Merge pull request #1772 from piny940/ansible-k8s

ansibleでk8s関連ツールをインストールできるようにする

.github/actions/ansible-deploy/action.yaml

@@ -21,7 +21,6 @@ runs:
     - uses: actions/setup-python@v5
       with:
         python-version: '3.13'
-        cache: 'pip'
     - name: Install Ansible
       run: pip install -r ansible/requirements.txt
       shell: bash
@@ -41,8 +40,8 @@ runs:
         echo "${{ inputs.ssh_private_key }}" > ~/.ssh/ed25519
         chmod 600 ~/.ssh/ed25519
         cat <<EOF > ~/.ssh/config
-        Host *
-          ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h.piny940.com
+        Host cherry
+          ProxyCommand /usr/local/bin/cloudflared access ssh --hostname cherry.piny940.com
           IdentityFile ~/.ssh/ed25519
           StrictHostKeyChecking no
           Port 53823

ansible/home-cluster/.ansible-lint.yaml

@@ -1,3 +1,4 @@
+---
 extra_vars:
   cherry:
     ansible_become_password: password

ansible/home-cluster/cluster.yaml

@@ -3,6 +3,11 @@
   hosts: master_node
   become: true
   roles:
-    - containerd
+    - { role: containerd, tags: containerd }
+    - { role: pre_install, tags: pre_install }
+    - { role: helm, tags: helm }
+    - { role: kubeadm, tags: kubeadm }
+    - { role: cli, tags: cli }
   vars_files:
     - vars/hosts.yaml
+    - vars/kubernetes.yaml

ansible/home-cluster/roles/cli/tasks/flux.yaml

@@ -0,0 +1,15 @@
+---
+- name: Make sure the directory exists
+  ansible.builtin.file:
+    path: /tmp/flux
+    state: directory
+    mode: "0755"
+- name: Download flux install script
+  ansible.builtin.get_url:
+    url: https://fluxcd.io/install.sh
+    dest: /tmp/flux/flux-install.sh
+    mode: "0755"
+- name: Run flux install script
+  ansible.builtin.command: /tmp/flux-install.sh
+  args:
+    creates: /usr/local/bin/flux

ansible/home-cluster/roles/cli/tasks/k9s.yaml

@@ -0,0 +1,15 @@
+---
+- name: Make sure directory exists
+  ansible.builtin.file:
+    path: /tmp/k9s
+    state: directory
+    mode: "0755"
+- name: Download k9s
+  ansible.builtin.get_url:
+    url: https://github.com/derailed/k9s/releases/download/v{{ k9s.version }}/k9s_linux_amd64.deb
+    dest: /tmp/k9s/k9s_linux_amd64_{{ k9s.version }}.deb
+    mode: "0644"
+- name: Install k9s
+  ansible.builtin.apt:
+    deb: /tmp/k9s/k9s_linux_amd64_{{ k9s.version }}.deb
+    state: present

ansible/home-cluster/roles/cli/tasks/main.yaml

@@ -0,0 +1,9 @@
+---
+- name: Install Flux CLI
+  ansible.builtin.include_tasks: flux.yaml
+- name: Install velero
+  ansible.builtin.include_tasks: velero.yaml
+- name: Install vault
+  ansible.builtin.include_tasks: vault.yaml
+- name: Install k9s
+  ansible.builtin.include_tasks: k9s.yaml

ansible/home-cluster/roles/cli/tasks/vault.yaml

@@ -0,0 +1,43 @@
+---
+- name: Apt update
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install required packages
+  ansible.builtin.apt:
+    name:
+      - gpg
+      - wget
+    state: present
+- name: Make sure directory exists
+  ansible.builtin.file:
+    path: /tmp/vault
+    state: directory
+    mode: "0755"
+- name: Download Vault GPG key
+  ansible.builtin.get_url:
+    url: https://apt.releases.hashicorp.com/gpg
+    dest: /tmp/vault/vault.gpg
+    mode: "0644"
+- name: Create keyrings directory if not exists
+  become: true
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
+- name: Convert Vault APT key to GPG key
+  ansible.builtin.command: gpg --dearmor -o /etc/apt/keyrings/vault.gpg /tmp/vault/vault.gpg
+  args:
+    creates: /etc/apt/keyrings/vault.gpg
+- name: Add apt repository
+  ansible.builtin.apt_repository:
+    repo: deb [signed-by=/etc/apt/keyrings/vault.gpg] https://apt.releases.hashicorp.com {{ ansible_facts['distribution_release'] }} main
+    state: present
+    filename: vault
+- name: Apt update
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install Vault
+  ansible.builtin.apt:
+    name:
+      - vault
+    state: present

ansible/home-cluster/roles/cli/tasks/velero.yaml

@@ -0,0 +1,21 @@
+---
+- name: Make sure the directory exists
+  ansible.builtin.file:
+    path: /tmp/velero
+    state: directory
+    mode: "0755"
+- name: Download Velero
+  ansible.builtin.get_url:
+    url: https://github.com/vmware-tanzu/velero/releases/download/v{{ velero.version }}/velero-v{{ velero.version }}-linux-amd64.tar.gz
+    dest: /tmp/velero/velero-v{{ velero.version }}-linux-amd64.tar.gz
+    mode: "0644"
+- name: Extract Velero
+  ansible.builtin.unarchive:
+    src: /tmp/velero/velero-v{{ velero.version }}-linux-amd64.tar.gz
+    dest: /tmp/velero
+    remote_src: true
+- name: Move Velero binary to /usr/local/bin
+  ansible.builtin.command:
+    cmd: mv /tmp/velero/velero-v{{ velero.version }}-linux-amd64/velero /usr/local/bin/
+  args:
+    creates: /usr/local/bin/velero

ansible/home-cluster/roles/containerd/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Add_containerd_repo
+  ansible.builtin.apt_repository:
+    repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_facts['distribution_release'] }} stable
+    state: present
+    filename: docker

ansible/home-cluster/roles/containerd/tasks/main.yaml

@@ -1,3 +1,50 @@
 ---
-- name: Install
-  ansible.builtin.import_tasks: ubuntu.yaml
+- name: Apt update
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install required packages
+  become: true
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - software-properties-common
+    state: present
+- name: Create keyrings directory if not exists
+  become: true
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
+- name: Add Docker GPG key
+  become: true
+  ansible.builtin.get_url:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    dest: /etc/apt/keyrings/docker.asc
+    mode: "0644"
+  notify: add_containerd_repo
+- name: Apt update
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install Containerd
+  become: true
+  ansible.builtin.apt:
+    name:
+      - containerd.io
+    state: present
+- name: Configure Containerd
+  become: true
+  ansible.builtin.template:
+    src: template/config.toml.j2
+    dest: /etc/containerd/config.toml
+    mode: "0644"
+    owner: root
+    group: root
+- name: Restart containerd
+  become: true
+  ansible.builtin.service:
+    name: containerd
+    state: restarted

ansible/home-cluster/roles/helm/tasks/main.yaml

@@ -0,0 +1,28 @@
+---
+- name: Make directory for helm
+  ansible.builtin.file:
+    path: /tmp/helm
+    state: directory
+    mode: "0755"
+- name: Download helm signing
+  ansible.builtin.get_url:
+    url: https://baltocdn.com/helm/signing.asc
+    dest: /tmp/helm/signing.asc
+    mode: "0644"
+- name: Helm gpg key
+  ansible.builtin.command: gpg --dearmor -o /etc/apt/keyrings/helm.gpg /tmp/helm/signing.asc
+  args:
+    creates: /etc/apt/keyrings/helm.gpg
+- name: Add Helm repository
+  ansible.builtin.apt_repository:
+    repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main
+    state: present
+    filename: helm
+- name: Apt update
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install Helm
+  ansible.builtin.apt:
+    name:
+      - helm
+    state: present

ansible/home-cluster/roles/kubeadm/handlers/main.yaml

@@ -0,0 +1,10 @@
+---
+- name: Generate_gpg_key
+  ansible.builtin.command: gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg /tmp/kubernetes/Release.key
+  args:
+    creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+- name: Add_kubernetes_repo
+  ansible.builtin.apt_repository:
+    repo: deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v{{ kubernetes.version }}/deb/ /
+    state: present
+    filename: kubernetes

ansible/home-cluster/roles/kubeadm/tasks/main.yaml

@@ -0,0 +1,51 @@
+---
+- name: Apt update
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install required packages
+  become: true
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gpg
+    state: present
+- name: Make sure the directory exists
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "0755"
+  loop:
+    - /tmp/kubernetes
+    - /etc/apt/keyrings
+- name: Add Kubernetes GPG key
+  ansible.builtin.get_url:
+    url: https://pkgs.k8s.io/core:/stable:/v{{ kubernetes.version }}/deb/Release.key
+    dest: /tmp/kubernetes/Release.key
+    mode: "0644"
+  notify:
+    - generate_gpg_key
+    - add_kubernetes_repo
+- name: Apt update
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+- name: Install Kubernetes packages
+  become: true
+  ansible.builtin.apt:
+    name:
+      - kubelet
+      - kubeadm
+      - kubectl
+    state: present
+- name: Hold kubernetes packages
+  become: true
+  ansible.builtin.dpkg_selections:
+    name: "{{ item }}"
+    selection: hold
+  loop:
+    - kubelet
+    - kubeadm
+    - kubectl

ansible/home-cluster/roles/pre_install/tasks/flannel.yaml

@@ -0,0 +1,15 @@
+---
+- name: Configure br_netfilter
+  become: true
+  community.general.modprobe:
+    name: br_netfilter
+    persistent: present
+    state: present
+- name: Configure sysctl
+  ansible.posix.sysctl:
+    name: "{{ item }}"
+    value: "1"
+    state: present
+  loop:
+    - net.bridge.bridge-nf-call-iptables
+    - net.bridge.bridge-nf-call-ip6tables