-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkubernetes_playbook.yml
406 lines (329 loc) · 12.1 KB
/
kubernetes_playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
---
- name: Install containerd
hosts: kuberclient
become: yes
vars:
CNI_version: 1.4.1
CNI_checksum: "https://github.com/containernetworking/plugins/releases/download/v{{CNI_version}}/cni-plugins-linux-{{arch}}-v{{CNI_version}}.tgz.sha256"
runc_version: 1.1.12
runc_checksum: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8
checksum_algo: sha256
containerd_version: 1.7.16
place: "/home/{{ansible_user}}"
arch: amd64
containerd_link: "https://github.com/containerd/containerd/releases/download/v{{containerd_version}}/containerd-{{containerd_version}}-linux-{{arch}}.tar.gz"
containerd_checksum_link: "https://github.com/containerd/containerd/releases/download/v{{containerd_version}}/containerd-{{containerd_version}}-linux-{{arch}}.tar.gz.sha256sum"
tasks:
- name: Download containerd
get_url:
url: "{{containerd_link}}"
dest: "{{place}}"
checksum: "{{checksum_algo}}:{{containerd_checksum_link}}"
register: containerd_downloaded
- name: Unpack containerd
unarchive:
src: "{{containerd_downloaded.dest}}"
dest: /usr/local
remote_src: yes
- name: Downloading containerd.service to systemd
get_url:
url: https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
dest: /usr/lib/systemd/system/containerd.service
- name: Enable containerd service
systemd:
name: containerd
state: started
enabled: yes
- name: Downloading runc
get_url:
url: "https://github.com/opencontainers/runc/releases/download/v{{runc_version}}/runc.{{arch}}"
dest: "{{place}}"
checksum: "{{checksum_algo}}:{{runc_checksum}}"
register: runc_downloaded
- name: Installing runc to /usr/local/sbin/runc
command: "install -m 755 {{place}}/runc.amd64 /usr/local/sbin/runc"
tags: task1
- name: Downloading CNI plugins
get_url:
url: "https://github.com/containernetworking/plugins/releases/download/v{{CNI_version}}/cni-plugins-linux-{{arch}}-v{{CNI_version}}.tgz"
dest: "{{place}}"
checksum: "{{checksum_algo}}:{{CNI_checksum}}"
register: CNI_downloaded
- name: Create cni/bin
file:
path: /opt/cni/bin
state: directory
mode: '0755'
- name: Unpack CNI
unarchive:
src: "{{CNI_downloaded.dest}}"
dest: /opt/cni/bin
remote_src: yes
- name: Containerd configurating
hosts: kuberclient
become: yes
vars:
containerd_config_path: "{{playbook_dir}}/config.toml"
tasks:
- name: Create containerd config.toml
lineinfile:
line: ""
path: "/etc/containerd/config.toml"
create: yes
- name: Creating config file
shell: containerd config default | tee /etc/containerd/config.toml
- name: Set containers systemd support
replace:
path: /etc/containerd/config.toml
regexp: "SystemdCgroup = false"
replace: "SystemdCgroup = true"
- name: Reload containerd demon
systemd:
state: restarted
daemon_reload: yes
name: containerd
- name: Install nerdctl
hosts: kuberclient
become: yes
vars:
checksum_algo: sha256
place: "/home/{{ansible_user}}"
tasks:
- name: Download nerdctl
get_url:
url: https://github.com/containerd/nerdctl/releases/download/v2.0.0-beta.4/nerdctl-2.0.0-beta.4-linux-amd64.tar.gz
dest: "{{place}}"
register: downloaded
- name: Unpack nerdctl
unarchive:
src: "{{downloaded.dest}}"
dest: /usr/local/bin
remote_src: yes
- name: Network configurating for kubernetes
hosts: kuberclient
become: yes
tasks:
- name: Downloading flannel
get_url:
url: https://github.com/flannel-io/flannel/releases/download/v0.18.0/flannel-v0.18.0-linux-amd64.tar.gz
dest: "/home/{{ansible_user}}/flannel-v0.18.0-linux-amd64.tar.gz"
mode: '0777'
- name: Create /opt/bin dir
file:
path: /opt/bin
state: directory
- name: Extract flannel
unarchive:
src: "/home/{{ansible_user}}/flannel-v0.18.0-linux-amd64.tar.gz"
dest: /opt/cni/bin
remote_src: yes
- name: Creating k8s.conf file
file:
path: /etc/modules-load.d/k8s.conf
state: touch
mode: '0644'
- name: Configurating conf file modules
lineinfile:
path: /etc/modules-load.d/k8s.conf
line: "{{ item }}"
state: present
loop:
- overlay
- br_netfilter
- name: Turn on overlay and br_netfilter
command:
cmd: modprobe {{ item }}
loop:
- overlay
- br_netfilter
- name: Setting iptables adn ip forwarding for kubernetes
copy:
dest: /etc/sysctl.d/k8s.conf
content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- name: Appling system parametres
command: sysctl --system
- name: Turning off swap
shell:
cmd: |
swapoff -a
sed -i '/\sswap\s/s/^/#/' /etc/fstab
- name: Installing kubeadm
hosts: kuberclient
become: yes
vars:
kubernetes_version: 1.29
tasks:
- name: Updating apt
apt:
update_cache: yes
- name: Installing apt-transport-https, ca-certificates , curl, gpg
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gpg
state: present
- name: Download GPG key
get_url:
url: "https://pkgs.k8s.io/core:/stable:/v{{kubernetes_version}}/deb/Release.key"
dest: "/tmp/kubernetes-gpg-key"
- name: Convert GPG key to keyring format
shell: curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: Adding repo
shell: echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
- name: Updating cache
apt:
update_cache: yes
- name: Installing kubeadm, kubelet, kubectl
apt:
name:
- kubelet
- kubeadm
- kubectl
state: present
force_apt_get: yes
- name: Mark Kubernetes packages
dpkg_selections:
name: "{{ item }}"
selection: hold
loop:
- kubelet
- kubeadm
- kubectl
- name: Init cluster
hosts: kuberclient
become: yes
vars:
cidr_subnetwork: 10.244.0.0/16
path_to_flannel_file: "{{playbook_dir}}/flannel.yml"
tasks:
- name: Change node from NAT to host_addres
lineinfile:
path: /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
regexp: '^ExecStart=.*$'
line: "ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --node-ip={{ansible_host}} --cgroup-driver=systemd"
backrefs: yes
- name: Run kubeadm init
shell: "kubeadm init --apiserver-advertise-address={{ansible_host}} --pod-network-cidr {{cidr_subnetwork}}"
- name: Configurating kubectl
hosts: kuberclient
become: yes
vars:
cidr_subnetwork: 10.244.0.0/16
path_to_flannel_file: "{{playbook_dir}}/flannel.yml"
tasks:
- name: create .kube directory on cluster machine
file:
path: $HOME/.kube
state: directory
mode: 0755
- name: Configurating kubectl
command:
cmd: "cp -i /etc/kubernetes/admin.conf $HOME/.kube/config"
- name: Set ownership of kubeconfig file
shell: "chown $(id -u):$(id -g) $HOME/.kube/config"
- name: Copy flannel
copy:
src: "{{path_to_flannel_file}}"
dest: "/home/{{ansible_user}}/"
- name: Applying CNI plugin (flannel)
shell: "sudo kubectl apply -f /home/{{ansible_user}}/flannel.yml"
register: task_result
until: task_result is succeeded
retries: 4
delay: 10
failed_when: task_result is failed
- name: Waiting for kube-system pods Ready
shell: kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod --all -n kube-system --timeout=500s
register: output
- debug: var=output.stdout_lines
- name: Waiting for flannel pods Ready
shell: kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod --all -n kube-flannel --timeout=500s
register: task_result
until: task_result is succeeded
retries: 4
delay: 10
failed_when: task_result is failed
- debug: var=task_result.stdout_lines
- name: Waiting for control-plane node Ready
shell: kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' node --selector=node-role.kubernetes.io/control-plane= --timeout=500s
register: output
- debug: var=output.stdout_lines
- name: Turning off taints
shell: kubectl taint nodes --all node-role.kubernetes.io/control-plane-
- name: Ensuring that taints are off
shell: kubectl describe nodes --selector=node-role.kubernetes.io/control-plane= | grep Taints
register: output
delay: 2
retries: 10
until: output.stdout.find("<none>") != -1
- name: Deploying apps and ingress controller
hosts: kuberclient
become: yes
vars:
local_path_ingress_nginx_config: "{{playbook_dir}}/ingress-nginx-hostnetwork-config.yml"
local_path_deploy1: "{{playbook_dir}}/deploy1.yml"
local_path_deploy2: "{{playbook_dir}}/deploy2.yml"
local_path_ingress: "{{playbook_dir}}/ingress.yml"
tasks:
- name: Copy ingress-nginx-config
copy:
src: "{{local_path_ingress_nginx_config}}"
dest: "/home/{{ansible_user}}/"
- name: Apply ingress-nginx controller
shell: "kubectl apply -f /home/{{ansible_user}}/ingress-nginx-hostnetwork-config.yml"
register: task_result
until: task_result is succeeded
retries: 2
delay: 10
failed_when: task_result is failed
- name: Waiting for ingress controller ready
shell: kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod -A --selector=app.kubernetes.io/component=controller --timeout=500s
register: output
- debug: var=output.stdout_lines
- name: Copy deploy1
copy:
src: "{{local_path_deploy1}}"
dest: "/home/{{ansible_user}}/"
- name: Apply deploy1
shell: "kubectl apply -f /home/{{ansible_user}}/deploy1.yml"
- name: Copy deploy2
copy:
src: "{{local_path_deploy2}}"
dest: "/home/{{ansible_user}}/"
- name: Apply deploy2
shell: "kubectl apply -f /home/{{ansible_user}}/deploy2.yml"
- name: Waiting for pod label "app=hello-2" ready
shell: kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod --selector=app=hello-2 --timeout=500s
register: output
- debug: var=output.stdout_lines
- name: Waitign for pod label "app=hello-1" ready
shell: kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod --selector=app=hello-1 --timeout=500s
register: output
- debug: var=output.stdout_lines
- name: Copy ingress
copy:
src: "{{local_path_ingress}}"
dest: "/home/{{ansible_user}}/"
- name: Apply ingress
shell: "kubectl apply -f /home/{{ansible_user}}/ingress.yml"
register: task_result
until: task_result is succeeded
retries: 4
delay: 10
failed_when: task_result is failed
- name: Waiting for ingress get ip
shell: "kubectl get ingress -o=jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}'"
register: output
delay: 10
retries: 10
until: output.stdout.find(ansible_host) != -1
- name: Add kubervm.internal in remote hosts config
lineinfile:
path: /etc/hosts
line: "{{ansible_host}} kubervm.internal"
insertafter: EOF