playbook.yml

- hosts: all
  become: true
  tasks:
    - name: Assign inventory name to hostname
      hostname:
        name: "{{ inventory_hostname }}"

    - name: Disable SELinux at boot (RedHat)
      selinux:
        state: disabled
      when: ansible_os_family == 'RedHat'

    - name: Stop SELinux (RedHat)
      command: setenforce 0
      when: ansible_os_family == 'RedHat'

    - name: Get list of services
      service_facts:

    - name: Stop firewalld and disable it at boot
      systemd:
        name: firewalld
        state: stopped
        enabled: no
      when:
        - "'firewalld.service' in ansible_facts.services"
        - ansible_facts.services['firewalld.service'].status != 'not-found'

    - name: Stop swap
      command: swapoff -a

    - name: Disable swap at boot
      replace:
        path: /etc/fstab
        regexp: ^([^#].*\sswap\s.*)$
        replace: '# \1'

    - name: Disable swap.target (Debian)
      systemd:
        name: swap.target
        masked: true
      when: ansible_os_family == 'Debian'

    - name: Enable required kernel modules at boot
      lineinfile:
        path: /etc/modules-load.d/containerd.conf
        line: "{{ item }}"
        create: true
      loop:
        - overlay
        - br_netfilter

    - name: Load required kernel modules
      modprobe:
        name: "{{ item }}"
      loop:
        - overlay
        - br_netfilter

    - name: Setup required sysctl params
      sysctl:
        name: "{{ item.name }}"
        value: "{{ item.value }}"
      loop:
        - name: net.bridge.bridge-nf-call-iptables
          value: "1"
        - name: net.bridge.bridge-nf-call-ip6tables
          value: "1"
        - name: net.ipv4.ip_forward
          value: "1"

    - name: Add Docker repository (RedHat)
      get_url:
        url: https://download.docker.com/linux/centos/docker-ce.repo
        dest: /etc/yum.repos.d/docker-ce.repo
      when: ansible_os_family == 'RedHat'

    - name: Install curl (Debian)
      apt:
        name: curl
        update_cache: true
      when: ansible_os_family == 'Debian'

    - name: Create APT keyrings directory
      file:
        path: /etc/apt/keyrings
        state: directory

    - name: Add Docker repository (Debian)
      shell: |
        set -euxo pipefail
        curl -fsSL https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg -o /etc/apt/keyrings/docker.asc
        echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
      args:
        executable: /bin/bash
      when: ansible_os_family == 'Debian'

    - name: Install containerd (RedHat)
      yum:
        name: containerd.io
      when: ansible_os_family == 'RedHat'

    - name: Install containerd (Debian)
      apt:
        name: containerd.io
        update_cache: true
      when: ansible_os_family == 'Debian'

    - name: Get containerd default config
      command: containerd config default
      register: get_containerd_default_config

    - name: Set containerd config
      copy:
        content: "{{ get_containerd_default_config.stdout }}"
        dest: /etc/containerd/config.toml

    - name: Set containerd cgroup driver to systemd
      replace:
        path: /etc/containerd/config.toml
        regexp: SystemdCgroup = false
        replace: SystemdCgroup = true

    - name: Restart containerd
      systemd:
        name: containerd
        state: restarted

    - name: Start containerd and enable it at boot
      systemd:
        name: containerd
        state: started
        enabled: true

    - name: Set Kubernetes version
      set_fact:
        kubernetes_version: "{{ kubernetes_version | default('v1.31') }}"

    - name: Add Kubernetes repository (RedHat)
      copy:
        content: |
          [kubernetes]
          name=Kubernetes
          baseurl=https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/rpm/
          enabled=1
          gpgcheck=1
          gpgkey=https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/rpm/repodata/repomd.xml.key
          exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
        dest: /etc/yum.repos.d/kubernetes.repo
      when: ansible_os_family == 'RedHat'

    - name: Install gpg (Debian)
      apt:
        name: gpg
        update_cache: true
      when: ansible_os_family == 'Debian'

    - name: Add Kubernetes repository (Debian)
      shell: |
        set -euxo pipefail
        curl -fsSL https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg --yes
        echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/{{ kubernetes_version }}/deb/ /' > /etc/apt/sources.list.d/kubernetes.list
      args:
        executable: /bin/bash
      when: ansible_os_family == 'Debian'

    - name: Install Kubernetes packages (RedHat)
      yum:
        name:
          - kubelet
          - kubeadm
          - kubectl
        disable_excludes: kubernetes
      when: ansible_os_family == 'RedHat'

    - name: Install Kubernetes packages (Debian)
      apt:
        name:
          - kubelet
          - kubeadm
          - kubectl
        update_cache: true
      when: ansible_os_family == 'Debian'

    - name: Start kubelet and enable it at boot
      systemd:
        name: kubelet
        state: started
        enabled: true

    - name: Initialize Kubernetes master node
      command:
        cmd: kubeadm init {{ kubernetes_kubeadm_init_extra_args | default('') }}
        creates: /etc/kubernetes/admin.conf
      when: kubernetes_role == 'master'

    - name: Fetch kubeconfig
      fetch:
        src: /etc/kubernetes/admin.conf
        dest: kubeconfig
        flat: true
      when: kubernetes_role == 'master'

    - name: Create kubeconfig directory
      file:
        path: ~/.kube
        state: directory
      become: false
      when: kubernetes_role == 'master'

    - name: Get kubeconfig
      slurp:
        src: /etc/kubernetes/admin.conf
      register: get_kubeconfig
      when: kubernetes_role == 'master'

    - name: Copy kubeconfig
      copy:
        content: "{{ get_kubeconfig.content | b64decode }}"
        dest: ~/.kube/config
        mode: 0600
      become: false
      when: kubernetes_role == 'master'

    - name: Allow pods on master node
      command: kubectl taint nodes --all node-role.kubernetes.io/"{{ item }}"-
      loop:
        - master
        - control-plane
      become: false
      when: kubernetes_role == 'master'
      failed_when: false

    - name: Get kubeadm join command
      command: kubeadm token create --print-join-command
      when: kubernetes_role == 'master'
      register: get_kubeadm_join_command

    - name: Set kubeadm join command globally
      set_fact:
        kubernetes_join_command: "{{ get_kubeadm_join_command.stdout }}"
      when: get_kubeadm_join_command.stdout is defined
      delegate_to: "{{ item }}"
      delegate_facts: true
      with_items: "{{ groups['all'] }}"

    - name: Join Kubernetes node
      command:
        cmd: "{{ kubernetes_join_command }}"
        creates: /etc/kubernetes/kubelet.conf
      when: kubernetes_role == 'node'

    - name: Install NFS, iSCSI & NVMe utils (RedHat)
      yum:
        name:
          - nfs-utils
          - iscsi-initiator-utils
          - nvme-cli
      when: ansible_os_family == 'RedHat'

    - name: Install NFS, iSCSI & NVMe utils (Debian)
      apt:
        name:
          - nfs-common
          - open-iscsi
          - nvme-cli
        update_cache: true
      when: ansible_os_family == 'Debian'

    - name: Load NVMe TCP kernel module
      modprobe:
        name: nvme_tcp
        state: present
        persistent: present

    - name: Load NVMe RDMA kernel module
      modprobe:
        name: nvme_rdma
        state: present
        persistent: present