From dc15a3435465bbeeff4ccc411bb39b5b5b974fd8 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 6 Jan 2020 04:30:35 +0100
Subject: added k8s-test hosts

---
 inventory/group_vars/k8s-test-atlas/main.yml | 34 ++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 inventory/group_vars/k8s-test-atlas/main.yml

(limited to 'inventory/group_vars/k8s-test-atlas/main.yml')

diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml
new file mode 100644
index 00000000..3f4fd2fa
--- /dev/null
+++ b/inventory/group_vars/k8s-test-atlas/main.yml
@@ -0,0 +1,34 @@
+---
+apt_repo_provider: ffgraz
+
+vm_host: ch-atlas
+
+install:
+  host: "{{ vm_host }}"
+  mem: 1024
+  numcpu: 1
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: lvm
+        vg: "{{ hostvars[vm_host].host_name }}"
+        lv: "{{ inventory_hostname }}"
+        size: 5g
+  interfaces:
+  - bridge: br-public
+    name: primary0
+  - bridge: br-k8stest
+    name: direct0
+  autostart: True
+
+network:
+  nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary:
+    interface: primary0
+    ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
+    mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
+    gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.gateway }}"
-- 
cgit v1.2.3


From fb72bb4358b71d2f3a7b7ffa433409b275ff2f2f Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 10 Jan 2020 20:27:41 +0100
Subject: s2-k8s-test(0|1): fixed mac address

---
 inventory/group_vars/k8s-test-atlas/main.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inventory/group_vars/k8s-test-atlas/main.yml')

diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml
index 3f4fd2fa..4212cf5e 100644
--- a/inventory/group_vars/k8s-test-atlas/main.yml
+++ b/inventory/group_vars/k8s-test-atlas/main.yml
@@ -18,8 +18,10 @@ install:
   interfaces:
   - bridge: br-public
     name: primary0
+    mac: "{{ '52:54:00' | random_mac(seed=inventory_hostname + '-primary0') }}"
   - bridge: br-k8stest
     name: direct0
+    mac: "{{ '52:54:00' | random_mac(seed=inventory_hostname + '-direct0') }}"
   autostart: True
 
 network:
-- 
cgit v1.2.3


From cd946c702fea849b06e0fd6a19ef5597235caf55 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 17 Jan 2020 17:46:08 +0100
Subject: single master kubernetes cluster works now

---
 common/kubernetes.yml                                  | 18 +++++++++---------
 inventory/group_vars/k8s-test-2019vm/main.yml          |  4 ++--
 inventory/group_vars/k8s-test-atlas/main.yml           |  4 ++--
 inventory/group_vars/k8s-test/main.yml                 |  8 +++++++-
 .../kubernetes/kubeadm/master/tasks/primary-master.yml | 17 +----------------
 .../kubeadm/master/templates/kubeadm.config.j2         |  4 ++--
 roles/kubernetes/kubeadm/node/tasks/main.yml           |  2 +-
 spreadspace/k8s-test.yml                               | 12 ++++++------
 8 files changed, 30 insertions(+), 39 deletions(-)

(limited to 'inventory/group_vars/k8s-test-atlas/main.yml')

diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index c4f3f81e..aaf23219 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -45,14 +45,14 @@
   roles:
   - role: kubernetes/kubeadm/master
 
-# - name: configure kubernetes secondary masters
-#   hosts: _kubernetes_masters_:!_kubernetes_primary_master_
-#   roles:
-#   - role: kubernetes/kubeadm/master
-
-# - name: configure kubernetes non-master nodes
-#   hosts: _kubernetes_nodes_:!_kubernetes_masters_
-#   roles:
-#   - role: kubernetes/kubeadm/node
+- name: configure kubernetes secondary masters
+  hosts: _kubernetes_masters_:!_kubernetes_primary_master_
+  roles:
+  - role: kubernetes/kubeadm/master
+
+- name: configure kubernetes non-master nodes
+  hosts: _kubernetes_nodes_:!_kubernetes_masters_
+  roles:
+  - role: kubernetes/kubeadm/node
 
 ### TODO: add node labels (ie. for ingress daeomnset)
diff --git a/inventory/group_vars/k8s-test-2019vm/main.yml b/inventory/group_vars/k8s-test-2019vm/main.yml
index 2cbe5be1..4c08a1bb 100644
--- a/inventory/group_vars/k8s-test-2019vm/main.yml
+++ b/inventory/group_vars/k8s-test-2019vm/main.yml
@@ -4,7 +4,7 @@ vm_host: sk-2019vm
 install:
   host: "{{ vm_host }}"
   mem: 1024
-  numcpu: 1
+  numcpu: 2
   disks:
     primary: /dev/sda
     scsi:
@@ -12,7 +12,7 @@ install:
         type: zfs
         pool: storage
         name: "{{ inventory_hostname }}"
-        size: 5g
+        size: 10g
   interfaces:
   - bridge: br-public
     name: primary0
diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml
index 4212cf5e..9838513d 100644
--- a/inventory/group_vars/k8s-test-atlas/main.yml
+++ b/inventory/group_vars/k8s-test-atlas/main.yml
@@ -6,7 +6,7 @@ vm_host: ch-atlas
 install:
   host: "{{ vm_host }}"
   mem: 1024
-  numcpu: 1
+  numcpu: 2
   disks:
     primary: /dev/sda
     scsi:
@@ -14,7 +14,7 @@ install:
         type: lvm
         vg: "{{ hostvars[vm_host].host_name }}"
         lv: "{{ inventory_hostname }}"
-        size: 5g
+        size: 10g
   interfaces:
   - bridge: br-public
     name: primary0
diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml
index e1b6570f..0d4d0857 100644
--- a/inventory/group_vars/k8s-test/main.yml
+++ b/inventory/group_vars/k8s-test/main.yml
@@ -1,5 +1,11 @@
 ---
-kubernetes_version: 1.16.4
+containerd_lvm:
+  vg: "{{ host_name }}"
+  lv: containerd
+  size: 4G
+  fs: ext4
+
+kubernetes_version: 1.17.1
 kubernetes_container_runtime: containerd
 kubernetes_network_plugin: kubeguard
 
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index 58658794..5efc91b5 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -53,7 +53,6 @@
     fail:
       msg: "upgrading cluster config is currently not supported!"
 
-
 ### cluster is already initialized
 
 - name: prepare cluster for new nodes
@@ -76,22 +75,8 @@
     check_mode: no
     register: kubeadm_token_create
 
-##
-
-## this fixes the kubelet kubeconfig to make use of certificate rotation. This is a bug in
-## kubeadm init which was fixed with 1.17 release. TODO: remove this once all cluster have been
-## upgraded to 1.17 or newer.
-- name: fix kubeconfig of kubelet
-  lineinfile:
-    path: /etc/kubernetes/kubelet.conf
-    backrefs: yes
-    regexp: '^(\s*)client-{{ item }}(-data)?:'
-    line: '\1client-{{ item }}: /var/lib/kubelet/pki/kubelet-client-current.pem'
-  with_items:
-    - certificate
-    - key
-  notify: restart kubelet
 
+## calculate certificate digest
 
 - name: install openssl
   apt:
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index e03ea6f6..3c10e59b 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -1,13 +1,13 @@
 {# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #}
 {#  #}
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
 kind: InitConfiguration
 {# TODO: this is ugly but we want to create our own token so we can #}
 {# better control it's lifetime #}
 bootstrapTokens:
 - ttl: "1s"
 ---
-apiVersion: kubeadm.k8s.io/v1beta1
+apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 kubernetesVersion: {{ kubernetes_version }}
 clusterName: {{ kubernetes.cluster_name }}
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 2a140099..dba2ce30 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: join kubernetes node
-  command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+  command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
   args:
     creates: /etc/kubernetes/kubelet.conf
   register: kubeadm_join
diff --git a/spreadspace/k8s-test.yml b/spreadspace/k8s-test.yml
index 27599556..ed56cb78 100644
--- a/spreadspace/k8s-test.yml
+++ b/spreadspace/k8s-test.yml
@@ -1,10 +1,10 @@
 ---
-- name: Basic Node Setup
-  hosts: k8s-test
-  roles:
-  - role: base
-  - role: sshd
-  - role: zsh
+# - name: Basic Node Setup
+#   hosts: k8s-test
+#   roles:
+#   - role: base
+#   - role: sshd
+#   - role: zsh
 
 - import_playbook: ../common/kubernetes.yml
   vars:
-- 
cgit v1.2.3