first_commit

ansible/install_cni.yaml

@@ -0,0 +1,14 @@
+- name: Install Kubernetes CNI
+  hosts: k8s_control_plane
+  become: true
+  tasks:
+    - name: Download Calico manifest
+      get_url:
+        url: https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/calico.yaml
+        dest: /tmp/calico.yaml
+        mode: '0644'
+
+    - name: Apply Calico CNI plugin
+      shell: kubectl apply -f /tmp/calico.yaml
+      environment:
+        KUBECONFIG: /etc/kubernetes/admin.conf

ansible/inventory.ini

@@ -0,0 +1,10 @@
+[k8s_control_plane]
+k3s-1
+
+[k8s_nodes]
+k3s-2
+k3s-3
+
+[all:vars]
+ansible_user=kevin
+ansible_ssh_private_key_file=~/.ssh/id_rsa

ansible/k8s-init.yaml

@@ -0,0 +1,42 @@
+- name: Initialize Kubernetes Control Plane
+  hosts: k8s_control_plane
+  become: true
+  vars:
+    pod_network_cidr: "192.168.0.0/16"
+    apiserver_advertise_address: "10.50.3.21"
+    cri_socket: "unix:///run/containerd/containerd.sock"
+    kubeconfig_src: "/etc/kubernetes/admin.conf"
+    kubeconfig_dest: "/home/{{ ansible_user }}/.kube/config"
+
+## Crea la directory .kube nella home dell'utente
+
+  tasks:
+    - name: Ensure .kube directory exists
+      file:
+        path: "/home/{{ ansible_user }}/.kube"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0755'
+
+## Crea il cluster con i parametri indicati sopra
+
+    - name: Run kubeadm init
+      command: >
+        kubeadm init
+        --pod-network-cidr={{ pod_network_cidr }}
+        --apiserver-advertise-address={{ apiserver_advertise_address }}
+        --cri-socket {{ cri_socket }}
+      args:
+        creates: /etc/kubernetes/pki/ca.crt
+
+## Copia la configurazione del cluster così da poter eseguire comandi kubectl dall'utente
+
+    - name: Copy admin.conf to user's kube config
+      copy:
+        src: "{{ kubeconfig_src }}"
+        dest: "{{ kubeconfig_dest }}"
+        remote_src: true
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: '0644'

ansible/k8s-install-deps.yaml

@@ -0,0 +1,113 @@
+- name: Install Kubernetes packages
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Ensure apt cache is updated
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
+
+    - name: Install required packages
+      apt:
+        name:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - gpg
+          - containerd
+        state: present
+
+## Questo non è nella documentazione! bisogna generare il file di configurazione di containerd
+## ed scriverlo nella directory apposita, altrimenti usa un suo default che non va bene
+
+    - name: Ensure containerd config directory exists
+      file:
+        path: /etc/containerd
+        state: directory
+        mode: '0755'
+
+    - name: Generate default containerd config if missing
+      command: containerd config default
+      register: containerd_config
+      when: not lookup('file', '/etc/containerd/config.toml', errors='ignore')
+      changed_when: false
+
+    - name: Write default containerd config
+      copy:
+        content: "{{ containerd_config.stdout }}"
+        dest: /etc/containerd/config.toml
+      when: containerd_config is defined
+
+    - name: Set SystemdCgroup = true in containerd config
+      replace:
+        path: /etc/containerd/config.toml
+        regexp: '^(\s*SystemdCgroup\s*=\s*)false'
+        replace: '\1true'
+
+    - name: Restart containerd
+      systemd:
+        name: containerd
+        state: restarted
+        enabled: yes
+
+## Importantissimo per la gestione interna della network
+
+    - name: Enable IPv4 forwarding at runtime
+      sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        state: present
+        reload: yes
+        sysctl_set: yes
+
+## Installa kubectl, kubeadm e kubelet dal repo ufficiale kubernetes
+
+    - name: Create /etc/apt/keyrings directory
+      file:
+        path: /etc/apt/keyrings
+        state: directory
+        mode: '0755'
+
+    - name: Download and save the Kubernetes APT key
+      ansible.builtin.shell: |
+        curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+      args:
+        creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+
+    - name: Add Kubernetes APT repository
+      copy:
+        dest: /etc/apt/sources.list.d/kubernetes.list
+        content: |
+          deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /
+
+    - name: Update apt cache after adding Kubernetes repo
+      apt:
+        update_cache: yes
+
+    - name: Install Kubernetes components
+      apt:
+        name:
+          - kubelet
+          - kubeadm
+          - kubectl
+        state: present
+
+## Ferma i pacchetti ad una specifica versione
+
+    - name: Hold Kubernetes packages
+      ansible.builtin.shell: apt-mark hold kubelet kubeadm kubectl
+
+    - name: Enable and start containerd
+      systemd:
+        name: containerd
+        enabled: true
+        state: started
+
+## Abilita il servizio di kubelet
+
+    - name: Enable and start kubelet
+      systemd:
+        name: kubelet
+        enabled: true
+        state: started

ansible/master-k8s.yaml

@@ -0,0 +1,4 @@
+# master-k8s.yaml
+- import_playbook: k8s-install-deps.yaml
+- import_playbook: k8s-init.yaml
+- import_playbook: install_cni.yaml

manifests/longhorn/longhorn-ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: longhorn-system
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  rules:
+    - host: longhorn.nixit.it
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: longhorn-frontend
+              port:
+                number: 80

manifests/traefik/traefik-values.yaml

@@ -0,0 +1,7 @@
+ports:
+  web:
+    redirections:
+      entryPoint:
+        to: websecure
+        scheme: https
+        permanent: true