🍣

kubeadm で Kubernetes 1.26 クラスターを作るための下準備を Ansible でまとめてみた

2023/01/06に公開

Kubernetes クラスターを組む上で必要になる下ごしらえ的な作業を Ansible タスクにまとめてみました。

前提となる環境

2023/01/06時点の以下の環境で動作確認をしています。

  • OS : Ubuntu Server 22.10
  • kubeadm : 1.26.0
  • CRI : containerd 1.6.4

なお kubeadm 1.26 以降では containerd 1.5 系までの CRI API サポートが外されているので、Ubuntu 22.04 LTS では kubeadm による構成に失敗します。

Task

大筋は Ubuntu 22.04 に Kubernetes をインストールして自宅クラウド を参考にしています。
Dual stack に対応するために sysctl.conf では IPv4/IPv6 の両方のフォワーディングを ON にしてます。

tasks/main.yaml
- name: Add kernel modules
  community.general.modprobe:
    name: "{{ item }}"
  with_items:
    - overlay
    - br_netfilter

- name: Change sysctl values
  sysctl:
    sysctl_file: /etc/sysctl.d/k8s.conf
    name: "{{ item.name }}"
    value: "{{ item.value }}"
  with_items:
    - {name: "net.bridge.bridge-nf-call-iptables", value: "1"}
    - {name: "net.bridge.bridge-nf-call-ip6tables", value: "1"}
    - {name: "net.ipv4.ip_forward", value: "1"}
    - {name: "net.ipv6.conf.all.forwarding", value: "1"}
    - {name: "net.ipv6.conf.default.forwarding", value: "1"}
    - {name: "fs.inotify.max_user_instances", value: "100000"}
    - {name: "fs.inotify.max_user_watches", value: "100000"}

- name: Install Packages
  package:
    name:
      - apt-transport-https
      - ca-certificates
      - curl

- name: Install Docker public signing key
  shell: curl -sSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor --yes -o /usr/share/keyrings/docker-archive-keyring.gpg

- name: Add the Docker apt repository
  lineinfile:
    path: /etc/apt/sources.list.d/docker.list
    line: deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable
    create: yes

- name: Install Google Cloud public signing key
  get_url:
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
    mode: "0644"

- name: Add the Kubernetes apt repository
  lineinfile:
    path: /etc/apt/sources.list.d/kubernetes.list
    line: deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
    create: yes

- name: Install Helm public signing key
  shell: curl https://baltocdn.com/helm/signing.asc | gpg --dearmor --yes -o /usr/share/keyrings/helm.gpg

- name: Add the Helm apt repository
  lineinfile:
    path: /etc/apt/sources.list.d/helm-stable-debian.list
    line: deb [signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main
    create: yes

- name: Install containerd Kubernetes Packages
  apt:
    pkg:
      - docker.io
      - containerd
      - kubelet
      - kubeadm
      - kubectl
      - helm
    update_cache: yes

- name: Hold Kubernetes Packages
  dpkg_selections:
    name: "{{item}}"
    selection: hold
  with_items:
    - kubelet
    - kubeadm
    - kubectl

- name: Create containerd config directory
  file:
    path: /etc/containerd
    state: directory
    mode: "0755"

- name: Create containerd config file
  shell: containerd config default > /etc/containerd/config.toml

- name: Setting crictl endpoint
  shell: crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock --set image-endpoint=unix:///run/containerd/containerd.sock

- name: Enable systemd cgroup
  lineinfile:
    path: /etc/containerd/config.toml
    regexp: "{{item.regexp}}"
    line: "{{item.line}}"
    insertafter: "{{item.insertafter}}"
  with_items:
    - regexp: "            SystemdCgroup = false"
      line: "            SystemdCgroup = true"
      insertafter: 'plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options'
  notify:
    - Restart containerd

- name: Join docker group
  user:
    name: "{{ ansible_env.SUDO_USER }}"
    groups: docker
    append: yes

Handler

handlers/main.yaml
- name: Restart containerd
  become: true
  systemd:
    name: containerd.service
    state: restarted

続き

IPv4/IPv6 Dual stack な Kubernetes クラスターを kubeadm で作った に書いています。

Discussion