Added Dashboard for kubernetes cluster

README.md

@@ -94,3 +94,19 @@ After the playbook completes:
    kubectl get pods -A
    ```
    Ensure `coredns` and `kube-flannel` are running.
+
+## Kubernetes Dashboard
+
+A dashboard has been installed and is accessible via NodePort on the master node.
+
+1. **Get the Token**:
+   Run this command on the master node to get your login token:
+   ```bash
+   kubectl get secret admin-user-token -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
+   ```
+
+2. **Access the Dashboard**:
+   Open your browser and navigate to:
+   `https://<master-ip>:30443`
+
+   *Note: Since it uses a self-signed certificate, you will need to bypass the browser security warning (usually click "Advanced" -> "Proceed").*

group_vars/all.yml

@@ -4,8 +4,8 @@ ansible_user: mastermito
 # ansible-vault encrypt_string 'your_password' --name 'vault_ssh_password'
 # then put the result here.
 # For now, we expect these variables to be defined, e.g. in a vault file or extra vars.
-# ansible_password: "{{ vault_ssh_password }}"
+ansible_password: "{{ vault_ssh_password }}"
-# ansible_become_password: "{{ vault_become_password }}"
+ansible_become_password: "{{ vault_ssh_password }}"
 
 # Kubernetes Version
 k8s_version: "1.28.0-00"

roles/common/tasks/main.yml

@@ -1,4 +1,13 @@
 ---
+- name: Wait for APT lock
+  shell: |
+    while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
+      echo "Waiting for other software managers to finish..."
+      sleep 5
+    done
+  register: apt_lock_wait
+  changed_when: false
+
 - name: Update apt cache
   apt:
     update_cache: yes
@@ -8,6 +17,26 @@
   apt:
     upgrade: dist
 
+- name: Check if cloud-init exists
+  stat:
+    path: /etc/cloud/cloud.cfg
+  register: cloud_init_cfg
+
+- name: Prevent cloud-init from changing hostname
+  copy:
+    dest: /etc/cloud/cloud.cfg.d/99-preserve-hostname.cfg
+    content: "preserve_hostname: true"
+  when: cloud_init_cfg.stat.exists
+
+- name: Set hostname
+  command: "hostnamectl set-hostname {{ inventory_hostname }}"
+
+- name: Update /etc/hosts with inventory hostname
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.1\.1'
+    line: "127.0.1.1 {{ inventory_hostname }}"
+
 - name: Install required system packages
   apt:
     name:
@@ -22,16 +51,32 @@
   command: swapoff -a
   when: ansible_swaptotal_mb > 0
 
-- name: Disable swap in dphys-swapfile
+- name: Disable swap in /etc/fstab
-  lineinfile:
+  replace:
-    path: /etc/dphys-swapfile
+    path: /etc/fstab
-    regexp: '^CONF_SWAPSIZE='
+    regexp: '^([^#].*?\sswap\s+.*)$'
-    line: 'CONF_SWAPSIZE=0'
+    replace: '# \1'
-  notify: restart kubelet
+
+- name: Stop and disable dphys-swapfile service (if exists)
+  service:
+    name: dphys-swapfile
+    state: stopped
+    enabled: no
+  failed_when: false
+  when: ansible_distribution == 'Raspbian'
+
+- name: Determine cmdline.txt location
+  stat:
+    path: /boot/firmware/cmdline.txt
+  register: cmdline_firmware
+
+- name: Set cmdline path
+  set_fact:
+    cmdline_path: "{{ '/boot/firmware/cmdline.txt' if cmdline_firmware.stat.exists else '/boot/cmdline.txt' }}"
 
 - name: Enable cgroup features in cmdline.txt
   replace:
-    path: /boot/cmdline.txt
+    path: "{{ cmdline_path }}"
     regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1\b).*)$'
     replace: '\1 cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1'
   register: cgroup_update
@@ -100,13 +145,13 @@
 
 - name: Download Kubernetes GPG key
   get_url:
-    url: https://pkgs.k8s.io/core:/stable:/v1.35/deb/Release.key
+    url: "https://pkgs.k8s.io/core:/stable:/v{{ k8s_version | regex_search('^[0-9]+\\.[0-9]+') }}/deb/Release.key"
     dest: /etc/apt/keyrings/kubernetes-apt-keyring.asc
     mode: '0644'
 
 - name: Add Kubernetes apt repository
   apt_repository:
-    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v1.35/deb/ /"
+    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v{{ k8s_version | regex_search('^[0-9]+\\.[0-9]+') }}/deb/ /"
     state: present
     filename: kubernetes
 

roles/dashboard/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Install Metrics Server
+  command: kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
+
+- name: Patch Metrics Server for self-signed certs (RPi workaround)
+  command: >
+    kubectl patch deployment metrics-server -n kube-system --type='json'
+    -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
+
+- name: Install Kubernetes Dashboard
+  command: kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
+
+- name: Create Dashboard Admin Service Account
+  shell: |
+    cat <<EOF | kubectl apply -f -
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: admin-user
+      namespace: kubernetes-dashboard
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      name: admin-user
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: cluster-admin
+    subjects:
+    - kind: ServiceAccount
+      name: admin-user
+      namespace: kubernetes-dashboard
+    EOF
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
+
+- name: Create Dashboard Admin Token Secret (for K8s 1.24+)
+  shell: |
+    cat <<EOF | kubectl apply -f -
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: admin-user-token
+      namespace: kubernetes-dashboard
+      annotations:
+        kubernetes.io/service-account.name: admin-user
+    type: kubernetes.io/service-account-token
+    EOF
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
+
+- name: Change Dashboard service to NodePort
+  command: >
+    kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard 
+    -p '{"spec": {"type": "NodePort", "ports": [{"port": 443, "nodePort": 30443}]}}'
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf

roles/master/tasks/main.yml

@@ -1,4 +1,7 @@
 ---
+- name: Pre-pull Kubernetes images
+  command: kubeadm config images pull
+
 - name: Initialize Kubernetes Control Plane
   command: kubeadm init --pod-network-cidr=10.244.0.0/16
   args:
@@ -23,13 +26,15 @@
 
 - name: Install Flannel Pod Network
   command: kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
-  become: yes
+  environment:
-  become_user: "{{ ansible_user }}"
+    KUBECONFIG: /etc/kubernetes/admin.conf
   when: kubeadm_init.changed
 
 - name: Get join command
   command: kubeadm token create --print-join-command
   register: join_command_raw
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
 
 - name: Add dummy host with variable
   add_host:

site.yml

@@ -10,6 +10,7 @@
   become: yes
   roles:
     - master
+    - dashboard
 
 - name: Setup Worker Nodes
   hosts: workers