many changes

2019-08-08 21:20:54 +02:00 · 2019-08-08 21:20:54 +02:00 · dccf8ca00e
commit dccf8ca00e
parent d4cb32b9c3
22 changed files with 297 additions and 133 deletions
--- a/roles/kubernetes-base/files/docker-daemon.json
+++ b/roles/kubernetes-base/files/docker-daemon.json
@ -0,0 +1,11 @@
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
--- a/roles/kubernetes-base/files/kubenet-config.json.conf
+++ b/roles/kubernetes-base/files/kubenet-config.json.conf
@ -0,0 +1,20 @@
+{
+  "cniVersion": "0.3.0",
+  "name": "mynet",
+  "type": "bridge",
+  "bridge": "cbr0",
+  "isDefaultGateway": true,
+  "ipMasq": true,
+  "hairpinMode": true,
+  "ipam": {
+    "type": "host-local",
+    "ranges": [
+      [
+        {
+          "subnet": "2001:470:6d:22c:42::/80",
+          "gateway": "2001:470:6d:22c::1"
+        }
+      ]
+    ]
+  }
+}
--- a/roles/kubernetes-base/files/kubernetes.repo
+++ b/roles/kubernetes-base/files/kubernetes.repo
@ -0,0 +1,7 @@
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
--- a/roles/kubernetes-base/files/systemd-unit-kubelet.conf
+++ b/roles/kubernetes-base/files/systemd-unit-kubelet.conf
@ -0,0 +1,13 @@
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf
+--kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating 
+# the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably,
+#the user should use the .NodeRegistration.KubeletExtraArgs object in the configuration files instead.
+# KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/etc/default/kubelet
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
--- a/roles/kubernetes-base/tasks/firewalld.yml
+++ b/roles/kubernetes-base/tasks/firewalld.yml
@ -0,0 +1,34 @@
+---
+########################
+#### FIREWALL TASKS ####
+########################
+
+## kubernetes requirements
+  - name: install firewalld
+    package:
+      name: firewalld
+
+  - name: enable and start firewalld
+    systemd:
+      name: firewalld
+      enabled: yes
+      state: started
+
+  - name: open ports
+    firewalld:
+      port: "{{ item }}"
+      permanent: yes
+      state: enabled
+    with_items:
+      - 6443/tcp
+      - 2379/tcp
+      - 2380/tcp
+      - 10250/tcp
+      - 10251/tcp
+      - 10252/tcp
+      - 10255/tcp
+
+## reload firewalld after setting rules
+
+  - name: reload firewalld
+    shell: firewall-cmd --reload
--- a/roles/kubernetes-base/tasks/main.yml
+++ b/roles/kubernetes-base/tasks/main.yml
@ -0,0 +1,146 @@
+---
+
+- name: reboot
+  reboot:
+
+# - name: clear yum package cache
+#   shell: "{{ item }}"
+#   args:
+#     warn: false
+#   with_items:
+#     # - yum clean all
+#     # - yum-config-manager --enable updates
+
+- name: upgrade all packages
+  yum:
+    name: '*'
+    state: latest
+
+- name: temporarily disable SELinux 
+  shell: setenforce 0
+
+- name: permanently disable SELinux 
+  lineinfile:
+    dest: /etc/sysconfig/selinux
+    regexp: "^SELINUX="
+    line: "SELINUX=disabled"
+
+- name: temporarily disable swap
+  shell: swapoff -a
+
+- name: permanently disable swap
+  lineinfile:
+    dest: /etc/fstab
+    regexp: "^/dev/mapper/centos-swap"
+    line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
+
+- name: add bridge-netfilter kernel module
+  shell: modprobe br_netfilter
+
+- name: enable bridge-nf-call-iptables
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: enable bridge-nf-call-ip6tables
+  sysctl: 
+    name: net.bridge.bridge-nf-call-ip6tables
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: enable ipv6 default forwarding
+  sysctl:
+    name: net.ipv6.conf.default.forwarding
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: add docker-ce yum repository
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+
+- name: copy kubernetes repo config
+  copy:
+    src: ../files/kubernetes.repo
+    dest: /etc/yum.repos.d/kubernetes.repo
+
+- name: clear yum package cache
+  shell: yum clean all
+  args:
+    warn: false
+
+- name: install dependencies
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - device-mapper-persistent-data
+  
+- name: install lvm2
+  shell: yum install -y lvm2
+  args:
+    warn: false
+
+- name: installing kubernetes binaries (kubeadm, kubelet and kubectl)
+  shell: "{{ item }}"
+  args:
+    warn: false
+  with_items:
+    - yum install -y kubelet kubeadm kubectl
+    - systemctl enable --now kubelet
+
+- name: add docker-ce repo
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+- name: install docker-ce
+  package:
+    name: docker-ce-18.06.2.ce
+    state: installed
+
+- name:  create docker directory
+  file:
+    path: /etc/docker
+    state: directory
+
+- name: deploy docker daemon configuration
+  copy:
+    src: ../files/docker-daemon.json
+    dest: /etc/docker/daemon.json
+
+- name: touch /etc/default/kubelet
+  file:
+    path: /etc/default/kubelet
+    state: touch
+    owner: root
+    group: root
+
+- name: set kubelet extra args
+  lineinfile:
+    dest: /etc/default/kubelet
+    regexp: "^KUBELET_EXTRA_ARGS="
+    line: "KUBELET_EXTRA_ARGS=--fail-swap-on=false --node-ip={{ host_ipv6 }}"
+
+- name: restart services
+  systemd:
+    name: "{{ item }}"
+    enabled: yes
+    state: restarted
+    daemon_reload: yes
+  with_items:
+    - docker
+    - kubelet
+
+- name: open firewall ports
+  import_tasks: firewalld.yml
+
+# - name: update linux kernel
+#   import_tasks: upgrade_kernel.yml
+
+- name: reboot
+  reboot:
--- a/roles/kubernetes-base/tasks/upgrade_kernel.yml
+++ b/roles/kubernetes-base/tasks/upgrade_kernel.yml
@ -0,0 +1,33 @@
+---
+######################
+#### KERNEL TASKS ####
+######################
+
+
+# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
+- name: import elrepo gpg key
+  shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+
+- name: enable elrepo-release rpm
+  shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+
+# - name: Add repository
+#   yum_repository:
+#     name: elrepo-kernel
+#     description: elrepo-release
+#     baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+
+- name: install mainline kernel
+  shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
+
+- name: set default kernel version in grub
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: "^GRUB_DEFAULT"
+    line: "GRUB_DEFAULT=0"
+
+- name: write grub config
+  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
+
+- name: reboot
+  reboot:
--- a/roles/kubernetes-base/templates/kubenet-config.json.j2
+++ b/roles/kubernetes-base/templates/kubenet-config.json.j2
@ -0,0 +1,20 @@
+{
+  "cniVersion": "0.3.0",
+  "name": "mynet",
+  "type": "bridge",
+  "bridge": "cbr0",
+  "isDefaultGateway": true,
+  "ipMasq": true,
+  "hairpinMode": true,
+  "ipam": {
+    "type": "host-local",
+    "ranges": [
+      [
+        {
+          "subnet": "2001:470:6d:22c:42::/80",
+          "gateway": "2001:470:6d:22c::1"
+        }
+      ]
+    ]
+  }
+}