From c42461184a135f3b342cfa46ee42a205d0ce1fb0 Mon Sep 17 00:00:00 2001 From: NethunRanasinghe Date: Wed, 6 Sep 2023 15:17:48 +0530 Subject: [PATCH 1/2] Install K8s --- ansible/installation/inst-k8s/README.md | 42 +++ ansible/installation/inst-k8s/ansible.cfg | 2 + ansible/installation/inst-k8s/inst-k8s.yaml | 319 ++++++++++++++++++ .../inst-k8s/k8s_worker_node_connection.j2 | 1 + 4 files changed, 364 insertions(+) create mode 100644 ansible/installation/inst-k8s/README.md create mode 100644 ansible/installation/inst-k8s/ansible.cfg create mode 100644 ansible/installation/inst-k8s/inst-k8s.yaml create mode 100644 ansible/installation/inst-k8s/k8s_worker_node_connection.j2 diff --git a/ansible/installation/inst-k8s/README.md b/ansible/installation/inst-k8s/README.md new file mode 100644 index 0000000..78c92ae --- /dev/null +++ b/ansible/installation/inst-k8s/README.md @@ -0,0 +1,42 @@ +# Kubernetes (K8s) Installation Script + +- Introduction +- Prerequisites +- Execution Instructions + +## Introduction +> The objective of this playbook is to automate the installation and setup of a kubernetes instance. The playbook consist of 3 main plays. For both controller and nodes, for controller only and for nodes only. It will ask user confirmation before moving on to each stage. By the end of the playbook two files will be created on the controller node named **worker_conn_string** and locally inside the playbook directory with the name **Remote_Files/worker_conn_string**. This will have the **connection string**. (Note:- If you want to join controllers or nodes manually later. For controllers use **--control-plane** flag) + +### References +--- + +**Documentation** - https://kubernetes.io/docs/setup/ + +## Prerequisites + +1. Atleast 2 VMs (1 For Control Node and 1 For Worker Node). +1. Static IPs should be set along with unique host names. +1. Inventory should be in this format
+```ini + [controllers] + host_name ansible_ssh_host= ansible_user='' ansible_become_pass='' + + [nodes] + + [instance:children] + controllers + nodes +``` +(If you want to change this, don't forget to change the `inst-k8s` as well) + +## Execution Instructions + +```bash +ansible-playbook -i +``` +### Optional Flags +| Flag | Use Case | +|-------|-----------| +| --ask-vault-pass | If the vault is encrypted | +| --start-at-task | If you want to start from a specific task| +| --tags | If you want to only run a specific group of tasks| diff --git a/ansible/installation/inst-k8s/ansible.cfg b/ansible/installation/inst-k8s/ansible.cfg new file mode 100644 index 0000000..5c5d1c9 --- /dev/null +++ b/ansible/installation/inst-k8s/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +timeout = 25 \ No newline at end of file diff --git a/ansible/installation/inst-k8s/inst-k8s.yaml b/ansible/installation/inst-k8s/inst-k8s.yaml new file mode 100644 index 0000000..f9b8c9d --- /dev/null +++ b/ansible/installation/inst-k8s/inst-k8s.yaml @@ -0,0 +1,319 @@ +--- + +- name: Setup Prerequisites To Install Kubernetes + hosts: instance + become: true + vars: + kube_prereq_packages: [curl, ca-certificates, apt-transport-https] + kube_packages: [kubeadm, kubectl, kubelet] + + tasks: + - name: Test Reacheability + ansible.builtin.ping: + + - name: Update Cache + ansible.builtin.apt: + update_cache: true + autoclean: true + + - name: 1. Upgrade All the Packages to the latest + ansible.builtin.apt: + upgrade: "full" + + - name: 2. Install Qemu-Guest-Agent + ansible.builtin.apt: + name: + - qemu-guest-agent + state: present + + - name: 3. Setup a Container Runtime + ansible.builtin.apt: + name: + - containerd + state: present + + - name: 4. Start Containerd If Stopped + ansible.builtin.service: + name: containerd + state: started + + - name: 5. Create Containerd Directory + ansible.builtin.file: + path: /etc/containerd + state: directory + mode: '0755' + + - name: 6. Check config.toml Exists + ansible.builtin.stat: + path: /etc/containerd/config.toml + register: pre_file_exist_result + + - name: 6.1 Delete config.toml Exists + ansible.builtin.file: + path: /etc/containerd/config.toml + state: absent + when: pre_file_exist_result.stat.exists + + - name: 7. Place Default Containerd Config Inside It + ansible.builtin.shell: | + set -o pipefail + containerd config default | sudo tee /etc/containerd/config.toml + register: output + changed_when: output.rc != 0 + args: + executable: /bin/bash + tags: + - containerd_config + + - name: 7.1 Check If New config.toml Exists Now + ansible.builtin.stat: + path: /etc/containerd/config.toml + register: post_file_exist_result + tags: + - containerd_config + + - name: 7.2 Exit The Play If config.toml Does Not Exist + ansible.builtin.meta: end_play + when: not post_file_exist_result.stat.exists + tags: + - containerd_config + + - name: 8.1 Disable Swap + ansible.builtin.command: sudo swapoff -a + register: output + changed_when: output.rc != 0 + tags: + - disable_swap + + - name: 8.2 Disable Swap permanently + ansible.builtin.replace: + path: /etc/fstab + regexp: '^([^#].*?\sswap\s+sw\s+.*)$' + replace: '# \1' + tags: + - disable_swap + + - name: 9. Edit config.toml + ansible.builtin.replace: + path: /etc/containerd/config.toml + after: \[plugins\."io\.containerd\.grpc\.v1\.cri"\.containerd\.runtimes\.runc\.options\] + regexp: SystemdCgroup = false + replace: SystemdCgroup = true + + - name: 10. Enable Ipv4 Bridging + ansible.builtin.replace: + path: /etc/sysctl.conf + regexp: ^#net\.ipv4\.ip_forward=1$ + replace: net.ipv4.ip_forward=1 + + - name: 11.1 Delete k8s Config If Exists + ansible.builtin.file: + path: /etc/modules-load.d/k8s.conf + state: absent + tags: + - kube_config + + - name: 11.2 Add k8s.config and Edit It + ansible.builtin.lineinfile: + path: /etc/modules-load.d/k8s.conf + line: br_netfilter + create: true + mode: '0755' + tags: + - kube_config + + - name: 12.1 Reboot + ansible.builtin.reboot: + register: system_reboot + + - name: 12.2 Verify Reboot Success + ansible.builtin.ping: + when: system_reboot.rebooted + + - name: 13.1 Update Cache + ansible.builtin.apt: + update_cache: true + autoclean: true + tags: + - install_pre_kube_packages + + - name: 13.2 Remove apt lock file + ansible.builtin.file: + state: absent + path: "/var/lib/dpkg/lock" + tags: + - install_pre_kube_packages + + - name: 13.3 Install Prerequisite Packages + ansible.builtin.apt: + name: '{{ kube_prereq_packages }}' + tags: + - install_pre_kube_packages + + - name: 13.4 Remove GPG Keys If They Exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - /usr/share/keyrings/kubernetes-apt-keyring.gpg + - /usr/share/keyrings/kubernetes-apt-keyring.gpg_armored + tags: + - install_pre_kube_packages + + - name: 13.5 Download Kubernetes APT Key + ansible.builtin.get_url: + url: https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key + dest: /usr/share/keyrings/kubernetes-apt-keyring.gpg_armored + mode: '0755' + tags: + - install_pre_kube_packages + + - name: 13.6 De-Armor Kubernetes APT Key + ansible.builtin.shell: gpg --dearmor < /usr/share/keyrings/kubernetes-apt-keyring.gpg_armored > /etc/apt/keyrings/kubernetes-apt-keyring.gpg + no_log: true + args: + creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + tags: + - install_pre_kube_packages + + - name: 13.7 Add Kubernetes APT Key + ansible.builtin.shell: | + set -o pipefail + echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' \ + | sudo tee /etc/apt/sources.list.d/kubernetes.list + register: apt_output + changed_when: apt_output.rc != 0 + args: + executable: /bin/bash + tags: + - install_pre_kube_packages + + - name: 14.1 Update Cache + ansible.builtin.apt: + update_cache: true + autoclean: true + tags: + - install_kube_packages + + - name: 14.2 Remove apt lock file + ansible.builtin.file: + state: absent + path: "/var/lib/dpkg/lock" + tags: + - install_kube_packages + + - name: 14.3 Install Required Packages + ansible.builtin.apt: + name: '{{ kube_packages }}' + tags: + - install_kube_packages + + - name: 14.4 Hold Packages + ansible.builtin.dpkg_selections: + name: '{{ item }}' + selection: hold + with_items: '{{ kube_packages }}' + tags: + - install_kube_packages + + - name: Prompt To Continue On To Configuring Control Nodes + ansible.builtin.pause: + prompt: Press RETURN when you want to continue configuring the Control nodes! + +- name: Setup Controller Nodes + gather_facts: true + hosts: controllers + become: true + + tasks: + - name: 1. Initialize Cluster + ansible.builtin.shell: | + set -o pipefail + sudo kubeadm init --control-plane-endpoint={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} --pod-network-cidr=10.244.0.0/16 + register: init_cluster_output + changed_when: init_cluster_output.rc != 0 + args: + executable: /bin/bash + + - name: 2.1 Create .kube Directory + ansible.builtin.file: + path: .kube + state: directory + mode: '0755' + tags: + - kube_admin_config + + - name: 2.2 Copy Kubernetes Admin Config + ansible.builtin.copy: + remote_src: true + src: /etc/kubernetes/admin.conf + dest: .kube/config + mode: '0755' + tags: + - kube_admin_config + + - name: 2.3 Change Config File Permission + ansible.builtin.command: chown {{ ansible_env.USER }}:{{ ansible_env.USER }} ".kube/config" + changed_when: false + when: not ansible_env.HOME is undefined + tags: + - kube_admin_config + + - name: 3. Install An Overlay Network + ansible.builtin.shell: | + set -o pipefail + kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml + register: init_cluster_output + become: false + changed_when: init_cluster_output.rc != 0 + args: + executable: /bin/bash + + - name: 4.1 Execute Join String Generation Command + ansible.builtin.command: kubeadm token create --print-join-command + become: false + register: join_output + changed_when: false + tags: + - join_string + + - name: 4.2 Display Join String + ansible.builtin.debug: + msg: 'Join Command : {{ join_output.stdout }}' + tags: + - join_string + + - name: Copy Connection String To A Remote File + ansible.builtin.template: + src: k8s_worker_node_connection.j2 + dest: worker_conn_string + mode: '0755' + + - name: Check Connection String File Exists + ansible.builtin.stat: + path: worker_conn_string + register: conn_file_path_remote + + - name: Fetch The Remote File + ansible.builtin.fetch: + src: worker_conn_string + dest: Remote_Files/worker_conn_string + flat: true + when: conn_file_path_remote.stat.exists + + - name: Prompt To Continue On To Configuring Worker Nodes + ansible.builtin.pause: + prompt: Press RETURN when you want to continue configuring the Worker nodes! + +- name: Join Worker Nodes + gather_facts: true + hosts: nodes + become: true + vars: + node_conn_string: "{{ lookup('ansible.builtin.file', 'Remote_Files/worker_conn_string') }}" + + tasks: + - name: 1. Add Worker Nodes To The Controller + ansible.builtin.command: '{{ node_conn_string }}' + changed_when: false + throttle: 1 diff --git a/ansible/installation/inst-k8s/k8s_worker_node_connection.j2 b/ansible/installation/inst-k8s/k8s_worker_node_connection.j2 new file mode 100644 index 0000000..37e6bb0 --- /dev/null +++ b/ansible/installation/inst-k8s/k8s_worker_node_connection.j2 @@ -0,0 +1 @@ +{{ join_output.stdout }} \ No newline at end of file From 6ab41e340b7246c56e235ef049ef4caaeea70fd8 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Tue, 12 Sep 2023 11:06:06 +0200 Subject: [PATCH 2/2] readme updates --- ansible/installation/inst-k8s/README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ansible/installation/inst-k8s/README.md b/ansible/installation/inst-k8s/README.md index 78c92ae..8344ed1 100644 --- a/ansible/installation/inst-k8s/README.md +++ b/ansible/installation/inst-k8s/README.md @@ -5,18 +5,19 @@ - Execution Instructions ## Introduction + > The objective of this playbook is to automate the installation and setup of a kubernetes instance. The playbook consist of 3 main plays. For both controller and nodes, for controller only and for nodes only. It will ask user confirmation before moving on to each stage. By the end of the playbook two files will be created on the controller node named **worker_conn_string** and locally inside the playbook directory with the name **Remote_Files/worker_conn_string**. This will have the **connection string**. (Note:- If you want to join controllers or nodes manually later. For controllers use **--control-plane** flag) ### References ---- **Documentation** - https://kubernetes.io/docs/setup/ ## Prerequisites -1. Atleast 2 VMs (1 For Control Node and 1 For Worker Node). -1. Static IPs should be set along with unique host names. -1. Inventory should be in this format
+- Atleast 2 VMs (1 For Control Node and 1 For Worker Node). +- Static IPs should be set along with unique host names. +- Inventory should be in this format + ```ini [controllers] host_name ansible_ssh_host= ansible_user='' ansible_become_pass='' @@ -27,6 +28,7 @@ controllers nodes ``` + (If you want to change this, don't forget to change the `inst-k8s` as well) ## Execution Instructions @@ -34,7 +36,9 @@ ```bash ansible-playbook -i ``` + ### Optional Flags + | Flag | Use Case | |-------|-----------| | --ask-vault-pass | If the vault is encrypted |