/
microk8s-install.yml
executable file
·130 lines (114 loc) · 3.65 KB
/
microk8s-install.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/env ansible-playbook
---
- name: Setup Canonical's MicroK8s
hosts: all
become: true
vars:
spec_acme_email: "{{ lookup('env', 'SPEC_ACME_EMAIL') }}"
tasks:
- name: Install snap
ansible.builtin.apt:
name: snapd=2.58+22.04.1
- name: Expose HTTP port
community.general.ufw:
rule: allow
port: 80
proto: tcp
comment: "Allow access to HTTP port"
- name: Expose HTTPS port
community.general.ufw:
rule: allow
port: 443
proto: tcp
comment: "Allow access to HTTPS port"
- name: Expose kubernetes API
community.general.ufw:
rule: allow
port: 16443
proto: tcp
comment: "Allow access to kubernetes API"
- name: Setup aliases (mark)
become: false
ansible.builtin.copy:
dest: /home/mark/.bash_aliases
content: |
alias ..='cd ..'
alias ...='cd ../..'
alias iddqd='sudo su -'
alias l='ls -lA'
mode: "0644"
- name: Setup aliases (root)
ansible.builtin.copy:
dest: /root/.bash_aliases
content: |
alias ..='cd ..'
alias ...='cd ../..'
alias l='ls -lA'
alias k='kubectl'
alias kgp='kubectl get pods'
alias ktoken='kubectl create token default'
mode: "0644"
- name: Install microk8s
community.general.snap:
name: microk8s
classic: true
channel: latest/stable
- name: Wait for microk8s to be ready
ansible.builtin.command: microk8s.status --wait-ready
changed_when: false
register: mk8sstatusout
failed_when:
- "'This MicroK8s deployment is acting as a node in a cluster.' not in mk8sstatusout.stdout_lines"
- mk8sstatusout.rc > 0
- name: Enable 'dashboard' addon
ansible.builtin.command: microk8s.enable dashboard
changed_when: false
register: mk8senableout
failed_when:
- mk8senableout.rc > 0
- name: Enable 'ingress' addon
ansible.builtin.command: microk8s.enable ingress
changed_when: false
register: mk8senableout
failed_when:
- mk8senableout.rc > 0
- name: Enable 'helm3' addon
ansible.builtin.command: microk8s.enable helm3
changed_when: false
register: mk8senableout
failed_when:
- mk8senableout.rc > 0
- name: Enable 'cert-manager' addon
ansible.builtin.command: microk8s.enable cert-manager
changed_when: false
register: mk8senableout
failed_when:
- mk8senableout.rc > 0
- name: Create kubectl alias
ansible.builtin.command: snap alias microk8s.kubectl kubectl
changed_when: false
- name: Create helm alias
ansible.builtin.command: snap alias microk8s.helm helm
changed_when: false
- name: Add jetstack Helm repo
ansible.builtin.command: microk8s helm3 repo add jetstack https://charts.jetstack.io
changed_when: false
register: mk8shelmout
failed_when:
- mk8shelmout.rc > 0
- name: Install cert-manager using Helm
kubernetes.core.helm:
name: cert-manager
namespace: cert-manager
chart_ref: jetstack/cert-manager
chart_version: v1.13.2
set_values:
- value: installCRDs=true
- value: ingressShim.defaultIssuerName=letsencrypt-production
- value: ingressShim.defaultIssuerKind=ClusterIssuer
- value: ingressShim.defaultIssuerGroup=cert-manager.io
state: present
update_repo_cache: true
- name: Create Let's Encrypt issuer
kubernetes.core.k8s:
src: resources/production-issuer.yaml