configpolicy/roles/kubelet/tasks/main.yml

- name: load os-specific values
  include_vars: '{{ item }}'
  with_first_found:
  - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
  - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
  - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
  - '{{ ansible_distribution }}.yml'
  - '{{ ansible_os_family }}.yml'
  - defaults.yml
  tags:
  - always

- name: ensure required packages are installed
  dnf:
    name: '{{ kubernetes_packages }}'
    install_weak_deps: false
    state: present
  tags:
  - install

- name: ensure firewalld service is stopped
  service:
    name: firewalld
    state: stopped
    enabled: false
  ignore_errors: true
  tags:
  - firewalld

- name: ensure kernel modules-load is configured for kubernetes
  copy:
    content: |+
      {{ kubernetes_kernel_modules | join('\n') }}      
    dest: /etc/modules-load.d/k8s.conf
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - load kernel modules
  tags:
  - kmod

- name: ensure kernel tunables are set for kubernetes
  copy:
    src: sysctl.conf
    dest: /etc/sysctl.d/60-k8s.conf
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - set kernel tunables
  tags:
  - sysctl

- name: ensure zram generator defaults are disabled
  copy:
    content: ''
    dest: /etc/systemd/zram-generator.conf
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload systemd
  tags:
  - zram-generator

- name: ensure zram0 is stopped
  systemd:
    name: systemd-zram-setup@zram0
    state: stopped
  ignore_errors: true
  notify:
  - swapoff -a
  tags:
  - zram-generator

- name: ensure unneeded cni configuration files are removed
  file:
    path: /etc/cni/net.d/{{ item }}
    state: absent
  loop:
  - 100-crio-bridge.conflist
  - 200-loopback.conflist
  tags:
  - cni

- name: ensure kubelet service is enabled
  service:
    name: kubelet
    enabled: true
  tags:
  - service