mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-10 07:58:34 +01:00
wip: kube2 kubernetes
This commit is contained in:
155
roles/kubernetes-base/tasks/cluster_setup.yaml
Normal file
155
roles/kubernetes-base/tasks/cluster_setup.yaml
Normal file
@@ -0,0 +1,155 @@
|
||||
- name: include services ports
|
||||
include_vars: kubernetes.yaml
|
||||
|
||||
- name: Configure K8S Master Block
|
||||
block:
|
||||
- name: Initialise the Kubernetes cluster using kubeadm
|
||||
become: true
|
||||
command: kubeadm init --apiserver-advertise-address={{ ansible_default_ipv4.address }} --pod-network-cidr={{ k8s_pod_network }}
|
||||
args:
|
||||
creates: "{{ k8s_admin_config }}"
|
||||
|
||||
- name: Wait for apiserver to become ready
|
||||
wait_for:
|
||||
port: 6443
|
||||
sleep: 10
|
||||
|
||||
- name: Setup kubeconfig for {{ k8s_user }} user
|
||||
file:
|
||||
path: "{{ k8s_user_home }}/.kube"
|
||||
state: directory
|
||||
owner: "{{ k8s_user }}"
|
||||
group: "{{ k8s_user }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Copy {{ k8s_admin_config }}
|
||||
become: true
|
||||
copy:
|
||||
src: "{{ k8s_admin_config }}"
|
||||
dest: "{{ k8s_user_home }}/.kube/config"
|
||||
owner: "{{ k8s_user }}"
|
||||
group: "{{ k8s_user }}"
|
||||
mode: "0640"
|
||||
remote_src: yes
|
||||
|
||||
# - name: Copy {{ calico_rbac_config }}
|
||||
# copy:
|
||||
# src: "{{ calico_rbac_config }}"
|
||||
# dest: "{{ k8s_user_home }}/{{ calico_rbac_config }}"
|
||||
# owner: "{{ k8s_user }}"
|
||||
# group: "{{ k8s_user }}"
|
||||
# mode: "0640"
|
||||
#
|
||||
# - name: Copy {{ calico_net_url }}
|
||||
# copy:
|
||||
# src: "{{ calico_net_config }}"
|
||||
# dest: "{{ k8s_user_home }}/{{ calico_net_config }}"
|
||||
# owner: "{{ k8s_user }}"
|
||||
# group: "{{ k8s_user }}"
|
||||
# mode: "0640"
|
||||
#
|
||||
# - name: Set CALICO_IPV4POOL_CIDR to {{ k8s_pod_network }}
|
||||
# replace:
|
||||
# path: "{{ k8s_user_home }}/{{ calico_net_config }}"
|
||||
# regexp: "192.168.0.0/16"
|
||||
# replace: "{{ k8s_pod_network }}"
|
||||
|
||||
- name: Download Dashboard
|
||||
get_url:
|
||||
url: "{{ dashboard_url }}"
|
||||
dest: "{{ k8s_user_home }}/{{ dashboard_config }}"
|
||||
owner: "{{ k8s_user }}"
|
||||
group: "{{ k8s_user }}"
|
||||
mode: "0640"
|
||||
|
||||
# - name: Install calico pod network {{ calico_rbac_config }}
|
||||
# remote_user: false
|
||||
# remote_user: "{{ k8s_user }}"
|
||||
# command: kubectl apply -f "{{ k8s_user_home }}/{{ calico_rbac_config }}"
|
||||
#
|
||||
# - name: Install calico pod network {{ calico_net_config }}
|
||||
# become: false
|
||||
# remote_user: "{{ k8s_user }}"
|
||||
# command: kubectl apply -f "{{ k8s_user_home }}/{{ calico_net_config }}"
|
||||
|
||||
- name: Install K8S dashboard {{ dashboard_config }}
|
||||
become: false
|
||||
remote_user: "{{ k8s_user }}"
|
||||
command: kubectl apply -f "{{ k8s_user_home }}/{{ dashboard_config }}"
|
||||
|
||||
- name: Create service account
|
||||
become: false
|
||||
remote_user: "{{ k8s_user }}"
|
||||
command: kubectl create serviceaccount dashboard -n default
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Create cluster role binding dashboard-admin
|
||||
remote_user: "{{ k8s_user }}"
|
||||
become: false
|
||||
command: kubectl create clusterrolebinding dashboard-admin -n default --clusterrole=cluster-admin --serviceaccount=default:dashboard
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Create {{ k8s_dashboard_adminuser_config }} for service account
|
||||
copy:
|
||||
src: "files/{{ k8s_dashboard_adminuser_config }}"
|
||||
dest: "{{ k8s_user_home }}/{{ k8s_dashboard_adminuser_config }}"
|
||||
owner: "{{ k8s_user }}"
|
||||
group: "{{ k8s_user }}"
|
||||
mode: "0640"
|
||||
|
||||
- name: Create service account
|
||||
become: false
|
||||
remote_user: "{{ k8s_user }}"
|
||||
command: kubectl apply -f "{{ k8s_user_home }}/{{ k8s_dashboard_adminuser_config }}"
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Create cluster role binding cluster-system-anonymous
|
||||
become: false
|
||||
remote_user: "{{ k8s_user }}"
|
||||
command: kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Test K8S dashboard and wait for HTTP 200
|
||||
uri:
|
||||
url: "{{ k8s_dashboard_url }}"
|
||||
status_code: 200
|
||||
validate_certs: no
|
||||
ignore_errors: yes
|
||||
register: result_k8s_dashboard_page
|
||||
retries: 10
|
||||
delay: 6
|
||||
until: result_k8s_dashboard_page is succeeded
|
||||
|
||||
- name: K8S dashboard URL
|
||||
debug:
|
||||
var: k8s_dashboard_url
|
||||
|
||||
- name: Generate join command
|
||||
command: kubeadm token create --print-join-command
|
||||
register: join_command
|
||||
|
||||
- name: Copy join command to local file
|
||||
become: false
|
||||
remote_user: "{{ k8s_user }}"
|
||||
copy:
|
||||
content: "{{ join_command.stdout_lines[0] }}"
|
||||
dest: "{{ k8s_token_file }}"
|
||||
delegate_to: localhost
|
||||
when: is_k8s_master is defined and is_k8s_master
|
||||
|
||||
- name: Configure K8S Node Block
|
||||
block:
|
||||
- name: Copy {{ k8s_token_file }} to server location
|
||||
copy:
|
||||
src: "{{ k8s_token_file }}"
|
||||
dest: "{{ k8s_user_home }}/{{ k8s_token_file }}.sh"
|
||||
owner: "{{ k8s_user }}"
|
||||
group: "{{ k8s_user }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Join the node to cluster unless file {{ k8s_kubelet_config }} exists
|
||||
become: true
|
||||
command: sh "{{ k8s_user_home }}/{{ k8s_token_file }}.sh"
|
||||
args:
|
||||
creates: "{{ k8s_kubelet_config }}"
|
||||
when: is_k8s_node is defined and is_k8s_node
|
||||
53
roles/kubernetes-base/tasks/main.yaml
Normal file
53
roles/kubernetes-base/tasks/main.yaml
Normal file
@@ -0,0 +1,53 @@
|
||||
- name: Debian | Add GPG Keys
|
||||
apt_key:
|
||||
url: "https://download.docker.com/linux/debian/gpg"
|
||||
|
||||
- name: Debian | Add Repo Source
|
||||
apt_repository:
|
||||
repo: "deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable"
|
||||
update_cache: yes
|
||||
|
||||
- name: Debian | Configure Sysctl
|
||||
sysctl:
|
||||
name: "net.ipv4.ip_forward"
|
||||
value: "1"
|
||||
state: present
|
||||
|
||||
- name: Install Docker prerequisites
|
||||
apt:
|
||||
state: present
|
||||
pkg:
|
||||
- docker-ce
|
||||
- gpg
|
||||
|
||||
- name: Fix CRI Plugin containerd config
|
||||
copy:
|
||||
src: containerd.toml
|
||||
dest: /etc/containerd/containerd.toml
|
||||
mode: 0644
|
||||
notify: restart docker
|
||||
|
||||
- name: Debian | Add GPG Key
|
||||
apt_key:
|
||||
url: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
|
||||
|
||||
- name: Debian | Add Kubernetes Repository
|
||||
apt_repository:
|
||||
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
|
||||
update_cache: yes
|
||||
|
||||
- name: Debian | Install Dependencies
|
||||
apt:
|
||||
pkg:
|
||||
- kubernetes-cni
|
||||
- kubelet
|
||||
state: present
|
||||
|
||||
- name: Debian | Install Kubernetes
|
||||
apt:
|
||||
pkg:
|
||||
- kubeadm
|
||||
- kubectl
|
||||
state: present
|
||||
|
||||
- include: cluster_setup.yaml
|
||||
Reference in New Issue
Block a user