From a847074aaef042e407ad788f7fa382133b556615 Mon Sep 17 00:00:00 2001
From: hybris <hybris@e2m.io>
Date: Thu, 25 Jul 2019 10:24:35 +0200
Subject: [PATCH] Update bootstrap process of kubeadm

---
 1-terraform.yml                               | 11 ++-
 2-setup-kubernetes.yml                        |  8 --
 2-setup-podman.yml                            | 10 +++
 hosts.yml                                     |  6 +-
 roles/kubernetes/files/docker-daemon.json     | 11 +++
 roles/kubernetes/files/kubernetes.repo        |  3 +-
 .../files/systemd-unit-kubelet.conf           | 13 ++++
 roles/kubernetes/tasks/firewalld.yml          |  9 +++
 roles/kubernetes/tasks/main.yml               | 75 ++++++++++++++-----
 .../{update_kernel.yml => upgrade_kernel.yml} |  0
 roles/podman/tasks/main.yml                   | 32 ++++++++
 11 files changed, 146 insertions(+), 32 deletions(-)
 create mode 100644 2-setup-podman.yml
 create mode 100644 roles/kubernetes/files/docker-daemon.json
 create mode 100644 roles/kubernetes/files/systemd-unit-kubelet.conf
 rename roles/kubernetes/tasks/{update_kernel.yml => upgrade_kernel.yml} (100%)
 create mode 100644 roles/podman/tasks/main.yml

diff --git a/1-terraform.yml b/1-terraform.yml
index c709246..e241309 100644
--- a/1-terraform.yml
+++ b/1-terraform.yml
@@ -1,16 +1,19 @@
 ---
 - hosts: terraform-master.e2m
   remote_user: hybris
-  become: yes
 
   roles:
-    - dns
-    - proxy
-    # - terraform
+    # - dns
+    # - proxy
+    - terraform
 
   vars:
     # TODO: import hosts from a specific host group of the inventory instead of listing them here again
     kubernetes:
+      # - hostname: podman-1
+      #   ipv6: 2001:470:6d:22c:23::42
+      #   mac_address: 52:54:00:b2:52:86
+      #   memory: 8192
       - hostname: k8s-master
         ipv6: 2001:470:6d:22c:42::1
         mac_address: 52:54:00:b2:52:86
diff --git a/2-setup-kubernetes.yml b/2-setup-kubernetes.yml
index 2b18b0a..387355e 100644
--- a/2-setup-kubernetes.yml
+++ b/2-setup-kubernetes.yml
@@ -9,11 +9,3 @@
     - dns
     - proxy
     - kubernetes
-
-  tasks:
-
-    # - name: open firewall ports
-    #   include: firewalld.yml
-
-    - name: update linux kernel
-      include: update_kernel.yml
\ No newline at end of file
diff --git a/2-setup-podman.yml b/2-setup-podman.yml
new file mode 100644
index 0000000..3871be8
--- /dev/null
+++ b/2-setup-podman.yml
@@ -0,0 +1,10 @@
+---
+- hosts:
+    - podman
+  remote_user: hybris
+  become: yes
+
+  roles:
+    # - dns
+    # - proxy
+    - podman
diff --git a/hosts.yml b/hosts.yml
index d4d78a9..4ce253f 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -41,4 +41,8 @@ all:
     terraform:
       hosts:
         terraform-master.e2m:
-          host_ipv6: 2001:470:6d:22c:43::1
\ No newline at end of file
+          host_ipv6: 2001:470:6d:22c:43::1
+    podman:
+      hosts:
+        podman-1.e2m:
+          host_ipv6: 2001:470:6d:22c:23::42
\ No newline at end of file
diff --git a/roles/kubernetes/files/docker-daemon.json b/roles/kubernetes/files/docker-daemon.json
new file mode 100644
index 0000000..c039101
--- /dev/null
+++ b/roles/kubernetes/files/docker-daemon.json
@@ -0,0 +1,11 @@
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
\ No newline at end of file
diff --git a/roles/kubernetes/files/kubernetes.repo b/roles/kubernetes/files/kubernetes.repo
index 81eefdf..65eda50 100644
--- a/roles/kubernetes/files/kubernetes.repo
+++ b/roles/kubernetes/files/kubernetes.repo
@@ -4,5 +4,4 @@ baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
 enabled=1
 gpgcheck=1
 repo_gpgcheck=1
-gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
-        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
\ No newline at end of file
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
diff --git a/roles/kubernetes/files/systemd-unit-kubelet.conf b/roles/kubernetes/files/systemd-unit-kubelet.conf
new file mode 100644
index 0000000..a93795c
--- /dev/null
+++ b/roles/kubernetes/files/systemd-unit-kubelet.conf
@@ -0,0 +1,13 @@
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf
+--kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating 
+# the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably,
+#the user should use the .NodeRegistration.KubeletExtraArgs object in the configuration files instead.
+# KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/etc/default/kubelet
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
diff --git a/roles/kubernetes/tasks/firewalld.yml b/roles/kubernetes/tasks/firewalld.yml
index dda05b7..da4f98f 100644
--- a/roles/kubernetes/tasks/firewalld.yml
+++ b/roles/kubernetes/tasks/firewalld.yml
@@ -4,6 +4,15 @@
 ########################
 
 ## kubernetes requirements
+  - name: install firewalld
+    package:
+      name: firewalld
+
+  - name: enable and start firewalld
+    systemd:
+      name: firewalld
+      enabled: yes
+      state: started
 
   - name: enable port 6443/tcp
     firewalld:
diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml
index f2b8ad9..be19e0b 100644
--- a/roles/kubernetes/tasks/main.yml
+++ b/roles/kubernetes/tasks/main.yml
@@ -20,7 +20,7 @@
     regexp: "^/dev/mapper/centos-swap"
     line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
 
-- name: activate kernel module
+- name: add bridge-netfilter kernel module
   shell: modprobe br_netfilter
 
 - name: enable bridge-nf-call-iptables
@@ -64,22 +64,60 @@
 - name: copy cni config
   template:
     src: ../files/kube-router-cni.conf.j2
-    dest: /etc/cni/net.d/10-kuberouter.conf
+    dest: /etc/cni/net.d/10-kuberouter.config
     owner: root
     group: root
 
+- name: clear yum package cache
+  shell: yum clean all
+  args:
+    warn: false # https://github.com/ansible/ansible/pull/31450#issuecomment-352889579
+
 - name: install packages
-  yum:
-    name:
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
     - yum-utils
     - device-mapper-persistent-data
     - lvm2
-    - docker-ce
-    - kubelet
-    - kubeadm
-    - kubectl
     - kubernetes-cni
-    state: present
+  
+- name: installing kubeadm, kubelet and kubectl
+  shell: "{{ item }}"
+  args:
+    warn: false
+  with_items:
+    - yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
+    - systemctl enable --now kubelet
+
+- name: add docker-ce repo
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+- name: install docker-ce
+  package:
+    name: docker-ce-18.06.2.ce
+    state: installed
+
+- name:  create docker directory
+  file:
+    path: /etc/docker
+    state: directory
+
+- name: deploy docker daemon configuration
+  copy:
+    src: ../files/docker-daemon.json
+    dest: /etc/docker/daemon.json
+
+- name: create systemd unit directory for kubelet
+  file:
+    path: /etc/systemd/system/kubelet.service.d/
+    state: directory
+
+- name: deploy kubelet service file
+  copy:
+    src: ../files/systemd-unit-kubelet.conf
+    dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
 
 - name: set cgroup
   lineinfile:
@@ -87,15 +125,18 @@
     regexp: "^cgroup-driver="
     line: "cgroup-driver=cgroupfs"
 
-- name: force systemd to reread configs and restart service docker
+- name: restart services
   systemd:
-    name: docker
-    enabled: yes
-    state: restarted
-
-- name: force systemd to reread configs and restart service kubelet
-  systemd:
-    name: kubelet
+    name: "{{ item }}"
     enabled: yes
     state: restarted
     daemon_reload: yes
+  with_items:
+    - docker
+    - kubelet
+
+- name: open firewall ports
+  import_tasks: firewalld.yml
+
+- name: update linux kernel
+  import_tasks: upgrade_kernel.yml
diff --git a/roles/kubernetes/tasks/update_kernel.yml b/roles/kubernetes/tasks/upgrade_kernel.yml
similarity index 100%
rename from roles/kubernetes/tasks/update_kernel.yml
rename to roles/kubernetes/tasks/upgrade_kernel.yml
diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml
new file mode 100644
index 0000000..b83b99b
--- /dev/null
+++ b/roles/podman/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+
+# - name: subcribe to 'rhel-7-server-rpms' and 'rhel-7-server-extras-rpms' repos 
+#   shell: subscription-manager repos --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms
+#   become: yes
+
+- name: install podman
+  yum:
+    name:
+    - podman
+    state: present
+  become: yes
+
+- name:
+  shell: |
+    podman run \
+      --volume=/var/run/docker.sock:/var/run/docker.sock \
+      --volume=/var/lib/drone:/data \
+      --env=DRONE_GITEA_SERVER=http://192.168.99.100:32782 \
+      --env=DRONE_GIT_ALWAYS_AUTH=false \
+      --env=DRONE_RUNNER_CAPACITY=2 \
+      --env=DRONE_SERVER_HOST=192.168.99.100 \
+      --env=DRONE_SERVER_PROTO=http \
+      --env=DRONE_TLS_AUTOCERT=false \
+      --publish=80:80 \
+      --publish=443:443 \
+      --restart=always \
+      --detach=true \
+      --name=drone \
+      --dns=192.168.2.196 \
+      drone/drone:1.0.0-rc.5
+  become: yes
\ No newline at end of file