Update bootstrap process of kubeadm
This commit is contained in:
parent
0183d6b307
commit
a847074aae
@ -1,16 +1,19 @@
|
|||||||
---
|
---
|
||||||
- hosts: terraform-master.e2m
|
- hosts: terraform-master.e2m
|
||||||
remote_user: hybris
|
remote_user: hybris
|
||||||
become: yes
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- dns
|
# - dns
|
||||||
- proxy
|
# - proxy
|
||||||
# - terraform
|
- terraform
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
# TODO: import hosts from a specific host group of the inventory instead of listing them here again
|
# TODO: import hosts from a specific host group of the inventory instead of listing them here again
|
||||||
kubernetes:
|
kubernetes:
|
||||||
|
# - hostname: podman-1
|
||||||
|
# ipv6: 2001:470:6d:22c:23::42
|
||||||
|
# mac_address: 52:54:00:b2:52:86
|
||||||
|
# memory: 8192
|
||||||
- hostname: k8s-master
|
- hostname: k8s-master
|
||||||
ipv6: 2001:470:6d:22c:42::1
|
ipv6: 2001:470:6d:22c:42::1
|
||||||
mac_address: 52:54:00:b2:52:86
|
mac_address: 52:54:00:b2:52:86
|
||||||
|
@ -9,11 +9,3 @@
|
|||||||
- dns
|
- dns
|
||||||
- proxy
|
- proxy
|
||||||
- kubernetes
|
- kubernetes
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
# - name: open firewall ports
|
|
||||||
# include: firewalld.yml
|
|
||||||
|
|
||||||
- name: update linux kernel
|
|
||||||
include: update_kernel.yml
|
|
10
2-setup-podman.yml
Normal file
10
2-setup-podman.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- podman
|
||||||
|
remote_user: hybris
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
roles:
|
||||||
|
# - dns
|
||||||
|
# - proxy
|
||||||
|
- podman
|
@ -41,4 +41,8 @@ all:
|
|||||||
terraform:
|
terraform:
|
||||||
hosts:
|
hosts:
|
||||||
terraform-master.e2m:
|
terraform-master.e2m:
|
||||||
host_ipv6: 2001:470:6d:22c:43::1
|
host_ipv6: 2001:470:6d:22c:43::1
|
||||||
|
podman:
|
||||||
|
hosts:
|
||||||
|
podman-1.e2m:
|
||||||
|
host_ipv6: 2001:470:6d:22c:23::42
|
11
roles/kubernetes/files/docker-daemon.json
Normal file
11
roles/kubernetes/files/docker-daemon.json
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
"exec-opts": ["native.cgroupdriver=systemd"],
|
||||||
|
"log-driver": "json-file",
|
||||||
|
"log-opts": {
|
||||||
|
"max-size": "100m"
|
||||||
|
},
|
||||||
|
"storage-driver": "overlay2",
|
||||||
|
"storage-opts": [
|
||||||
|
"overlay2.override_kernel_check=true"
|
||||||
|
]
|
||||||
|
}
|
@ -4,5 +4,4 @@ baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
|
|||||||
enabled=1
|
enabled=1
|
||||||
gpgcheck=1
|
gpgcheck=1
|
||||||
repo_gpgcheck=1
|
repo_gpgcheck=1
|
||||||
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
|
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
|
||||||
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
|
|
||||||
|
13
roles/kubernetes/files/systemd-unit-kubelet.conf
Normal file
13
roles/kubernetes/files/systemd-unit-kubelet.conf
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Service]
|
||||||
|
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf
|
||||||
|
--kubeconfig=/etc/kubernetes/kubelet.conf"
|
||||||
|
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
|
||||||
|
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating
|
||||||
|
# the KUBELET_KUBEADM_ARGS variable dynamically
|
||||||
|
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
|
||||||
|
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably,
|
||||||
|
#the user should use the .NodeRegistration.KubeletExtraArgs object in the configuration files instead.
|
||||||
|
# KUBELET_EXTRA_ARGS should be sourced from this file.
|
||||||
|
EnvironmentFile=-/etc/default/kubelet
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
|
@ -4,6 +4,15 @@
|
|||||||
########################
|
########################
|
||||||
|
|
||||||
## kubernetes requirements
|
## kubernetes requirements
|
||||||
|
- name: install firewalld
|
||||||
|
package:
|
||||||
|
name: firewalld
|
||||||
|
|
||||||
|
- name: enable and start firewalld
|
||||||
|
systemd:
|
||||||
|
name: firewalld
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
||||||
- name: enable port 6443/tcp
|
- name: enable port 6443/tcp
|
||||||
firewalld:
|
firewalld:
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
regexp: "^/dev/mapper/centos-swap"
|
regexp: "^/dev/mapper/centos-swap"
|
||||||
line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
|
line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
|
||||||
|
|
||||||
- name: activate kernel module
|
- name: add bridge-netfilter kernel module
|
||||||
shell: modprobe br_netfilter
|
shell: modprobe br_netfilter
|
||||||
|
|
||||||
- name: enable bridge-nf-call-iptables
|
- name: enable bridge-nf-call-iptables
|
||||||
@ -64,22 +64,60 @@
|
|||||||
- name: copy cni config
|
- name: copy cni config
|
||||||
template:
|
template:
|
||||||
src: ../files/kube-router-cni.conf.j2
|
src: ../files/kube-router-cni.conf.j2
|
||||||
dest: /etc/cni/net.d/10-kuberouter.conf
|
dest: /etc/cni/net.d/10-kuberouter.config
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
|
- name: clear yum package cache
|
||||||
|
shell: yum clean all
|
||||||
|
args:
|
||||||
|
warn: false # https://github.com/ansible/ansible/pull/31450#issuecomment-352889579
|
||||||
|
|
||||||
- name: install packages
|
- name: install packages
|
||||||
yum:
|
package:
|
||||||
name:
|
name: "{{ item }}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
- yum-utils
|
- yum-utils
|
||||||
- device-mapper-persistent-data
|
- device-mapper-persistent-data
|
||||||
- lvm2
|
- lvm2
|
||||||
- docker-ce
|
|
||||||
- kubelet
|
|
||||||
- kubeadm
|
|
||||||
- kubectl
|
|
||||||
- kubernetes-cni
|
- kubernetes-cni
|
||||||
state: present
|
|
||||||
|
- name: installing kubeadm, kubelet and kubectl
|
||||||
|
shell: "{{ item }}"
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
with_items:
|
||||||
|
- yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
|
||||||
|
- systemctl enable --now kubelet
|
||||||
|
|
||||||
|
- name: add docker-ce repo
|
||||||
|
shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
||||||
|
|
||||||
|
- name: install docker-ce
|
||||||
|
package:
|
||||||
|
name: docker-ce-18.06.2.ce
|
||||||
|
state: installed
|
||||||
|
|
||||||
|
- name: create docker directory
|
||||||
|
file:
|
||||||
|
path: /etc/docker
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: deploy docker daemon configuration
|
||||||
|
copy:
|
||||||
|
src: ../files/docker-daemon.json
|
||||||
|
dest: /etc/docker/daemon.json
|
||||||
|
|
||||||
|
- name: create systemd unit directory for kubelet
|
||||||
|
file:
|
||||||
|
path: /etc/systemd/system/kubelet.service.d/
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: deploy kubelet service file
|
||||||
|
copy:
|
||||||
|
src: ../files/systemd-unit-kubelet.conf
|
||||||
|
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
|
||||||
|
|
||||||
- name: set cgroup
|
- name: set cgroup
|
||||||
lineinfile:
|
lineinfile:
|
||||||
@ -87,15 +125,18 @@
|
|||||||
regexp: "^cgroup-driver="
|
regexp: "^cgroup-driver="
|
||||||
line: "cgroup-driver=cgroupfs"
|
line: "cgroup-driver=cgroupfs"
|
||||||
|
|
||||||
- name: force systemd to reread configs and restart service docker
|
- name: restart services
|
||||||
systemd:
|
systemd:
|
||||||
name: docker
|
name: "{{ item }}"
|
||||||
enabled: yes
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: force systemd to reread configs and restart service kubelet
|
|
||||||
systemd:
|
|
||||||
name: kubelet
|
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: restarted
|
state: restarted
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
with_items:
|
||||||
|
- docker
|
||||||
|
- kubelet
|
||||||
|
|
||||||
|
- name: open firewall ports
|
||||||
|
import_tasks: firewalld.yml
|
||||||
|
|
||||||
|
- name: update linux kernel
|
||||||
|
import_tasks: upgrade_kernel.yml
|
||||||
|
32
roles/podman/tasks/main.yml
Normal file
32
roles/podman/tasks/main.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
# - name: subcribe to 'rhel-7-server-rpms' and 'rhel-7-server-extras-rpms' repos
|
||||||
|
# shell: subscription-manager repos --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms
|
||||||
|
# become: yes
|
||||||
|
|
||||||
|
- name: install podman
|
||||||
|
yum:
|
||||||
|
name:
|
||||||
|
- podman
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name:
|
||||||
|
shell: |
|
||||||
|
podman run \
|
||||||
|
--volume=/var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
--volume=/var/lib/drone:/data \
|
||||||
|
--env=DRONE_GITEA_SERVER=http://192.168.99.100:32782 \
|
||||||
|
--env=DRONE_GIT_ALWAYS_AUTH=false \
|
||||||
|
--env=DRONE_RUNNER_CAPACITY=2 \
|
||||||
|
--env=DRONE_SERVER_HOST=192.168.99.100 \
|
||||||
|
--env=DRONE_SERVER_PROTO=http \
|
||||||
|
--env=DRONE_TLS_AUTOCERT=false \
|
||||||
|
--publish=80:80 \
|
||||||
|
--publish=443:443 \
|
||||||
|
--restart=always \
|
||||||
|
--detach=true \
|
||||||
|
--name=drone \
|
||||||
|
--dns=192.168.2.196 \
|
||||||
|
drone/drone:1.0.0-rc.5
|
||||||
|
become: yes
|
Loading…
Reference in New Issue
Block a user