diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-01-17 17:46:08 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-01-31 22:31:22 +0100 |
commit | cd946c702fea849b06e0fd6a19ef5597235caf55 (patch) | |
tree | 5f8a90a2f4bc11f6a25833326e7d3f6eb3492171 | |
parent | kubernetes: move cluster cleanup to sepearte playbook (diff) |
single master kubernetes cluster works now
-rw-r--r-- | common/kubernetes.yml | 18 | ||||
-rw-r--r-- | inventory/group_vars/k8s-test-2019vm/main.yml | 4 | ||||
-rw-r--r-- | inventory/group_vars/k8s-test-atlas/main.yml | 4 | ||||
-rw-r--r-- | inventory/group_vars/k8s-test/main.yml | 8 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/master/tasks/primary-master.yml | 17 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 | 4 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/node/tasks/main.yml | 2 | ||||
-rw-r--r-- | spreadspace/k8s-test.yml | 12 |
8 files changed, 30 insertions, 39 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml index c4f3f81e..aaf23219 100644 --- a/common/kubernetes.yml +++ b/common/kubernetes.yml @@ -45,14 +45,14 @@ roles: - role: kubernetes/kubeadm/master -# - name: configure kubernetes secondary masters -# hosts: _kubernetes_masters_:!_kubernetes_primary_master_ -# roles: -# - role: kubernetes/kubeadm/master - -# - name: configure kubernetes non-master nodes -# hosts: _kubernetes_nodes_:!_kubernetes_masters_ -# roles: -# - role: kubernetes/kubeadm/node +- name: configure kubernetes secondary masters + hosts: _kubernetes_masters_:!_kubernetes_primary_master_ + roles: + - role: kubernetes/kubeadm/master + +- name: configure kubernetes non-master nodes + hosts: _kubernetes_nodes_:!_kubernetes_masters_ + roles: + - role: kubernetes/kubeadm/node ### TODO: add node labels (ie. for ingress daeomnset) diff --git a/inventory/group_vars/k8s-test-2019vm/main.yml b/inventory/group_vars/k8s-test-2019vm/main.yml index 2cbe5be1..4c08a1bb 100644 --- a/inventory/group_vars/k8s-test-2019vm/main.yml +++ b/inventory/group_vars/k8s-test-2019vm/main.yml @@ -4,7 +4,7 @@ vm_host: sk-2019vm install: host: "{{ vm_host }}" mem: 1024 - numcpu: 1 + numcpu: 2 disks: primary: /dev/sda scsi: @@ -12,7 +12,7 @@ install: type: zfs pool: storage name: "{{ inventory_hostname }}" - size: 5g + size: 10g interfaces: - bridge: br-public name: primary0 diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml index 4212cf5e..9838513d 100644 --- a/inventory/group_vars/k8s-test-atlas/main.yml +++ b/inventory/group_vars/k8s-test-atlas/main.yml @@ -6,7 +6,7 @@ vm_host: ch-atlas install: host: "{{ vm_host }}" mem: 1024 - numcpu: 1 + numcpu: 2 disks: primary: /dev/sda scsi: @@ -14,7 +14,7 @@ install: type: lvm vg: "{{ hostvars[vm_host].host_name }}" lv: "{{ inventory_hostname }}" - size: 5g + size: 10g interfaces: - bridge: br-public name: primary0 diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml index e1b6570f..0d4d0857 100644 --- a/inventory/group_vars/k8s-test/main.yml +++ b/inventory/group_vars/k8s-test/main.yml @@ -1,5 +1,11 @@ --- -kubernetes_version: 1.16.4 +containerd_lvm: + vg: "{{ host_name }}" + lv: containerd + size: 4G + fs: ext4 + +kubernetes_version: 1.17.1 kubernetes_container_runtime: containerd kubernetes_network_plugin: kubeguard diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index 58658794..5efc91b5 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -53,7 +53,6 @@ fail: msg: "upgrading cluster config is currently not supported!" - ### cluster is already initialized - name: prepare cluster for new nodes @@ -76,22 +75,8 @@ check_mode: no register: kubeadm_token_create -## - -## this fixes the kubelet kubeconfig to make use of certificate rotation. This is a bug in -## kubeadm init which was fixed with 1.17 release. TODO: remove this once all cluster have been -## upgraded to 1.17 or newer. -- name: fix kubeconfig of kubelet - lineinfile: - path: /etc/kubernetes/kubelet.conf - backrefs: yes - regexp: '^(\s*)client-{{ item }}(-data)?:' - line: '\1client-{{ item }}: /var/lib/kubelet/pki/kubelet-client-current.pem' - with_items: - - certificate - - key - notify: restart kubelet +## calculate certificate digest - name: install openssl apt: diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 index e03ea6f6..3c10e59b 100644 --- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 @@ -1,13 +1,13 @@ {# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #} {# #} -apiVersion: kubeadm.k8s.io/v1beta1 +apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration {# TODO: this is ugly but we want to create our own token so we can #} {# better control it's lifetime #} bootstrapTokens: - ttl: "1s" --- -apiVersion: kubeadm.k8s.io/v1beta1 +apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} clusterName: {{ kubernetes.cluster_name }} diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml index 2a140099..dba2ce30 100644 --- a/roles/kubernetes/kubeadm/node/tasks/main.yml +++ b/roles/kubernetes/kubeadm/node/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: join kubernetes node - command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" + command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join diff --git a/spreadspace/k8s-test.yml b/spreadspace/k8s-test.yml index 27599556..ed56cb78 100644 --- a/spreadspace/k8s-test.yml +++ b/spreadspace/k8s-test.yml @@ -1,10 +1,10 @@ --- -- name: Basic Node Setup - hosts: k8s-test - roles: - - role: base - - role: sshd - - role: zsh +# - name: Basic Node Setup +# hosts: k8s-test +# roles: +# - role: base +# - role: sshd +# - role: zsh - import_playbook: ../common/kubernetes.yml vars: |