Merge pull request #782 from gmarcy/k8s-debian-default

chore: updates for k8s distro to work with all guest os

Author: ccamacho

kubeinit/galaxy.yml

@@ -17,11 +17,11 @@ tags:
   - origin
 dependencies:
   ansible.posix: '==1.5.4'
-  ansible.utils: '==2.10.3'
-  community.crypto: '==2.13.1'
-  community.general: '==7.0.1'
-  community.libvirt: '==1.2.0'
-  containers.podman: '==1.10.2'
+  ansible.utils: '==5.0.0'
+  community.crypto: '==2.21.1'
+  community.general: '==9.2.0'
+  community.libvirt: '==1.3.0'
+  containers.podman: '==1.15.4'
   openvswitch.openvswitch: '==2.1.1'
 
 repository: 'https://github.com/kubeinit/kubeinit'

kubeinit/group_vars/kubeinit_defaults.yml

@@ -17,7 +17,7 @@ cluster_node_configurations_docsplaceholder: 'we should have a cluster_node_conf
 
 cluster_node_default_distro:
   k8s:
-    os: centos
+    os: debian
   ocp:
     os: coreos
   okd:

kubeinit/requirements.yml

@@ -7,14 +7,14 @@ collections:
   - name: ansible.posix
     version: '1.5.4'
   - name: ansible.utils
-    version: '2.10.3'
+    version: '5.0.0'
   - name: community.crypto
-    version: '2.13.1'
+    version: '2.21.1'
   - name: community.general
-    version: '7.0.1'
+    version: '9.2.0'
   - name: community.libvirt
-    version: '1.2.0'
+    version: '1.3.0'
   - name: containers.podman
-    version: '1.10.2'
+    version: '1.15.4'
   - name: openvswitch.openvswitch
     version: '2.1.1'

kubeinit/roles/kubeinit_k8s/tasks/main.yml

@@ -187,7 +187,7 @@
 
 - name: Label compute nodes
   ansible.builtin.command: |
-    kubectl label node {{ hostvars[compute_node].fqdn }} node-role.kubernetes.io/worker=
+    kubectl label node {{ compute_node }} node-role.kubernetes.io/worker=
   register: _result
   changed_when: "_result.rc == 0"
   loop: "{{ groups['all_compute_nodes'] | default([]) }}"

kubeinit/roles/kubeinit_k8s/tasks/prepare_cluster.yml

@@ -58,130 +58,39 @@
           register: _result
           changed_when: "_result.rc == 0"
 
-#### Debian-based distributions
-###
-#### These instructions are for Kubernetes v1.30.
-###
-#### Update the apt package index and install packages needed to use the Kubernetes apt repository:
-###
-###    sudo apt-get update
-###    # apt-transport-https may be a dummy package; if so, you can skip that package
-###    sudo apt-get install -y apt-transport-https ca-certificates curl gpg
-###
-#### Download the public signing key for the Kubernetes package repositories. The same signing key is used for all repositories so you can disregard the version in the URL:
-###
-###    # If the directory `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below.
-###    # sudo mkdir -p -m 755 /etc/apt/keyrings
-###    curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-###
-#### Note:
-#### In releases older than Debian 12 and Ubuntu 22.04, directory /etc/apt/keyrings does not exist by default, and it should be created before the curl command.
-###
-#### Add the appropriate Kubernetes apt repository. Please note that this repository have packages only for Kubernetes 1.30; for other Kubernetes minor versions, you need to change the Kubernetes minor version in the URL to match your desired minor version (you should also check that you are reading the documentation for the version of Kubernetes that you plan to install).
-###
-###    # This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
-###    echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
-###
-#### Update the apt package index, install kubelet, kubeadm and kubectl, and pin their version:
-###
-###    sudo apt-get update
-###    sudo apt-get install -y kubelet kubeadm kubectl
-###    sudo apt-mark hold kubelet kubeadm kubectl
-###
-#### (Optional) Enable the kubelet service before running kubeadm:
-###
-###    sudo systemctl enable --now kubelet
-###
-####
-#### END
-####
-#### Distributions using deb packages
-###
-#### Install the dependencies for adding repositories
-###    apt-get update
-###    apt-get install -y software-properties-common curl
-###
-#### Add the Kubernetes repository
-###    curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key |
-###        gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-###
-###    echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" |
-###        tee /etc/apt/sources.list.d/kubernetes.list
-###
-#### Add the CRI-O repository
-###    curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/deb/Release.key |
-###        gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
-###
-###    echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/deb/ /" |
-###        tee /etc/apt/sources.list.d/cri-o.list
-###
-#### Install the packages
-###    apt-get update
-###    apt-get install -y cri-o kubelet kubeadm kubectl
-###
-#### Start CRI-O
-###    systemctl start crio.service
-###
-#### Bootstrap a cluster
-###    swapoff -a
-###    modprobe br_netfilter
-###    sysctl -w net.ipv4.ip_forward=1
-###
-###    kubeadm init
-####
-#### END
-####
-    - when: hostvars[kubeinit_provision_service_node].os != 'centos'
+    - when: hostvars[kubeinit_provision_service_node].os == 'debian'
       block:
 
         - name: Add kubernetes repo for latest kubectl (Debian)
           ansible.builtin.shell: |
             set -eo pipefail
+            apt-get install -y apt-transport-https ca-certificates curl gpg
+            mkdir -p /etc/apt/keyrings
+            curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+            echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
             apt-get update
-            apt-get install -y software-properties-common curl
-
-            curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key |
-                gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-            echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /" |
-                tee /etc/apt/sources.list.d/kubernetes.list
-
-            curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/Release.key |
-                gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
-            echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/deb/ /" |
-                tee /etc/apt/sources.list.d/cri-o.list
-
-            apt-get update
-            apt-get install -y cri-o kubelet kubeadm kubectl
-
-            systemctl start crio.service
+            apt-get install -y kubectl
+            apt-mark hold kubectl
           args:
             executable: /bin/bash
           register: _result
           changed_when: "_result.rc == 0"
 
-        ###
-        # The Project's prerelease:/main prefix at the CRI-O's package path, can be replaced with stable:/v1.28, stable:/v1.29, prerelease:/v1.28 or prerelease:/v1.29 if another stream package is used.
-        ###
+    - when: hostvars[kubeinit_provision_service_node].os == 'ubuntu'
+      block:
 
         - name: Add kubernetes repo for latest kubectl (Ubuntu)
           ansible.builtin.shell: |
             set -eo pipefail
-            apt-get install -y apt-transport-https ca-certificates curl gnupg
+            apt-get install -y apt-transport-https ca-certificates curl gpg
             curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-            chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring
             echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
-            chmod 644 /etc/apt/sources.list.d/kubernetes.list   # helps tools such as command-not-found to work correctly
-            apt-get update --allow-insecure-repositories
+            apt-get update
+            apt-get install -y kubectl
+            apt-mark hold kubectl
           args:
             executable: /bin/bash
           register: _result
           changed_when: "_result.rc == 0"
 
-        - name: Install services requirements
-          ansible.builtin.package:
-            name:
-            - kubectl
-            state: present
-            use: apt
-
   delegate_to: "{{ kubeinit_provision_service_node }}"

kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml

@@ -198,6 +198,7 @@
     kubeinit_deployment_node_name: "{{ item[0] }}"
     service_name: "{{ kubeinit_cluster_name }}-{{ item[1] }}"
   delegate_to: "{{ kubeinit_deployment_node_name }}"
+  when: false
 
 - name: Remove any previous services podman pods
   containers.podman.podman_pod:

kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml

@@ -203,7 +203,7 @@
             state: touch
             mode: '0644'
 
-        - name: Adding repository details in Kubernetes repo file.
+        - name: Adding repository details in CRI-O repo file.
           ansible.builtin.blockinfile:
             path: /etc/yum.repos.d/cri-o.repo
             block: |

kubeinit/roles/kubeinit_libvirt/tasks/deploy_debian_guest.yml

@@ -117,6 +117,15 @@
 - name: Configure common requirements in Debian guests
   block:
 
+    - name: Update packages
+      ansible.builtin.command: apt update
+
+    - name: Install resolvconf
+      ansible.builtin.package:
+        name: resolvconf
+        state: present
+        use: apt
+
     - name: Make sure base file exists
       ansible.builtin.copy:
         content: ""
@@ -172,18 +181,11 @@
     - name: Force apt-get update
       ansible.builtin.shell: |
         apt-get update
-        apt-get install -y gnupg
       args:
         executable: /bin/bash
       register: _result
       changed_when: "_result.rc == 0"
 
-    - name: Update packages
-      ansible.builtin.package:
-        name: "*"
-        state: latest
-        use: apt
-
     - name: Disable SWAP
       ansible.builtin.shell: |
         swapoff -a
@@ -211,6 +213,59 @@
       register: _result
       changed_when: "_result.rc == 0"
 
+    - name: Enable kernel modules and IP forward
+      ansible.builtin.shell: |
+        modprobe br_netfilter
+        echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
+        #modprobe overlay
+        #echo overlay > /etc/modules-load.d/overlay.conf
+        sysctl -w net.ipv4.ip_forward=1
+        #sysctl -w net.bridge.bridge-nf-call-iptables=1
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Add kubernetes repo for latest kubectl (Ubuntu)
+      ansible.builtin.shell: |
+        set -eo pipefail
+        export DEBIAN_FRONTEND=noninteractive
+        apt-get install -y apt-transport-https ca-certificates curl gpg
+        mkdir -p /etc/apt/keyrings
+        curl -fsSL https://pkgs.k8s.io/core:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+        echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+        curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
+        echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/ /" | tee /etc/apt/sources.list.d/cri-o.list
+        apt-get update
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Install requirements
+      ansible.builtin.shell: |
+        apt-get install -y cri-o={{ kubeinit_k8s_kubernetes_version }}.* kubelet={{ kubeinit_k8s_kubernetes_version }}.* kubeadm={{ kubeinit_k8s_kubernetes_version }}.* kubectl={{ kubeinit_k8s_kubernetes_version }}.*
+        apt-mark hold cri-o kubelet kubeadm kubectl
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Enable/start/status cri-o
+      ansible.builtin.shell: |
+        systemctl enable crio
+        systemctl start crio
+        systemctl status crio
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Enable kubelet
+      ansible.builtin.systemd:
+        name: kubelet
+        enabled: yes
+
     - name: Update packages
       ansible.builtin.package:
         name: "*"

kubeinit/roles/kubeinit_libvirt/tasks/deploy_ubuntu_guest.yml

@@ -116,19 +116,8 @@
 - name: Configure common requirements in Ubuntu guests
   block:
 
-    - name: Add kubernetes repo for latest kubectl (Ubuntu)
-      ansible.builtin.shell: |
-        set -eo pipefail
-        apt-get install -y apt-transport-https ca-certificates curl gnupg
-        curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-        chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring
-        echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
-        chmod 644 /etc/apt/sources.list.d/kubernetes.list   # helps tools such as command-not-found to work correctly
-        apt-get update --allow-insecure-repositories
-      args:
-        executable: /bin/bash
-      register: _result
-      changed_when: "_result.rc == 0"
+    - name: Update packages
+      ansible.builtin.command: apt update
 
     - name: Install resolvconf
       ansible.builtin.package:
@@ -223,6 +212,59 @@
       register: _result
       changed_when: "_result.rc == 0"
 
+    - name: Enable kernel modules and IP forward
+      ansible.builtin.shell: |
+        modprobe br_netfilter
+        echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
+        #modprobe overlay
+        #echo overlay > /etc/modules-load.d/overlay.conf
+        sysctl -w net.ipv4.ip_forward=1
+        #sysctl -w net.bridge.bridge-nf-call-iptables=1
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Add kubernetes repo for latest kubectl (Ubuntu)
+      ansible.builtin.shell: |
+        set -eo pipefail
+        export DEBIAN_FRONTEND=noninteractive
+        apt-get install -y apt-transport-https ca-certificates curl gpg
+        mkdir -p /etc/apt/keyrings
+        curl -fsSL https://pkgs.k8s.io/core:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+        echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+        curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
+        echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/deb/ /" | tee /etc/apt/sources.list.d/cri-o.list
+        apt-get update
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Install requirements
+      ansible.builtin.shell: |
+        apt-get install -y cri-o={{ kubeinit_k8s_kubernetes_version }}.* kubelet={{ kubeinit_k8s_kubernetes_version }}.* kubeadm={{ kubeinit_k8s_kubernetes_version }}.* kubectl={{ kubeinit_k8s_kubernetes_version }}.*
+        apt-mark hold cri-o kubelet kubeadm kubectl
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Enable/start/status cri-o
+      ansible.builtin.shell: |
+        systemctl enable crio
+        systemctl start crio
+        systemctl status crio
+      args:
+        executable: /bin/bash
+      register: _result
+      changed_when: "_result.rc == 0"
+
+    - name: Enable kubelet
+      ansible.builtin.systemd:
+        name: kubelet
+        enabled: yes
+
     - name: Update packages
       ansible.builtin.package:
         name: "*"