init cluster
This commit is contained in:
parent
f4d635c335
commit
c9e0cbea4e
2 changed files with 56 additions and 12 deletions
|
@ -1,6 +1,12 @@
|
||||||
|
# Setup up k8s cluster
|
||||||
|
|
||||||
|
currently only supports single master, stacked etcd cluster with three to six worker nodes.
|
||||||
|
|
||||||
|
run:
|
||||||
|
|
||||||
* adapt IPs in inventory.yaml
|
* adapt IPs in inventory.yaml
|
||||||
|
|
||||||
* add host keys `./trust-hosts.sh`
|
* add host keys to your ssh config `./trust-hosts.sh`
|
||||||
|
|
||||||
* change wg encryption keys in host\_vars: `./generate-keys.sh`
|
* change wg encryption keys in host\_vars: `./generate-keys.sh`
|
||||||
* requires wireguard-tools, yq
|
* requires wireguard-tools, yq
|
||||||
|
@ -8,3 +14,5 @@
|
||||||
* run play for the first time `ansible-playbook -i inventory.yaml -u root -t initial setup.yaml` - this will upgrade all packages and reboot the system
|
* run play for the first time `ansible-playbook -i inventory.yaml -u root -t initial setup.yaml` - this will upgrade all packages and reboot the system
|
||||||
|
|
||||||
* run play again, without the tag
|
* run play again, without the tag
|
||||||
|
|
||||||
|
now you have an empty cluster with canal networking plugin
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
tags: ['initial', 'never']
|
tags: ['initial', 'never']
|
||||||
- name: install deps
|
- name: install deps
|
||||||
apt:
|
apt:
|
||||||
name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common']
|
name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common', 'linux-headers-amd64']
|
||||||
state: present
|
state: present
|
||||||
- name: import docker gpg key
|
- name: import docker gpg key
|
||||||
apt_key:
|
apt_key:
|
||||||
|
@ -29,6 +29,11 @@
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
name: ['docker-ce', 'python-pip', 'python-setuptools']
|
name: ['docker-ce', 'python-pip', 'python-setuptools']
|
||||||
state: present
|
state: present
|
||||||
|
- name: configure docker
|
||||||
|
template:
|
||||||
|
src: templates/daemon.json
|
||||||
|
dest: /etc/docker/daemon.json
|
||||||
|
notify: restart docker
|
||||||
- name: enable & start docker
|
- name: enable & start docker
|
||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: docker
|
||||||
|
@ -51,10 +56,6 @@
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
name: wireguard
|
name: wireguard
|
||||||
state: present
|
state: present
|
||||||
#- name: generate wireguard keys
|
|
||||||
# shell: wg genkey | tee wg-private.key | wg pubkey > wg-public.key
|
|
||||||
# args:
|
|
||||||
# creates: wg-private.key
|
|
||||||
- name: configure wireguard interface
|
- name: configure wireguard interface
|
||||||
template:
|
template:
|
||||||
src: templates/wireguard.cfg
|
src: templates/wireguard.cfg
|
||||||
|
@ -79,12 +80,6 @@
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
name: ["kubelet", "kubeadm", "kubectl"]
|
name: ["kubelet", "kubeadm", "kubectl"]
|
||||||
state: present
|
state: present
|
||||||
#- name: init kubeadm
|
|
||||||
# command: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log
|
|
||||||
# args:
|
|
||||||
# creates: kubeadm.log
|
|
||||||
#kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml
|
|
||||||
#kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml
|
|
||||||
- name: restart system
|
- name: restart system
|
||||||
command: reboot
|
command: reboot
|
||||||
tags: ['initial', 'never']
|
tags: ['initial', 'never']
|
||||||
|
@ -97,6 +92,10 @@
|
||||||
state: absent
|
state: absent
|
||||||
- name: restart wireguard
|
- name: restart wireguard
|
||||||
shell: ifdown wg-k8s; ifup wg-k8s
|
shell: ifdown wg-k8s; ifup wg-k8s
|
||||||
|
- name: restart docker
|
||||||
|
service:
|
||||||
|
name: docker
|
||||||
|
state: restarted
|
||||||
|
|
||||||
- hosts: master
|
- hosts: master
|
||||||
tasks:
|
tasks:
|
||||||
|
@ -120,3 +119,40 @@
|
||||||
service:
|
service:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- hosts: cluster-master01
|
||||||
|
tasks:
|
||||||
|
- name: init kubeadm
|
||||||
|
shell: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log
|
||||||
|
args:
|
||||||
|
creates: kubeadm.log
|
||||||
|
- name: fetch kubeadm.log from master
|
||||||
|
fetch:
|
||||||
|
src: kubeadm.log
|
||||||
|
dest: kubeadm-{{ inventory_hostname }}.log
|
||||||
|
flat: yes
|
||||||
|
- name: configure kubectl
|
||||||
|
shell: mkdir .kube; cp /etc/kubernetes/admin.conf $HOME/.kube/config
|
||||||
|
args:
|
||||||
|
creates: .kube/config
|
||||||
|
- name: setup networking
|
||||||
|
shell: kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml > canal.log && kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml >> canal.log
|
||||||
|
args:
|
||||||
|
creates: canal.log
|
||||||
|
|
||||||
|
- hosts: worker
|
||||||
|
tasks:
|
||||||
|
- name: fetch join command
|
||||||
|
command: tail -2 kubeadm-cluster-master01.log
|
||||||
|
register: joincommand
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: join cluster
|
||||||
|
shell: "{{ joincommand.stdout }} > kubeadm.log"
|
||||||
|
args:
|
||||||
|
creates: kubeadm.log
|
||||||
|
- name: fetch kubeadm.log
|
||||||
|
fetch:
|
||||||
|
src: kubeadm.log
|
||||||
|
dest: kubeadm-{{ inventory_hostname }}.log
|
||||||
|
flat: yes
|
||||||
|
|
Loading…
Reference in a new issue