Kubernetes - preparare cluster Fedora cu Ansible

Postat la Sun 20 July 2025 in tutoriale

Am decis sa scriu un articol actualizat despre pregatirea unui cluster Kubernetes folosind Ansible.

Pe fiecare nod din cluser am instalat Fedora Server 42 si am adaugat cheia SSH la userul root

Creem o lista cu hosturi: hosts:

[master]
kube-master.lxd

[worker]
kube-node1.lxd
kube-node2.lxd
kube-node3.lxd

[all:vars]
ansible_user = root

Kubernetes necesita cateva module de kernel care sa fie activate. Pregatim un fisier in files/modules-k8s.conf:

overlay
br_netfilter

Vom avea si cateva setari de sysctl cruciale pentru buna functionare a retelei in Kubernetes cu un plugin CNI (Container Network Interface). Ele permit implementarea de politici de firewall, NAT și rutare, care sunt necesare pentru a conecta containerele între ele și către lumea exterioară. Pregatim un fisier in files/sysctl-k8s.conf:

net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1

Intern Kubernetes ruleaza un serviciu DNS esential prin care podurile se descopera si comunică intre ele. De acceea servciul default folosit de Fedora - systemd-resolved - trebuie sa nu asculte pe portul 53 al fiecarul node. Pentru a deactiva aceast lucru pregatim un fisier files/stub-listener.conf

[Resolve]
DNSStubListener=no

Fedora include pachetele necesare: - kubeadm - kubelet - kubectl

Playbook-un cu pasii necesari il regasiti mai jos:

---
- name: Install and configure Kubernetes prerequisites
  hosts: all
  become: yes

  tasks:
      - name: Stop and disable cockpit.socket
      ansible.builtin.systemd:
          name: cockpit.socket
          state: stopped
          enabled: no

      - name: Stop and disable firewalld
      ansible.builtin.systemd:
          name: firewalld
          state: stopped
          enabled: no

      # - name: Stop zram service
      #   ansible.builtin.service:
      #     name: swap-create@zram0
      #     state: stopped

      - name: remove zram
      ansible.rootbuiltin.dnf:
          name: zram-generator-defaults
          state: absent

      - name: Ensure SELinux is set to disabled in /etc/selinux/config
      ansible.builtin.lineinfile:
          path: /etc/selinux/config
          regexp: '^SELINUX='
          line: 'SELINUX=disabled'
          state: present

      - name: copy files/modules-k8s.conf
      ansible.builtin.copy:
          src: modules-k8s.conf
          dest: /etc/modules-load.d/k8s.conf
          owner: root
          group: root
          mode: '0644'

      - name: copy files/sysctl-k8s.conf
      ansible.builtin.copy:
          src: sysctl-k8s.conf
          dest: /etc/sysctl.d/k8s.conf
          owner: root
          group: root
          mode: '0644'

      - name: install kubernetes packages
      ansible.builtin.dnf:
          name:
          - iptables
          - iproute-tc
          - kubernetes1.33
          - kubernetes1.33-kubeadm
          - kubernetes1.33-client
          state: latest

      - name: fix coredns issue
      ansible.builtin.file:
          name: /etc/systemd/resolved.conf.d/
          state: directory
          mode: '0755'
          owner: root
          group: root

      - name: copy file stub-listener.conf
      ansible.builtin.copy:
          src: stub-listener.conf
          dest: /etc/systemd/resolved.conf.d/stub-listener.conf
          owner: root
          group: root
          mode: '0644'

Instalarea este simpla:

ansible-playbook -i ./hosts prepare-k8s.yml

Dupa care putem trece la configurarea clusterului de Kubernetes.

tutoriale ansible kubernetes k8s