jonny/manual-k8s-ansible-deploy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
694af68fb1
manual-k8s-ansible-deploy/k8s-deploy/k8s-deploy.yaml
Jonny Ervine 694af68fb1 new file: files/X-csr.json 
new file:   files/admin-csr.json
	new file:   files/ca-config.json
	new file:   files/ca-csr.json
	new file:   inventory
	new file:   inventory.orig
	new file:   k8s-deploy.yaml
	new file:   k8s-deploy/00-k8s-requirements.yaml
	new file:   k8s-deploy/01-k8s-certs-create.yaml
	new file:   k8s-deploy/02-k8s-certs-copy.yaml
	new file:   k8s-deploy/03-k8s-deploy-etcd.yaml
	new file:   k8s-deploy/04-k8s-controller-deploy.yaml
	new file:   k8s-deploy/05-k8s-nginx-deploy.yaml
	new file:   k8s-deploy/06-k8s-workers-certs-deploy.yaml
	new file:   k8s-deploy/07-k8s-worker-deploy.yaml
	new file:   k8s-deploy/08-rbac-clusterrole-create.yaml
	new file:   k8s-deploy/09-k8s-create-remote-admin.yaml
	new file:   k8s-deploy/README.md
	new file:   k8s-deploy/core-dns.yaml
	new file:   k8s-deploy/defaults/main.yml
	new file:   k8s-deploy/files/99_loopback.conf
	new file:   k8s-deploy/files/X-csr.json
	new file:   k8s-deploy/files/admin-csr.json
	new file:   k8s-deploy/files/arm/etcd
	new file:   k8s-deploy/files/arm/etcdctl
	new file:   k8s-deploy/files/ca-config.json
	new file:   k8s-deploy/files/ca-csr.json
	new file:   k8s-deploy/files/clusterrole-api-to-kubelet.yaml
	new file:   k8s-deploy/files/clusterrolebinding-api-to-kubelet.yaml
	new file:   k8s-deploy/files/config.toml
	new file:   k8s-deploy/files/containerd.service
	new file:   k8s-deploy/files/kube-controller-manager-csr.json
	new file:   k8s-deploy/files/kube-proxy-csr.json
	new file:   k8s-deploy/files/kube-proxy.service
	new file:   k8s-deploy/files/kube-scheduler-csr.json
	new file:   k8s-deploy/files/kubelet.service
	new file:   k8s-deploy/files/kubernetes-csr.json
	new file:   k8s-deploy/files/service-account-csr.json
	new file:   k8s-deploy/files/x86_64/etcd
	new file:   k8s-deploy/files/x86_64/etcdctl
	new file:   k8s-deploy/handlers/main.yml
	new file:   k8s-deploy/k8s-deploy.yaml
	new file:   k8s-deploy/k8s-uninstall.yaml
	new file:   k8s-deploy/meta/main.yml
	new file:   k8s-deploy/tasks/k8s-certs-create.yaml
	new file:   k8s-deploy/tasks/main.yml
	new file:   k8s-deploy/templates/10_bridge.conf.j2
	new file:   k8s-deploy/templates/encryption-config.j2
	new file:   k8s-deploy/templates/etcd.service-amd64.j2
	new file:   k8s-deploy/templates/etcd.service-arm.j2
	new file:   k8s-deploy/templates/kube-apiserver.service.j2
	new file:   k8s-deploy/templates/kube-controller-manager.service.j2
	new file:   k8s-deploy/templates/kube-proxy-config.yaml.j2
	new file:   k8s-deploy/templates/kube-scheduler.service.j2
	new file:   k8s-deploy/templates/kube-scheduler.yaml.j2
	new file:   k8s-deploy/templates/kubelet-config.yaml.j2
	new file:   k8s-deploy/templates/kubernetes.default.svc.cluster.local.j2
	new file:   k8s-deploy/templates/worker-csr_json.j2
	new file:   k8s-deploy/test.yaml
	new file:   k8s-deploy/tests/inventory
	new file:   k8s-deploy/tests/test.yml
	new file:   k8s-deploy/vars/main.yml
	new file:   rollback_k8s-deploy.yaml
Initial commit
2020-02-19 08:13:09 +00:00

333 lines
13 KiB
YAML
Raw Blame History

---
- name: Playbook to automate a manual k8s installation
hosts: localhost
vars:
worker_name:
- debian-k8s-node1
- debian-k8s-node2
server_name: "{{ item }}"
haproxy_addr: "192.168.11.58"
kube_cluster: "kubernetes"
become: true
tasks:
- name: Download and install the cfssl utility
get_url:
url: https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
dest: /usr/local/bin/cfssl
mode: 0755
- name: Download and install the cfssljson utility
get_url:
url: https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
dest: /usr/local/bin/cfssljson
mode: 0755
- name: Put the seed key material files in place
file:
path: /var/tmp/kubernetes
state: directory
- copy:
src: files/{{ item }}
dest: /var/tmp/kubernetes/
mode: preserve
with_items:
- ca-csr.json
- admin-csr.json
- ca-config.json
- kube-controller-manager-csr.json
- kube-proxy-csr.json
- kube-scheduler-csr.json
- kubernetes-csr.json
- service-account-csr.json
- template:
src: templates/worker-csr_json.j2
dest: /var/tmp/kubernetes/{{ item }}-csr.json
mode: preserve
with_items:
- "{{ worker_name }}"
- name: Create the CA
shell: /usr/local/bin/cfssl gencert -initca ca-csr.json | /usr/local/bin/cfssljson -bare ca
args:
chdir: /var/tmp/kubernetes
- name: Create the admin KMOs
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | /usr/local/bin/cfssljson -bare admin
args:
chdir: /var/tmp/kubernetes
- name: Create the worker node certificates
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -hostname={{ item }} -profile=kubernetes {{ item }}-csr.json | /usr/local/bin/cfssljson -bare {{ item }}
args:
chdir: /var/tmp/kubernetes
with_items:
- "{{ worker_name }}"
- name: Create the kube-controller-manager KMOs
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | /usr/local/bin/cfssljson -bare kube-controller-manager
args:
chdir: /var/tmp/kubernetes
- name: Create the kube-proxy KMOs
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | /usr/local/bin/cfssljson -bare kube-proxy
args:
chdir: /var/tmp/kubernetes
- name: Create the kube-scheduler KMOs
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | /usr/local/bin/cfssljson -bare kube-scheduler
args:
chdir: /var/tmp/kubernetes
- name: Create the kubernetes cluster KMOs
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -hostname=10.32.0.1,10.240.0.10,10.240.0.11,"{{ haproxy_addr }}",127.0.0.1,kubernetes.default -profile=kubernetes kubernetes-csr.json | /usr/local/bin/cfssljson -bare kubernetes
args:
chdir: /var/tmp/kubernetes
- name: Create the kubernetes service account KMOs
shell: /usr/local/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes service-account-csr.json | /usr/local/bin/cfssljson -bare service-account
args:
chdir: /var/tmp/kubernetes
- name: Create the worker node kubeconfig files
shell: kubectl config set-cluster {{ kube_cluster }} --certificate-authority=ca.pem --embed-certs=true --server=https://{{ haproxy_addr }}:6443 --kubeconfig={{ item }}.kubeconfig; kubectl config set-credentials system:node:{{ item }} --client-certificate={{ item }}.pem --client-key={{ item }}-key.pem --embed-certs=true --kubeconfig={{ item }}.kubeconfig; kubectl config set-context default --cluster={{ kube_cluster }} --user=system:node:{{ item }} --kubeconfig={{ item }}.kubeconfig; kubectl config use-context default --kubeconfig={{ item }}.kubeconfig
args:
chdir: /var/tmp/kubernetes
with_items:
- "{{ worker_name }}"
- name: Create the kube-proxy kubeconfig file
shell: kubectl config set-cluster {{ kube_cluster }} --certificate-authority=ca.pem --embed-certs=true --server=https://{{ haproxy_addr }}:6443 --kubeconfig=kube-proxy.kubeconfig; kubectl config set-credentials system:kube-proxy --client-certificate=kube-proxy.pem --client-key=kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig; kubectl config set-context default --cluster={{ kube_cluster }} --user=system:kube-proxy --kubeconfig=kube-proxy.kubeconfig; kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
args:
chdir: /var/tmp/kubernetes
- name: Create the controller-manager kubeconfig file
shell: kubectl config set-cluster {{ kube_cluster }} --certificate-authority=ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-controller-manager.kubeconfig; kubectl config set-credentials system:kube-controller-manager --client-certificate=kube-controller-manager.pem --client-key=kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig; kubectl config set-context default --cluster={{ kube_cluster }} --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig; kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
args:
chdir: /var/tmp/kubernetes
- name: Create the kube-scheduler kubeconfig file
shell: kubectl config set-cluster {{ kube_cluster }} --certificate-authority=ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-scheduler.kubeconfig; kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig; kubectl config set-context default --cluster={{ kube_cluster }} --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig; kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
args:
chdir: /var/tmp/kubernetes
- name: Create admin kubeconfig file
shell: kubectl config set-cluster {{ kube_cluster }} --certificate-authority=ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=admin.kubeconfig; kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=admin.kubeconfig; kubectl config set-context default --cluster={{ kube_cluster }} --user=admin --kubeconfig=admin.kubeconfig; kubectl config use-context default --kubeconfig=admin.kubeconfig
args:
chdir: /var/tmp/kubernetes
- name: Create data encryption key
shell: head -c 32 /dev/urandom | base64
register: enc_key
- name: Generate the encryption file
template:
src: templates/encryption-config.j2
dest: /var/tmp/kubernetes/encryption-config.yaml
- name: Set the owner of files to be ansible
file:
path: /var/tmp/kubernetes
owner: jonny
recurse: true
- name: Copy necessary files to controllers
hosts: masters
vars:
kube_files:
- ca.pem
- ca-key.pem
- kubernetes-key.pem
- kubernetes.pem
- service-account.pem
- service-account-key.pem
- kube-controller-manager.kubeconfig
- kube-scheduler.kubeconfig
- encryption-config.yaml
etcd_files:
- ca.pem
- kubernetes-key.pem
- kubernetes.pem
become: true
tasks:
- name: Create etcd directories
file:
path: /etc/etcd
state: directory
- name: Create var lib kubernetes directory
file:
path: /var/lib/kubernetes
state: directory
- name: Copy files to kubernetes directory
copy:
src: /var/tmp/kubernetes/{{ item }}
dest: /var/lib/kubernetes/{{ item }}
mode: preserve
with_items:
- "{{ kube_files }}"
- name: Copy files to etcd directory
copy:
src: /var/tmp/kubernetes/{{ item }}
dest: /etc/etcd/{{ item }}
mode: preserve
with_items:
- "{{ etcd_files }}"
- name: Copy necessary files to worker nodes
hosts: workers
vars:
kubernetes_files:
- ca.pem
kubelet_files:
- kube-worker.kubeconfig
kube_proxy_files:
- kube-proxy.kubeconfig
workers:
- debian-k8s-node1
- debian-k8s-node2
become: true
tasks:
- name: Create the var lib kubernetes directory
file:
path: /var/lib/kubernetes
state: directory
- name: Create the var lib kubelet directory
file:
path: /var/lib/kubelet
state: directory
- name: Create the var lib kube-proxy directory
file:
path: /var/lib/kube-proxy
state: directory
- name: Copy the files to kubernetes directory
copy:
src: /var/tmp/kubernetes/{{ item }}
dest: /var/lib/kubernetes/{{ item }}
mode: preserve
with_items:
- "{{ kubernetes_files }}"
- name: Copy kubeconfig file to the kubelet directory
copy:
src: /var/tmp/kubernetes/{{ item }}.kubeconfig
dest: /var/lib/kubelet/kubeconfig
mode: preserve
with_items:
- "{{ workers }}"
- name: Copy worker node pem file to kubelet directory
copy:
src: /var/tmp/kubernetes/{{ item }}.pem
dest: /var/lib/kubelet/{{ item }}.pem
mode: preserve
with_items:
- "{{ workers }}"
- name: Copy worker node key pem file to kubelet directory
copy:
src: /var/tmp/kubernetes/{{ item }}-key.pem
dest: /var/lib/kubelet/{{ item }}-key.pem
mode: preserve
with_items:
- "{{ workers }}"
- name: Copy kube-proxy kubeconfig file to kube-proxy directory
copy:
src: /var/tmp/kubernetes/kube-proxy.kubeconfig
dest: /var/lib/kube-proxy/kubeconfig
mode: preserve
######################################################
# Setting up etcd #
######################################################
- name: Setting up etcd on the controller nodes
hosts: masters
become: true
tasks:
- name: Copy the etcd binary
copy:
src: files/x86_64/{{ item }}
dest: /usr/local/bin/
mode: 755
with_items:
- etcd
- etcdctl
when:
- ansible_architecture == "x86_64"
- name: Copy the etcd binary
copy:
src: files/arm/{{ item }}
dest: /usr/local/bin/
mode: 755
with_items:
- etcd
- etcdctl
when:
- ansible_lsb.id == "Raspbian"
- name: Creating the etcd service file
template:
src: templates/etcd.service.j2
dest: /etc/systemd/system/etcd.service
- name: Start and enable the etcd service
service:
name: etcd
state: started
enabled: true
- name: Provision the kubernetes Control Plane
file:
path: /etc/kubernetes/config
state: directory
- name: Download the kubernetes binaries
get_url:
url: https://storage.googleapis.com/kubernetes-release/release/v1.10.6/bin/linux/amd64/{{ item }}
dest: /usr/local/bin
mode: 0755
with_items:
- kube-apiserver
- kube-controller-manager
- kube-scheduler
- kubectl
- name: Configure the API server
template:
src: templates/kube-apiserver.service.j2
dest: /etc/systemd/system/kube-apiserver.service
- name: Start and enable the API server service
service:
name: kube-apiserver
state: started
enabled: true
- name: Configure the Controller Manager server
template:
src: templates/kube-controller-manager.service.j2
dest: /etc/systemd/system/kube-controller-manager.service
- name: Start and enable the controller manager service
service:
name: kube-controller-manager
state: started
enabled: true
- name: Configure the Scheduler server
template:
src: templates/kube-scheduler.service.j2
dest: /etc/systemd/system/kube-scheduler.service
- name: Copy in the kube-scheduler config file
template:
src: templates/kube-scheduler.yaml.j2
dest: /etc/kubernetes/config/kube-scheduler.yaml
- name: Start and enable the scheduler service
service:
name: kube-scheduler
state: started
enabled: true
- name: Enable API server health checks
apt:
name: nginx
state: present
- name: Configure NGINX correctly
template:
src: templates/kubernetes.default.svc.cluster.local.j2
dest: /etc/nginx/sites-available/kubernetes.default.svc.cluster.local
- name: Activate the configuration
file:
src: /etc/nginx/sites-available/kubernetes.default.svc.cluster.local
path: /etc/nginx/sites-enabled/kubernetes.default.svc.cluster.local
state: link
- name: Start the NGINX service
service:
name: nginx
state: started
enabled: true
Reference in New Issue View Git Blame Copy Permalink