From 6d65dac3d747cd126eaa71463237f290b12360f3 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 10 Oct 2019 23:36:51 +0200
Subject: added role for containerd and improve kubernetes/base

---
 dan/sk-cloudia.yml                   |  2 ++
 inventory/host_vars/sk-cloudia.yml   | 13 ++++++++---
 roles/containerd/tasks/lvm.yml       | 18 +++++++++++++++
 roles/containerd/tasks/main.yml      | 19 +++++++++++++++
 roles/containerd/tasks/zfs.yml       | 15 ++++++++++++
 roles/kubernetes/base/tasks/lvm.yml  | 18 +++++++++++++++
 roles/kubernetes/base/tasks/main.yml | 45 ++++++++++++++++++++----------------
 roles/kubernetes/base/tasks/zfs.yml  | 15 ++++++++++++
 8 files changed, 122 insertions(+), 23 deletions(-)
 create mode 100644 roles/containerd/tasks/lvm.yml
 create mode 100644 roles/containerd/tasks/main.yml
 create mode 100644 roles/containerd/tasks/zfs.yml
 create mode 100644 roles/kubernetes/base/tasks/lvm.yml
 create mode 100644 roles/kubernetes/base/tasks/zfs.yml

diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml
index b19c2f77..ecdbbbcc 100644
--- a/dan/sk-cloudia.yml
+++ b/dan/sk-cloudia.yml
@@ -6,3 +6,5 @@
   - role: sshd
   - role: zsh
   - role: zfs/base
+  - role: containerd
+  - role: kubernetes/base
diff --git a/inventory/host_vars/sk-cloudia.yml b/inventory/host_vars/sk-cloudia.yml
index b085be8a..e6919456 100644
--- a/inventory/host_vars/sk-cloudia.yml
+++ b/inventory/host_vars/sk-cloudia.yml
@@ -19,7 +19,14 @@ zfs_arc_size:
   max: "{{ 16 * 1024 * 1024 * 1024 }}"
 
 
-docker_zfs:
+containerd_zfs:
   pool: storage
-  name: docker
-  size: 1G
+  name: containerd
+  size: 40G
+
+kubelet_zfs:
+  pool: storage
+  name: kubelet
+  size: 20G
+
+kubernetes_container_runtime: containerd
diff --git a/roles/containerd/tasks/lvm.yml b/roles/containerd/tasks/lvm.yml
new file mode 100644
index 00000000..d6233ff7
--- /dev/null
+++ b/roles/containerd/tasks/lvm.yml
@@ -0,0 +1,18 @@
+---
+- name: create logical volume
+  lvol:
+    vg: "{{ containerd_lvm.vg }}"
+    lv: "{{ containerd_lvm.lv }}"
+    size: "{{ containerd_lvm.size }}"
+
+- name: create filesystem
+  filesystem:
+    fstype: "{{ containerd_lvm.fs }}"
+    dev: "/dev/mapper/{{ containerd_lvm.vg | replace('-', '--') }}-{{ containerd_lvm.lv | replace('-', '--') }}"
+
+- name: mount filesytem
+  mount:
+    src: "/dev/mapper/{{ containerd_lvm.vg | replace('-', '--') }}-{{ containerd_lvm.lv | replace('-', '--') }}"
+    path: /var/lib/containerd
+    fstype: "{{ containerd_lvm.fs }}"
+    state: mounted
diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml
new file mode 100644
index 00000000..daf613ae
--- /dev/null
+++ b/roles/containerd/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: check for supported platform
+  when: ansible_distribution != "Ubuntu"
+  fail:
+    msg: "currenty this only works with ubuntu"
+
+- name: prepare /var/lib/containerd as LVM
+  when: containerd_lvm is defined
+  import_tasks: lvm.yml
+
+- name: prepare /var/lib/containerd as ZFS dataset
+  when: containerd_zfs is defined
+  import_tasks: zfs.yml
+
+- name: install containerd
+  apt:
+    name: containerd
+    state: present
+    force: yes
diff --git a/roles/containerd/tasks/zfs.yml b/roles/containerd/tasks/zfs.yml
new file mode 100644
index 00000000..52dde5af
--- /dev/null
+++ b/roles/containerd/tasks/zfs.yml
@@ -0,0 +1,15 @@
+---
+- name: create zfs dataset
+  zfs:
+    name: "{{ containerd_zfs.pool }}/{{ containerd_zfs.name }}"
+    state: present
+    extra_zfs_properties:
+      quota: "{{ containerd_zfs.size }}"
+
+- name: bind mount filesytem
+  mount:
+    src: "{{ zfs_zpools[containerd_zfs.pool].mountpoint }}/{{ containerd_zfs.name }}"
+    path: /var/lib/containerd
+    fstype: none
+    opts: bind,x-systemd.automount,nofail
+    state: mounted
diff --git a/roles/kubernetes/base/tasks/lvm.yml b/roles/kubernetes/base/tasks/lvm.yml
new file mode 100644
index 00000000..3ef36e89
--- /dev/null
+++ b/roles/kubernetes/base/tasks/lvm.yml
@@ -0,0 +1,18 @@
+---
+- name: create logical volume
+  lvol:
+    vg: "{{ kubelet_lvm.vg }}"
+    lv: "{{ kubelet_lvm.lv }}"
+    size: "{{ kubelet_lvm.size }}"
+
+- name: create filesystem
+  filesystem:
+    fstype: "{{ kubelet_lvm.fs }}"
+    dev: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}"
+
+- name: mount filesytem
+  mount:
+    src: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}"
+    path: /var/lib/kubelet
+    fstype: "{{ kubelet_lvm.fs }}"
+    state: mounted
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index 0b0be821..375bb63e 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -1,25 +1,11 @@
 ---
 - name: prepare /var/lib/kubelet as LVM
   when: kubelet_lvm is defined
-  block:
+  import_tasks: lvm.yml
 
-  - name: create logical volume
-    lvol:
-      vg: "{{ kubelet_lvm.vg }}"
-      lv: "{{ kubelet_lvm.lv }}"
-      size: "{{ kubelet_lvm.size }}"
-
-  - name: create filesystem
-    filesystem:
-      fstype: "{{ kubelet_lvm.fs }}"
-      dev: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}"
-
-  - name: mount filesytem
-    mount:
-      src: "/dev/mapper/{{ kubelet_lvm.vg | replace('-', '--') }}-{{ kubelet_lvm.lv | replace('-', '--') }}"
-      path: /var/lib/kubelet
-      fstype: "{{ kubelet_lvm.fs }}"
-      state: mounted
+- name: prepare /var/lib/kubelet as ZFS dataset
+  when: kubelet_zfs is defined
+  import_tasks: zfs.yml
 
 - name: install apt https transport
   apt:
@@ -35,17 +21,19 @@
 - name: add repository entry
   copy:
     content: |
-      deb http://apt.kubernetes.io/ kubernetes-xenial main
+      deb https://apt.kubernetes.io/ kubernetes-xenial main
     dest: /etc/apt/sources.list.d/kubernetes.list
   notify: update apt cache
 
 - name: update apt cache
   meta: flush_handlers
 
-- name: install kubelet
+- name: install kubelet and utils
   apt:
     name:
     - "kubelet{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
+    - cri-tools
+    - bridge-utils
     state: present
 
 - name: disable automatic upgrades for kubelet
@@ -56,6 +44,23 @@
     name: "{{ item }}"
     selection: hold
 
+- name: configure crictl to use containerd
+  when: kubernetes_container_runtime == 'containerd'
+  loop:
+    - zsh
+    - bash
+  blockinfile:
+    path: "/root/.{{ item }}rc"
+    create: yes
+    marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###"
+    content: |
+      alias crictl="crictl --runtime-endpoint unix:///run/containerd/containerd.sock"
+      {% if item == 'zsh' %}
+      ## TODO: see https://github.com/kubernetes-sigs/cri-tools/issues/435
+      autoload -U +X bashcompinit && bashcompinit
+      {% endif %}
+      source <(crictl completion)
+
 - name: add dummy group with gid 998
   group:
     name: app
diff --git a/roles/kubernetes/base/tasks/zfs.yml b/roles/kubernetes/base/tasks/zfs.yml
new file mode 100644
index 00000000..4311dd3f
--- /dev/null
+++ b/roles/kubernetes/base/tasks/zfs.yml
@@ -0,0 +1,15 @@
+---
+- name: create zfs dataset
+  zfs:
+    name: "{{ kubelet_zfs.pool }}/{{ kubelet_zfs.name }}"
+    state: present
+    extra_zfs_properties:
+      quota: "{{ kubelet_zfs.size }}"
+
+- name: bind mount filesytem
+  mount:
+    src: "{{ zfs_zpools[kubelet_zfs.pool].mountpoint }}/{{ kubelet_zfs.name }}"
+    path: /var/lib/kubelet
+    fstype: none
+    opts: bind,x-systemd.automount,nofail
+    state: mounted
-- 
cgit v1.2.3