mirror of
https://github.com/ChristianLempa/boilerplates.git
synced 2024-11-22 00:03:16 +01:00
commit
04a33f6a6e
46
ansible/installation/inst-k8s/README.md
Normal file
46
ansible/installation/inst-k8s/README.md
Normal file
@ -0,0 +1,46 @@
|
||||
# Kubernetes (K8s) Installation Script
|
||||
|
||||
- Introduction
|
||||
- Prerequisites
|
||||
- Execution Instructions
|
||||
|
||||
## Introduction
|
||||
|
||||
> The objective of this playbook is to automate the installation and setup of a kubernetes instance. The playbook consist of 3 main plays. For both controller and nodes, for controller only and for nodes only. It will ask user confirmation before moving on to each stage. By the end of the playbook two files will be created on the controller node named **worker_conn_string** and locally inside the playbook directory with the name **Remote_Files/worker_conn_string**. This will have the **connection string**. (Note:- If you want to join controllers or nodes manually later. For controllers use **--control-plane** flag)
|
||||
|
||||
### References
|
||||
|
||||
**Documentation** - https://kubernetes.io/docs/setup/
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Atleast 2 VMs (1 For Control Node and 1 For Worker Node).
|
||||
- Static IPs should be set along with unique host names.
|
||||
- Inventory should be in this format
|
||||
|
||||
```ini
|
||||
[controllers]
|
||||
host_name ansible_ssh_host=<IP> ansible_user='<USERNAME>' ansible_become_pass='<PASSWORD>'
|
||||
|
||||
[nodes]
|
||||
|
||||
[instance:children]
|
||||
controllers
|
||||
nodes
|
||||
```
|
||||
|
||||
(If you want to change this, don't forget to change the `inst-k8s` as well)
|
||||
|
||||
## Execution Instructions
|
||||
|
||||
```bash
|
||||
ansible-playbook -i <INVENTORY> <PLAYBOOK>
|
||||
```
|
||||
|
||||
### Optional Flags
|
||||
|
||||
| Flag | Use Case |
|
||||
|-------|-----------|
|
||||
| --ask-vault-pass | If the vault is encrypted |
|
||||
| --start-at-task | If you want to start from a specific task|
|
||||
| --tags | If you want to only run a specific group of tasks|
|
2
ansible/installation/inst-k8s/ansible.cfg
Normal file
2
ansible/installation/inst-k8s/ansible.cfg
Normal file
@ -0,0 +1,2 @@
|
||||
[defaults]
|
||||
timeout = 25
|
319
ansible/installation/inst-k8s/inst-k8s.yaml
Normal file
319
ansible/installation/inst-k8s/inst-k8s.yaml
Normal file
@ -0,0 +1,319 @@
|
||||
---
|
||||
|
||||
- name: Setup Prerequisites To Install Kubernetes
|
||||
hosts: instance
|
||||
become: true
|
||||
vars:
|
||||
kube_prereq_packages: [curl, ca-certificates, apt-transport-https]
|
||||
kube_packages: [kubeadm, kubectl, kubelet]
|
||||
|
||||
tasks:
|
||||
- name: Test Reacheability
|
||||
ansible.builtin.ping:
|
||||
|
||||
- name: Update Cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
autoclean: true
|
||||
|
||||
- name: 1. Upgrade All the Packages to the latest
|
||||
ansible.builtin.apt:
|
||||
upgrade: "full"
|
||||
|
||||
- name: 2. Install Qemu-Guest-Agent
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- qemu-guest-agent
|
||||
state: present
|
||||
|
||||
- name: 3. Setup a Container Runtime
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- containerd
|
||||
state: present
|
||||
|
||||
- name: 4. Start Containerd If Stopped
|
||||
ansible.builtin.service:
|
||||
name: containerd
|
||||
state: started
|
||||
|
||||
- name: 5. Create Containerd Directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/containerd
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: 6. Check config.toml Exists
|
||||
ansible.builtin.stat:
|
||||
path: /etc/containerd/config.toml
|
||||
register: pre_file_exist_result
|
||||
|
||||
- name: 6.1 Delete config.toml Exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/containerd/config.toml
|
||||
state: absent
|
||||
when: pre_file_exist_result.stat.exists
|
||||
|
||||
- name: 7. Place Default Containerd Config Inside It
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
containerd config default | sudo tee /etc/containerd/config.toml
|
||||
register: output
|
||||
changed_when: output.rc != 0
|
||||
args:
|
||||
executable: /bin/bash
|
||||
tags:
|
||||
- containerd_config
|
||||
|
||||
- name: 7.1 Check If New config.toml Exists Now
|
||||
ansible.builtin.stat:
|
||||
path: /etc/containerd/config.toml
|
||||
register: post_file_exist_result
|
||||
tags:
|
||||
- containerd_config
|
||||
|
||||
- name: 7.2 Exit The Play If config.toml Does Not Exist
|
||||
ansible.builtin.meta: end_play
|
||||
when: not post_file_exist_result.stat.exists
|
||||
tags:
|
||||
- containerd_config
|
||||
|
||||
- name: 8.1 Disable Swap
|
||||
ansible.builtin.command: sudo swapoff -a
|
||||
register: output
|
||||
changed_when: output.rc != 0
|
||||
tags:
|
||||
- disable_swap
|
||||
|
||||
- name: 8.2 Disable Swap permanently
|
||||
ansible.builtin.replace:
|
||||
path: /etc/fstab
|
||||
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
|
||||
replace: '# \1'
|
||||
tags:
|
||||
- disable_swap
|
||||
|
||||
- name: 9. Edit config.toml
|
||||
ansible.builtin.replace:
|
||||
path: /etc/containerd/config.toml
|
||||
after: \[plugins\."io\.containerd\.grpc\.v1\.cri"\.containerd\.runtimes\.runc\.options\]
|
||||
regexp: SystemdCgroup = false
|
||||
replace: SystemdCgroup = true
|
||||
|
||||
- name: 10. Enable Ipv4 Bridging
|
||||
ansible.builtin.replace:
|
||||
path: /etc/sysctl.conf
|
||||
regexp: ^#net\.ipv4\.ip_forward=1$
|
||||
replace: net.ipv4.ip_forward=1
|
||||
|
||||
- name: 11.1 Delete k8s Config If Exists
|
||||
ansible.builtin.file:
|
||||
path: /etc/modules-load.d/k8s.conf
|
||||
state: absent
|
||||
tags:
|
||||
- kube_config
|
||||
|
||||
- name: 11.2 Add k8s.config and Edit It
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/modules-load.d/k8s.conf
|
||||
line: br_netfilter
|
||||
create: true
|
||||
mode: '0755'
|
||||
tags:
|
||||
- kube_config
|
||||
|
||||
- name: 12.1 Reboot
|
||||
ansible.builtin.reboot:
|
||||
register: system_reboot
|
||||
|
||||
- name: 12.2 Verify Reboot Success
|
||||
ansible.builtin.ping:
|
||||
when: system_reboot.rebooted
|
||||
|
||||
- name: 13.1 Update Cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
autoclean: true
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 13.2 Remove apt lock file
|
||||
ansible.builtin.file:
|
||||
state: absent
|
||||
path: "/var/lib/dpkg/lock"
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 13.3 Install Prerequisite Packages
|
||||
ansible.builtin.apt:
|
||||
name: '{{ kube_prereq_packages }}'
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 13.4 Remove GPG Keys If They Exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- /usr/share/keyrings/kubernetes-apt-keyring.gpg
|
||||
- /usr/share/keyrings/kubernetes-apt-keyring.gpg_armored
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 13.5 Download Kubernetes APT Key
|
||||
ansible.builtin.get_url:
|
||||
url: https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key
|
||||
dest: /usr/share/keyrings/kubernetes-apt-keyring.gpg_armored
|
||||
mode: '0755'
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 13.6 De-Armor Kubernetes APT Key
|
||||
ansible.builtin.shell: gpg --dearmor < /usr/share/keyrings/kubernetes-apt-keyring.gpg_armored > /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
||||
no_log: true
|
||||
args:
|
||||
creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 13.7 Add Kubernetes APT Key
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' \
|
||||
| sudo tee /etc/apt/sources.list.d/kubernetes.list
|
||||
register: apt_output
|
||||
changed_when: apt_output.rc != 0
|
||||
args:
|
||||
executable: /bin/bash
|
||||
tags:
|
||||
- install_pre_kube_packages
|
||||
|
||||
- name: 14.1 Update Cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
autoclean: true
|
||||
tags:
|
||||
- install_kube_packages
|
||||
|
||||
- name: 14.2 Remove apt lock file
|
||||
ansible.builtin.file:
|
||||
state: absent
|
||||
path: "/var/lib/dpkg/lock"
|
||||
tags:
|
||||
- install_kube_packages
|
||||
|
||||
- name: 14.3 Install Required Packages
|
||||
ansible.builtin.apt:
|
||||
name: '{{ kube_packages }}'
|
||||
tags:
|
||||
- install_kube_packages
|
||||
|
||||
- name: 14.4 Hold Packages
|
||||
ansible.builtin.dpkg_selections:
|
||||
name: '{{ item }}'
|
||||
selection: hold
|
||||
with_items: '{{ kube_packages }}'
|
||||
tags:
|
||||
- install_kube_packages
|
||||
|
||||
- name: Prompt To Continue On To Configuring Control Nodes
|
||||
ansible.builtin.pause:
|
||||
prompt: Press RETURN when you want to continue configuring the Control nodes!
|
||||
|
||||
- name: Setup Controller Nodes
|
||||
gather_facts: true
|
||||
hosts: controllers
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
- name: 1. Initialize Cluster
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
sudo kubeadm init --control-plane-endpoint={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} --pod-network-cidr=10.244.0.0/16
|
||||
register: init_cluster_output
|
||||
changed_when: init_cluster_output.rc != 0
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: 2.1 Create .kube Directory
|
||||
ansible.builtin.file:
|
||||
path: .kube
|
||||
state: directory
|
||||
mode: '0755'
|
||||
tags:
|
||||
- kube_admin_config
|
||||
|
||||
- name: 2.2 Copy Kubernetes Admin Config
|
||||
ansible.builtin.copy:
|
||||
remote_src: true
|
||||
src: /etc/kubernetes/admin.conf
|
||||
dest: .kube/config
|
||||
mode: '0755'
|
||||
tags:
|
||||
- kube_admin_config
|
||||
|
||||
- name: 2.3 Change Config File Permission
|
||||
ansible.builtin.command: chown {{ ansible_env.USER }}:{{ ansible_env.USER }} ".kube/config"
|
||||
changed_when: false
|
||||
when: not ansible_env.HOME is undefined
|
||||
tags:
|
||||
- kube_admin_config
|
||||
|
||||
- name: 3. Install An Overlay Network
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
|
||||
register: init_cluster_output
|
||||
become: false
|
||||
changed_when: init_cluster_output.rc != 0
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: 4.1 Execute Join String Generation Command
|
||||
ansible.builtin.command: kubeadm token create --print-join-command
|
||||
become: false
|
||||
register: join_output
|
||||
changed_when: false
|
||||
tags:
|
||||
- join_string
|
||||
|
||||
- name: 4.2 Display Join String
|
||||
ansible.builtin.debug:
|
||||
msg: 'Join Command : {{ join_output.stdout }}'
|
||||
tags:
|
||||
- join_string
|
||||
|
||||
- name: Copy Connection String To A Remote File
|
||||
ansible.builtin.template:
|
||||
src: k8s_worker_node_connection.j2
|
||||
dest: worker_conn_string
|
||||
mode: '0755'
|
||||
|
||||
- name: Check Connection String File Exists
|
||||
ansible.builtin.stat:
|
||||
path: worker_conn_string
|
||||
register: conn_file_path_remote
|
||||
|
||||
- name: Fetch The Remote File
|
||||
ansible.builtin.fetch:
|
||||
src: worker_conn_string
|
||||
dest: Remote_Files/worker_conn_string
|
||||
flat: true
|
||||
when: conn_file_path_remote.stat.exists
|
||||
|
||||
- name: Prompt To Continue On To Configuring Worker Nodes
|
||||
ansible.builtin.pause:
|
||||
prompt: Press RETURN when you want to continue configuring the Worker nodes!
|
||||
|
||||
- name: Join Worker Nodes
|
||||
gather_facts: true
|
||||
hosts: nodes
|
||||
become: true
|
||||
vars:
|
||||
node_conn_string: "{{ lookup('ansible.builtin.file', 'Remote_Files/worker_conn_string') }}"
|
||||
|
||||
tasks:
|
||||
- name: 1. Add Worker Nodes To The Controller
|
||||
ansible.builtin.command: '{{ node_conn_string }}'
|
||||
changed_when: false
|
||||
throttle: 1
|
@ -0,0 +1 @@
|
||||
{{ join_output.stdout }}
|
Loading…
Reference in New Issue
Block a user