init cluster

This commit is contained in:
chris 2019-05-24 13:37:13 +02:00
parent f4d635c335
commit c9e0cbea4e
2 changed files with 56 additions and 12 deletions

View file

@ -1,6 +1,12 @@
# Setup up k8s cluster
currently only supports single master, stacked etcd cluster with three to six worker nodes.
run:
* adapt IPs in inventory.yaml
* add host keys `./trust-hosts.sh`
* add host keys to your ssh config `./trust-hosts.sh`
* change wg encryption keys in host\_vars: `./generate-keys.sh`
* requires wireguard-tools, yq
@ -8,3 +14,5 @@
* run play for the first time `ansible-playbook -i inventory.yaml -u root -t initial setup.yaml` - this will upgrade all packages and reboot the system
* run play again, without the tag
now you have an empty cluster with canal networking plugin

View file

@ -14,7 +14,7 @@
tags: ['initial', 'never']
- name: install deps
apt:
name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common']
name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'linux-headers-amd64']
state: present
- name: import docker gpg key
apt_key:
@ -29,6 +29,11 @@
update_cache: yes
name: ['docker-ce', 'python-pip', 'python-setuptools']
state: present
- name: configure docker
template:
src: templates/daemon.json
dest: /etc/docker/daemon.json
notify: restart docker
- name: enable & start docker
systemd:
name: docker
@ -51,10 +56,6 @@
update_cache: yes
name: wireguard
state: present
#- name: generate wireguard keys
# shell: wg genkey | tee wg-private.key | wg pubkey > wg-public.key
# args:
# creates: wg-private.key
- name: configure wireguard interface
template:
src: templates/wireguard.cfg
@ -79,12 +80,6 @@
update_cache: yes
name: ["kubelet", "kubeadm", "kubectl"]
state: present
#- name: init kubeadm
# command: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log
# args:
# creates: kubeadm.log
#kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml
#kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml
- name: restart system
command: reboot
tags: ['initial', 'never']
@ -97,6 +92,10 @@
state: absent
- name: restart wireguard
shell: ifdown wg-k8s; ifup wg-k8s
- name: restart docker
service:
name: docker
state: restarted
- hosts: master
tasks:
@ -120,3 +119,40 @@
service:
name: haproxy
state: restarted
- hosts: cluster-master01
tasks:
- name: init kubeadm
shell: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log
args:
creates: kubeadm.log
- name: fetch kubeadm.log from master
fetch:
src: kubeadm.log
dest: kubeadm-{{ inventory_hostname }}.log
flat: yes
- name: configure kubectl
shell: mkdir .kube; cp /etc/kubernetes/admin.conf $HOME/.kube/config
args:
creates: .kube/config
- name: setup networking
shell: kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml > canal.log && kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml >> canal.log
args:
creates: canal.log
- hosts: worker
tasks:
- name: fetch join command
command: tail -2 kubeadm-cluster-master01.log
register: joincommand
delegate_to: localhost
- name: join cluster
shell: "{{ joincommand.stdout }} > kubeadm.log"
args:
creates: kubeadm.log
- name: fetch kubeadm.log
fetch:
src: kubeadm.log
dest: kubeadm-{{ inventory_hostname }}.log
flat: yes