wip: kube2 kubernetes

2025-12-10 08:48:33 +01:00 · 2024-02-22 14:08:39 +00:00
parent 37d2b0f8a5
commit dc99966881
12 changed files with 886 additions and 8 deletions
--- a/roles/kubernetes-base/tasks/cluster_setup.yaml
+++ b/roles/kubernetes-base/tasks/cluster_setup.yaml
@@ -0,0 +1,155 @@
+- name: include services ports
+  include_vars: kubernetes.yaml
+
+- name: Configure K8S Master Block
+  block:
+  - name: Initialise the Kubernetes cluster using kubeadm
+    become: true
+    command: kubeadm init --apiserver-advertise-address={{ ansible_default_ipv4.address }} --pod-network-cidr={{ k8s_pod_network }}
+    args:
+      creates: "{{ k8s_admin_config }}"
+
+  - name: Wait for apiserver to become ready
+    wait_for:
+      port: 6443
+      sleep: 10
+
+  - name: Setup kubeconfig for {{ k8s_user }} user
+    file:
+      path: "{{ k8s_user_home }}/.kube"
+      state: directory
+      owner: "{{ k8s_user }}"
+      group: "{{ k8s_user }}"
+      mode: "0750"
+  
+  - name: Copy {{ k8s_admin_config }}
+    become: true
+    copy:
+      src: "{{ k8s_admin_config }}"
+      dest: "{{ k8s_user_home }}/.kube/config"
+      owner: "{{ k8s_user }}"
+      group: "{{ k8s_user }}"
+      mode: "0640"
+      remote_src: yes
+  
+              #  - name: Copy {{ calico_rbac_config }}
+              #    copy:
+              #      src: "{{ calico_rbac_config }}"
+              #      dest: "{{ k8s_user_home }}/{{ calico_rbac_config }}"
+              #      owner: "{{ k8s_user }}"
+              #      group: "{{ k8s_user }}"
+              #      mode: "0640"
+              #  
+              #  - name: Copy {{ calico_net_url }}
+              #    copy:
+              #      src: "{{ calico_net_config }}"
+              #      dest: "{{ k8s_user_home }}/{{ calico_net_config }}"
+              #      owner: "{{ k8s_user }}"
+              #      group: "{{ k8s_user }}"
+              #      mode: "0640"     
+              #
+              #  - name: Set CALICO_IPV4POOL_CIDR to {{ k8s_pod_network }}
+              #    replace:
+              #      path: "{{ k8s_user_home }}/{{ calico_net_config }}"
+              #      regexp: "192.168.0.0/16"
+              #      replace: "{{ k8s_pod_network }}"
+  
+  - name: Download Dashboard
+    get_url:
+      url: "{{ dashboard_url }}"
+      dest: "{{ k8s_user_home }}/{{ dashboard_config }}"
+      owner: "{{ k8s_user }}"
+      group: "{{ k8s_user }}"
+      mode: "0640"     
+  
+              #  - name: Install calico pod network {{ calico_rbac_config }}
+              #    remote_user: false
+              #    remote_user: "{{ k8s_user }}"
+              #    command: kubectl apply -f "{{ k8s_user_home }}/{{ calico_rbac_config }}"
+              #  
+              #  - name: Install calico pod network {{ calico_net_config }}
+              #    become: false
+              #    remote_user: "{{ k8s_user }}"
+              #    command: kubectl apply -f "{{ k8s_user_home }}/{{ calico_net_config }}"
+  
+  - name: Install K8S dashboard {{ dashboard_config }}
+    become: false
+    remote_user: "{{ k8s_user }}"
+    command: kubectl apply -f "{{ k8s_user_home }}/{{ dashboard_config }}"
+  
+  - name: Create service account
+    become: false
+    remote_user: "{{ k8s_user }}"
+    command: kubectl create serviceaccount dashboard -n default
+    ignore_errors: yes
+  
+  - name: Create cluster role binding dashboard-admin
+    remote_user: "{{ k8s_user }}"
+    become: false
+    command: kubectl create clusterrolebinding dashboard-admin -n default --clusterrole=cluster-admin --serviceaccount=default:dashboard
+    ignore_errors: yes
+  
+  - name: Create {{ k8s_dashboard_adminuser_config }} for service account
+    copy:
+      src: "files/{{ k8s_dashboard_adminuser_config }}"
+      dest: "{{ k8s_user_home }}/{{ k8s_dashboard_adminuser_config }}"
+      owner: "{{ k8s_user }}"
+      group: "{{ k8s_user }}"
+      mode: "0640"
+  
+  - name: Create service account
+    become: false
+    remote_user: "{{ k8s_user }}"
+    command: kubectl apply -f "{{ k8s_user_home }}/{{ k8s_dashboard_adminuser_config }}"
+    ignore_errors: yes
+  
+  - name: Create cluster role binding cluster-system-anonymous
+    become: false
+    remote_user: "{{ k8s_user }}"
+    command: kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
+    ignore_errors: yes
+  
+  - name: Test K8S dashboard and wait for HTTP 200
+    uri:
+      url: "{{ k8s_dashboard_url }}"
+      status_code: 200
+      validate_certs: no
+    ignore_errors: yes
+    register: result_k8s_dashboard_page
+    retries: 10
+    delay: 6
+    until: result_k8s_dashboard_page is succeeded
+
+  - name: K8S dashboard URL
+    debug:
+      var: k8s_dashboard_url
+  
+  - name: Generate join command
+    command: kubeadm token create --print-join-command
+    register: join_command
+  
+  - name: Copy join command to local file
+    become: false
+    remote_user: "{{ k8s_user }}"
+    copy:
+        content: "{{ join_command.stdout_lines[0] }}"
+        dest: "{{ k8s_token_file }}"
+    delegate_to: localhost
+  when: is_k8s_master is defined and is_k8s_master
+
+- name: Configure K8S Node Block
+  block:
+  - name: Copy {{ k8s_token_file }} to server location
+    copy: 
+      src: "{{ k8s_token_file }}"
+      dest: "{{ k8s_user_home }}/{{ k8s_token_file }}.sh"
+      owner: "{{ k8s_user }}"
+      group: "{{ k8s_user }}"
+      mode: "0750"
+
+  - name: Join the node to cluster unless file {{ k8s_kubelet_config }} exists
+    become: true
+    command: sh "{{ k8s_user_home }}/{{ k8s_token_file }}.sh"
+    args:
+      creates: "{{ k8s_kubelet_config }}"
+  when: is_k8s_node is defined and is_k8s_node