summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-01-17 17:46:08 +0100
committerChristian Pointner <equinox@spreadspace.org>2020-01-31 22:31:22 +0100
commitcd946c702fea849b06e0fd6a19ef5597235caf55 (patch)
tree5f8a90a2f4bc11f6a25833326e7d3f6eb3492171
parentkubernetes: move cluster cleanup to sepearte playbook (diff)
single master kubernetes cluster works now
-rw-r--r--common/kubernetes.yml18
-rw-r--r--inventory/group_vars/k8s-test-2019vm/main.yml4
-rw-r--r--inventory/group_vars/k8s-test-atlas/main.yml4
-rw-r--r--inventory/group_vars/k8s-test/main.yml8
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/primary-master.yml17
-rw-r--r--roles/kubernetes/kubeadm/master/templates/kubeadm.config.j24
-rw-r--r--roles/kubernetes/kubeadm/node/tasks/main.yml2
-rw-r--r--spreadspace/k8s-test.yml12
8 files changed, 30 insertions, 39 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index c4f3f81e..aaf23219 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -45,14 +45,14 @@
roles:
- role: kubernetes/kubeadm/master
-# - name: configure kubernetes secondary masters
-# hosts: _kubernetes_masters_:!_kubernetes_primary_master_
-# roles:
-# - role: kubernetes/kubeadm/master
-
-# - name: configure kubernetes non-master nodes
-# hosts: _kubernetes_nodes_:!_kubernetes_masters_
-# roles:
-# - role: kubernetes/kubeadm/node
+- name: configure kubernetes secondary masters
+ hosts: _kubernetes_masters_:!_kubernetes_primary_master_
+ roles:
+ - role: kubernetes/kubeadm/master
+
+- name: configure kubernetes non-master nodes
+ hosts: _kubernetes_nodes_:!_kubernetes_masters_
+ roles:
+ - role: kubernetes/kubeadm/node
### TODO: add node labels (ie. for ingress daeomnset)
diff --git a/inventory/group_vars/k8s-test-2019vm/main.yml b/inventory/group_vars/k8s-test-2019vm/main.yml
index 2cbe5be1..4c08a1bb 100644
--- a/inventory/group_vars/k8s-test-2019vm/main.yml
+++ b/inventory/group_vars/k8s-test-2019vm/main.yml
@@ -4,7 +4,7 @@ vm_host: sk-2019vm
install:
host: "{{ vm_host }}"
mem: 1024
- numcpu: 1
+ numcpu: 2
disks:
primary: /dev/sda
scsi:
@@ -12,7 +12,7 @@ install:
type: zfs
pool: storage
name: "{{ inventory_hostname }}"
- size: 5g
+ size: 10g
interfaces:
- bridge: br-public
name: primary0
diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml
index 4212cf5e..9838513d 100644
--- a/inventory/group_vars/k8s-test-atlas/main.yml
+++ b/inventory/group_vars/k8s-test-atlas/main.yml
@@ -6,7 +6,7 @@ vm_host: ch-atlas
install:
host: "{{ vm_host }}"
mem: 1024
- numcpu: 1
+ numcpu: 2
disks:
primary: /dev/sda
scsi:
@@ -14,7 +14,7 @@ install:
type: lvm
vg: "{{ hostvars[vm_host].host_name }}"
lv: "{{ inventory_hostname }}"
- size: 5g
+ size: 10g
interfaces:
- bridge: br-public
name: primary0
diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml
index e1b6570f..0d4d0857 100644
--- a/inventory/group_vars/k8s-test/main.yml
+++ b/inventory/group_vars/k8s-test/main.yml
@@ -1,5 +1,11 @@
---
-kubernetes_version: 1.16.4
+containerd_lvm:
+ vg: "{{ host_name }}"
+ lv: containerd
+ size: 4G
+ fs: ext4
+
+kubernetes_version: 1.17.1
kubernetes_container_runtime: containerd
kubernetes_network_plugin: kubeguard
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 58658794..5efc91b5 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -53,7 +53,6 @@
fail:
msg: "upgrading cluster config is currently not supported!"
-
### cluster is already initialized
- name: prepare cluster for new nodes
@@ -76,22 +75,8 @@
check_mode: no
register: kubeadm_token_create
-##
-
-## this fixes the kubelet kubeconfig to make use of certificate rotation. This is a bug in
-## kubeadm init which was fixed with 1.17 release. TODO: remove this once all cluster have been
-## upgraded to 1.17 or newer.
-- name: fix kubeconfig of kubelet
- lineinfile:
- path: /etc/kubernetes/kubelet.conf
- backrefs: yes
- regexp: '^(\s*)client-{{ item }}(-data)?:'
- line: '\1client-{{ item }}: /var/lib/kubelet/pki/kubelet-client-current.pem'
- with_items:
- - certificate
- - key
- notify: restart kubelet
+## calculate certificate digest
- name: install openssl
apt:
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index e03ea6f6..3c10e59b 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -1,13 +1,13 @@
{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #}
{# #}
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
{# TODO: this is ugly but we want to create our own token so we can #}
{# better control it's lifetime #}
bootstrapTokens:
- ttl: "1s"
---
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: {{ kubernetes_version }}
clusterName: {{ kubernetes.cluster_name }}
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 2a140099..dba2ce30 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: join kubernetes node
- command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+ command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
args:
creates: /etc/kubernetes/kubelet.conf
register: kubeadm_join
diff --git a/spreadspace/k8s-test.yml b/spreadspace/k8s-test.yml
index 27599556..ed56cb78 100644
--- a/spreadspace/k8s-test.yml
+++ b/spreadspace/k8s-test.yml
@@ -1,10 +1,10 @@
---
-- name: Basic Node Setup
- hosts: k8s-test
- roles:
- - role: base
- - role: sshd
- - role: zsh
+# - name: Basic Node Setup
+# hosts: k8s-test
+# roles:
+# - role: base
+# - role: sshd
+# - role: zsh
- import_playbook: ../common/kubernetes.yml
vars: