hybris
/
terraform-k8s
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update bootstrap process of kubeadm

This commit is contained in:
hybris 2019-07-25 10:24:35 +02:00
parent 0183d6b307
commit a847074aae
11 changed files with 146 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
1-terraform.yml
View File

@ -1,16 +1,19 @@
--- ---
- hosts: terraform-master.e2m - hosts: terraform-master.e2m
remote_user: hybris remote_user: hybris
become: yes
roles: roles:
- dns # - dns
- proxy # - proxy
# - terraform - terraform
vars: vars:
# TODO: import hosts from a specific host group of the inventory instead of listing them here again # TODO: import hosts from a specific host group of the inventory instead of listing them here again
kubernetes: kubernetes:
# - hostname: podman-1
# ipv6: 2001:470:6d:22c:23::42
# mac_address: 52:54:00:b2:52:86
# memory: 8192
- hostname: k8s-master - hostname: k8s-master
ipv6: 2001:470:6d:22c:42::1 ipv6: 2001:470:6d:22c:42::1
mac_address: 52:54:00:b2:52:86 mac_address: 52:54:00:b2:52:86

8
2-setup-kubernetes.yml
View File

@ -9,11 +9,3 @@
- dns - dns
- proxy - proxy
- kubernetes - kubernetes
tasks:
# - name: open firewall ports
# include: firewalld.yml
- name: update linux kernel
include: update_kernel.yml

10
2-setup-podman.yml Normal file
View File

@ -0,0 +1,10 @@
---
- hosts:
- podman
remote_user: hybris
become: yes
roles:
# - dns
# - proxy
- podman

6
hosts.yml
View File

@ -41,4 +41,8 @@ all:
terraform: terraform:
hosts: hosts:
terraform-master.e2m: terraform-master.e2m:
host_ipv6: 2001:470:6d:22c:43::1 host_ipv6: 2001:470:6d:22c:43::1
podman:
hosts:
podman-1.e2m:
host_ipv6: 2001:470:6d:22c:23::42

11
roles/kubernetes/files/docker-daemon.json Normal file
View File

@ -0,0 +1,11 @@
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}

3
roles/kubernetes/files/kubernetes.repo
View File

@ -4,5 +4,4 @@ baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1 enabled=1
gpgcheck=1 gpgcheck=1
repo_gpgcheck=1 repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

13
roles/kubernetes/files/systemd-unit-kubelet.conf Normal file
View File

@ -0,0 +1,13 @@
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf
--kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating
# the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably,
#the user should use the .NodeRegistration.KubeletExtraArgs object in the configuration files instead.
# KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

9
roles/kubernetes/tasks/firewalld.yml
View File

@ -4,6 +4,15 @@
######################## ########################
## kubernetes requirements ## kubernetes requirements
- name: install firewalld
package:
name: firewalld
- name: enable and start firewalld
systemd:
name: firewalld
enabled: yes
state: started
- name: enable port 6443/tcp - name: enable port 6443/tcp
firewalld: firewalld:

75
roles/kubernetes/tasks/main.yml
View File

@ -20,7 +20,7 @@
regexp: "^/dev/mapper/centos-swap" regexp: "^/dev/mapper/centos-swap"
line: "# /dev/mapper/centos-swap swap swap defaults 0 0" line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
- name: activate kernel module - name: add bridge-netfilter kernel module
shell: modprobe br_netfilter shell: modprobe br_netfilter
- name: enable bridge-nf-call-iptables - name: enable bridge-nf-call-iptables
@ -64,22 +64,60 @@
- name: copy cni config - name: copy cni config
template: template:
src: ../files/kube-router-cni.conf.j2 src: ../files/kube-router-cni.conf.j2
dest: /etc/cni/net.d/10-kuberouter.conf dest: /etc/cni/net.d/10-kuberouter.config
owner: root owner: root
group: root group: root
- name: clear yum package cache
shell: yum clean all
args:
warn: false # https://github.com/ansible/ansible/pull/31450#issuecomment-352889579
- name: install packages - name: install packages
yum: package:
name: name: "{{ item }}"
state: installed
with_items:
- yum-utils - yum-utils
- device-mapper-persistent-data - device-mapper-persistent-data
- lvm2 - lvm2
- docker-ce
- kubelet
- kubeadm
- kubectl
- kubernetes-cni - kubernetes-cni
state: present
- name: installing kubeadm, kubelet and kubectl
shell: "{{ item }}"
args:
warn: false
with_items:
- yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
- systemctl enable --now kubelet
- name: add docker-ce repo
shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- name: install docker-ce
package:
name: docker-ce-18.06.2.ce
state: installed
- name: create docker directory
file:
path: /etc/docker
state: directory
- name: deploy docker daemon configuration
copy:
src: ../files/docker-daemon.json
dest: /etc/docker/daemon.json
- name: create systemd unit directory for kubelet
file:
path: /etc/systemd/system/kubelet.service.d/
state: directory
- name: deploy kubelet service file
copy:
src: ../files/systemd-unit-kubelet.conf
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
- name: set cgroup - name: set cgroup
lineinfile: lineinfile:
@ -87,15 +125,18 @@
regexp: "^cgroup-driver=" regexp: "^cgroup-driver="
line: "cgroup-driver=cgroupfs" line: "cgroup-driver=cgroupfs"
- name: force systemd to reread configs and restart service docker - name: restart services
systemd: systemd:
name: docker name: "{{ item }}"
enabled: yes
state: restarted
- name: force systemd to reread configs and restart service kubelet
systemd:
name: kubelet
enabled: yes enabled: yes
state: restarted state: restarted
daemon_reload: yes daemon_reload: yes
with_items:
- docker
- kubelet
- name: open firewall ports
import_tasks: firewalld.yml
- name: update linux kernel
import_tasks: upgrade_kernel.yml

0
roles/kubernetes/tasks/update_kernel.yml → roles/kubernetes/tasks/upgrade_kernel.yml
View File

32
roles/podman/tasks/main.yml Normal file
View File

@ -0,0 +1,32 @@
---
# - name: subcribe to 'rhel-7-server-rpms' and 'rhel-7-server-extras-rpms' repos
# shell: subscription-manager repos --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms
# become: yes
- name: install podman
yum:
name:
- podman
state: present
become: yes
- name:
shell: |
podman run \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--volume=/var/lib/drone:/data \
--env=DRONE_GITEA_SERVER=http://192.168.99.100:32782 \
--env=DRONE_GIT_ALWAYS_AUTH=false \
--env=DRONE_RUNNER_CAPACITY=2 \
--env=DRONE_SERVER_HOST=192.168.99.100 \
--env=DRONE_SERVER_PROTO=http \
--env=DRONE_TLS_AUTOCERT=false \
--publish=80:80 \
--publish=443:443 \
--restart=always \
--detach=true \
--name=drone \
--dns=192.168.2.196 \
drone/drone:1.0.0-rc.5
become: yes