Add existing work
This commit is contained in:
parent
ba7c3981ba
commit
8c4615b2c7
14 changed files with 18507 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
.vagrant
|
43
playbooks/kubernetes/Vagrantfile
vendored
Normal file
43
playbooks/kubernetes/Vagrantfile
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
IMAGE_NAME = "bento/ubuntu-22.04"
|
||||
CONTROLPLANE_IP = "192.168.56.11"
|
||||
NODES = 1
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
config.ssh.insert_key = false
|
||||
|
||||
config.vm.provider "virtualbox" do |v|
|
||||
v.memory = 2048
|
||||
v.cpus = 2
|
||||
end
|
||||
|
||||
config.vm.define "controlplane" do |master|
|
||||
master.vm.box = IMAGE_NAME
|
||||
master.vm.network "private_network", ip: CONTROLPLANE_IP
|
||||
master.vm.hostname = "controlplane"
|
||||
master.vm.provision "ansible" do |ansible|
|
||||
ansible.playbook = "playbook.yaml"
|
||||
ansible.extra_vars = {
|
||||
cluster_name: "gerar",
|
||||
node_ip: CONTROLPLANE_IP,
|
||||
is_controlplane: true,
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
(1..NODES).each do |i|
|
||||
config.vm.define "node-#{i}" do |node|
|
||||
node.vm.box = IMAGE_NAME
|
||||
node.vm.network "private_network", ip: "192.168.56.#{20 + i}"
|
||||
node.vm.hostname = "node-#{i}"
|
||||
node.vm.provision "ansible" do |ansible|
|
||||
ansible.playbook = "playbook.yaml"
|
||||
ansible.extra_vars = {
|
||||
cluster_name: "gerar",
|
||||
node_ip: "192.168.56.#{20 + i}",
|
||||
controlplane_ip: CONTROLPLANE_IP,
|
||||
is_controlplane: false,
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
9
playbooks/kubernetes/ansible.cfg
Normal file
9
playbooks/kubernetes/ansible.cfg
Normal file
|
@ -0,0 +1,9 @@
|
|||
[defaults]
|
||||
roles_path = ../../roles
|
||||
inventory = ./inventory.yaml
|
||||
|
||||
remote_tmp = $HOME/.ansible/tmp
|
||||
local_tmp = $HOME/.ansible/tmp
|
||||
become = False
|
||||
host_key_checking = False
|
||||
deprecation_warnings = True
|
3
playbooks/kubernetes/group_vars/all.yml
Normal file
3
playbooks/kubernetes/group_vars/all.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
pod_network_cidr: "10.254.0.0/16"
|
||||
service_cidr: "10.255.0.0/16"
|
||||
kubeadmin_config: /etc/kubernetes/admin.conf
|
2
playbooks/kubernetes/inventory.yaml
Normal file
2
playbooks/kubernetes/inventory.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
gerar:
|
||||
hosts: []
|
25
playbooks/kubernetes/playbook.yaml
Normal file
25
playbooks/kubernetes/playbook.yaml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- hosts: all
|
||||
gather_facts: yes
|
||||
roles:
|
||||
- include_role:
|
||||
name: remove_swap
|
||||
- include_role:
|
||||
name: kubernetes/any
|
||||
- include_role:
|
||||
name: kubernetes/controlplane
|
||||
when: is_controlplane
|
||||
- include_role:
|
||||
name: kubernetes/node
|
||||
when: not is_controlplane
|
||||
|
||||
# - hosts: controlplane
|
||||
# gather_facts: yes
|
||||
# become: yes
|
||||
# tasks:
|
||||
# - name: "MetalLB role"
|
||||
# include_role:
|
||||
# name: metallb
|
||||
# when: "additional_features.metallb"
|
||||
# run_once: yes
|
||||
# tags: metallb
|
2
roles/kubernetes/any/files/etc/modules-load.d/k8s.conf
Normal file
2
roles/kubernetes/any/files/etc/modules-load.d/k8s.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
overlay
|
||||
br_netfilter
|
3
roles/kubernetes/any/files/etc/sysctl.d/k8s.conf
Normal file
3
roles/kubernetes/any/files/etc/sysctl.d/k8s.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.ipv4.ip_forward = 1
|
137
roles/kubernetes/any/tasks/main.yml
Normal file
137
roles/kubernetes/any/tasks/main.yml
Normal file
|
@ -0,0 +1,137 @@
|
|||
---
|
||||
|
||||
- name: Install packages that allow apt to be used over HTTPS
|
||||
become: true
|
||||
vars:
|
||||
packages:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Setup Kubernetes repository
|
||||
become: true
|
||||
block:
|
||||
- name: Add apt signing key for Google Cloud
|
||||
ansible.builtin.get_url:
|
||||
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
||||
dest: /etc/apt/keyrings/kubernetes-archive-keyring.gpg
|
||||
|
||||
- name: Add Kubernetes repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
|
||||
state: present
|
||||
|
||||
- name: Setup Kubernetes packages
|
||||
become: true
|
||||
vars:
|
||||
packages:
|
||||
- kubelet
|
||||
- kubeadm
|
||||
- kubectl
|
||||
block:
|
||||
- name: Install kubelet, kubeadm and kubectl
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Hold Kubernetes packages
|
||||
loop: "{{ packages }}"
|
||||
ansible.builtin.dpkg_selections:
|
||||
name: "{{ item }}"
|
||||
selection: hold
|
||||
|
||||
# Container runtime configuration
|
||||
- name: Prepare for container runtime installation
|
||||
become: true
|
||||
vars:
|
||||
mod_file: /etc/modules-load.d/k8s.conf
|
||||
sysctl_file: /etc/sysctl.d/k8s.conf
|
||||
block:
|
||||
- name: Copy module config
|
||||
ansible.builtin.copy:
|
||||
src: "files{{ mod_file }}"
|
||||
dest: "{{ mod_file }}"
|
||||
|
||||
- name: Load module
|
||||
loop: "{{ lookup('file', 'files{{ mod_file }}').splitlines() }}"
|
||||
community.general.modprobe:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
|
||||
- name: Configure sysctl
|
||||
ansible.posix.sysctl:
|
||||
sysctl_file: "{{ sysctl_file }}"
|
||||
name: "{{ item.name }}"
|
||||
value: "{{ item.value }}"
|
||||
state: present
|
||||
reload: false
|
||||
with_items:
|
||||
- { name: "net.bridge.bridge-nf-call-iptables", value: "1" }
|
||||
- { name: "net.bridge.bridge-nf-call-ip6tables", value: "1" }
|
||||
- { name: "net.ipv4.ip_forward", value: "1" }
|
||||
- { name: "vm.swappiness", value: "0" }
|
||||
register: sysctl
|
||||
|
||||
- name: Reload sysctl
|
||||
ansible.builtin.command: "sysctl --system"
|
||||
when: sysctl.changed
|
||||
|
||||
- name: Setup CRI-O
|
||||
become: true
|
||||
vars:
|
||||
os: xUbuntu_22.04 # fetch this from os-release
|
||||
version: 1.24
|
||||
key_dir: /usr/share/keyrings
|
||||
keys:
|
||||
{
|
||||
"libcontainers":
|
||||
{
|
||||
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key",
|
||||
"name": "libcontainers-archive-keyring",
|
||||
},
|
||||
"libcontainers-crio":
|
||||
{
|
||||
"url": "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ version }}/{{ os }}/Release.key",
|
||||
"name": "libcontainers-crio-archive-keyring",
|
||||
},
|
||||
}
|
||||
repos:
|
||||
- deb [signed-by={{ key_dir }}/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /
|
||||
- deb [signed-by={{ key_dir }}/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ version }}/{{ os }}/ /
|
||||
block:
|
||||
- name: Download signing keys
|
||||
with_dict: "{{ keys }}"
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ item.value['url'] }}"
|
||||
dest: "/tmp/{{ item.value['name'] }}.key"
|
||||
|
||||
- name: Install signing keys
|
||||
with_dict: "{{ keys }}"
|
||||
ansible.builtin.command: "gpg --batch --yes --dearmor -o {{ key_dir }}/{{ item.value['name'] }}.gpg /tmp/{{ item.value['name'] }}.key"
|
||||
|
||||
- name: Add libcontainer repositories
|
||||
loop: "{{ repos }}"
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ item }}"
|
||||
state: present
|
||||
|
||||
- name: Install CRI-O
|
||||
vars:
|
||||
packages:
|
||||
- cri-o
|
||||
- cri-o-runc
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Start and enable crio
|
||||
ansible.builtin.service:
|
||||
name: crio
|
||||
state: started
|
||||
enabled: true
|
|
@ -0,0 +1,27 @@
|
|||
# This section includes base Calico installation configuration.
|
||||
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
|
||||
apiVersion: operator.tigera.io/v1
|
||||
kind: Installation
|
||||
metadata:
|
||||
name: default
|
||||
spec:
|
||||
# Configures Calico networking.
|
||||
calicoNetwork:
|
||||
# Note: The ipPools section cannot be modified post-install.
|
||||
ipPools:
|
||||
- blockSize: 26
|
||||
cidr: 192.168.0.0/16
|
||||
encapsulation: VXLANCrossSubnet
|
||||
natOutgoing: Enabled
|
||||
nodeSelector: all()
|
||||
|
||||
---
|
||||
|
||||
# This section configures the Calico API server.
|
||||
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
|
||||
apiVersion: operator.tigera.io/v1
|
||||
kind: APIServer
|
||||
metadata:
|
||||
name: default
|
||||
spec: {}
|
||||
|
18129
roles/kubernetes/controlplane/files/calico/v3.24.5/tigera-operator.yaml
Normal file
18129
roles/kubernetes/controlplane/files/calico/v3.24.5/tigera-operator.yaml
Normal file
File diff suppressed because it is too large
Load diff
87
roles/kubernetes/controlplane/tasks/main.yml
Normal file
87
roles/kubernetes/controlplane/tasks/main.yml
Normal file
|
@ -0,0 +1,87 @@
|
|||
---
|
||||
- name: Setup Kubernetes control plane
|
||||
block:
|
||||
- name: Set cluster endpoint record
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
state: present
|
||||
regexp: '^\d+\.\d+\.\d+\.\d+\ .*-cluster-endpoint$'
|
||||
line: "127.0.0.1 {{ cluster_name }}-cluster-endpoint"
|
||||
|
||||
- name: Check if kubeadm has already run
|
||||
become: true
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/kubernetes/pki/ca.key"
|
||||
register: kubeadm_ca
|
||||
|
||||
- name: Set up control plane
|
||||
when: not kubeadm_ca.stat.exists
|
||||
become: true
|
||||
ansible.builtin.command: |
|
||||
kubeadm init \
|
||||
--service-cidr {{ service_cidr }} \
|
||||
--pod-network-cidr {{ pod_network_cidr }} \
|
||||
--control-plane-endpoint {{ cluster_name }}-cluster-endpoint \
|
||||
|
||||
- name: Create Kubernetes config directory
|
||||
ansible.builtin.file:
|
||||
path: ".kube/"
|
||||
state: directory
|
||||
owner: "{{ ansible_user | default(ansible_user_id) }}"
|
||||
group: "{{ ansible_user | default(ansible_user_id) }}"
|
||||
|
||||
- name: Copy admin.conf to home
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ kubeadmin_config }}"
|
||||
dest: "{{ ansible_env.HOME }}/.kube/config"
|
||||
owner: "{{ ansible_user | default(ansible_user_id) }}"
|
||||
group: "{{ ansible_user | default(ansible_user_id) }}"
|
||||
mode: 0600
|
||||
remote_src: true
|
||||
|
||||
# Kubernetes module dependency installation
|
||||
- name: Install Kubernetes module dependencies
|
||||
block:
|
||||
- name: Install Pip3
|
||||
become: true
|
||||
vars:
|
||||
packages:
|
||||
- python3-pip
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Install Kubernetes module dependencies
|
||||
ansible.builtin.pip:
|
||||
name:
|
||||
- kubernetes>12.0.0
|
||||
- pyyaml>3.11
|
||||
- jsonpatch
|
||||
|
||||
# CNI plugin installation
|
||||
- name: Install CNI plugin
|
||||
vars:
|
||||
manifests:
|
||||
- tigera-operator.yaml
|
||||
- custom-resources.yaml
|
||||
block:
|
||||
- name: Copy Calico manifests
|
||||
loop: "{{ manifests }}"
|
||||
ansible.builtin.copy:
|
||||
src: "files/calico/v3.24.5/{{ item }}"
|
||||
dest: "/tmp/calico-{{ item }}"
|
||||
|
||||
- name: Update spec.calicoNetwork.ipPools.cidr
|
||||
ansible.builtin.replace:
|
||||
path: /tmp/calico-custom-resources.yaml
|
||||
regexp: '192\.168\.0\.0\/16'
|
||||
replace: "{{ pod_network_cidr }}"
|
||||
|
||||
- name: Apply Calico manifests
|
||||
loop: "{{ manifests }}"
|
||||
kubernetes.core.k8s:
|
||||
src: /tmp/calico-{{ item }}
|
||||
state: present
|
22
roles/kubernetes/node/tasks/main.yml
Normal file
22
roles/kubernetes/node/tasks/main.yml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
- name: Join the cluster
|
||||
block:
|
||||
- name: Set cluster endpoint record
|
||||
become: true
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
state: present
|
||||
regexp: '^\d+\.\d+\.\d+\.\d+\ .*-cluster-endpoint$'
|
||||
line: "{{ controlplane_ip }} {{ cluster_name }}-cluster-endpoint"
|
||||
|
||||
- name: Obtain join command from controlplane
|
||||
ansible.builtin.command: "kubeadm token create --print-join-command"
|
||||
when: inventory_hostname != "controlplane"
|
||||
register: join_cmd
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: true
|
||||
with_items: ["controlplane"]
|
||||
|
||||
- name: Execute join command
|
||||
become: true
|
||||
ansible.builtin.command: "{{ join_cmd.results[0].stdout }}"
|
17
roles/remove_swap/tasks/main.yml
Normal file
17
roles/remove_swap/tasks/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: Disable swap
|
||||
block:
|
||||
- name: Disable swap
|
||||
become: true
|
||||
ansible.builtin.command: "swapoff -a"
|
||||
when: ansible_swaptotal_mb > 0
|
||||
|
||||
- name: Remove swap entry from fstab
|
||||
become: true
|
||||
mount:
|
||||
name: "{{ item }}"
|
||||
fstype: swap
|
||||
state: absent
|
||||
with_items:
|
||||
- swap
|
||||
- none
|
Loading…
Reference in a new issue