Update bootstrap process of kubeadm

roles/kubernetes/tasks/firewalld.yml

@@ -4,6 +4,15 @@
 ########################
 
 ## kubernetes requirements
+  - name: install firewalld
+    package:
+      name: firewalld
+
+  - name: enable and start firewalld
+    systemd:
+      name: firewalld
+      enabled: yes
+      state: started
 
   - name: enable port 6443/tcp
     firewalld:

roles/kubernetes/tasks/main.yml

@@ -20,7 +20,7 @@
     regexp: "^/dev/mapper/centos-swap"
     line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
 
-- name: activate kernel module
+- name: add bridge-netfilter kernel module
   shell: modprobe br_netfilter
 
 - name: enable bridge-nf-call-iptables
@@ -64,22 +64,60 @@
 - name: copy cni config
   template:
     src: ../files/kube-router-cni.conf.j2
-    dest: /etc/cni/net.d/10-kuberouter.conf
+    dest: /etc/cni/net.d/10-kuberouter.config
     owner: root
     group: root
 
+- name: clear yum package cache
+  shell: yum clean all
+  args:
+    warn: false # https://github.com/ansible/ansible/pull/31450#issuecomment-352889579
+
 - name: install packages
-  yum:
-    name:
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
     - yum-utils
     - device-mapper-persistent-data
     - lvm2
-    - docker-ce
-    - kubelet
-    - kubeadm
-    - kubectl
     - kubernetes-cni
-    state: present
+  
+- name: installing kubeadm, kubelet and kubectl
+  shell: "{{ item }}"
+  args:
+    warn: false
+  with_items:
+    - yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
+    - systemctl enable --now kubelet
+
+- name: add docker-ce repo
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+- name: install docker-ce
+  package:
+    name: docker-ce-18.06.2.ce
+    state: installed
+
+- name:  create docker directory
+  file:
+    path: /etc/docker
+    state: directory
+
+- name: deploy docker daemon configuration
+  copy:
+    src: ../files/docker-daemon.json
+    dest: /etc/docker/daemon.json
+
+- name: create systemd unit directory for kubelet
+  file:
+    path: /etc/systemd/system/kubelet.service.d/
+    state: directory
+
+- name: deploy kubelet service file
+  copy:
+    src: ../files/systemd-unit-kubelet.conf
+    dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
 
 - name: set cgroup
   lineinfile:
@@ -87,15 +125,18 @@
     regexp: "^cgroup-driver="
     line: "cgroup-driver=cgroupfs"
 
-- name: force systemd to reread configs and restart service docker
+- name: restart services
   systemd:
-    name: docker
-    enabled: yes
-    state: restarted
-
-- name: force systemd to reread configs and restart service kubelet
-  systemd:
-    name: kubelet
+    name: "{{ item }}"
     enabled: yes
     state: restarted
     daemon_reload: yes
+  with_items:
+    - docker
+    - kubelet
+
+- name: open firewall ports
+  import_tasks: firewalld.yml
+
+- name: update linux kernel
+  import_tasks: upgrade_kernel.yml