Import Ansible playbook for bootstrap k8s cluster

2020-07-31 03:39:43 +02:00 · 2020-07-31 03:39:43 +02:00 · a6706498b6
commit a6706498b6
parent 5068274017
17 changed files with 230 additions and 3 deletions
--- a/contrib/ansible/bootstrap-node.yml
+++ b/contrib/ansible/bootstrap-node.yml
@ -0,0 +1,6 @@
+---
+- name: bootstrap playbook for any k8s machine
+  hosts: k8s
+  become: yes
+  roles:
+    - bootstrap
--- a/contrib/ansible/group_vars/all/main.yml
+++ b/contrib/ansible/group_vars/all/main.yml
@ -0,0 +1,12 @@
+k8s_version: '1.17.5'
+k8s_first_master_node: 'k8s-demo'
+k8s_domain: coins.k8s.demo.ix.gs
+k8s_pod_network: '192.168.0.0/16'
+k8s_service_network: '10.254.0.0/24'
+k8s_controlplane_vip: '10.129.0.194'
+k8s_controlplane_address: '{{ k8s_controlplane_vip }}:6443'
+k8s_cluster_name: k8s-demo
+
+cloud_provider: baremetal
+ha_enabled: false
+
--- a/contrib/ansible/host_vars/k8s-demo.yml
+++ b/contrib/ansible/host_vars/k8s-demo.yml
@ -0,0 +1 @@
+k8s_node_role: 'master'
--- a/contrib/ansible/init-cluster.yml
+++ b/contrib/ansible/init-cluster.yml
@ -0,0 +1,7 @@
+---
+- name: Init k8s cluster
+  hosts: '{{ host }}'
+  become: yes
+  max_fail_percentage: 0
+  roles:
+    - init-cluster
--- a/contrib/ansible/keepalived.yml
+++ b/contrib/ansible/keepalived.yml
@ -0,0 +1,6 @@
+---
+- name: bootstrap playbook for any k8s machine
+  hosts: k8s-masters
+  become: yes
+  roles:
+    - keepalived
--- a/contrib/ansible/roles/bootstrap/defaults/main.yml
+++ b/contrib/ansible/roles/bootstrap/defaults/main.yml
@ -0,0 +1,6 @@
+kubernetes_apt_release_channel: main
+# Note that xenial repo is used for all Debian derivatives at this time.
+kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
+## Calico config files
+kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.10/manifests/calico.yaml
+
--- a/contrib/ansible/roles/bootstrap/handlers/main.yml
+++ b/contrib/ansible/roles/bootstrap/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: restart kubelet
+  service: name=kubelet state=restarted
+
+- name: restart docker daemon
+  service: name=docker state=restarted
--- a/contrib/ansible/roles/bootstrap/tasks/main.yml
+++ b/contrib/ansible/roles/bootstrap/tasks/main.yml
@ -0,0 +1,39 @@
+---
+- name: Ensure dependencies are installed.
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+    state: present
+
+- name: Add Kubernetes apt key.
+  apt_key:
+    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+    state: present
+
+- name: Add Kubernetes repository.
+  apt_repository:
+    repo: "{{ kubernetes_apt_repository }}"
+    state: present
+    update_cache: true
+
+- name: Install kubeadm kubelet kubectl
+  apt:
+    pkg:
+      - kubeadm={{ k8s_version }}-00
+      - kubelet={{ k8s_version }}-00
+      - kubectl={{ k8s_version }}-00
+      - kubernetes-cni=0.7.5-00
+    update_cache: yes
+  notify: restart kubelet
+
+- name: Add Kubernetes apt preferences file to pin a version.
+  template:
+    src: apt-preferences-kubernetes.j2
+    dest: /etc/apt/preferences.d/kubernetes
+
+- name:
+  template:
+    src: daemon.json
+    dest: /etc/docker/daemon.json
+  notify: restart docker daemon
--- a/contrib/ansible/roles/bootstrap/templates/apt-preferences-kubernetes.j2
+++ b/contrib/ansible/roles/bootstrap/templates/apt-preferences-kubernetes.j2
@ -0,0 +1,11 @@
+Package: kubectl
+Pin: version {{ k8s_version }}.*
+Pin-Priority: 1000
+
+Package: kubeadm
+Pin: version {{ k8s_version }}.*
+Pin-Priority: 1000
+
+Package: kubelet
+Pin: version {{ k8s_version }}.*
+Pin-Priority: 1000
--- a/contrib/ansible/roles/bootstrap/templates/daemon.json
+++ b/contrib/ansible/roles/bootstrap/templates/daemon.json
@ -0,0 +1,8 @@
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
--- a/contrib/ansible/roles/init-cluster/tasks/main.yml
+++ b/contrib/ansible/roles/init-cluster/tasks/main.yml
@ -0,0 +1,52 @@
+- name: Add Kubeadm config file
+  template:
+    src: kubeadm.conf.j2
+    dest: /etc/kubeadm.conf
+  when: k8s_node_role == 'master'
+
+- name: Init cluster
+  command: kubeadm init --config /etc/kubeadm.conf --upload-certs --ignore-preflight-errors serviceSubnet
+  when: ansible_hostname == k8s_first_master_node
+
+- name: Create kube config directory for root
+  file: path=/root/.kube state=directory
+  when: k8s_node_role == 'master'
+
+- name: Copy Kubernetes admin config to home directory
+  copy:
+    src: "/etc/kubernetes/admin.conf"
+    dest: "/root/.kube/config"
+    remote_src: yes
+  when: and ansible_hostname == k8s_first_master_node
+
+- name: Install Calico CNI 
+  command: kubectl apply -f "https://docs.projectcalico.org/v3.13/manifests/calico.yaml"
+  when:  ansible_hostname == k8s_first_master_node
+
+
+- name: Generate join token
+  command: kubeadm token create --print-join-command
+  register: join_cmd
+  delegate_to: '{{ k8s_first_master_node }}'
+
+# Эта часть не работает
+# Правильная команда выглядит так:
+# kubeadm join 10.129.64.60:6443 --token <token> --discovery-token-ca-cert-hash <ca-cert-hash> --control-plane --certificate-key <key>
+# Предыдущий блок генерит сертификат и токен без указания ключа
+# Надо пофиксить как будет время
+- name: Join rest of master nodes
+  command: "{{ join_cmd.stdout }} --control-plane"
+  when: k8s_node_role == 'master' and ha_enabled and ansible_hostname != k8s_first_master_node
+  ignore_errors: yes
+
+#- name: Copy Kubernetes admin config to home directory
+#  copy:
+#    src: "/etc/kubernetes/admin.conf"
+#    dest: "/root/.kube/config"
+#    remote_src: yes
+#  when: k8s_node_role == 'master'
+
+- name: Join worker nodes
+  command: "{{ join_cmd.stdout }}"
+  when: k8s_node_role == 'worker'
+
--- a/contrib/ansible/roles/init-cluster/templates/kubeadm.conf.j2
+++ b/contrib/ansible/roles/init-cluster/templates/kubeadm.conf.j2
@ -0,0 +1,25 @@
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+cgroupDriver: systemd
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+nodeRegistration:
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+kubernetesVersion:  {{ k8s_version }}
+certificatesDir: /etc/kubernetes/pki
+clusterName: {{ k8s_cluster_name }}
+controlPlaneEndpoint: {{ k8s_controlplane_address }}
+dns:
+  type: CoreDNS
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: k8s.gcr.io
+networking:
+  dnsDomain: {{ k8s_domain }}
+  podSubnet: {{ k8s_pod_network }}
+  serviceSubnet: {{ k8s_service_network }}
+scheduler: {}
--- a/contrib/ansible/roles/keepalived/defaults/main.yml
+++ b/contrib/ansible/roles/keepalived/defaults/main.yml
@ -0,0 +1 @@
+---
--- a/contrib/ansible/roles/keepalived/handlers/main.yml
+++ b/contrib/ansible/roles/keepalived/handlers/main.yml
@ -0,0 +1,3 @@
+---
+- name: restart keepalived
+  service: name=keepalived state=restarted
--- a/contrib/ansible/roles/keepalived/tasks/main.yml
+++ b/contrib/ansible/roles/keepalived/tasks/main.yml
@ -0,0 +1,14 @@
+---
+- name: Install keepalived
+  apt:
+    pkg:
+      - keepalived
+    state: latest
+
+- name: Configure keepalived
+  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
+  tags: keepalived
+  notify: restart keepalived
+
+- name: Start keepalived
+  service: name=keepalived state=started
--- a/contrib/ansible/roles/keepalived/templates/keepalived.conf.j2
+++ b/contrib/ansible/roles/keepalived/templates/keepalived.conf.j2
@ -0,0 +1,31 @@
+ ! Configuration File for keepalived
+global_defs {
+}
+
+{#vrrp_script haproxy-check {
+    script "killall -0 haproxy"
+    interval 2
+    weight 20
+}#}
+
+vrrp_instance VI_1 {
+    state {{ keepalived_role }}
+    interface {{ keepalived_shared_iface }}
+    virtual_router_id {{ keepalived_router_id }}
+    {% if keepalived_role.lower() == "master" %}
+    priority {{ keepalived_priority }}
+    {% else %}
+    priority {{ keepalived_backup_priority }}
+    {% endif %}
+    advert_int 1
+    authentication {
+        auth_type PASS
+        auth_pass {{ keepalived_auth_pass }}
+    }
+    virtual_ipaddress {
+        {{ keepalived_shared_ip }} dev {{ keepalived_shared_iface }} label {{ keepalived_shared_iface }}:0
+    }
+{#    track_script {
+        haproxy-check weight 20
+    }#}
+}
--- a/contrib/k8s-seed.txt
+++ b/contrib/k8s-seed.txt
@ -64,7 +64,7 @@ tasksel tasksel/first multiselect none, ssh-server, standard
 # Individual additional packages to install
 d-i pkgsel/include string \
       apt-transport-https gnupg2 ca-certificates curl \
-       iptables linux-headers-amd64 git
+       iptables linux-headers-amd64 git ansible

 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
@ -93,8 +93,7 @@ d-i preseed/late_command string in-target /bin/sh -c " \
       echo 'deb [arch=amd64] https://download.docker.com/linux/debian/ stretch stable' >/etc/apt/sources.list.d/docker.list ; \
       apt-get update ; \
       apt-get install -y \
-          docker-ce docker-ce-cli containerd.io \
-          kubelet kubeadm kubectl ; \
+          docker-ce docker-ce-cli containerd.io ; \
       apt-get clean ; \
       systemctl enable serial-getty@ttyS0.service ; \
       systemctl enable docker.service  \