path: root/roles/kubernetes/base/tasks/main.yml

---
- name: install container runtime
  include_tasks: "cri_{{ kubernetes_container_runtime }}.yml"

- name: prepare storage volume for /var/lib/kubelet
  when: kubelet_storage is defined
  vars:
    storage_volume: "{{ kubelet_storage | combine({'dest': '/var/lib/kubelet'}) }}"
  include_role:
    name: "storage/{{ kubelet_storage.type }}/volume"

- name: add apt repository for kubernetes packages
  include_role:
    name: apt-repo/kubernetes

- name: add apt repository for cri-tools
  include_role:
    name: apt-repo/kubic-project

- name: install kubelet and common packages
  apt:
    name:
    - bridge-utils
    - "cri-tools={{ kubernetes_cri_tools_pkg_version }}"
    - "kubelet={{ kubernetes_version }}-00"
    state: present
    force: yes
    ## TODO: remove force once the following changes are available
    ##   https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562
    ##   https://github.com/ansible/ansible/pull/74852

- name: disable automatic upgrades for kubelet and cri-tools
  loop:
  - kubelet
  - cri-tools
  dpkg_selections:
    name: "{{ item }}"
    selection: hold

- name: configure endpoints for crictl
  copy:
    dest: /etc/crictl.yaml
    content: |
      runtime-endpoint: "{{ kubernetes_cri_socket }}"
      image-endpoint: "{{ kubernetes_cri_socket }}"

- name: add crictl config for shells
  loop:
  - zsh
  - bash
  blockinfile:
    path: "/root/.{{ item }}rc"
    create: yes
    marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###"
    content: |
      source <(crictl completion {{ item }})

- name: add dummy group with gid 990
  group:
    name: app
    gid: 990

- name: add dummy user with uid 990
  user:
    name: app
    uid: 990
    group: app
    password: "!"