--- - name: install container runtime include_tasks: "cri_{{ kubernetes_container_runtime }}.yml" - name: prepare storage volume for /var/lib/kubelet when: kubelet_storage is defined vars: storage_volume: "{{ kubelet_storage | combine({'dest': '/var/lib/kubelet'}) }}" include_role: name: "storage/{{ kubelet_storage.type }}/volume" - name: add apt repository for kubernetes packages include_role: name: apt-repo/kubernetes - name: add apt repository for cri-tools include_role: name: apt-repo/kubic-project - name: generate apt pin files for kubelet and cri-tools loop: - name: kubelet version: "{{ kubernetes_version }}-00" - name: cri-tools version: "{{ kubernetes_cri_tools_pkg_version }}" loop_control: label: "{{ item.name }} == {{ item.version }}" copy: dest: "/etc/apt/preferences.d/{{ item.name }}.pref" content: | Package: {{ item.name }} Pin: version {{ item.version }} Pin-Priority: 1001 - name: install kubelet and common packages apt: name: - bridge-utils - "cri-tools={{ kubernetes_cri_tools_pkg_version }}" - "kubelet={{ kubernetes_version }}-00" state: present force: yes # allow_downgrade: yes ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0) ## https://github.com/ansible/ansible/pull/74852 ## TODO: remove this when all machines are migrated to use pin files - name: unhold packages (we now use APT pinning) loop: - kubelet - cri-tools dpkg_selections: name: "{{ item }}" selection: install - name: configure endpoints for crictl copy: dest: /etc/crictl.yaml content: | runtime-endpoint: "{{ kubernetes_cri_socket }}" image-endpoint: "{{ kubernetes_cri_socket }}" - name: add crictl config for shells loop: - zsh - bash blockinfile: path: "/root/.{{ item }}rc" create: yes marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###" content: | source <(crictl completion {{ item }}) - name: add dummy group with gid 990 group: name: app gid: 990 - name: add dummy user with uid 990 user: name: app uid: 990 group: app password: "!"