Deploy kubernetes v1.20.1

Kubernetes v1.20 drops support for docker and this role currently uses containerd as to container runtime. crictl is installed to inspect and query conainers on the host
2025-08-24 13:49:22 +02:00 · 2021-01-12 16:02:38 +02:00 · 2021-01-12 16:02:38 +02:00 · 4c9962413e
commit 4c9962413e
parent ba45b91e00
10 changed files with 65 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -11,6 +11,8 @@ kubernetes_packages:

 kubernetes_version: '1.19'
 kubernetes_version_rhel_package: '1.19.0'
+kubernetes_kubeadm_version: 'v1.19.0'
+crictl_version: 'v1.19.0'

 kubernetes_role: master

--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,3 +1,6 @@
 ---
 - name: restart kubelet
  service: name=kubelet state=restarted
+
+- name: restart containerd
+  service: name=containerd state=restarted
--- a/tasks/containerd.yml
+++ b/tasks/containerd.yml
@ -0,0 +1,8 @@
+- name: Create the containerd folder in /etc.
+  file:
+    path: /etc/containerd
+    state: directory
+
+- name: Generate a containerd config.
+  shell: containerd config default > /etc/containerd/config.toml
+  notify: restart containerd
--- a/tasks/crictl.yml
+++ b/tasks/crictl.yml
@ -0,0 +1,17 @@
+- name: Download crictl tarball
+  get_url:
+    url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-linux-amd64.tar.gz"
+    dest: "/tmp/crictl-{{ crictl_version }}-linux-amd64.tar.gz"
+
+- name: Extract crictl into /usr/local/bin
+  unarchive:
+    src: "/tmp/crictl-{{ crictl_version }}-linux-amd64.tar.gz"
+    dest: /usr/local/bin/crictl
+    remote_src: yes
+    mode: 0751
+
+- name: Create crictl config
+  template:
+    src: crictl-config.j2
+    dest: /etc/crictl.yaml
+    mode: 0644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -20,6 +20,10 @@

 - include_tasks: sysctl-setup.yml

+- include_tasks: containerd.yml
+
+- include_tasks: crictl.yml
+
 - include_tasks: kubelet-setup.yml

 - name: Ensure kubelet is started and enabled at boot.
--- a/tasks/master-setup.yml
+++ b/tasks/master-setup.yml
@ -15,6 +15,9 @@
    dest: ~/.kube/kubeadm-config.yml
    mode: 0644

+- name: Pull core kubernetes images.
+  command: kubeadm config images pull
+
 - name: Initialize Kubernetes master with kubeadm init.
  command: >
    kubeadm init
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@ -4,6 +4,7 @@
    name:
      - apt-transport-https
      - ca-certificates
+      - containerd
    state: present

 - name: Add Kubernetes apt key.
--- a/tasks/sysctl-setup.yml
+++ b/tasks/sysctl-setup.yml
@ -7,6 +7,17 @@
    ansible_distribution != 'Debian'
    or ansible_distribution_major_version | int < 10

+- name: Ensure the kernel modules are loaded.
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - overlay
+    - br_netfilter
+  when: >
+    ansible_distribution != 'Debian'
+    or ansible_distribution_major_version | int < 10
+
 # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
 - name: Let iptables see bridged traffic.
  sysctl:
@ -19,3 +30,6 @@
  when: >
    ansible_distribution != 'Debian'
    or ansible_distribution_major_version | int < 10
+
+- name: Enable ip forwarding.
+  shell: echo '1' > /proc/sys/net/ipv4/ip_forward
--- a/templates/crictl-config.j2
+++ b/templates/crictl-config.j2
@ -0,0 +1,6 @@
+runtime-endpoint: "unix:///run/containerd/containerd.sock"
+image-endpoint: "unix:///run/containerd/containerd.sock"
+timeout: 2
+debug: false
+pull-image-on-create: false
+disable-pull-on-run: false
--- a/templates/kubeadm-config.j2
+++ b/templates/kubeadm-config.j2
@ -12,7 +12,7 @@ localAPIEndpoint:
  advertiseAddress: {{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
  bindPort: 6443
 nodeRegistration:
-  criSocket: /var/run/dockershim.sock
+  criSocket: /run/containerd/containerd.sock
  name: node1
  taints:
  - effect: NoSchedule
@ -24,14 +24,13 @@ apiServer:
  timeoutForControlPlane: 4m0s
 certificatesDir: /etc/kubernetes/pki
 clusterName: kubernetes
-controllerManager: {}
 dns:
  type: CoreDNS
 etcd:
  local:
    dataDir: /var/lib/etcd
 imageRepository: k8s.gcr.io
-kubernetesVersion: v1.17.0
+kubernetesVersion: {{ kubernetes_kubeadm_version }}
 networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
@ -39,4 +38,8 @@ networking:
 controllerManager:
  extraArgs:
    node-cidr-mask-size: "{{ kubernetes_kube_controller_manager_node_cidr_mask_size }}"
-scheduler: {}
+scheduler: {}
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+cgroupDriver: containerd