diff --git a/kubernetes/files/containerd_config.toml b/kubernetes/files/containerd_config.toml new file mode 100644 index 0000000..c8de6f1 --- /dev/null +++ b/kubernetes/files/containerd_config.toml @@ -0,0 +1,36 @@ +# Copyright 2018-2022 Docker Inc. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +disabled_plugins = [] + +#root = "/var/lib/containerd" +#state = "/run/containerd" +#subreaper = true +#oom_score = 0 + +#[grpc] +# address = "/run/containerd/containerd.sock" +# uid = 0 +# gid = 0 + +#[debug] +# address = "/run/containerd/debug.sock" +# uid = 0 +# gid = 0 +# level = "info" + +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true diff --git a/kubernetes/files/k8s-dqlite/Dockerfile b/kubernetes/files/k8s-dqlite/Dockerfile new file mode 100644 index 0000000..2f56628 --- /dev/null +++ b/kubernetes/files/k8s-dqlite/Dockerfile @@ -0,0 +1,15 @@ +FROM golang:1-buster + +# Add PPA +RUN echo "deb http://ppa.launchpad.net/dqlite/dev/ubuntu bionic main" > /etc/apt/sources.list.d/ppa_dqlite_dev_bionic.list +RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 50FB3D04 +# Install dependencies +RUN apt update -y && apt install -y build-essential git libraft-dev libsqlite3-dev libdqlite-dev + +# Clone +RUN git clone https://github.com/canonical/k8s-dqlite --branch v1.0.4 /k8s-dqlite +WORKDIR /k8s-dqlite + +# Compile +ENV CGO_LDFLAGS_ALLOW="-Wl,-z,now" +RUN go build -o k8s-dqlite -tags libsqlite3,dqlite k8s-dqlite.go diff --git a/kubernetes/files/k8s-dqlite/k8s-dqlite b/kubernetes/files/k8s-dqlite/k8s-dqlite new file mode 100755 index 0000000..d4faa1d Binary files /dev/null and b/kubernetes/files/k8s-dqlite/k8s-dqlite differ diff --git a/kubernetes/handlers/main.yml b/kubernetes/handlers/main.yml new file mode 100644 index 0000000..12aebbf --- /dev/null +++ b/kubernetes/handlers/main.yml @@ -0,0 +1,3 @@ +- name: reload_sysctl + command: sysctl --system + diff --git a/kubernetes/meta/main.yml b/kubernetes/meta/main.yml new file mode 100644 index 0000000..79cbd29 --- /dev/null +++ b/kubernetes/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: docker } diff --git a/kubernetes/tasks/deploy_cilium.yml b/kubernetes/tasks/deploy_cilium.yml new file mode 100644 index 0000000..48e9756 --- /dev/null +++ b/kubernetes/tasks/deploy_cilium.yml @@ -0,0 +1,12 @@ +- name: Deploy Cilium-CLI + ansible.builtin.unarchive: + src: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz + dest: /usr/local/bin + remote_src: yes + mode: u=rwx,g=rx,o=rx + +- name: Install Cilium + when: "inventory_hostname == groups['kubernetes'][0]" + command: -cilium install + environment: + KUBECONFIG: /etc/kubernetes/admin.conf diff --git a/kubernetes/tasks/k8s-dqlite_deploy.yml b/kubernetes/tasks/k8s-dqlite_deploy.yml new file mode 100644 index 0000000..b11658e --- /dev/null +++ b/kubernetes/tasks/k8s-dqlite_deploy.yml @@ -0,0 +1,21 @@ +- name: Add Dqlite/dev Repository + ansible.builtin.apt_repository: + repo: ppa:dqlite/dev + codename: bionic + +- name: Install dependencies + package: + name: + #- musl-dev + - libraft-dev + - libsqlite3-dev + - libdqlite-dev + - dqlite + state: latest + +- name: Deploy binary + ansible.builtin.copy: + src: k8s-dqlite/k8s-dqlite + dest: /usr/local/bin/ + mode: u=rwx,g=rx,o=rx + diff --git a/kubernetes/tasks/k8s-dqlite_setup.yml b/kubernetes/tasks/k8s-dqlite_setup.yml new file mode 100644 index 0000000..5533f20 --- /dev/null +++ b/kubernetes/tasks/k8s-dqlite_setup.yml @@ -0,0 +1,40 @@ +- name: Create folder for data + ansible.builtin.file: + path: /var/data/ + state: directory + mode: '0755' + +- name: Deploy init.yaml from template + ansible.builtin.template: + src: k8s-dqlite/init.yaml.template + dest: /var/data/init.yaml + +- name: Deploy cert-config-file from template + when: "inventory_hostname == groups['kubernetes'][0]" + ansible.builtin.template: + src: k8s-dqlite/csr-dqlite.conf.template + dest: /var/tmp/csr-dqlite.conf + +- name: dqlite Generate certificate + when: "inventory_hostname == groups['kubernetes'][0]" + command: openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /var/data/cluster.key -out /var/data/cluster.crt -subj "/CN=k8s" -config /var/tmp/csr-dqlite.conf -extensions v3_ext + +- name: Fetch cluster.crt and cluster.key + when: "inventory_hostname == groups['kubernetes'][0]" + synchronize: + src: "{{ item }}" + dest: /tmp/ + mode: pull + with_items: + - /var/data/cluster.crt + - /var/data/cluster.key + +- name: Copy cluster.crt and cluster.key to joining nodes + when: "inventory_hostname != groups['kubernetes'][0]" + ansible.builtin.copy: + src: "{{ item }}" + dest: /var/data/ + mode: u=rw,g=r,o=r + with_items: + - /tmp/cluster.crt + - /tmp/cluster.key diff --git a/kubernetes/tasks/k8s_deploy.yml b/kubernetes/tasks/k8s_deploy.yml new file mode 100644 index 0000000..540988f --- /dev/null +++ b/kubernetes/tasks/k8s_deploy.yml @@ -0,0 +1,28 @@ +- name: Add Google-Cloud key + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + state: present + +- name: Add Kubernetes Repository + apt_repository: + repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main" + state: present + filename: kubernetes + update_cache: yes + +- name: Install kubernetes-tools + package: + name: + - kubeadm + - kubelet + - kubectl + state: latest + +- name: Hold upgrades for kubernetes-tools + dpkg_selections: + name: "{{ item }}" + selection: hold + loop: + - kubeadm + - kubelet + - kubectl diff --git a/kubernetes/tasks/k8s_setup-cluster.yml b/kubernetes/tasks/k8s_setup-cluster.yml new file mode 100644 index 0000000..300ef7f --- /dev/null +++ b/kubernetes/tasks/k8s_setup-cluster.yml @@ -0,0 +1,4 @@ +- name: Join other nodes to cluster + when: "inventory_hostname != groups['kubernetes'][0]" + command: + diff --git a/kubernetes/tasks/k8s_setup.yml b/kubernetes/tasks/k8s_setup.yml new file mode 100644 index 0000000..53ddfe0 --- /dev/null +++ b/kubernetes/tasks/k8s_setup.yml @@ -0,0 +1,9 @@ +- name: Initialize Kubernetes Cluster + when: "inventory_hostname == groups['kubernetes'][0]" + command: kubeadm init --control-plane-endpoint={{ control_plane.dns_name }} + #--upload-certs + +- name: Set environment-var for config + lineinfile: + dest: ~/.bashrc + line: "export KUBECONFIG=/etc/kubernetes/admin.conf" diff --git a/kubernetes/tasks/main.yml b/kubernetes/tasks/main.yml new file mode 100644 index 0000000..e9f0306 --- /dev/null +++ b/kubernetes/tasks/main.yml @@ -0,0 +1,9 @@ +- import_tasks: ./prerequisites.yml + +- import_tasks: ./k8s_deploy.yml + +- import_tasks: ./k8s_setup.yml + +- import_tasks: ./deploy_cilium.yml + +#- import_tasks: ./k8s_setup-cluster.yml diff --git a/kubernetes/tasks/prerequisites.yml b/kubernetes/tasks/prerequisites.yml new file mode 100644 index 0000000..74b62af --- /dev/null +++ b/kubernetes/tasks/prerequisites.yml @@ -0,0 +1,31 @@ +- name: Load br_netfilter kernel-module + modprobe: + name: br_netfilter + state: present + +- name: Set sysctl settings for iptables bridged traffic + copy: + dest: "/etc/sysctl.d/kubernetes.conf" + content: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + notify: reload_sysctl + +- name: Disable swap + command: swapoff -a + +- name: Deploy containerd-config + ansible.builtin.copy: + src: containerd_config.toml + dest: /etc/containerd/config.toml + mode: u=rw,g=r,o=r + +- name: restart_containerd + ansible.builtin.service: + name: containerd + state: restarted + +- name: Set control-plane-dns-endpoint towards local-ip + lineinfile: + dest: /etc/hosts + line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu" diff --git a/kubernetes/templates/k8s-dqlite/csr-dqlite.conf.template b/kubernetes/templates/k8s-dqlite/csr-dqlite.conf.template new file mode 100644 index 0000000..e2d5f9d --- /dev/null +++ b/kubernetes/templates/k8s-dqlite/csr-dqlite.conf.template @@ -0,0 +1,28 @@ +[ req ] +default_bits = 2048 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn + +[ dn ] +C = GB +ST = Canonical +L = Canonical +O = Canonical +OU = Canonical +CN = k8s + +[ req_ext ] +subjectAltName = @alt_names + +[ alt_names ] +DNS = {{ ansible_facts.fqdn }} +IP = {{ ansible_facts.default_ipv6.address }} + +[ v3_ext ] +authorityKeyIdentifier=keyid,issuer:always +basicConstraints=CA:FALSE +keyUsage=keyEncipherment,dataEncipherment,digitalSignature +extendedKeyUsage=serverAuth,clientAuth +subjectAltName=@alt_names diff --git a/kubernetes/templates/k8s-dqlite/init.yaml.template b/kubernetes/templates/k8s-dqlite/init.yaml.template new file mode 100644 index 0000000..f6f8690 --- /dev/null +++ b/kubernetes/templates/k8s-dqlite/init.yaml.template @@ -0,0 +1,7 @@ +{% if inventory_hostname != groups['kubernetes'][0] %} +Cluster: +{% for node in groups['kubernetes'] if node != inventory_hostname %} + - {{ node }}:29001 +{% endfor %} +{% endif %} +Address: 0.0.0.0:29001