Initial refactor for new k8s version

Author: garutilorenzo

README.md

@@ -7,7 +7,7 @@
 
 This ansible role will install and configure a high available Kubernetes cluster. This repo automate the installation process of Kubernetes using [kubeadm](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/).
 
-This repo is only a example on how to use Ansible automation to install and configure a Kubernetes cluster. For a production environment use [Kubespray](https://kubernetes.io/docs/setup/production-environment/tools/kubespray/)
+This repo is only a example on how to use Ansible automation to install and configure a Kubernetes cluster. For a production environment use [Kubespray](https://kubespray.io)
 
 ## Requirements
 

defaults/main.yml

@@ -2,7 +2,7 @@
 
 disable_firewall: no
 
-kubernetes_version: 1.27.3
+kubernetes_version: 1.31.4
 kubernetes_cri: containerd
 kubernetes_cni: flannel
 kubernetes_dns_domain: cluster.local
@@ -15,7 +15,7 @@ kubernetes_subnet: 192.168.25.0/24
 setup_vip: no
 kubernetes_vip_ip: 192.168.25.225
 
-kubevip_version: v0.6.0
+kubevip_version: v0.8.7
 
 install_longhorn: no
 longhorn_version: v1.4.3

tasks/init_cluster.yml

@@ -5,27 +5,28 @@
   ignore_errors: true
   register: cluster_exist
 
-- set_fact:
+- ansible.builtin.set_fact:
     kubernetes_init: "{% if kubernetes_init_host is defined and  kubernetes_init_host == inventory_hostname %}yes{% else %}no{% endif %}"
 
-- set_fact:
+- ansible.builtin.set_fact:
     kubernetes_ip_address: "{{ item }}"
-  when: "item | ansible.utils.ipaddr( kubernetes_subnet )"
+  when: 
+    - ansible_interfaces | length > 2
+    - kubernetes_vip_ip is defined
+    - "item | ansible.utils.ipaddr( kubernetes_subnet )"
   with_items: "{{ ansible_all_ipv4_addresses | difference([kubernetes_vip_ip]) }}"
 
-- set_fact:
+- ansible.builtin.set_fact:
+    kubernetes_ip_address: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+  when: 
+    - ansible_interfaces | length <= 2
+
+- ansible.builtin.set_fact:
     kubernetes_image_repository: "registry.k8s.io"
 
 - block:
-
-    - set_fact:
-        kubernetes_iface: "{{ hostvars[inventory_hostname]['ansible_' + item ]['device'] }}"
-      when: 
-        - hostvars[inventory_hostname]['ansible_' + item ].ipv4 is defined 
-        - hostvars[inventory_hostname]['ansible_' + item ]['ipv4']['address'] | ansible.utils.ipaddr( kubernetes_subnet )
-      with_items: "{{ ansible_interfaces }}"
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         apiserver_sans: "{{ (sans_base + [kubernetes_vip_ip] ) | unique }}"
 
     - name: render kubeadm-init.yml
@@ -39,7 +40,7 @@
         - setup_vip
         - inventory_hostname in groups['kubemaster']
 
-    - set_fact:
+    - ansible.builtin.set_fact:
         kubeadm_extra_args: "{% if groups['kubemaster'] | length > 1 %}--upload-certs{% else %}{% endif %}"
 
     - name: Init kubernetes cluster

tasks/install_cni.yml

@@ -1,5 +1,19 @@
 ---
 
+- ansible.builtin.set_fact:
+    kubernetes_iface: "{{ hostvars[inventory_hostname]['ansible_' + item ]['device'] }}"
+  when: 
+    - ansible_interfaces | length > 2
+    - kubernetes_vip_ip is defined
+    - hostvars[inventory_hostname]['ansible_' + item ].ipv4 is defined 
+    - hostvars[inventory_hostname]['ansible_' + item ]['ipv4']['address'] | ansible.utils.ipaddr( kubernetes_subnet )
+  with_items: "{{ ansible_interfaces }}"
+
+- ansible.builtin.set_fact:
+    kubernetes_iface: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['interface'] }}"
+  when: 
+    - ansible_interfaces | length <= 2
+
 - block:
     - name: Download kube-flannel.yml
       ansible.builtin.get_url:

tasks/install_cri.yml

@@ -23,8 +23,7 @@
 
     - name: Render containerd default config
       ansible.builtin.shell: containerd config default > /etc/containerd/config.toml
-      when: 
-        - containerd_config.found
+      when: containerd_config.found
 
     - name: enable SystemdCgroup for containerd
       ansible.builtin.replace:
@@ -34,6 +33,36 @@
       notify:
         - reload containerd
 
+    - name: Update the [grpc] block in /etc/containerd/config.toml
+      ansible.builtin.blockinfile:
+        path: /etc/containerd/config.toml
+        marker: "{mark}"
+        block: |2
+            address = "{{ cri_socket_paths[kubernetes_cri] }}"
+            gid = 0
+            max_recv_message_size = 16777216
+            max_send_message_size = 16777216
+            tcp_address = ""
+            tcp_tls_ca = ""
+            tcp_tls_cert = ""
+            tcp_tls_key = ""
+            uid = 0
+        marker_begin: "[grpc]"
+        marker_end: "[metrics]"
+      notify:
+        - reload containerd
+
+    - name: Update sandbox_image in /etc/containerd/config.toml
+      ansible.builtin.lineinfile:
+        path: /etc/containerd/config.toml
+        regexp: '^\s*sandbox_image\s*=.*'
+        line: '    sandbox_image = "registry.k8s.io/pause:3.10"'
+        
+    - name: render crictl.yaml
+      ansible.builtin.template:
+        src: crictl.yaml.j2
+        dest: /etc/crictl.yaml
+    
     - name: start and enable containerd
       ansible.builtin.systemd:
         name: containerd

tasks/join_cluster.yml

@@ -5,12 +5,12 @@
     path: /var/lib/kubelet
   register: kubelet_dir
 
-- set_fact:
+- ansible.builtin.set_fact:
     kubernetes_ip_address: "{{ item }}"
   when: "item | ansible.utils.ipaddr( kubernetes_subnet )"
   with_items: "{{ ansible_all_ipv4_addresses | difference([kubernetes_vip_ip]) }}"
 
-- set_fact:
+- ansible.builtin.set_fact:
     api_server_endpoint: "{% if groups['kubemaster'] | length > 1 %}{{ kubernetes_vip_ip }}{% else %}{{ hostvars[groups['kubemaster'][0]]['kubernetes_ip_address'] }}{% endif %}"
 
 - name: "wait for kubeapi server"
@@ -62,12 +62,12 @@
   changed_when: false
 
 - name: Set kubeadm_token to generated token
-  set_fact:
+  ansible.builtin.set_fact:
     kubeadm_token: "{{ temp_token.stdout }}"
   when: kubeadm_token is not defined
 
 - name: Set kubeadm_cert to generated cert
-  set_fact:
+  ansible.builtin.set_fact:
     kubeadm_cert: "{{ temp_cert.stdout }}"
   when: kubeadm_cert is not defined
 

tasks/setup_repo_Debian.yml

@@ -1,5 +1,8 @@
 ---
 
+- ansible.builtin.set_fact:
+    kubernetes_major: "{{ kubernetes_version | regex_replace('^([0-9]+\\.[0-9]+)\\..*', '\\1') }}"
+
 - name: Install required system packages
   ansible.builtin.apt: 
     name: 
@@ -11,16 +14,23 @@
     update_cache: yes 
     force_apt_get: yes
 
-- name: Add Google GPG apt Key
-  ansible.builtin.apt_key:
-    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-    state: present
+- name: Create /etc/apt/keyrings/ directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings/
+    state: directory
+    mode: '0755'
+
+- name: Add K8s Repository key
+  ansible.builtin.get_url:
+    url:  https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_major }}/deb/Release.key
+    dest: /etc/apt/keyrings/kubernetes-apt-keyring.key
 
 - name: Add K8s Repository
-  ansible.builtin.apt_repository:
-    repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
-    state: present
-  ignore_errors: "{{ ansible_check_mode }}"
+  ansible.builtin.lineinfile:
+    path: /etc/apt/sources.list.d/kubernetes.list
+    regexp: '^deb'
+    line: deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.key] https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_major }}/deb/ /
+    create: yes
 
 - name: Add Docker GPG apt Key
   ansible.builtin.apt_key:

tasks/setup_repo_RedHat.yml

@@ -1,5 +1,8 @@
 ---
 
+- ansible.builtin.set_fact:
+    kubernetes_major: "{{ kubernetes_version | regex_replace('^([0-9]+\\.[0-9]+)\\..*', '\\1') }}"
+
 - name: Install required system packages
   ansible.builtin.dnf: 
     name: 
@@ -25,9 +28,8 @@
     block: |
       [kubernetes]
       name=Kubernetes
-      baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ uname_m.stdout }}
+      baseurl=https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_major }}/rpm/
       enabled=1
       gpgcheck=1
-      repo_gpgcheck=1
-      gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
-      exclude=kubelet kubeadm kubectl
+      gpgkey=https://pkgs.k8s.io/core:/stable:/v{{ kubernetes_major }}/rpm/repodata/repomd.xml.key
+      exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni

tasks/setup_vip.yml

@@ -1,20 +1,41 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
+    kubernetes_init: "{% if kubernetes_init_host is defined and  kubernetes_init_host == inventory_hostname %}yes{% else %}no{% endif %}"
+
+- ansible.builtin.set_fact:
     kubernetes_iface: "{{ hostvars[inventory_hostname]['ansible_' + item ]['device'] }}"
   when: 
+    - ansible_interfaces | length > 2
+    - kubernetes_vip_ip is defined
     - hostvars[inventory_hostname]['ansible_' + item ].ipv4 is defined 
     - hostvars[inventory_hostname]['ansible_' + item ]['ipv4']['address'] | ansible.utils.ipaddr( kubernetes_subnet )
   with_items: "{{ ansible_interfaces }}"
 
+- ansible.builtin.set_fact:
+    kubernetes_iface: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['interface'] }}"
+  when: 
+    - ansible_interfaces | length <= 2
+
 - name: Create /etc/kubernetes/manifests/ directory
   ansible.builtin.file: 
     name: /etc/kubernetes/manifests/
     state: directory
 
+- name: render kube-vip.yml
+  ansible.builtin.template:
+    src: kube-vip-init.yml.j2
+    dest: /etc/kubernetes/manifests/kube-vip.yaml
+  when:
+    - kubernetes_init
+  notify:
+    - wait kube-vip
+
 - name: render kube-vip.yml
   ansible.builtin.template:
     src: kube-vip.yml.j2
     dest: /etc/kubernetes/manifests/kube-vip.yaml
+  when:
+    - not kubernetes_init
   notify:
     - wait kube-vip

templates/crictl.yaml.j2

@@ -0,0 +1,3 @@
+---
+runtime-endpoint: "unix://{{ cri_socket_paths[kubernetes_cri] }}"
+image-endpoint: "unix://{{ cri_socket_paths[kubernetes_cri] }}"