From c9e0cbea4ee8fd734e8508ef336816a3d2d51fae Mon Sep 17 00:00:00 2001 From: chris Date: Fri, 24 May 2019 13:37:13 +0200 Subject: [PATCH] init cluster --- setup/README.md | 10 ++++++++- setup/setup.yml | 58 +++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 56 insertions(+), 12 deletions(-) diff --git a/setup/README.md b/setup/README.md index 85575f7..71fe354 100644 --- a/setup/README.md +++ b/setup/README.md @@ -1,6 +1,12 @@ +# Setup up k8s cluster + +currently only supports single master, stacked etcd cluster with three to six worker nodes. + +run: + * adapt IPs in inventory.yaml -* add host keys `./trust-hosts.sh` +* add host keys to your ssh config `./trust-hosts.sh` * change wg encryption keys in host\_vars: `./generate-keys.sh` * requires wireguard-tools, yq @@ -8,3 +14,5 @@ * run play for the first time `ansible-playbook -i inventory.yaml -u root -t initial setup.yaml` - this will upgrade all packages and reboot the system * run play again, without the tag + +now you have an empty cluster with canal networking plugin diff --git a/setup/setup.yml b/setup/setup.yml index 683a9a9..75cbd4e 100644 --- a/setup/setup.yml +++ b/setup/setup.yml @@ -14,7 +14,7 @@ tags: ['initial', 'never'] - name: install deps apt: - name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common'] + name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'linux-headers-amd64'] state: present - name: import docker gpg key apt_key: @@ -29,6 +29,11 @@ update_cache: yes name: ['docker-ce', 'python-pip', 'python-setuptools'] state: present + - name: configure docker + template: + src: templates/daemon.json + dest: /etc/docker/daemon.json + notify: restart docker - name: enable & start docker systemd: name: docker @@ -51,10 +56,6 @@ update_cache: yes name: wireguard state: present - #- name: generate wireguard keys - # shell: wg genkey | tee wg-private.key | wg pubkey > wg-public.key - # args: - # creates: wg-private.key - name: configure wireguard interface template: src: templates/wireguard.cfg @@ -79,12 +80,6 @@ update_cache: yes name: ["kubelet", "kubeadm", "kubectl"] state: present - #- name: init kubeadm - # command: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log - # args: - # creates: kubeadm.log - #kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml - #kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml - name: restart system command: reboot tags: ['initial', 'never'] @@ -97,6 +92,10 @@ state: absent - name: restart wireguard shell: ifdown wg-k8s; ifup wg-k8s + - name: restart docker + service: + name: docker + state: restarted - hosts: master tasks: @@ -120,3 +119,40 @@ service: name: haproxy state: restarted + +- hosts: cluster-master01 + tasks: + - name: init kubeadm + shell: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log + args: + creates: kubeadm.log + - name: fetch kubeadm.log from master + fetch: + src: kubeadm.log + dest: kubeadm-{{ inventory_hostname }}.log + flat: yes + - name: configure kubectl + shell: mkdir .kube; cp /etc/kubernetes/admin.conf $HOME/.kube/config + args: + creates: .kube/config + - name: setup networking + shell: kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml > canal.log && kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml >> canal.log + args: + creates: canal.log + +- hosts: worker + tasks: + - name: fetch join command + command: tail -2 kubeadm-cluster-master01.log + register: joincommand + delegate_to: localhost + + - name: join cluster + shell: "{{ joincommand.stdout }} > kubeadm.log" + args: + creates: kubeadm.log + - name: fetch kubeadm.log + fetch: + src: kubeadm.log + dest: kubeadm-{{ inventory_hostname }}.log + flat: yes