Research-Project-1-Kubernetes-Hardening/02-prepare-master-worker.yml at main · husseinahmed-dev/Research-Project-1-Kubernetes-Hardening · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
---
- hosts: localhost
  tasks:
  - name: Disable swap
    command: swapoff -a
  - name: Remove swap from fstab
    lineinfile:
      path: /etc/fstab
      regexp: '^\s*/swap'
      state: absent
  - name: Adjust UFW Rules
    systemd: name=ufw enabled=no state=stopped
  - name: Add containerd modules to modules-load.d
    blockinfile:
      path: /etc/modules-load.d/containerd.conf
      insertafter: EOF
      block: |
        overlay
        br_netfilter
  - name: Load containerd modules
    command: modprobe {{ item }}
    with_items:
      - overlay
      - br_netfilter
  - name: Add Kubernetes sysctl settings
    blockinfile:
      path: /etc/sysctl.d/kubernetes.conf
      insertafter: EOF
      block: |
        net.bridge.bridge-nf-call-ip6tables = 1
        net.bridge.bridge-nf-call-iptables  = 1
        net.ipv4.ip_forward                 = 1
  - name: Apply sysctl settings
    command: sysctl --system
  - name: Update package manager
    apt: update_cache=yes
  - name: Install required packages
    apt:
      name:
        - ca-certificates
        - curl
        - gnupg
        - lsb-release
      state: present
  - name: Create keyring directory
    file:
      path: /etc/apt/keyrings
      state: directory
  - name: Import Docker GPG key
    command: gpg --dearmor -o /etc/apt/keyrings/docker.gpg <(curl -fsSL https://download.docker.com/linux/ubuntu/gpg)
    ignore_errors: True
  - name: Add Docker repository
    blockinfile:
      path: /etc/apt/sources.list.d/docker.list
      block: |
        deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable