Ruakij/Ansible-roles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Ruakij:e5ebc2ad5ffe86471a21bdc0af9790de115a4364
Branches Tags
Ruakij:main
Ruakij:role_kubernetes-k3s
Ruakij:role_nftables
Ruakij:role_wireguard-ipv6-converter
Ruakij:role_netbird_client
Ruakij:role_nomad
Ruakij:role_netmaker_server
Ruakij:role_netmaker
Ruakij:role_common
Ruakij:role_kubernetes-rke2
Ruakij:role_kubernetes
Ruakij:role_docker
Ruakij:role_ansible
Ruakij:role_zsh
..
compare: Ruakij:9cb2e8819303dd3f9ac45fd8109dde494686cb33
Branches Tags
Ruakij:role_kubernetes-k3s
Ruakij:main
Ruakij:role_nftables
Ruakij:role_wireguard-ipv6-converter
Ruakij:role_netbird_client
Ruakij:role_nomad
Ruakij:role_netmaker_server
Ruakij:role_netmaker
Ruakij:role_common
Ruakij:role_kubernetes-rke2
Ruakij:role_kubernetes
Ruakij:role_docker
Ruakij:role_ansible
Ruakij:role_zsh

No commits in common. "e5ebc2ad5ffe86471a21bdc0af9790de115a4364" and "9cb2e8819303dd3f9ac45fd8109dde494686cb33" have entirely different histories.
e5ebc2ad5f ... 9cb2e88193

21 changed files with 1 additions and 327 deletions
Show Stats Expand all files Collapse all files

1
common/defaults/main.yml
View File

@ -1 +0,0 @@
ipv6_stable_secret: 1111:2222:3333:4444:5555:6666:7777:8888

2
common/tasks/main.yml
View File

@ -5,5 +5,3 @@
- import_tasks: ./packages.yml - import_tasks: ./packages.yml
- import_tasks: ./aliases.yml - import_tasks: ./aliases.yml
- import_tasks: ./networking.yml

22
common/tasks/networking.yml
View File

@ -1,22 +0,0 @@
- name: Set sysctl settings for ip-forwarding
copy:
dest: "/etc/sysctl.d/ip-forwarding.conf"
content: |
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
notify: reload_sysctl
- name: Set sysctl settings for ipv6-address-generation
copy:
dest: "/etc/sysctl.d/ipv6-slaac-address-generation.conf"
content: |
net.ipv6.conf.default.addr_gen_mode = 2
net.ipv6.conf.default.stable_secret = {{ ipv6_stable_secret }}
notify: reload_sysctl
- name: Set sysctl settings to override ipv6-slaac with enabled forwarding
copy:
dest: "/etc/sysctl.d/ipv6-slaac-override.conf"
content: |
net.ipv6.conf.all.accept_ra = 2
notify: reload_sysctl

17
kubernetes/defaults/main.yml
View File

@ -1,17 +0,0 @@
---
kubernetes:
ipPool:
ipv4:
cluster_cidr: 10.42.0.0/16
service_cidr: 10.43.0.0/16
ipv6:
cluster_cidr: fd42::/56
service_cidr: fd43::/112
# Replace - with _
nodeIp_interface: <interface to grab nodeIp from>
control_plane:
dns_name: <control-plane dns-reachable-name>
token: <shared token for nodes to join>

33
kubernetes/docs/architecture.puml
View File

@ -1,33 +0,0 @@
@startuml
rectangle "Control-Plane" as control_plane {
rectangle "Node" as sn1 {
component "netclient" as sn1_netclient
component etcd as sn1_etcd
component "k3s-server" as sn1_k3s_server
sn1_k3s_server - sn1_etcd
}
rectangle "Node" as sn2 {
component "netclient" as sn2_netclient
component etcd as sn2_etcd
component "k3s-server" as sn2_k3s_server
sn2_k3s_server - sn2_etcd
}
sn1_netclient -- sn2_netclient
sn1_etcd -- sn2_etcd
}
rectangle "Workers" {
rectangle "Node" as an1 {
component "netclient" as an1_netclient
component "k3s-agent" as sn1_k3s_agent
}
}
@enduml

35
kubernetes/files/containerd_config.toml
View File

@ -1,35 +0,0 @@
# Copyright 2018-2022 Docker Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
disabled_plugins = []
#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0
#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0
#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true

19
kubernetes/handlers/main.yml
View File

@ -1,19 +0,0 @@
- name: reload_sysctl
command: sysctl --system
- name: restart_containerd
ansible.builtin.service:
name: containerd
state: restarted
- name: reload_networking
service:
name: networking
state: restarted
async: 5
poll: 0
notify: wait_for_connection
- name: wait_for_connection
wait_for_connection:
delay: 5

4
kubernetes/meta/main.yml
View File

@ -1,4 +0,0 @@
---
dependencies:
- role: docker
- role: netmaker

29
kubernetes/tasks/install.yml
View File

@ -1,29 +0,0 @@
- name: Create k3s-folder
ansible.builtin.file:
path: /etc/rancher/k3s/
state: directory
mode: '0755'
- name: Deploy k3s config
ansible.builtin.template:
src: k3s/{{ type }}/config.yaml.jinja2
dest: /etc/rancher/k3s/config.yaml
- name: Download install-script
get_url:
url: https://get.k3s.io
dest: /root/k3s_install.sh
mode: '744'
# todo: update when file changed?
- import_tasks: ./install/server/setup_network.yml
when: "type == 'server'"
- import_tasks: ./install/server/install_helm.yml
when: "type == 'server'"
- import_tasks: ./install/server/install_k3s.yml
when: "type == 'server'"
- import_tasks: ./install/agent/install_k3s.yml
when: "type == 'agent'"

7
kubernetes/tasks/install/agent/install_k3s.yml
View File

@ -1,7 +0,0 @@
- name: Install K3s agent
command: /root/k3s_install.sh {{ type }}
register: command
changed_when: "'No change detected' in command.stdout"
until: "command is not failed"
retries: 2
delay: 10

17
kubernetes/tasks/install/server/install_helm.yml
View File

@ -1,17 +0,0 @@
- name: Add Balto key
apt_key:
url: https://baltocdn.com/helm/signing.asc
state: present
- name: Add Balto Repository
apt_repository:
repo: "deb https://baltocdn.com/helm/stable/debian/ all main"
state: present
filename: kubernetes
update_cache: yes
- name: Install helm
package:
name:
- helm
state: latest

36
kubernetes/tasks/install/server/install_k3s.yml
View File

@ -1,36 +0,0 @@
- name: Install K3s-server for 1st-node
command: /root/k3s_install.sh {{ type }}
when: "inventory_hostname == groups['kubernetes'][0]"
register: command
changed_when: "'No change detected' in command.stdout"
- name: Waiting for K3s-server to accept connections
ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
port: 6443
state: started
when: "inventory_hostname == groups['kubernetes'][0]"
- name: Install K3s-server for other nodes
command: /root/k3s_install.sh {{ type }}
when: "inventory_hostname != groups['kubernetes'][0]"
register: command
changed_when: "'No change detected' in command.stdout"
until: "command is not failed"
retries: 2
delay: 10
- name: Waiting for K3s-server to accept connections on other nodes
ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
port: 6443
state: started
when: "inventory_hostname != groups['kubernetes'][0]"
#- name: Add Kubernetes environment-vars to /etc/profile.d/
# blockinfile:
# path: /etc/profile.d/k3s-bin.sh
# marker: "# {mark} ANSIBLE MANAGED BLOCK | k3s"
# block: |
# export KUBECONFIG="/etc/rancher/k3s/k3s.yaml"
# create: true

6
kubernetes/tasks/install/server/setup_network.yml
View File

@ -1,6 +0,0 @@
- name: Set control-plane-dns-endpoint towards local-ip
blockinfile:
path: /etc/hosts
marker: "# {mark} ANSIBLE MANAGED BLOCK | k3s"
block: |
{{ nodeip_ipv4 }} {{ kubernetes.control_plane.dns_name }}

4
kubernetes/tasks/main.yml
View File

@ -1,4 +0,0 @@
- import_tasks: ./prerequisites.yml
- import_tasks: ./install.yml

35
kubernetes/tasks/prerequisites.yml
View File

@ -1,35 +0,0 @@
#- name: Load br_netfilter kernel-module
# modprobe:
# name: br_netfilter
# state: present
- name: Set sysctl settings for iptables bridged traffic
copy:
dest: "/etc/sysctl.d/kubernetes.conf"
content: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.all.forwarding=1
net.ipv6.conf.all.forwarding=1
notify: reload_sysctl
#- name: Disable swap
# command: swapoff -a
#- name: Install iptables
# package:
# name:
# #- containerd
# - iptables
# state: latest
- import_tasks: ./prerequisites/containerd.yml
- name: Getting nodeIp-data from interface
set_fact:
nodeip_ipv4: "{{ ansible_facts[ kubernetes.ipPool.nodeIp_interface ].ipv4.address }}"
nodeip_ipv6: "{{ ansible_facts[ kubernetes.ipPool.nodeIp_interface ].ipv6[0].address }}"
- name: Run handlers to reload configurations
meta: flush_handlers

24
kubernetes/tasks/prerequisites/containerd.yml
View File

@ -1,24 +0,0 @@
- name: Check if containerd-service exists & is started
service:
name: containerd
state: started
ignore_errors: true
register: containerd_status
- name: Install containerd when not exists
package:
name:
- containerd
when: containerd_status is failed
- name: Create containerd config-folder
file:
path: /etc/containerd
state: directory
- name: Deploy containerd-config
ansible.builtin.copy:
src: containerd_config.toml
dest: /etc/containerd/config.toml
mode: u=rw,g=r,o=r
notify: restart_containerd

7
kubernetes/templates/k3s/agent/config.yaml.jinja2
View File

@ -1,7 +0,0 @@
server: https://{{ kubernetes.control_plane.dns_name }}:6443
token: {{ kubernetes.token }}
node-ip: {{ nodeip_ipv4 }},{{ nodeip_ipv6 }}
# FIXME: Workaround for bug in Kubernetes 1.24/1.25 ignoring node IPv6 addresses
kubelet-arg: "--node-ip=0.0.0.0"

23
kubernetes/templates/k3s/server/config.yaml.jinja2
View File

@ -1,23 +0,0 @@
## Base ##
{% if inventory_hostname == groups['kubernetes'][0] %}
cluster-init: true
{% else %}
server: https://{{ groups['kubernetes'][0] }}:6443
{% endif %}
token: {{ kubernetes.token }}
tls-san:
- {{ kubernetes.control_plane.dns_name }}
# Networking
node-ip: {{ nodeip_ipv4 }},{{ nodeip_ipv6 }}
cluster-cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }},{{ kubernetes.ipPool.ipv6.cluster_cidr }}
service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv6.service_cidr }}
egress-selector-mode: disabled
# Network-plugin
flannel-backend: vxlan
# FIXME: Workaround for bug in Kubernetes 1.24/1.25 ignoring node IPv6 addresses
kubelet-arg: "--node-ip=0.0.0.0"

2
netmaker/tasks/join-network.yml
View File

@ -2,6 +2,4 @@
when: "netclient.join_network_token is defined" when: "netclient.join_network_token is defined"
command: "netclient join -t {{ netclient.join_network_token }}" command: "netclient join -t {{ netclient.join_network_token }}"
failed_when: command.rc != 0 failed_when: command.rc != 0
changed_when: "'starting wireguard' in command.stdout"
register: command register: command
throttle: 1

3
netmaker/tasks/main.yml
View File

@ -3,6 +3,3 @@
- import_tasks: ./install.yml - import_tasks: ./install.yml
- import_tasks: ./join-network.yml - import_tasks: ./join-network.yml
- name: Gather facts to get changes
ansible.builtin.gather_facts:

2
netmaker_server/docs/architecture.puml → netmaker_server/files/opt/netmaker_server/docs/architecture.puml
View File

@ -30,7 +30,7 @@ component netmaker_server {
component nm_api component nm_api
nm_api -down- nm_api_http nm_api -down- nm_api_http
ng_http --( nm_api_http ng_http --( nm_api_http
nm_api .up.( ng_TLS : db-connection to rqlite-master nm_api -up-( ng_TLS : db-connection to rqlite-master
nm_api --( mq_plain nm_api --( mq_plain
} }