Skip to content

Commit

Permalink
initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
André Möller committed Nov 2, 2018
1 parent 2a5207d commit 1efc20d
Show file tree
Hide file tree
Showing 23 changed files with 660 additions and 0 deletions.
31 changes: 31 additions & 0 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---

kubernetes_etcd: false
kubernetes_master: false
kubernetes_node: false

# Install vars
kubernetes_packages:
- name: kubelet
state: present
- name: kubectl
state: present
- name: kubeadm
state: present
- name: kubernetes-cni
state: present

kubernetes_version: '1.12'
kubernetes_version_rhel_package: '1.12.1'
kubernetes_yum_arch: x86_64
kubernetes_apt_repo_url: http://apt.kubernetes.io/
kubernetes_apt_repo_pool: kubernetes-xenial

kubernetes_apiserver_dns: ""
kubernetes_apiserver_port: "6443"
# Kubelet vars
kubernetes_kubelet_extra_args: ""

# kubeadm vars
kubernetes_enable_web_ui: true
kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
4 changes: 4 additions & 0 deletions handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---

- name: restart kubelet
service: name=kubelet state=restarted
49 changes: 49 additions & 0 deletions meta/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
galaxy_info:
author: André Möller
description: this role install an high available / non high available kubernetes cluster with kubeadm.

license: Apache License 2.0

min_ansible_version: 2.3

# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:

# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:

#
# platforms is a list of platforms, and each platform has a name and a list of versions.
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99

galaxy_tags:
- kubeadm
- kubernetes
- ha
- kubectl
- k8s
- docker
- development
- web
- system
- orchestration

dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
144 changes: 144 additions & 0 deletions tasks/etcd.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
---

- name: ensure folder pki/etcd exists
file:
state: directory
path: /etc/kubernetes/pki/etcd

- name: check /etc/kubernetes/pki/etcd/ca.crt / ca.key exists
stat:
path: "{{ item }}"
register: etcd_ca_result
when: "inventory_hostname == groups.etcd[0]"
with_items:
- /etc/kubernetes/pki/etcd/ca.crt
- /etc/kubernetes/pki/etcd/ca.key

- name: generate etcd-ca cert
command: kubeadm alpha phase certs etcd-ca --config=/etc/kubernetes/kubeadm/kubeadmconf.yaml
when: "inventory_hostname == groups.etcd[0] and etcd_ca_result.results[0].stat.exists == False and etcd_ca_result.results[1].stat.exists == False"

- name: get config files from first etcd node
delegate_to: "{{ groups.etcd[0] }}"
fetch:
src: "{{ item }}"
dest: /tmp/etcd{{ item }}
flat: yes
run_once: true
with_items:
- /etc/kubernetes/pki/etcd/ca.crt
- /etc/kubernetes/pki/etcd/ca.key
changed_when: False

- name: copy config files to etcd replica nodes
copy:
src: "/tmp/etcd{{ item }}"
dest: "{{ item }}"
with_items:
- /etc/kubernetes/pki/etcd/ca.crt
- /etc/kubernetes/pki/etcd/ca.key

- name: check /etc/kubernetes/pki/etcd/server.crt/.key exists
stat:
path: "{{ item }}"
register: etcd_server_result
with_items:
- /etc/kubernetes/pki/etcd/server.crt
- /etc/kubernetes/pki/etcd/server.key

- name: generate etcd-server cert
command: kubeadm alpha phase certs etcd-server --config=/etc/kubernetes/kubeadm/kubeadmconf.yaml
when: "etcd_server_result.results[0].stat.exists == False and etcd_server_result.results[1].stat.exists == False"

- name: check /etc/kubernetes/pki/etcd/peer.crt/.key exists
stat:
path: "{{ item }}"
register: etcd_peer_result
with_items:
- /etc/kubernetes/pki/etcd/peer.crt
- /etc/kubernetes/pki/etcd/peer.key

- name: generate etcd-peer cert
command: kubeadm alpha phase certs etcd-peer --config=/etc/kubernetes/kubeadm/kubeadmconf.yaml
when: "etcd_peer_result.results[0].stat.exists == False and etcd_peer_result.results[1].stat.exists == False"

- name: check /etc/kubernetes/pki/etcd/healthcheck-client.crt/.key exists
stat:
path: "{{ item }}"
register: etcd_health_result
with_items:
- /etc/kubernetes/pki/etcd/healthcheck-client.crt
- /etc/kubernetes/pki/etcd/healthcheck-client.key

- name: generate etcd-healthcheck-client cert
command: kubeadm alpha phase certs etcd-healthcheck-client --config=/etc/kubernetes/kubeadm/kubeadmconf.yaml
when: "etcd_health_result.results[0].stat.exists == False and etcd_health_result.results[1].stat.exists == False"

- name: check /etc/kubernetes/pki/apiserver-etcd-client.crt/.key exists
stat:
path: "{{ item }}"
register: etcd_apiclient_result
with_items:
- /etc/kubernetes/pki/apiserver-etcd-client.crt
- /etc/kubernetes/pki/apiserver-etcd-client.key

- name: generate etcd-apiserver-etcd-client cert
command: kubeadm alpha phase certs apiserver-etcd-client --config=/etc/kubernetes/kubeadm/kubeadmconf.yaml
when: "etcd_apiclient_result.results[0].stat.exists == False and etcd_apiclient_result.results[1].stat.exists == False"

- name: get apiserver-etcd-client.crt files from first etcd node
delegate_to: "{{ groups.etcd[0] }}"
fetch:
src: "{{ item }}"
dest: /tmp/etcd{{ item }}
flat: yes
run_once: true
with_items:
- /etc/kubernetes/pki/apiserver-etcd-client.crt
- /etc/kubernetes/pki/apiserver-etcd-client.key
changed_when: False

- name: check /etc/kubernetes/manifests/etcd.yaml exists
stat:
path: /etc/kubernetes/manifests/etcd.yaml
register: stat_result

- name: generate pod manifest file for etcd
command: kubeadm alpha phase etcd local --config=/etc/kubernetes/kubeadm/kubeadmconf.yaml
when: "stat_result.stat.exists == False"
register: etcd_pod_result

- name: ensure kubeadm config exists
template:
src: kubelet.service.d.j2
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
register: kubelet_config_file

- name: Reload systemd unit if args were changed.
systemd:
state: restarted
daemon_reload: true
name: kubelet
when: kubelet_config_file is changed

- name: Ensure kubelet is started and enabled at boot.
service:
name: kubelet
state: started
enabled: true

- name: wait for etcd-cluster
wait_for:
host: '{{ ansible_ssh_host }}'
port: 2379

- name: test etcd cluster
docker_container:
name: etcdctl
image: quay.io/coreos/etcd:v3.2.18
cleanup: yes
detach: no
volumes:
- /etc/kubernetes:/etc/kubernetes
command: "etcdctl --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --ca-file /etc/kubernetes/pki/etcd/ca.crt --endpoints https://{{ ansible_ssh_host }}:2379 cluster-health"
changed_when: False
11 changes: 11 additions & 0 deletions tasks/install.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---

- name: Ensure dependencies are installed.
package: name=curl state=present

- name: Install Kubernetes packages
package:
name: "{{ item.name | default(item) }}"
state: "{{ item.state | default('present') }}"
notify: restart kubelet
with_items: "{{ kubernetes_packages }}"
22 changes: 22 additions & 0 deletions tasks/kubelet.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---

- name: Configure KUBELET_EXTRA_ARGS.
lineinfile:
path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf'
line: "Environment=\"KUBELET_EXTRA_ARGS=--pod-manifest-path=/etc/kubernetes/manifests {{ kubernetes_kubelet_extra_args }} \""
regexp: '^Environment=KUBELET_EXTRA_ARGS='
state: present
register: kubelet_config_file

- name: Reload systemd unit if args were changed.
systemd:
state: restarted
daemon_reload: true
name: kubelet
when: kubelet_config_file is changed

- name: Ensure kubelet is started and enabled at boot.
service:
name: kubelet
state: started
enabled: true
66 changes: 66 additions & 0 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
---

- name: Load a variable file based on the OS type, or a default if not found. Using free-form to specify the file.
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- default.yml

- name: include Ubuntu prepare tasks
include: prepare-ubuntu.yml
when: ansible_distribution == "Ubuntu"

- name: incluse CentOS prepare tasks
include: prepare-centos.yml
when: ansible_distribution == "CentOS"

- name: include install tasks
include: install.yml

- name: ensure folder kubeadm exists
file:
state: directory
path: /etc/kubernetes/kubeadm

- name: ensure kubeadm config exists
template:
src: kubeadmconf.yaml.j2
dest: /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: include etcd tasks
include: etcd.yml
when: kubernetes_etcd

- name: include master tasks
include: master.yml
when: kubernetes_master


- name: clear etcd tmp files
delegate_to: localhost
file:
dest: /tmp/etcd{{ item }}
state: absent
with_items:
- /etc/kubernetes/pki/etcd/ca.crt
- /etc/kubernetes/pki/etcd/ca.key
- /etc/kubernetes/pki/apiserver-etcd-client.crt
- /etc/kubernetes/pki/apiserver-etcd-client.key
changed_when: False


- name: clear master tmp files
delegate_to: localhost
file:
dest: /tmp/master{{ item }}
state: absent
with_items:
- /etc/kubernetes/pki/ca.crt
- /etc/kubernetes/pki/ca.key
- /etc/kubernetes/pki/sa.key
- /etc/kubernetes/pki/sa.pub
- /etc/kubernetes/pki/front-proxy-ca.crt
- /etc/kubernetes/pki/front-proxy-ca.key
- /etc/kubernetes/admin.conf
changed_when: False
60 changes: 60 additions & 0 deletions tasks/master-ha.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@

- name: get config files from primary master
delegate_to: "{{ groups.kube_masters[0] }}"
fetch:
src: "{{ item }}"
dest: /tmp/master{{ item }}
flat: yes
run_once: true
with_items:
- /etc/kubernetes/pki/ca.crt
- /etc/kubernetes/pki/ca.key
- /etc/kubernetes/pki/sa.key
- /etc/kubernetes/pki/sa.pub
- /etc/kubernetes/pki/front-proxy-ca.crt
- /etc/kubernetes/pki/front-proxy-ca.key
- /etc/kubernetes/admin.conf
changed_when: False

- name: copy config files to secondary masters
copy:
src: "/tmp/master{{ item }}"
dest: "{{ item }}"
with_items:
- /etc/kubernetes/pki/ca.crt
- /etc/kubernetes/pki/ca.key
- /etc/kubernetes/pki/sa.key
- /etc/kubernetes/pki/sa.pub
- /etc/kubernetes/pki/front-proxy-ca.crt
- /etc/kubernetes/pki/front-proxy-ca.key
- /etc/kubernetes/admin.conf

- name: gen certs on master ha nodes
shell: kubeadm alpha phase certs all --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: write kubelet config on master ha nodes
shell: kubeadm alpha phase kubelet config write-to-disk --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: write kubelet env on master ha nodes
shell: kubeadm alpha phase kubelet write-env-file --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: write kubelet systemd file on master ha nodes
shell: kubeadm alpha phase kubeconfig kubelet --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: Ensure kubelet is started and enabled at boot.
service:
name: kubelet
state: started
enabled: true

- name: write kubeconfig files for control-plane on master ha nodes
shell: kubeadm alpha phase kubeconfig all --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: write controle-plane manifests on master ha nodes
shell: kubeadm alpha phase controlplane all --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: annotate cri on master ha nodes
shell: kubeadm alpha phase kubelet config annotate-cri --config /etc/kubernetes/kubeadm/kubeadmconf.yaml

- name: mark as master on master ha nodes
shell: kubeadm alpha phase mark-master --config /etc/kubernetes/kubeadm/kubeadmconf.yaml
Loading

0 comments on commit 1efc20d

Please sign in to comment.