🍣
kubeadm で Kubernetes 1.26 クラスターを作るための下準備を Ansible でまとめてみた
Kubernetes クラスターを組む上で必要になる下ごしらえ的な作業を Ansible タスクにまとめてみました。
前提となる環境
2023/01/06時点の以下の環境で動作確認をしています。
- OS : Ubuntu Server 22.10
- kubeadm : 1.26.0
- CRI : containerd 1.6.4
なお kubeadm 1.26 以降では containerd 1.5 系までの CRI API サポートが外されているので、Ubuntu 22.04 LTS では kubeadm による構成に失敗します。
- 最近の kubeadm 1.26 だと containerd 1.6 以上を要求されるけども、Ubuntu 22.04 LTS には containerd 1.59 しかないので落ちてるっぽい。(CRI APIが対応しないエラーが出ている)
- Upgrading control plane to 1.26 kubelet restart unknown service runtime.v1.RuntimeService
- failed to run Kubelet: validate service connection: CRI v1 runtime API is not implemented for endpoint
Task
大筋は Ubuntu 22.04 に Kubernetes をインストールして自宅クラウド を参考にしています。
Dual stack に対応するために sysctl.conf では IPv4/IPv6 の両方のフォワーディングを ON にしてます。
tasks/main.yaml
- name: Add kernel modules
community.general.modprobe:
name: "{{ item }}"
with_items:
- overlay
- br_netfilter
- name: Change sysctl values
sysctl:
sysctl_file: /etc/sysctl.d/k8s.conf
name: "{{ item.name }}"
value: "{{ item.value }}"
with_items:
- {name: "net.bridge.bridge-nf-call-iptables", value: "1"}
- {name: "net.bridge.bridge-nf-call-ip6tables", value: "1"}
- {name: "net.ipv4.ip_forward", value: "1"}
- {name: "net.ipv6.conf.all.forwarding", value: "1"}
- {name: "net.ipv6.conf.default.forwarding", value: "1"}
- {name: "fs.inotify.max_user_instances", value: "100000"}
- {name: "fs.inotify.max_user_watches", value: "100000"}
- name: Install Packages
package:
name:
- apt-transport-https
- ca-certificates
- curl
- name: Install Docker public signing key
shell: curl -sSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor --yes -o /usr/share/keyrings/docker-archive-keyring.gpg
- name: Add the Docker apt repository
lineinfile:
path: /etc/apt/sources.list.d/docker.list
line: deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable
create: yes
- name: Install Google Cloud public signing key
get_url:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
mode: "0644"
- name: Add the Kubernetes apt repository
lineinfile:
path: /etc/apt/sources.list.d/kubernetes.list
line: deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
create: yes
- name: Install Helm public signing key
shell: curl https://baltocdn.com/helm/signing.asc | gpg --dearmor --yes -o /usr/share/keyrings/helm.gpg
- name: Add the Helm apt repository
lineinfile:
path: /etc/apt/sources.list.d/helm-stable-debian.list
line: deb [signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main
create: yes
- name: Install containerd Kubernetes Packages
apt:
pkg:
- docker.io
- containerd
- kubelet
- kubeadm
- kubectl
- helm
update_cache: yes
- name: Hold Kubernetes Packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubeadm
- kubectl
- name: Create containerd config directory
file:
path: /etc/containerd
state: directory
mode: "0755"
- name: Create containerd config file
shell: containerd config default > /etc/containerd/config.toml
- name: Setting crictl endpoint
shell: crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock --set image-endpoint=unix:///run/containerd/containerd.sock
- name: Enable systemd cgroup
lineinfile:
path: /etc/containerd/config.toml
regexp: "{{item.regexp}}"
line: "{{item.line}}"
insertafter: "{{item.insertafter}}"
with_items:
- regexp: " SystemdCgroup = false"
line: " SystemdCgroup = true"
insertafter: 'plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options'
notify:
- Restart containerd
- name: Join docker group
user:
name: "{{ ansible_env.SUDO_USER }}"
groups: docker
append: yes
Handler
handlers/main.yaml
- name: Restart containerd
become: true
systemd:
name: containerd.service
state: restarted
続き
IPv4/IPv6 Dual stack な Kubernetes クラスターを kubeadm で作った に書いています。
Discussion