From a6706498b6c94e59873693aa2846e5c568ecb1bc Mon Sep 17 00:00:00 2001
From: D4rk4 <h31337@gmail.com>
Date: Fri, 31 Jul 2020 03:39:43 +0200
Subject: [PATCH] Import Ansible playbook for bootstrap k8s cluster

---
 contrib/ansible/bootstrap-node.yml            |  6 +++
 contrib/ansible/group_vars/all/main.yml       | 12 +++++
 contrib/ansible/host_vars/k8s-demo.yml        |  1 +
 contrib/ansible/init-cluster.yml              |  7 +++
 contrib/ansible/keepalived.yml                |  6 +++
 .../ansible/roles/bootstrap/defaults/main.yml |  6 +++
 .../ansible/roles/bootstrap/handlers/main.yml |  6 +++
 .../ansible/roles/bootstrap/tasks/main.yml    | 39 ++++++++++++++
 .../templates/apt-preferences-kubernetes.j2   | 11 ++++
 .../roles/bootstrap/templates/daemon.json     |  8 +++
 .../ansible/roles/init-cluster/tasks/main.yml | 52 +++++++++++++++++++
 .../init-cluster/templates/kubeadm.conf.j2    | 25 +++++++++
 .../roles/keepalived/defaults/main.yml        |  1 +
 .../roles/keepalived/handlers/main.yml        |  3 ++
 .../ansible/roles/keepalived/tasks/main.yml   | 14 +++++
 .../keepalived/templates/keepalived.conf.j2   | 31 +++++++++++
 contrib/k8s-seed.txt                          |  5 +-
 17 files changed, 230 insertions(+), 3 deletions(-)
 create mode 100644 contrib/ansible/bootstrap-node.yml
 create mode 100644 contrib/ansible/group_vars/all/main.yml
 create mode 100644 contrib/ansible/host_vars/k8s-demo.yml
 create mode 100644 contrib/ansible/init-cluster.yml
 create mode 100644 contrib/ansible/keepalived.yml
 create mode 100644 contrib/ansible/roles/bootstrap/defaults/main.yml
 create mode 100644 contrib/ansible/roles/bootstrap/handlers/main.yml
 create mode 100644 contrib/ansible/roles/bootstrap/tasks/main.yml
 create mode 100644 contrib/ansible/roles/bootstrap/templates/apt-preferences-kubernetes.j2
 create mode 100644 contrib/ansible/roles/bootstrap/templates/daemon.json
 create mode 100644 contrib/ansible/roles/init-cluster/tasks/main.yml
 create mode 100644 contrib/ansible/roles/init-cluster/templates/kubeadm.conf.j2
 create mode 100644 contrib/ansible/roles/keepalived/defaults/main.yml
 create mode 100644 contrib/ansible/roles/keepalived/handlers/main.yml
 create mode 100644 contrib/ansible/roles/keepalived/tasks/main.yml
 create mode 100644 contrib/ansible/roles/keepalived/templates/keepalived.conf.j2

diff --git a/contrib/ansible/bootstrap-node.yml b/contrib/ansible/bootstrap-node.yml
new file mode 100644
index 0000000..1928037
--- /dev/null
+++ b/contrib/ansible/bootstrap-node.yml
@@ -0,0 +1,6 @@
+---
+- name: bootstrap playbook for any k8s machine
+  hosts: k8s
+  become: yes
+  roles:
+    - bootstrap
diff --git a/contrib/ansible/group_vars/all/main.yml b/contrib/ansible/group_vars/all/main.yml
new file mode 100644
index 0000000..b6bf9cf
--- /dev/null
+++ b/contrib/ansible/group_vars/all/main.yml
@@ -0,0 +1,12 @@
+k8s_version: '1.17.5'
+k8s_first_master_node: 'k8s-demo'
+k8s_domain: coins.k8s.demo.ix.gs
+k8s_pod_network: '192.168.0.0/16'
+k8s_service_network: '10.254.0.0/24'
+k8s_controlplane_vip: '10.129.0.194'
+k8s_controlplane_address: '{{ k8s_controlplane_vip }}:6443'
+k8s_cluster_name: k8s-demo
+
+cloud_provider: baremetal
+ha_enabled: false
+
diff --git a/contrib/ansible/host_vars/k8s-demo.yml b/contrib/ansible/host_vars/k8s-demo.yml
new file mode 100644
index 0000000..4e7d5ba
--- /dev/null
+++ b/contrib/ansible/host_vars/k8s-demo.yml
@@ -0,0 +1 @@
+k8s_node_role: 'master'
diff --git a/contrib/ansible/init-cluster.yml b/contrib/ansible/init-cluster.yml
new file mode 100644
index 0000000..0468696
--- /dev/null
+++ b/contrib/ansible/init-cluster.yml
@@ -0,0 +1,7 @@
+---
+- name: Init k8s cluster
+  hosts: '{{ host }}'
+  become: yes
+  max_fail_percentage: 0
+  roles:
+    - init-cluster
diff --git a/contrib/ansible/keepalived.yml b/contrib/ansible/keepalived.yml
new file mode 100644
index 0000000..634312f
--- /dev/null
+++ b/contrib/ansible/keepalived.yml
@@ -0,0 +1,6 @@
+---
+- name: bootstrap playbook for any k8s machine
+  hosts: k8s-masters
+  become: yes
+  roles:
+    - keepalived
diff --git a/contrib/ansible/roles/bootstrap/defaults/main.yml b/contrib/ansible/roles/bootstrap/defaults/main.yml
new file mode 100644
index 0000000..4f288b5
--- /dev/null
+++ b/contrib/ansible/roles/bootstrap/defaults/main.yml
@@ -0,0 +1,6 @@
+kubernetes_apt_release_channel: main
+# Note that xenial repo is used for all Debian derivatives at this time.
+kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
+## Calico config files
+kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.10/manifests/calico.yaml
+
diff --git a/contrib/ansible/roles/bootstrap/handlers/main.yml b/contrib/ansible/roles/bootstrap/handlers/main.yml
new file mode 100644
index 0000000..4a99fa9
--- /dev/null
+++ b/contrib/ansible/roles/bootstrap/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart kubelet
+  service: name=kubelet state=restarted
+
+- name: restart docker daemon
+  service: name=docker state=restarted
diff --git a/contrib/ansible/roles/bootstrap/tasks/main.yml b/contrib/ansible/roles/bootstrap/tasks/main.yml
new file mode 100644
index 0000000..ed0ec24
--- /dev/null
+++ b/contrib/ansible/roles/bootstrap/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Ensure dependencies are installed.
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+    state: present
+
+- name: Add Kubernetes apt key.
+  apt_key:
+    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+    state: present
+
+- name: Add Kubernetes repository.
+  apt_repository:
+    repo: "{{ kubernetes_apt_repository }}"
+    state: present
+    update_cache: true
+
+- name: Install kubeadm kubelet kubectl
+  apt:
+    pkg:
+      - kubeadm={{ k8s_version }}-00
+      - kubelet={{ k8s_version }}-00
+      - kubectl={{ k8s_version }}-00
+      - kubernetes-cni=0.7.5-00
+    update_cache: yes
+  notify: restart kubelet
+
+- name: Add Kubernetes apt preferences file to pin a version.
+  template:
+    src: apt-preferences-kubernetes.j2
+    dest: /etc/apt/preferences.d/kubernetes
+
+- name:
+  template:
+    src: daemon.json
+    dest: /etc/docker/daemon.json
+  notify: restart docker daemon
diff --git a/contrib/ansible/roles/bootstrap/templates/apt-preferences-kubernetes.j2 b/contrib/ansible/roles/bootstrap/templates/apt-preferences-kubernetes.j2
new file mode 100644
index 0000000..7709524
--- /dev/null
+++ b/contrib/ansible/roles/bootstrap/templates/apt-preferences-kubernetes.j2
@@ -0,0 +1,11 @@
+Package: kubectl
+Pin: version {{ k8s_version }}.*
+Pin-Priority: 1000
+
+Package: kubeadm
+Pin: version {{ k8s_version }}.*
+Pin-Priority: 1000
+
+Package: kubelet
+Pin: version {{ k8s_version }}.*
+Pin-Priority: 1000
diff --git a/contrib/ansible/roles/bootstrap/templates/daemon.json b/contrib/ansible/roles/bootstrap/templates/daemon.json
new file mode 100644
index 0000000..5d18abc
--- /dev/null
+++ b/contrib/ansible/roles/bootstrap/templates/daemon.json
@@ -0,0 +1,8 @@
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
diff --git a/contrib/ansible/roles/init-cluster/tasks/main.yml b/contrib/ansible/roles/init-cluster/tasks/main.yml
new file mode 100644
index 0000000..1455383
--- /dev/null
+++ b/contrib/ansible/roles/init-cluster/tasks/main.yml
@@ -0,0 +1,52 @@
+- name: Add Kubeadm config file
+  template:
+    src: kubeadm.conf.j2
+    dest: /etc/kubeadm.conf
+  when: k8s_node_role == 'master'
+
+- name: Init cluster
+  command: kubeadm init --config /etc/kubeadm.conf --upload-certs --ignore-preflight-errors serviceSubnet
+  when: ansible_hostname == k8s_first_master_node
+
+- name: Create kube config directory for root
+  file: path=/root/.kube state=directory
+  when: k8s_node_role == 'master'
+
+- name: Copy Kubernetes admin config to home directory
+  copy:
+    src: "/etc/kubernetes/admin.conf"
+    dest: "/root/.kube/config"
+    remote_src: yes
+  when: and ansible_hostname == k8s_first_master_node
+
+- name: Install Calico CNI 
+  command: kubectl apply -f "https://docs.projectcalico.org/v3.13/manifests/calico.yaml"
+  when:  ansible_hostname == k8s_first_master_node
+
+
+- name: Generate join token
+  command: kubeadm token create --print-join-command
+  register: join_cmd
+  delegate_to: '{{ k8s_first_master_node }}'
+
+# Эта часть не работает
+# Правильная команда выглядит так:
+# kubeadm join 10.129.64.60:6443 --token <token> --discovery-token-ca-cert-hash <ca-cert-hash> --control-plane --certificate-key <key>
+# Предыдущий блок генерит сертификат и токен без указания ключа
+# Надо пофиксить как будет время
+- name: Join rest of master nodes
+  command: "{{ join_cmd.stdout }} --control-plane"
+  when: k8s_node_role == 'master' and ha_enabled and ansible_hostname != k8s_first_master_node
+  ignore_errors: yes
+
+#- name: Copy Kubernetes admin config to home directory
+#  copy:
+#    src: "/etc/kubernetes/admin.conf"
+#    dest: "/root/.kube/config"
+#    remote_src: yes
+#  when: k8s_node_role == 'master'
+
+- name: Join worker nodes
+  command: "{{ join_cmd.stdout }}"
+  when: k8s_node_role == 'worker'
+
diff --git a/contrib/ansible/roles/init-cluster/templates/kubeadm.conf.j2 b/contrib/ansible/roles/init-cluster/templates/kubeadm.conf.j2
new file mode 100644
index 0000000..84e3ddd
--- /dev/null
+++ b/contrib/ansible/roles/init-cluster/templates/kubeadm.conf.j2
@@ -0,0 +1,25 @@
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+cgroupDriver: systemd
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+nodeRegistration:
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+kubernetesVersion:  {{ k8s_version }}
+certificatesDir: /etc/kubernetes/pki
+clusterName: {{ k8s_cluster_name }}
+controlPlaneEndpoint: {{ k8s_controlplane_address }}
+dns:
+  type: CoreDNS
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: k8s.gcr.io
+networking:
+  dnsDomain: {{ k8s_domain }}
+  podSubnet: {{ k8s_pod_network }}
+  serviceSubnet: {{ k8s_service_network }}
+scheduler: {}
diff --git a/contrib/ansible/roles/keepalived/defaults/main.yml b/contrib/ansible/roles/keepalived/defaults/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/contrib/ansible/roles/keepalived/defaults/main.yml
@@ -0,0 +1 @@
+---
diff --git a/contrib/ansible/roles/keepalived/handlers/main.yml b/contrib/ansible/roles/keepalived/handlers/main.yml
new file mode 100644
index 0000000..2ac9fe3
--- /dev/null
+++ b/contrib/ansible/roles/keepalived/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart keepalived
+  service: name=keepalived state=restarted
diff --git a/contrib/ansible/roles/keepalived/tasks/main.yml b/contrib/ansible/roles/keepalived/tasks/main.yml
new file mode 100644
index 0000000..4998ba8
--- /dev/null
+++ b/contrib/ansible/roles/keepalived/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Install keepalived
+  apt:
+    pkg:
+      - keepalived
+    state: latest
+
+- name: Configure keepalived
+  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
+  tags: keepalived
+  notify: restart keepalived
+
+- name: Start keepalived
+  service: name=keepalived state=started
diff --git a/contrib/ansible/roles/keepalived/templates/keepalived.conf.j2 b/contrib/ansible/roles/keepalived/templates/keepalived.conf.j2
new file mode 100644
index 0000000..dd127ec
--- /dev/null
+++ b/contrib/ansible/roles/keepalived/templates/keepalived.conf.j2
@@ -0,0 +1,31 @@
+ ! Configuration File for keepalived
+global_defs {
+}
+
+{#vrrp_script haproxy-check {
+    script "killall -0 haproxy"
+    interval 2
+    weight 20
+}#}
+
+vrrp_instance VI_1 {
+    state {{ keepalived_role }}
+    interface {{ keepalived_shared_iface }}
+    virtual_router_id {{ keepalived_router_id }}
+    {% if keepalived_role.lower() == "master" %}
+    priority {{ keepalived_priority }}
+    {% else %}
+    priority {{ keepalived_backup_priority }}
+    {% endif %}
+    advert_int 1
+    authentication {
+        auth_type PASS
+        auth_pass {{ keepalived_auth_pass }}
+    }
+    virtual_ipaddress {
+        {{ keepalived_shared_ip }} dev {{ keepalived_shared_iface }} label {{ keepalived_shared_iface }}:0
+    }
+{#    track_script {
+        haproxy-check weight 20
+    }#}
+}
diff --git a/contrib/k8s-seed.txt b/contrib/k8s-seed.txt
index 634c058..f5f4b21 100644
--- a/contrib/k8s-seed.txt
+++ b/contrib/k8s-seed.txt
@@ -64,7 +64,7 @@ tasksel tasksel/first multiselect none, ssh-server, standard
 # Individual additional packages to install
 d-i pkgsel/include string \
        apt-transport-https gnupg2 ca-certificates curl \
-       iptables linux-headers-amd64 git
+       iptables linux-headers-amd64 git ansible
 
 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
@@ -93,8 +93,7 @@ d-i preseed/late_command string in-target /bin/sh -c " \
        echo 'deb [arch=amd64] https://download.docker.com/linux/debian/ stretch stable' >/etc/apt/sources.list.d/docker.list ; \
        apt-get update ; \
        apt-get install -y \
-          docker-ce docker-ce-cli containerd.io \
-          kubelet kubeadm kubectl ; \
+          docker-ce docker-ce-cli containerd.io ; \
        apt-get clean ; \
        systemctl enable serial-getty@ttyS0.service ; \
        systemctl enable docker.service  \