single master kubernetes cluster works now

8 files changed, 30 insertions, 39 deletions

diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index c4f3f81e..aaf23219 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -45,14 +45,14 @@
   roles:
   - role: kubernetes/kubeadm/master
 
-# - name: configure kubernetes secondary masters
-#   hosts: _kubernetes_masters_:!_kubernetes_primary_master_
-#   roles:
-#   - role: kubernetes/kubeadm/master
-
-# - name: configure kubernetes non-master nodes
-#   hosts: _kubernetes_nodes_:!_kubernetes_masters_
-#   roles:
-#   - role: kubernetes/kubeadm/node
+- name: configure kubernetes secondary masters
+  hosts: _kubernetes_masters_:!_kubernetes_primary_master_
+  roles:
+  - role: kubernetes/kubeadm/master
+
+- name: configure kubernetes non-master nodes
+  hosts: _kubernetes_nodes_:!_kubernetes_masters_
+  roles:
+  - role: kubernetes/kubeadm/node
 
 ### TODO: add node labels (ie. for ingress daeomnset)
diff --git a/inventory/group_vars/k8s-test-2019vm/main.yml b/inventory/group_vars/k8s-test-2019vm/main.yml
index 2cbe5be1..4c08a1bb 100644
--- a/inventory/group_vars/k8s-test-2019vm/main.yml
+++ b/inventory/group_vars/k8s-test-2019vm/main.yml
@@ -4,7 +4,7 @@ vm_host: sk-2019vm
 install:
   host: "{{ vm_host }}"
   mem: 1024
-  numcpu: 1
+  numcpu: 2
   disks:
     primary: /dev/sda
     scsi:
@@ -12,7 +12,7 @@ install:
         type: zfs
         pool: storage
         name: "{{ inventory_hostname }}"
-        size: 5g
+        size: 10g
   interfaces:
   - bridge: br-public
     name: primary0
diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml
index 4212cf5e..9838513d 100644
--- a/inventory/group_vars/k8s-test-atlas/main.yml
+++ b/inventory/group_vars/k8s-test-atlas/main.yml
@@ -6,7 +6,7 @@ vm_host: ch-atlas
 install:
   host: "{{ vm_host }}"
   mem: 1024
-  numcpu: 1
+  numcpu: 2
   disks:
     primary: /dev/sda
     scsi:
@@ -14,7 +14,7 @@ install:
         type: lvm
         vg: "{{ hostvars[vm_host].host_name }}"
         lv: "{{ inventory_hostname }}"
-        size: 5g
+        size: 10g
   interfaces:
   - bridge: br-public
     name: primary0
diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml
index e1b6570f..0d4d0857 100644
--- a/inventory/group_vars/k8s-test/main.yml
+++ b/inventory/group_vars/k8s-test/main.yml
@@ -1,5 +1,11 @@
 ---
-kubernetes_version: 1.16.4
+containerd_lvm:
+  vg: "{{ host_name }}"
+  lv: containerd
+  size: 4G
+  fs: ext4
+
+kubernetes_version: 1.17.1
 kubernetes_container_runtime: containerd
 kubernetes_network_plugin: kubeguard
 
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 58658794..5efc91b5 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -53,7 +53,6 @@
     fail:
       msg: "upgrading cluster config is currently not supported!"
 
-
 ### cluster is already initialized
 
 - name: prepare cluster for new nodes
@@ -76,22 +75,8 @@
     check_mode: no
     register: kubeadm_token_create
 
-##
-
-## this fixes the kubelet kubeconfig to make use of certificate rotation. This is a bug in
-## kubeadm init which was fixed with 1.17 release. TODO: remove this once all cluster have been
-## upgraded to 1.17 or newer.
-- name: fix kubeconfig of kubelet
-  lineinfile:
-    path: /etc/kubernetes/kubelet.conf
-    backrefs: yes
-    regexp: '^(\s*)client-{{ item }}(-data)?:'
-    line: '\1client-{{ item }}: /var/lib/kubelet/pki/kubelet-client-current.pem'
-  with_items:
-    - certificate
-    - key
-  notify: restart kubelet
 
+## calculate certificate digest
 
 - name: install openssl
   apt:
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index e03ea6f6..3c10e59b 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -1,13 +1,13 @@
 {# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #}
 {#  #}
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
 kind: InitConfiguration
 {# TODO: this is ugly but we want to create our own token so we can #}
 {# better control it's lifetime #}
 bootstrapTokens:
 - ttl: "1s"
 ---
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 kubernetesVersion: {{ kubernetes_version }}
 clusterName: {{ kubernetes.cluster_name }}
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 2a140099..dba2ce30 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: join kubernetes node
-  command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+  command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
   args:
     creates: /etc/kubernetes/kubelet.conf
   register: kubeadm_join
diff --git a/spreadspace/k8s-test.yml b/spreadspace/k8s-test.yml
index 27599556..ed56cb78 100644
--- a/spreadspace/k8s-test.yml
+++ b/spreadspace/k8s-test.yml
@@ -1,10 +1,10 @@
 ---
-- name: Basic Node Setup
-  hosts: k8s-test
-  roles:
-  - role: base
-  - role: sshd
-  - role: zsh
+# - name: Basic Node Setup
+#   hosts: k8s-test
+#   roles:
+#   - role: base
+#   - role: sshd
+#   - role: zsh
 
 - import_playbook: ../common/kubernetes.yml
   vars: