From 225c38df61c2a1b1e4a0dc2738f374823d9ab774 Mon Sep 17 00:00:00 2001 From: Ruakij Date: Mon, 17 Oct 2022 14:43:04 +0200 Subject: [PATCH] Add role kubernetes --- kubernetes/files/containerd_config.toml | 35 ++++++++ .../rke2-canal-config.yaml.disabled | 9 ++ kubernetes/handlers/main.yml | 19 ++++ kubernetes/meta/main.yml | 4 + kubernetes/tasks/install_helm.yml | 17 ++++ kubernetes/tasks/install_rke2.yml | 65 ++++++++++++++ kubernetes/tasks/main.yml | 6 ++ kubernetes/tasks/prerequisites.yml | 89 +++++++++++++++++++ .../templates/rke2/config.yaml.template | 16 ++++ 9 files changed, 260 insertions(+) create mode 100644 kubernetes/files/containerd_config.toml create mode 100644 kubernetes/files/helm-manifests/rke2-canal-config.yaml.disabled create mode 100644 kubernetes/handlers/main.yml create mode 100644 kubernetes/meta/main.yml create mode 100644 kubernetes/tasks/install_helm.yml create mode 100644 kubernetes/tasks/install_rke2.yml create mode 100644 kubernetes/tasks/main.yml create mode 100644 kubernetes/tasks/prerequisites.yml create mode 100644 kubernetes/templates/rke2/config.yaml.template diff --git a/kubernetes/files/containerd_config.toml b/kubernetes/files/containerd_config.toml new file mode 100644 index 0000000..c324a4b --- /dev/null +++ b/kubernetes/files/containerd_config.toml @@ -0,0 +1,35 @@ +# Copyright 2018-2022 Docker Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +disabled_plugins = [] + +#root = "/var/lib/containerd" +#state = "/run/containerd" +#subreaper = true +#oom_score = 0 + +#[grpc] +# address = "/run/containerd/containerd.sock" +# uid = 0 +# gid = 0 + +#[debug] +# address = "/run/containerd/debug.sock" +# uid = 0 +# gid = 0 +# level = "info" + +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true diff --git a/kubernetes/files/helm-manifests/rke2-canal-config.yaml.disabled b/kubernetes/files/helm-manifests/rke2-canal-config.yaml.disabled new file mode 100644 index 0000000..978e2ef --- /dev/null +++ b/kubernetes/files/helm-manifests/rke2-canal-config.yaml.disabled @@ -0,0 +1,9 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: rke2-canal + namespace: kube-system +spec: + valuesContent: |- + flannel: + backend: "wireguard" diff --git a/kubernetes/handlers/main.yml b/kubernetes/handlers/main.yml new file mode 100644 index 0000000..5b55d71 --- /dev/null +++ b/kubernetes/handlers/main.yml @@ -0,0 +1,19 @@ +- name: reload_sysctl + command: sysctl --system + +- name: restart_containerd + ansible.builtin.service: + name: containerd + state: restarted + +- name: reload_networking + service: + name: networking + state: restarted + async: 5 + poll: 0 + notify: wait_for_connection + +- name: wait_for_connection + wait_for_connection: + delay: 5 diff --git a/kubernetes/meta/main.yml b/kubernetes/meta/main.yml new file mode 100644 index 0000000..613d878 --- /dev/null +++ b/kubernetes/meta/main.yml @@ -0,0 +1,4 @@ +--- + dependencies: + - role: docker + - role: netmaker diff --git a/kubernetes/tasks/install_helm.yml b/kubernetes/tasks/install_helm.yml new file mode 100644 index 0000000..0a5a361 --- /dev/null +++ b/kubernetes/tasks/install_helm.yml @@ -0,0 +1,17 @@ +- name: Add Balto key + apt_key: + url: https://baltocdn.com/helm/signing.asc + state: present + +- name: Add Balto Repository + apt_repository: + repo: "deb https://baltocdn.com/helm/stable/debian/ all main" + state: present + filename: kubernetes + update_cache: yes + +- name: Install helm + package: + name: + - helm + state: latest diff --git a/kubernetes/tasks/install_rke2.yml b/kubernetes/tasks/install_rke2.yml new file mode 100644 index 0000000..30cd8a6 --- /dev/null +++ b/kubernetes/tasks/install_rke2.yml @@ -0,0 +1,65 @@ +- name: Create rke-helm-manifests-folder + ansible.builtin.file: + path: '/var/lib/rancher/rke2/server/manifests/' + state: directory + mode: '0755' + +- name: Deploy helm-manifests + ansible.builtin.copy: + src: 'helm-manifests/' + dest: '/var/lib/rancher/rke2/server/manifests/' + +- name: Create rke-folder + ansible.builtin.file: + path: /etc/rancher/rke2/ + state: directory + mode: '0755' + +- name: Deploy rke2 config + ansible.builtin.template: + src: rke2/config.yaml.template + dest: /etc/rancher/rke2/config.yaml + +- name: Install RKE2 + command: bash -c "curl -sfL https://get.rke2.io | sh -" + +- name: Add RKE2 environment-vars to /etc/profile.d/ + blockinfile: + path: /etc/profile.d/rke2-bin.sh + marker: "# {mark} ANSIBLE MANAGED BLOCK | rke2" + block: | + export PATH="/var/lib/rancher/rke2/bin/:$PATH" + export KUBECONFIG="/etc/rancher/rke2/rke2.yaml" + create: true + +- name: Enable and start rke2-server service for 1st-node + ansible.builtin.service: + name: rke2-server + enabled: yes + state: started + when: "inventory_hostname == groups['kubernetes'][0]" + +- name: Waiting for kubelet to accept connections + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: 10250 + state: started + when: "inventory_hostname == groups['kubernetes'][0]" + +- name: Enable and start rke2-server service for other nodes + ansible.builtin.service: + name: rke2-server + enabled: yes + state: started + when: "inventory_hostname != groups['kubernetes'][0]" + register: rke2_start + until: "rke2_start is not failed" + retries: 2 + delay: 10 + +- name: Waiting for kubelet to accept connections on other nodes + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: 10250 + state: started + when: "inventory_hostname != groups['kubernetes'][0]" diff --git a/kubernetes/tasks/main.yml b/kubernetes/tasks/main.yml new file mode 100644 index 0000000..7071188 --- /dev/null +++ b/kubernetes/tasks/main.yml @@ -0,0 +1,6 @@ +- import_tasks: ./prerequisites.yml + +- import_tasks: ./install_helm.yml + +- import_tasks: ./install_rke2.yml + diff --git a/kubernetes/tasks/prerequisites.yml b/kubernetes/tasks/prerequisites.yml new file mode 100644 index 0000000..dcb4f1a --- /dev/null +++ b/kubernetes/tasks/prerequisites.yml @@ -0,0 +1,89 @@ +#- name: Load br_netfilter kernel-module +# modprobe: +# name: br_netfilter +# state: present + +- name: Set sysctl settings for iptables bridged traffic + copy: + dest: "/etc/sysctl.d/kubernetes.conf" + content: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + + net.ipv4.conf.all.forwarding=1 + net.ipv6.conf.all.forwarding=1 + notify: reload_sysctl + +#- name: Disable swap +# command: swapoff -a + +- name: Install iptables + package: + name: + #- containerd + - iptables + state: latest + +- name: Check if containerd-service exists & is started + service: + name: containerd + state: started + ignore_errors: true + register: containerd_status + +- name: Install containerd when not exists + package: + name: + - containerd + when: containerd_status is failed + +- name: Create containerd config-folder + file: + path: /etc/containerd + state: directory + +- name: Deploy containerd-config + ansible.builtin.copy: + src: containerd_config.toml + dest: /etc/containerd/config.toml + mode: u=rw,g=r,o=r + notify: restart_containerd + +- name: Set control-plane-dns-endpoint towards local-ip + lineinfile: + dest: /etc/hosts + line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu" + +- name: Setting network facts.. + set_fact: + inventory_group_index: "{{ groups['kubernetes'].index(inventory_hostname) }}" + ipPool_ipv6_nodeip_cidr_only_prefix: '{{ kubernetes.ipPool.ipv6.nodeip_cidr | regex_replace ("(?<=:)[0-9a-f]{0,4}(\/[0-9]+)?$","") }}' + ipPool_ipv6_nodeip_cidr_cidr: '{{ kubernetes.ipPool.ipv6.nodeip_cidr | regex_replace ("^.*?\/","") }}' + ipPool_ipv4_nodeip_cidr_only_prefix: '{{ kubernetes.ipPool.ipv4.nodeip_cidr | regex_replace ("(?<=.)[0-9]{0,3}(\/[0-9]+)?$","") }}' + ipPool_ipv4_nodeip_cidr_cidr: '{{ kubernetes.ipPool.ipv4.nodeip_cidr | regex_replace ("^.*?\/","") }}' + +- name: Setting more network_facts.. + set_fact: + ipPool_ipv6_nodeip: "{{ ipPool_ipv6_nodeip_cidr_only_prefix }}{{ inventory_group_index|int +1 }}" + ipPool_ipv4_nodeip: "{{ ipPool_ipv4_nodeip_cidr_only_prefix }}{{ inventory_group_index|int +1 }}" + +- name: Setup IPv4-Network + lineinfile: + insertafter: "iface {{ ansible_facts.default_ipv4.interface }} inet .+" + dest: "/etc/network/interfaces" + line: " up /usr/sbin/ip addr add {{ ipPool_ipv4_nodeip }} dev {{ ansible_facts.default_ipv4.interface }}" + register: setup_network_ipv4 + +- name: Setup IPv6-Network + lineinfile: + insertafter: "iface {{ ansible_facts.default_ipv4.interface }} inet6 .+" + dest: "/etc/network/interfaces" + line: " up /usr/sbin/ip -6 addr add {{ ipPool_ipv6_nodeip }} dev {{ ansible_facts.default_ipv4.interface }}" + register: setup_network_ipv6 + +- name: Force-Reload network-interface + command: "ifup --force {{ ansible_facts.default_ipv4.interface }}" + when: setup_network_ipv4.changed or setup_network_ipv6.changed + +- name: Run handlers to reload configurations + meta: flush_handlers diff --git a/kubernetes/templates/rke2/config.yaml.template b/kubernetes/templates/rke2/config.yaml.template new file mode 100644 index 0000000..75c2f14 --- /dev/null +++ b/kubernetes/templates/rke2/config.yaml.template @@ -0,0 +1,16 @@ +## Base ## +container-runtime-endpoint: unix:///run/containerd/containerd.sock + +{% if inventory_hostname != groups['kubernetes'][0] %} +server: https://{{ kubernetes.control_plane.dns_name }}:9345 +{% endif %} +token: {{ kubernetes.shared_token }} +tls-san: + - {{ kubernetes.control_plane.dns_name }} + +## Networking ## +#cni: cilium + +cluster-cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }},{{ kubernetes.ipPool.ipv6.cluster_cidr }} +service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv6.service_cidr }} +node-ip: {{ ipPool_ipv4_nodeip }},{{ ipPool_ipv6_nodeip }}