# Kubernetes on Raspberry Pi with Ansible - Usage Guide

This guide details how to use the generated Ansible playbook to install Kubernetes on your Raspberry Pi cluster.

## Prerequisites

1. **Ansible Installed**: You need Ansible installed on your control machine (your laptop/desktop).
   *   **Debian/Ubuntu**:
       ```bash
       sudo apt update && sudo apt install ansible sshpass -y
       ```
   *   **Arch Linux**:
       ```bash
       sudo pacman -S ansible sshpass
       ```
   *   **Fedora**:
       ```bash
       sudo dnf install ansible sshpass
       ```
2. **SSH Access**: Ensure you have SSH access to all Raspberry Pi nodes.
3. **Hardware**: 4 Raspberry Pi nodes (1 Master, 3 Workers) with Raspberry Pi OS installed.

## Configuration Steps

### 1. Configure Inventory
Edit `inventory/hosts.ini` and replace the placeholder IP addresses with the actual IPs of your Raspberry Pis.

```ini
[masters]
pi1 ansible_host=192.168.1.10  <-- Change to Master IP

[workers]
pi2 ansible_host=192.168.1.11  <-- Change to Worker 1 IP
pi3 ansible_host=192.168.1.12  <-- Change to Worker 2 IP
pi4 ansible_host=192.168.1.13  <-- Change to Worker 3 IP
```

### 2. Configure Credentials
You need to set the SSH password for the `pi` user. We use Ansible Vault for security.

1. Generate an encrypted password string:
   ```bash
   ansible-vault encrypt_string 'YOUR_ACTUAL_PASSWORD' --name 'vault_ssh_password'
   ```
   *Replace `YOUR_ACTUAL_PASSWORD` with the real password.*

2. Copy the output block and paste it into `group_vars/all.yml`, replacing the commented out section or just adding it.
   
   Example in `group_vars/all.yml`:
   ```yaml
   ansible_password: !vault |
             $ANSIBLE_VAULT;1.1;AES256
             ... (encrypted string) ...
   ```
   
   Do the same for `vault_become_password` if your sudo password is different. If sudo password is same as ssh password, you can just set:
   ```yaml
   ansible_become_password: "{{ vault_ssh_password }}"
   ```

### 3. Run the Playbook

To start the installation, run:

```bash
ansible-playbook site.yml --ask-vault-pass
```

*Note: Since you used `encrypt_string` without a password file, it might ask for a vault password if you set one. If you just used `encrypt_string`, you might need to provide the vault password you used to encrypt it.*

**Alternative (Simpler for testing):**
If you don't want to use Vault yet, you can pass the password as an extra var (INSECURE - be careful with history):
```bash
ansible-playbook site.yml -e "ansible_password=yourpassword ansible_become_password=yourpassword"
```

## Verification

After the playbook completes:

1. **SSH into the Master Node**:
   ```bash
   ssh pi@<master-ip>
   ```

2. **Check Nodes**:
   ```bash
   kubectl get nodes
   ```
   You should see 4 nodes with status `Ready`.

3. **Check Pods**:
   ```bash
   kubectl get pods -A
   ```
   Ensure `coredns` and `kube-flannel` are running.

## Kubernetes Dashboard

A dashboard has been installed and is accessible via NodePort on the master node.

1. **Get the Token**:
   Run this command on the master node to get your login token:
   ```bash
   kubectl get secret admin-user-token -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
   ```

2. **Access the Dashboard**:
   Open your browser and navigate to:
   `https://<master-ip>:30443`

   *Note: Since it uses a self-signed certificate, you will need to bypass the browser security warning (usually click "Advanced" -> "Proceed").*