/kubernetes/release/{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubelet/kubelet.service" + url: "{{ k8s_release_raw_prefix }}/{{ kubelet_service_template_path }}" return_content: true register: kubelet_service_template check_mode: false @@ -151,7 +296,7 @@ - name: Fetch kubeadm systemd drop-in template content ansible.builtin.uri: - url: "https://raw.githubusercontent.com/kubernetes/release/{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" + url: "{{ k8s_release_raw_prefix }}/{{ kubeadm_conf_template_path }}" return_content: true register: kubeadm_conf_template check_mode: false @@ -163,11 +308,25 @@ mode: "0644" notify: Reload systemd and restart kubelet - - name: Ensure kubelet service is enabled and started + - name: Ensure kubelet service is enabled ansible.builtin.systemd: name: kubelet enabled: true - state: started + + - name: Disable Swap + ansible.builtin.command: + cmd: swapoff -a + register: swapoff_result + changed_when: swapoff_result.rc != 0 + + - name: Disable swap - comment out swap entries in fstab using replace + ansible.builtin.replace: + # sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab + path: /etc/fstab + regexp: '^(?!\s*#)(.*\sswap\s.*)$' + replace: '# \1' + backup: true + when: swapoff_result.rc == 0 handlers: - name: Reload systemd and restart kubelet @@ -176,6 +335,104 @@ daemon_reload: true state: restarted + - name: Reload systemd and restart cri-dockerd + ansible.builtin.systemd: + name: cri-docker.service + daemon_reload: true + state: restarted + listen: Reload systemd and restart cri-dockerd + + - name: Clean up cri-dockerd temp files + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - "{{ cri_dockerd_tmp_archive }}" + - "{{ cri_dockerd_tmp_extract_dir }}" + check_mode: false + +- name: Start kubeadm on master + hosts: master + become: true + gather_facts: false + vars: + setup_user: "{{ ansible_user_id }}" + setup_group: "{{ ansible_user_gid }}" + setup_home: "{{ ansible_env.HOME }}" + setup_home_fallback: "/home/{{ setup_user }}" + tasks: + - name: Reset kubeadm. + ansible.builtin.command: + cmd: kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock -f + register: reset_result + changed_when: reset_result.rc != 0 + + - name: Initialize kubernetes cluster. + ansible.builtin.command: + cmd: kubeadm init --cri-socket=unix:///var/run/cri-dockerd.sock --pod-network-cidr=10.244.0.0/16 + register: init_result + changed_when: init_result.rc != 0 + failed_when: init_result.rc != 0 and 'kubeadm has already been initialized' not in init_result.stderr + + - name: Determine effective home directory path + ansible.builtin.set_fact: + effective_home: "{{ setup_home | default(setup_home_fallback) }}" + + - name: Fail if effective home directory could not be determined + ansible.builtin.fail: + msg: >- + Could not determine home directory for user '{{ setup_user }}'. + Tried ansible_env.HOME and fallback '{{ setup_home_fallback }}'. + Check gathered facts or set 'setup_home' variable explicitly. + when: effective_home is not defined or effective_home == "" + + - name: Create .kube directory in user's home + ansible.builtin.file: + path: "{{ effective_home }}/.kube" + state: directory + owner: "{{ setup_user }}" + group: "{{ setup_group }}" + mode: "0700" + + - name: Copy admin.conf to user's .kube/config and set ownership + ansible.builtin.copy: + src: /etc/kubernetes/admin.conf + dest: "{{ effective_home }}/.kube/config" + remote_src: true + owner: "{{ setup_user }}" + group: "{{ setup_group }}" + mode: "0600" + backup: true + +- name: Join Worker Nodes to Cluster + hosts: workers + become: true + gather_facts: false + + vars: + control_plane_node: "{{ groups['master'][0] }}" + cri_socket_path: "unix:///var/run/cri-dockerd.sock" + + tasks: + - name: Retrieve join command from control plane node + ansible.builtin.command: + cmd: kubeadm token create --print-join-command + register: join_command_result + delegate_to: "{{ control_plane_node }}" # Run this command on the master + changed_when: false + failed_when: join_command_result.rc != 0 + + - name: Extract the join command string + ansible.builtin.set_fact: + kubeadm_join_command: "{{ join_command_result.stdout | trim }}" + + - name: Join worker node to the cluster + ansible.builtin.command: + cmd: "{{ kubeadm_join_command }} --cri-socket={{ cri_socket_path }}" + creates: /etc/kubernetes/kubelet.conf + register: join_worker_result + changed_when: join_worker_result.rc == 0 + - name: Install and Configure CockroachDB Cluster hosts: cockroachdb become: true From 50066fad9e5aa306b8ae091d2eeec291d023923c Mon Sep 17 00:00:00 2001 From: Ashrockzzz2003 Date: Tue, 15 Apr 2025 23:10:38 +0530 Subject: [PATCH 5/5] Rollback kube related play - migrating to k3s now. --- ansible/playbook.yaml | 792 ++++++++++++++++++++++-------------------- 1 file changed, 418 insertions(+), 374 deletions(-) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index c22a611..e6b6a4d 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -58,380 +58,424 @@ register: docker_version changed_when: docker_version.rc != 0 -- name: Install cri-dockerd and Kubernetes Binaries Manually - hosts: all - become: true - gather_facts: true - - vars: - cni_plugins_version: "v1.3.0" - crictl_version: "v1.31.0" - k8s_release_utils_version: "v0.16.2" - - arch: "amd64" - cri_dockerd_arch: "amd64" - cni_dest_dir: "/opt/cni/bin" - download_dir: "/usr/local/bin" - cri_dockerd_bin_path: "{{ download_dir }}/cri-dockerd" - systemd_dir: "/etc/systemd/system" - - # cri-dockerd Prefixes - cri_dockerd_api_url: "https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest" - cri_dockerd_release_prefix: "https://github.com/Mirantis/cri-dockerd/releases/download" - cri_dockerd_raw_prefix: "https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd" - - # CNI Plugins Prefix - cni_plugins_release_prefix: "https://github.com/containernetworking/plugins/releases/download" - - # cri-tools (crictl) Prefix - crictl_release_prefix: "https://github.com/kubernetes-sigs/cri-tools/releases/download" - - # K8s Release Utils (Templates) Prefix - k8s_release_raw_prefix: "https://raw.githubusercontent.com/kubernetes/release" - - # --- Filenames and Paths (still useful) --- - cni_plugins_archive_filename: "cni-plugins-linux-{{ arch }}-{{ cni_plugins_version }}.tgz" - crictl_archive_filename: "crictl-{{ crictl_version }}-linux-{{ arch }}.tar.gz" - kubelet_service_template_path: "{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubelet/kubelet.service" - kubeadm_conf_template_path: "{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" - - # --- Systemd unit file paths for kubelet --- - kubelet_service_file: "{{ systemd_dir }}/kubelet.service" - kubelet_conf_dir: "{{ systemd_dir }}/kubelet.service.d" - kubelet_conf_file: "{{ kubelet_conf_dir }}/10-kubeadm.conf" - - tasks: - # Install cri-dockerd - - name: Check if cri-dockerd is already installed - ansible.builtin.stat: - path: "{{ cri_dockerd_bin_path }}" - register: cri_dockerd_binary_stat - - - name: Block for cri-dockerd installation tasks - when: not cri_dockerd_binary_stat.stat.exists - block: - - name: Install prerequisites (curl/wget, tar) - ansible.builtin.package: - name: - - curl - - tar - - ca-certificates - state: present - - - name: Get latest cri-dockerd release tag from GitHub API - ansible.builtin.uri: - url: "{{ cri_dockerd_api_url }}" - return_content: true - headers: - Accept: application/vnd.github.v3+json - register: cri_dockerd_latest_release - check_mode: false - - - name: Exit if GitHub API call failed - ansible.builtin.fail: - msg: "Failed to retrieve cri-dockerd latest release info from {{ cri_dockerd_api_url }}. Status: {{ cri_dockerd_latest_release.status }}" - when: cri_dockerd_latest_release.status != 200 - - - name: Extract cri-dockerd version from tag - ansible.builtin.set_fact: - cri_dockerd_version: "{{ (cri_dockerd_latest_release.content | from_json).tag_name | regex_replace('^v', '') }}" - - - name: Define cri-dockerd download URL and paths - ansible.builtin.set_fact: - cri_dockerd_tmp_archive: "/tmp/cri-dockerd-{{ cri_dockerd_version }}.{{ cri_dockerd_arch }}.tgz" - cri_dockerd_tmp_extract_dir: "/tmp/cri-dockerd-extract-{{ cri_dockerd_version }}" - - - name: Download cri-dockerd archive - ansible.builtin.get_url: - url: "{{ cri_dockerd_release_prefix }}/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ cri_dockerd_arch }}.tgz" - dest: "{{ cri_dockerd_tmp_archive }}" - mode: "0644" - - - name: Ensure temporary extraction directory exists and is empty - ansible.builtin.file: - path: "{{ cri_dockerd_tmp_extract_dir }}" - state: absent - check_mode: false - - - name: Ensure temporary extraction directory exists - ansible.builtin.file: - path: "{{ cri_dockerd_tmp_extract_dir }}" - state: directory - mode: "0755" - - - name: Extract cri-dockerd archive - ansible.builtin.unarchive: - src: "{{ cri_dockerd_tmp_archive }}" - dest: "{{ cri_dockerd_tmp_extract_dir }}" - remote_src: true - - - name: Ensure destination directory for binary exists - ansible.builtin.file: - path: "{{ cri_dockerd_bin_path | dirname }}" - state: directory - mode: "0755" - - - name: Move cri-dockerd binary to final destination - ansible.builtin.copy: - src: "{{ cri_dockerd_tmp_extract_dir }}/cri-dockerd/cri-dockerd" - dest: "{{ cri_dockerd_bin_path }}" - remote_src: true - mode: "0755" - owner: root - group: root - notify: Clean up cri-dockerd temp files - - - name: Download cri-docker.service systemd file - ansible.builtin.get_url: - url: "{{ cri_dockerd_raw_prefix }}/cri-docker.service" - dest: "{{ systemd_dir }}/cri-docker.service" - mode: "0644" - register: cri_service_download - - - name: Download cri-docker.socket systemd file - ansible.builtin.get_url: - url: "{{ cri_dockerd_raw_prefix }}/cri-docker.socket" - dest: "{{ systemd_dir }}/cri-docker.socket" - mode: "0644" - register: cri_socket_download - - - name: Modify cri-docker.service to point to correct binary path - ansible.builtin.replace: - path: "{{ systemd_dir }}/cri-docker.service" - regexp: "/usr/bin/cri-dockerd" - replace: "{{ cri_dockerd_bin_path }}" - when: cri_service_download.changed or cri_socket_download.changed - notify: Reload systemd and restart cri-dockerd - - # --- Systemd Handling for cri-dockerd --- - - name: Force systemd daemon-reload (cri-dockerd) - ansible.builtin.systemd: - daemon_reload: true - when: cri_service_download.changed or cri_socket_download.changed - - - name: Enable cri-docker service - ansible.builtin.systemd: - name: cri-docker.service - enabled: true - - - name: Enable and start cri-docker socket - ansible.builtin.systemd: - name: cri-docker.socket - enabled: true - state: started - - # Install CNI / crictl / kubeadm / kubelet - - name: Ensure CNI destination directory exists - ansible.builtin.file: - path: "{{ cni_dest_dir }}" - state: directory - mode: "0755" - - - name: Download and extract CNI plugins - ansible.builtin.unarchive: - src: "{{ cni_plugins_release_prefix }}/{{ cni_plugins_version }}/{{ cni_plugins_archive_filename }}" - dest: "{{ cni_dest_dir }}" - remote_src: true - creates: "{{ cni_dest_dir }}/bridge" - - - name: Ensure binary download directory exists - ansible.builtin.file: - path: "{{ download_dir }}" - state: directory - mode: "0755" - - - name: Download and extract crictl - ansible.builtin.unarchive: - src: "{{ crictl_release_prefix }}/{{ crictl_version }}/{{ crictl_archive_filename }}" - dest: "{{ download_dir }}" - remote_src: true - mode: "0755" - creates: "{{ download_dir }}/crictl" - - - name: Get latest stable Kubernetes release version string - ansible.builtin.uri: - url: https://dl.k8s.io/release/stable.txt - return_content: true - register: k8s_stable_release - check_mode: false - - - name: Set stable release fact - ansible.builtin.set_fact: - k8s_release: "{{ k8s_stable_release.content | trim }}" - - - name: Download kubeadm binary - ansible.builtin.get_url: - url: "https://dl.k8s.io/release/{{ k8s_release }}/bin/linux/{{ arch }}/kubeadm" - dest: "{{ download_dir }}/kubeadm" - mode: "0755" - force: false - - - name: Download kubelet binary - ansible.builtin.get_url: - url: "https://dl.k8s.io/release/{{ k8s_release }}/bin/linux/{{ arch }}/kubelet" - dest: "{{ download_dir }}/kubelet" - mode: "0755" - force: false - - # --- Kubelet Systemd Setup --- - - name: Fetch kubelet systemd service template content - ansible.builtin.uri: - url: "{{ k8s_release_raw_prefix }}/{{ kubelet_service_template_path }}" - return_content: true - register: kubelet_service_template - check_mode: false - - - name: Create kubelet systemd service file from template - ansible.builtin.copy: - content: "{{ kubelet_service_template.content | replace('/usr/bin', download_dir) }}" - dest: "{{ kubelet_service_file }}" - mode: "0644" - notify: Reload systemd and restart kubelet - - - name: Ensure kubelet systemd drop-in directory exists - ansible.builtin.file: - path: "{{ kubelet_conf_dir }}" - state: directory - mode: "0755" - - - name: Fetch kubeadm systemd drop-in template content - ansible.builtin.uri: - url: "{{ k8s_release_raw_prefix }}/{{ kubeadm_conf_template_path }}" - return_content: true - register: kubeadm_conf_template - check_mode: false - - - name: Create kubeadm systemd drop-in file from template - ansible.builtin.copy: - content: "{{ kubeadm_conf_template.content | replace('/usr/bin', download_dir) }}" - dest: "{{ kubelet_conf_file }}" - mode: "0644" - notify: Reload systemd and restart kubelet - - - name: Ensure kubelet service is enabled - ansible.builtin.systemd: - name: kubelet - enabled: true - - - name: Disable Swap - ansible.builtin.command: - cmd: swapoff -a - register: swapoff_result - changed_when: swapoff_result.rc != 0 - - - name: Disable swap - comment out swap entries in fstab using replace - ansible.builtin.replace: - # sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab - path: /etc/fstab - regexp: '^(?!\s*#)(.*\sswap\s.*)$' - replace: '# \1' - backup: true - when: swapoff_result.rc == 0 - - handlers: - - name: Reload systemd and restart kubelet - ansible.builtin.systemd: - name: kubelet - daemon_reload: true - state: restarted - - - name: Reload systemd and restart cri-dockerd - ansible.builtin.systemd: - name: cri-docker.service - daemon_reload: true - state: restarted - listen: Reload systemd and restart cri-dockerd - - - name: Clean up cri-dockerd temp files - ansible.builtin.file: - path: "{{ item }}" - state: absent - loop: - - "{{ cri_dockerd_tmp_archive }}" - - "{{ cri_dockerd_tmp_extract_dir }}" - check_mode: false - -- name: Start kubeadm on master - hosts: master - become: true - gather_facts: false - vars: - setup_user: "{{ ansible_user_id }}" - setup_group: "{{ ansible_user_gid }}" - setup_home: "{{ ansible_env.HOME }}" - setup_home_fallback: "/home/{{ setup_user }}" - tasks: - - name: Reset kubeadm. - ansible.builtin.command: - cmd: kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock -f - register: reset_result - changed_when: reset_result.rc != 0 - - - name: Initialize kubernetes cluster. - ansible.builtin.command: - cmd: kubeadm init --cri-socket=unix:///var/run/cri-dockerd.sock --pod-network-cidr=10.244.0.0/16 - register: init_result - changed_when: init_result.rc != 0 - failed_when: init_result.rc != 0 and 'kubeadm has already been initialized' not in init_result.stderr - - - name: Determine effective home directory path - ansible.builtin.set_fact: - effective_home: "{{ setup_home | default(setup_home_fallback) }}" - - - name: Fail if effective home directory could not be determined - ansible.builtin.fail: - msg: >- - Could not determine home directory for user '{{ setup_user }}'. - Tried ansible_env.HOME and fallback '{{ setup_home_fallback }}'. - Check gathered facts or set 'setup_home' variable explicitly. - when: effective_home is not defined or effective_home == "" - - - name: Create .kube directory in user's home - ansible.builtin.file: - path: "{{ effective_home }}/.kube" - state: directory - owner: "{{ setup_user }}" - group: "{{ setup_group }}" - mode: "0700" - - - name: Copy admin.conf to user's .kube/config and set ownership - ansible.builtin.copy: - src: /etc/kubernetes/admin.conf - dest: "{{ effective_home }}/.kube/config" - remote_src: true - owner: "{{ setup_user }}" - group: "{{ setup_group }}" - mode: "0600" - backup: true - -- name: Join Worker Nodes to Cluster - hosts: workers - become: true - gather_facts: false - - vars: - control_plane_node: "{{ groups['master'][0] }}" - cri_socket_path: "unix:///var/run/cri-dockerd.sock" - - tasks: - - name: Retrieve join command from control plane node - ansible.builtin.command: - cmd: kubeadm token create --print-join-command - register: join_command_result - delegate_to: "{{ control_plane_node }}" # Run this command on the master - changed_when: false - failed_when: join_command_result.rc != 0 - - - name: Extract the join command string - ansible.builtin.set_fact: - kubeadm_join_command: "{{ join_command_result.stdout | trim }}" - - - name: Join worker node to the cluster - ansible.builtin.command: - cmd: "{{ kubeadm_join_command }} --cri-socket={{ cri_socket_path }}" - creates: /etc/kubernetes/kubelet.conf - register: join_worker_result - changed_when: join_worker_result.rc == 0 +# - name: Install cri-dockerd and Kubernetes Binaries Manually +# hosts: all +# become: true +# gather_facts: true + +# vars: +# cni_plugins_version: "v1.3.0" +# crictl_version: "v1.31.0" +# k8s_release_utils_version: "v0.16.2" + +# arch: "amd64" +# cri_dockerd_arch: "amd64" +# cni_dest_dir: "/opt/cni/bin" +# download_dir: "/usr/local/bin" +# cri_dockerd_bin_path: "{{ download_dir }}/cri-dockerd" +# systemd_dir: "/etc/systemd/system" + +# # cri-dockerd Prefixes +# cri_dockerd_api_url: "https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest" +# cri_dockerd_release_prefix: "https://github.com/Mirantis/cri-dockerd/releases/download" +# cri_dockerd_raw_prefix: "https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd" + +# # CNI Plugins Prefix +# cni_plugins_release_prefix: "https://github.com/containernetworking/plugins/releases/download" + +# # cri-tools (crictl) Prefix +# crictl_release_prefix: "https://github.com/kubernetes-sigs/cri-tools/releases/download" + +# # K8s Release Utils (Templates) Prefix +# k8s_release_raw_prefix: "https://raw.githubusercontent.com/kubernetes/release" + +# # --- Filenames and Paths (still useful) --- +# cni_plugins_archive_filename: "cni-plugins-linux-{{ arch }}-{{ cni_plugins_version }}.tgz" +# crictl_archive_filename: "crictl-{{ crictl_version }}-linux-{{ arch }}.tar.gz" +# kubelet_service_template_path: "{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubelet/kubelet.service" +# kubeadm_conf_template_path: "{{ k8s_release_utils_version }}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" + +# # --- Systemd unit file paths for kubelet --- +# kubelet_service_file: "{{ systemd_dir }}/kubelet.service" +# kubelet_conf_dir: "{{ systemd_dir }}/kubelet.service.d" +# kubelet_conf_file: "{{ kubelet_conf_dir }}/10-kubeadm.conf" + +# tasks: +# # Install cri-dockerd +# - name: Check if cri-dockerd is already installed +# ansible.builtin.stat: +# path: "{{ cri_dockerd_bin_path }}" +# register: cri_dockerd_binary_stat + +# - name: Block for cri-dockerd installation tasks +# when: not cri_dockerd_binary_stat.stat.exists +# block: +# - name: Install prerequisites (curl/wget, tar) +# ansible.builtin.package: +# name: +# - curl +# - tar +# - ca-certificates +# state: present + +# - name: Get latest cri-dockerd release tag from GitHub API +# ansible.builtin.uri: +# url: "{{ cri_dockerd_api_url }}" +# return_content: true +# headers: +# Accept: application/vnd.github.v3+json +# register: cri_dockerd_latest_release +# check_mode: false + +# - name: Exit if GitHub API call failed +# ansible.builtin.fail: +# msg: "Failed to retrieve cri-dockerd latest release info from {{ cri_dockerd_api_url }}. Status: {{ cri_dockerd_latest_release.status }}" +# when: cri_dockerd_latest_release.status != 200 + +# - name: Extract cri-dockerd version from tag +# ansible.builtin.set_fact: +# cri_dockerd_version: "{{ (cri_dockerd_latest_release.content | from_json).tag_name | regex_replace('^v', '') }}" + +# - name: Define cri-dockerd download URL and paths +# ansible.builtin.set_fact: +# cri_dockerd_tmp_archive: "/tmp/cri-dockerd-{{ cri_dockerd_version }}.{{ cri_dockerd_arch }}.tgz" +# cri_dockerd_tmp_extract_dir: "/tmp/cri-dockerd-extract-{{ cri_dockerd_version }}" + +# - name: Download cri-dockerd archive +# ansible.builtin.get_url: +# url: "{{ cri_dockerd_release_prefix }}/v{{ cri_dockerd_version }}/cri-dockerd-{{ cri_dockerd_version }}.{{ cri_dockerd_arch }}.tgz" +# dest: "{{ cri_dockerd_tmp_archive }}" +# mode: "0644" + +# - name: Ensure temporary extraction directory exists and is empty +# ansible.builtin.file: +# path: "{{ cri_dockerd_tmp_extract_dir }}" +# state: absent +# check_mode: false + +# - name: Ensure temporary extraction directory exists +# ansible.builtin.file: +# path: "{{ cri_dockerd_tmp_extract_dir }}" +# state: directory +# mode: "0755" + +# - name: Extract cri-dockerd archive +# ansible.builtin.unarchive: +# src: "{{ cri_dockerd_tmp_archive }}" +# dest: "{{ cri_dockerd_tmp_extract_dir }}" +# remote_src: true + +# - name: Ensure destination directory for binary exists +# ansible.builtin.file: +# path: "{{ cri_dockerd_bin_path | dirname }}" +# state: directory +# mode: "0755" + +# - name: Move cri-dockerd binary to final destination +# ansible.builtin.copy: +# src: "{{ cri_dockerd_tmp_extract_dir }}/cri-dockerd/cri-dockerd" +# dest: "{{ cri_dockerd_bin_path }}" +# remote_src: true +# mode: "0755" +# owner: root +# group: root +# notify: Clean up cri-dockerd temp files + +# - name: Download cri-docker.service systemd file +# ansible.builtin.get_url: +# url: "{{ cri_dockerd_raw_prefix }}/cri-docker.service" +# dest: "{{ systemd_dir }}/cri-docker.service" +# mode: "0644" +# register: cri_service_download + +# - name: Download cri-docker.socket systemd file +# ansible.builtin.get_url: +# url: "{{ cri_dockerd_raw_prefix }}/cri-docker.socket" +# dest: "{{ systemd_dir }}/cri-docker.socket" +# mode: "0644" +# register: cri_socket_download + +# - name: Modify cri-docker.service to point to correct binary path +# ansible.builtin.replace: +# path: "{{ systemd_dir }}/cri-docker.service" +# regexp: "/usr/bin/cri-dockerd" +# replace: "{{ cri_dockerd_bin_path }}" +# when: cri_service_download.changed or cri_socket_download.changed +# notify: Reload systemd and restart cri-dockerd + +# # --- Systemd Handling for cri-dockerd --- +# - name: Force systemd daemon-reload (cri-dockerd) +# ansible.builtin.systemd: +# daemon_reload: true +# when: cri_service_download.changed or cri_socket_download.changed + +# - name: Enable cri-docker service +# ansible.builtin.systemd: +# name: cri-docker.service +# enabled: true + +# - name: Enable and start cri-docker socket +# ansible.builtin.systemd: +# name: cri-docker.socket +# enabled: true +# state: started + +# # Install CNI / crictl / kubeadm / kubelet +# - name: Ensure CNI destination directory exists +# ansible.builtin.file: +# path: "{{ cni_dest_dir }}" +# state: directory +# mode: "0755" + +# - name: Download and extract CNI plugins +# ansible.builtin.unarchive: +# src: "{{ cni_plugins_release_prefix }}/{{ cni_plugins_version }}/{{ cni_plugins_archive_filename }}" +# dest: "{{ cni_dest_dir }}" +# remote_src: true +# creates: "{{ cni_dest_dir }}/bridge" + +# - name: Ensure binary download directory exists +# ansible.builtin.file: +# path: "{{ download_dir }}" +# state: directory +# mode: "0755" + +# - name: Download and extract crictl +# ansible.builtin.unarchive: +# src: "{{ crictl_release_prefix }}/{{ crictl_version }}/{{ crictl_archive_filename }}" +# dest: "{{ download_dir }}" +# remote_src: true +# mode: "0755" +# creates: "{{ download_dir }}/crictl" + +# - name: Get latest stable Kubernetes release version string +# ansible.builtin.uri: +# url: https://dl.k8s.io/release/stable.txt +# return_content: true +# register: k8s_stable_release +# check_mode: false + +# - name: Set stable release fact +# ansible.builtin.set_fact: +# k8s_release: "{{ k8s_stable_release.content | trim }}" + +# - name: Download kubeadm binary +# ansible.builtin.get_url: +# url: "https://dl.k8s.io/release/{{ k8s_release }}/bin/linux/{{ arch }}/kubeadm" +# dest: "{{ download_dir }}/kubeadm" +# mode: "0755" +# force: false + +# - name: Download kubelet binary +# ansible.builtin.get_url: +# url: "https://dl.k8s.io/release/{{ k8s_release }}/bin/linux/{{ arch }}/kubelet" +# dest: "{{ download_dir }}/kubelet" +# mode: "0755" +# force: false + +# # --- Kubelet Systemd Setup --- +# - name: Fetch kubelet systemd service template content +# ansible.builtin.uri: +# url: "{{ k8s_release_raw_prefix }}/{{ kubelet_service_template_path }}" +# return_content: true +# register: kubelet_service_template +# check_mode: false + +# - name: Create kubelet systemd service file from template +# ansible.builtin.copy: +# content: "{{ kubelet_service_template.content | replace('/usr/bin', download_dir) }}" +# dest: "{{ kubelet_service_file }}" +# mode: "0644" +# notify: Reload systemd and restart kubelet + +# - name: Ensure kubelet systemd drop-in directory exists +# ansible.builtin.file: +# path: "{{ kubelet_conf_dir }}" +# state: directory +# mode: "0755" + +# - name: Fetch kubeadm systemd drop-in template content +# ansible.builtin.uri: +# url: "{{ k8s_release_raw_prefix }}/{{ kubeadm_conf_template_path }}" +# return_content: true +# register: kubeadm_conf_template +# check_mode: false + +# - name: Create kubeadm systemd drop-in file from template +# ansible.builtin.copy: +# content: "{{ kubeadm_conf_template.content | replace('/usr/bin', download_dir) }}" +# dest: "{{ kubelet_conf_file }}" +# mode: "0644" +# notify: Reload systemd and restart kubelet + +# - name: Ensure kubelet service is enabled +# ansible.builtin.systemd: +# name: kubelet +# enabled: true + +# - name: Disable Swap +# ansible.builtin.command: +# cmd: swapoff -a +# register: swapoff_result +# changed_when: swapoff_result.rc != 0 + +# - name: Disable swap - comment out swap entries in fstab using replace +# ansible.builtin.replace: +# # sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab +# path: /etc/fstab +# regexp: '^(?!\s*#)(.*\sswap\s.*)$' +# replace: '# \1' +# backup: true +# when: swapoff_result.rc == 0 + +# handlers: +# - name: Reload systemd and restart kubelet +# ansible.builtin.systemd: +# name: kubelet +# daemon_reload: true +# state: restarted + +# - name: Reload systemd and restart cri-dockerd +# ansible.builtin.systemd: +# name: cri-docker.service +# daemon_reload: true +# state: restarted +# listen: Reload systemd and restart cri-dockerd + +# - name: Clean up cri-dockerd temp files +# ansible.builtin.file: +# path: "{{ item }}" +# state: absent +# loop: +# - "{{ cri_dockerd_tmp_archive }}" +# - "{{ cri_dockerd_tmp_extract_dir }}" +# check_mode: false + +# - name: Configure Kernel Modules and Sysctl for Kubernetes Prerequisites +# hosts: all +# become: true + +# tasks: +# - name: Ensure kernel modules required by Kubernetes are loaded on boot +# ansible.builtin.copy: +# dest: /etc/modules-load.d/k8s.conf +# content: | +# overlay +# br_netfilter +# owner: root +# group: root +# mode: "0644" +# notify: Reload sysctl + +# - name: Load kernel modules immediately +# community.general.modprobe: +# name: "{{ item }}" +# state: present +# loop: +# - overlay +# - br_netfilter + +# - name: Ensure required sysctl parameters are set for Kubernetes +# ansible.posix.sysctl: +# name: "{{ item.key }}" +# value: "{{ item.value }}" +# sysctl_file: /etc/sysctl.d/k8s.conf +# state: present +# reload: true +# loop: +# - { key: "net.bridge.bridge-nf-call-iptables", value: "1" } +# - { key: "net.bridge.bridge-nf-call-ip6tables", value: "1" } +# - { key: "net.ipv4.ip_forward", value: "1" } +# notify: Reload sysctl + +# handlers: +# - name: Reload sysctl +# ansible.builtin.command: sysctl --system +# listen: Reload sysctl +# register: sysctl_reload_result +# changed_when: sysctl_reload_result.rc != 0 + +# - name: Start kubeadm on master +# hosts: master +# become: true +# gather_facts: false +# vars: +# setup_user: "{{ ansible_user_id }}" +# setup_group: "{{ ansible_user_gid }}" +# setup_home: "{{ ansible_env.HOME }}" +# setup_home_fallback: "/home/{{ setup_user }}" +# tasks: +# - name: Reset kubeadm. +# ansible.builtin.command: +# cmd: kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock -f +# register: reset_result +# changed_when: reset_result.rc != 0 + +# - name: Initialize kubernetes cluster. +# ansible.builtin.command: +# cmd: kubeadm init --cri-socket=unix:///var/run/cri-dockerd.sock --pod-network-cidr=10.244.0.0/16 +# register: init_result +# changed_when: init_result.rc != 0 +# failed_when: init_result.rc != 0 and 'kubeadm has already been initialized' not in init_result.stderr + +# - name: Determine effective home directory path +# ansible.builtin.set_fact: +# effective_home: "{{ setup_home | default(setup_home_fallback) }}" + +# - name: Fail if effective home directory could not be determined +# ansible.builtin.fail: +# msg: >- +# Could not determine home directory for user '{{ setup_user }}'. +# Tried ansible_env.HOME and fallback '{{ setup_home_fallback }}'. +# Check gathered facts or set 'setup_home' variable explicitly. +# when: effective_home is not defined or effective_home == "" + +# - name: Create .kube directory in user's home +# ansible.builtin.file: +# path: "{{ effective_home }}/.kube" +# state: directory +# owner: "{{ setup_user }}" +# group: "{{ setup_group }}" +# mode: "0700" + +# - name: Copy admin.conf to user's .kube/config and set ownership +# ansible.builtin.copy: +# src: /etc/kubernetes/admin.conf +# dest: "{{ effective_home }}/.kube/config" +# remote_src: true +# owner: "{{ setup_user }}" +# group: "{{ setup_group }}" +# mode: "0600" +# backup: true + +# - name: Join Worker Nodes to Cluster +# hosts: workers +# become: true +# gather_facts: false + +# vars: +# control_plane_node: "{{ groups['master'][0] }}" +# cri_socket_path: "unix:///var/run/cri-dockerd.sock" + +# tasks: +# - name: Retrieve join command from control plane node +# ansible.builtin.command: +# cmd: kubeadm token create --print-join-command +# register: join_command_result +# delegate_to: "{{ control_plane_node }}" +# changed_when: false +# failed_when: join_command_result.rc != 0 + +# - name: Extract the join command string +# ansible.builtin.set_fact: +# kubeadm_join_command: "{{ join_command_result.stdout | trim }}" + +# - name: Join worker node to the cluster +# ansible.builtin.command: +# cmd: "{{ kubeadm_join_command }} --cri-socket={{ cri_socket_path }} --pod-network-cidr=10.244.0.0/16" +# creates: /etc/kubernetes/kubelet.conf +# register: join_worker_result +# changed_when: join_worker_result.rc == 0 - name: Install and Configure CockroachDB Cluster hosts: cockroachdb