From: Peter Mikus <peter.mikus@icloud.com>
Date: Thu, 14 Aug 2025 09:01:33 +0000 (+0200)
Subject: feat(ansible): kubernetes
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=731fe331b65a0c5a5509a5ad212e562c3e91a073;p=csit.git

feat(ansible): kubernetes

Signed-off-by: Peter Mikus <peter.mikus@icloud.com>
Change-Id: Ibec09f25b52ef14c0483a53afbeff8aca38ab3ca
---

diff --git a/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml b/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml
new file mode 100644
index 0000000000..72c8ed0a72
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml
@@ -0,0 +1,62 @@
+---
+kubernetes_packages:
+  - name: "kubelet"
+    state: "present"
+  - name: "kubectl"
+    state: "present"
+  - name: "kubeadm"
+    state: "present"
+  - name: "kubernetes-cni"
+    state: "present"
+
+kubernetes_services:
+  - name: "kubelet"
+    state: "started"
+    enabled: true
+
+kubernetes_version: "1.33"
+
+kubernetes_apt_release_channel: "stable"
+kubernetes_apt_repository: "https://pkgs.k8s.io/core:/{{ kubernetes_apt_release_channel }}:/v{{ kubernetes_version }}/deb/"
+
+kubernetes_role: "control_plane"
+
+kubernetes_pod_network:
+  # Calico CNI.
+  cni: "calico"
+  cidr: "192.168.0.0/16"
+
+kubernetes_kubeadm_init_extra_opts: "--pod-network-cidr={{ kubernetes_pod_network.cidr }}"
+kubernetes_join_command_extra_opts: ""
+kubernetes_allow_pods_on_control_plane: true
+
+kubernetes_calico_resources:
+  - https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/tigera-operator.yaml
+  - https://raw.githubusercontent.com/projectcalico/calico/v3.30.2/manifests/operator-crds.yaml
+
+kubernetes_version_kubeadm: "stable-{{ kubernetes_version }}"
+kubernetes_ignore_preflight_errors: all
+
+kubernetes_kubeadm_kubelet_config_file_path: /etc/kubernetes/kubeadm-kubelet-config.yaml
+
+kubernetes_config_kubeadm_apiversion: v1beta4
+kubenetes_config_kubelet_apiversion: v1beta1
+kubernetes_config_kubeproxy_apiversion: v1alpha1
+
+kubernetes_config_kubelet_configuration:
+  cgroupDriver: "systemd"
+
+kubernetes_config_init_configuration:
+  localAPIEndpoint:
+    advertiseAddress: "{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}"
+# if you use the next lines, remove the command line argument below
+# nodeRegistration:
+#    ignorePreflightErrors:
+#      - all
+
+kubernetes_config_cluster_configuration:
+  networking:
+    podSubnet: "{{ kubernetes_pod_network.cidr }}"
+  kubernetesVersion: "{{ kubernetes_version_kubeadm }}"
+
+kubernetes_config_kube_proxy_configuration: {}
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kubernetes/handlers/main.yaml b/fdio.infra.ansible/roles/kubernetes/handlers/main.yaml
new file mode 100644
index 0000000000..3763d2416e
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/handlers/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: handlers/main.yaml
+
+- name: restart kubelet
+  ansible.builtin.service:
+    name: kubelet
+    state: restarted
+  tags:
+    - kubernetes-restart-service
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kubernetes/meta/main.yaml b/fdio.infra.ansible/roles/kubernetes/meta/main.yaml
new file mode 100644
index 0000000000..81de529090
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/meta/main.yaml
@@ -0,0 +1,21 @@
+---
+# file: meta/main.yaml
+
+dependencies: []
+
+galaxy_info:
+  role_name: kubernetes
+  author: pmikus
+  description: Kubernetes for Linux.
+  company: none
+  license: license (BSD, MIT)
+  min_ansible_version: 2.9
+  platforms:
+    - name: Ubuntu
+      versions:
+        - noble
+    - name: Debian
+      versions:
+        - bullseye
+  galaxy_tags:
+    - kubernetes
diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/Debian.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/Debian.yaml
new file mode 100644
index 0000000000..41a3e1f825
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/tasks/Debian.yaml
@@ -0,0 +1,40 @@
+---
+# file: tasks/Debian.yaml
+
+- name: install dependencies
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - software-properties-common
+    state: present
+    cache_valid_time: 3600
+    install_recommends: false
+  tags:
+    - kubernetes-inst-dependencies
+
+- name: add kubernetes repository
+  ansible.builtin.deb822_repository:
+    name: kubernetes
+    types: deb
+    uris: "{{ kubernetes_apt_repository }}"
+    suites: /
+    signed_by: "{{ kubernetes_apt_repository }}/Release.key"
+  register: kubernetes_repository
+  tags:
+    - kubernetes-inst-repository
+
+- name: update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+  when: kubernetes_repository.changed
+  tags:
+    - kubernetes-inst-repository
+
+- name: add kubernetes apt preferences file to pin a version
+  ansible.builtin.template:
+    src: apt-preferences-kubernetes.j2
+    dest: /etc/apt/preferences.d/kubernetes
+    mode: 0644
+  tags:
+    - kubernetes-inst-repository
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/control-plane.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/control-plane.yaml
new file mode 100644
index 0000000000..fe2aa8cce8
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/tasks/control-plane.yaml
@@ -0,0 +1,88 @@
+---
+# file: tasks/control-plane.yaml
+
+- name: deploy the config-file for kubeadm and kubelet
+  template:
+    src: kubeadm-kubelet-config.j2
+    dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}"
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: disable swap
+  ansible.posix.mount:
+    name: "{{ item }}"
+    fstype: swap
+    state: absent
+  loop: ["none", "swap"]
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: disable swap
+  ansible.builtin.shell: |
+    swapoff -a
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: initialize kubernetes control plane with kubeadm init
+  ansible.builtin.command: "kubeadm init {{ kubernetes_kubeadm_init_extra_opts }}"
+  register: kubeadmin_init
+  when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined)
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: initialize kubernetes control plane with kubeadm init and ignore_preflight_errors
+  ansible.builtin.command: "kubeadm init --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }} {{ kubernetes_kubeadm_init_extra_opts }}"
+  register: kubeadmin_init
+  when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined)
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: print the init output to screen
+  ansible.builtin.debug:
+    var: kubeadmin_init.stdout
+    verbosity: 2
+  when: not kubernetes_init_stat.stat.exists
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: ensure .kube directory exists
+  become: false
+  ansible.builtin.file:
+    path: /home/testuser/.kube
+    state: directory
+    mode: 0755
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: copy the kubectl admin.conf to ~/.kube/conf
+  ansible.builtin.copy:
+    src: /etc/kubernetes/admin.conf
+    dest: /home/testuser/.kube/config
+    remote_src: yes
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: give user permissions to an existing file
+  ansible.builtin.file:
+    path: /home/testuser/.kube/
+    owner: testuser
+    group: testuser
+    recurse: yes
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: allow pods on control plane (if configured)
+  command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
+  when:
+    - kubernetes_allow_pods_on_control_plane | bool
+    - not kubernetes_init_stat.stat.exists
+  tags:
+    - kubernetes-inst-control-plane
+
+#- name: install callico
+#  command: "kubectl create -f {{ item }}"
+#  failed_when: false
+#  loop:
+#    "{{ kubernetes_calico_resources }}"
+#  tags:
+#    - kubernetes-inst-control-plane
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml
new file mode 100644
index 0000000000..7158f89d32
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml
@@ -0,0 +1,52 @@
+---
+# file: tasks/main.yaml
+
+- name: install prerequisites based on operating system
+  ansible.builtin.include_tasks:
+    file: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_os_family }}.yaml"
+        - default.yaml
+  tags:
+    - kubernetes-inst-prerequisites
+
+- name: install kubernetes packages
+  ansible.builtin.package:
+    name: "{{ item.name | default(item) }}"
+    state: "{{ item.state | default('present') }}"
+  notify: restart kubelet
+  with_items: "{{ kubernetes_packages }}"
+  tags:
+    - kubernetes-inst-packages
+
+- name: ensure services are started and enabled at boot
+  ansible.builtin.service:
+    name: "{{ item.name | default(item) }}"
+    state: "{{ item.state | default('present') }}"
+    enabled: "{{ item.enabled | default(true) }}"
+  with_items: "{{ kubernetes_services }}"
+  tags:
+    - kubernetes-service-enable
+
+- name: check if kubernetes has already been initialized
+  ansible.builtin.stat:
+    path: /etc/kubernetes/admin.conf
+  register: kubernetes_init_stat
+  tags:
+    - kubernetes-initialized
+
+- name: initialize control plane
+  ansible.builtin.include_tasks:
+    file: control-plane.yaml
+  when: kubernetes_role == "control_plane"
+  tags:
+    - kubernetes-inst-control-plane
+
+- name: get the kubeadm join command from the Kubernetes control plane
+  ansible.builtin.command: kubeadm token create --print-join-command
+  changed_when: false
+  when: kubernetes_role == "control_plane"
+  register: kubernetes_join_command_result
+  tags:
+    - kubernetes-cluster
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kubernetes/templates/apt-preferences-kubernetes.j2 b/fdio.infra.ansible/roles/kubernetes/templates/apt-preferences-kubernetes.j2
new file mode 100644
index 0000000000..201ac9fefb
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/templates/apt-preferences-kubernetes.j2
@@ -0,0 +1,11 @@
+Package: kubectl
+Pin: version {{ kubernetes_version }}.*
+Pin-Priority: 1000
+
+Package: kubeadm
+Pin: version {{ kubernetes_version }}.*
+Pin-Priority: 1000
+
+Package: kubelet
+Pin: version {{ kubernetes_version }}.*
+Pin-Priority: 1000
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kubernetes/templates/kubeadm-kubelet-config.j2 b/fdio.infra.ansible/roles/kubernetes/templates/kubeadm-kubelet-config.j2
new file mode 100644
index 0000000000..08686e2cf9
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/templates/kubeadm-kubelet-config.j2
@@ -0,0 +1,20 @@
+---
+apiVersion: kubeadm.k8s.io/{{ kubernetes_config_kubeadm_apiversion }}
+kind: InitConfiguration
+{{ kubernetes_config_init_configuration | to_nice_yaml }}
+---
+apiVersion: kubeadm.k8s.io/{{ kubernetes_config_kubeadm_apiversion }}
+kind: ClusterConfiguration
+{{ kubernetes_config_cluster_configuration | to_nice_yaml }}
+{% if kubernetes_config_kubelet_configuration|length > 0 %}
+---
+apiVersion: kubelet.config.k8s.io/{{ kubenetes_config_kubelet_apiversion }}
+kind: KubeletConfiguration
+{{ kubernetes_config_kubelet_configuration | to_nice_yaml }}
+{% endif %}
+{% if kubernetes_config_kube_proxy_configuration|length > 0 %}
+---
+apiVersion: kubeproxy.config.k8s.io/{{ kubernetes_config_kubeproxy_apiversion }}
+kind: KubeProxyConfiguration
+{{ kubernetes_config_kube_proxy_configuration | to_nice_yaml }}
+{% endif %}
\ No newline at end of file
diff --git a/fdio.infra.ansible/sut.yaml b/fdio.infra.ansible/sut.yaml
index 41327cb515..38735d721c 100644
--- a/fdio.infra.ansible/sut.yaml
+++ b/fdio.infra.ansible/sut.yaml
@@ -22,6 +22,8 @@
       tags: intel
     - role: docker
       tags: docker
+    - role: kubernetes
+      tags: kubernetes
     - role: vpp
       tags: vpp
     - role: dpdk