davivcgarcia/k8s-el7-preflight.yaml

## k8s-el7-preflight.yaml
$ cat pre-flight.yaml
---
- hosts: all
  tasks:

    - name: Update OS packages
      yum:
        name: '*'
        state: latest

    - name: Install extra tooling (git, vim, bash-completion, wget)
      yum:
        name: '{{ item }}'
        state: latest
      with_items:
        - git
        - vim
        - bash-completion
        - wget

    - name: Install Docker Engine packages
      yum:
        name: docker
        state: latest

    - name: Configure storage backend for Docker Engine
      copy:
        content: 'STORAGE_DRIVER=overlay2'
        dest: /etc/sysconfig/docker-storage-setup
      register: dockerstorage

    - name: Initialize storage backend for Docker Engine
      command: docker-storage-setup
      when: dockerstorage.changed

    - name: Enable Docker Engine service
      service:
        name: docker
        enabled: yes
        state: started

    - name: Install IPtables packages
      yum:
        name: '{{ item }}'
        state: latest
      with_items:
        - iptables
        - iptables-services

    - name: Clear IPtables rules
      copy:
        content: |
          *filter
          :INPUT ACCEPT [0:0]
          :FORWARD ACCEPT [0:0]
          :OUTPUT ACCEPT [0:0]
          COMMIT
        dest: /etc/sysconfig/iptables

    - name: Disable Firewalld and enable IPtables service
      service:
        name: '{{ item.name }}'
        enabled: '{{ item.enabled }}'
        state: '{{ item.state }}'
      with_items:
        - { name: firewalld, enabled: no, state: stopped}
        - { name: iptables, enabled: yes, state: restarted}

    - name: Add upstream Kubernetes repository
      yum_repository:
        name: Kubernetes
        description: Community Kubernetes
        baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
        gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
        gpgcheck: yes
        repo_gpgcheck: yes
        enabled: yes

    - name: Disable SELinux
      selinux:
        policy: targeted
        state: permissive

    - name: Install Kubernetes components
      yum:
        name: '{{ item }}'
        state: latest
      with_items:
        - kubelet
        - kubeadm
        - kubectl

    - name: Fix net.bridge.bridge-nf-call-iptables issue (1/2)
      copy:
        content: |
          net.bridge.bridge-nf-call-ip6tables = 1
          net.bridge.bridge-nf-call-iptables = 1

        dest: /etc/sysctl.d/k8s.conf
      register: fix

    - name: Fix net.bridge.bridge-nf-call-iptables issue (2/2)
      command: sysctl --system
      when: fix.changed

    - name: Disable SWAP partitions
      command: swapoff -a

    - name: Remove any swap partition defined in /etc/fstab
      lineinfile:
        path: /etc/fstab
        regexp: '\sswap\s'
        state: absent

    - name: Enable Kubelet service
      service:
        name: kubelet
        enabled: yes
	$ cat pre-flight.yaml
	---
	- hosts: all
	tasks:

	- name: Update OS packages
	yum:
	name: '*'
	state: latest

	- name: Install extra tooling (git, vim, bash-completion, wget)
	yum:
	name: '{{ item }}'
	state: latest
	with_items:
	- git
	- vim
	- bash-completion
	- wget

	- name: Install Docker Engine packages
	yum:
	name: docker
	state: latest

	- name: Configure storage backend for Docker Engine
	copy:
	content: 'STORAGE_DRIVER=overlay2'
	dest: /etc/sysconfig/docker-storage-setup
	register: dockerstorage

	- name: Initialize storage backend for Docker Engine
	command: docker-storage-setup
	when: dockerstorage.changed

	- name: Enable Docker Engine service
	service:
	name: docker
	enabled: yes
	state: started

	- name: Install IPtables packages
	yum:
	name: '{{ item }}'
	state: latest
	with_items:
	- iptables
	- iptables-services

	- name: Clear IPtables rules
	copy:
	content: \|
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	COMMIT
	dest: /etc/sysconfig/iptables

	- name: Disable Firewalld and enable IPtables service
	service:
	name: '{{ item.name }}'
	enabled: '{{ item.enabled }}'
	state: '{{ item.state }}'
	with_items:
	- { name: firewalld, enabled: no, state: stopped}
	- { name: iptables, enabled: yes, state: restarted}

	- name: Add upstream Kubernetes repository
	yum_repository:
	name: Kubernetes
	description: Community Kubernetes
	baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
	gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
	gpgcheck: yes
	repo_gpgcheck: yes
	enabled: yes

	- name: Disable SELinux
	selinux:
	policy: targeted
	state: permissive

	- name: Install Kubernetes components
	yum:
	name: '{{ item }}'
	state: latest
	with_items:
	- kubelet
	- kubeadm
	- kubectl

	- name: Fix net.bridge.bridge-nf-call-iptables issue (1/2)
	copy:
	content: \|
	net.bridge.bridge-nf-call-ip6tables = 1
	net.bridge.bridge-nf-call-iptables = 1

	dest: /etc/sysctl.d/k8s.conf
	register: fix

	- name: Fix net.bridge.bridge-nf-call-iptables issue (2/2)
	command: sysctl --system
	when: fix.changed

	- name: Disable SWAP partitions
	command: swapoff -a

	- name: Remove any swap partition defined in /etc/fstab
	lineinfile:
	path: /etc/fstab
	regexp: '\sswap\s'
	state: absent

	- name: Enable Kubelet service
	service:
	name: kubelet
	enabled: yes