diff --git a/.drone.yml b/.drone.yml index 4958385..06cbf94 100644 --- a/.drone.yml +++ b/.drone.yml @@ -9,16 +9,20 @@ steps: - name: lint yaml image: registry.fedy95.com/baseimage-yamllint:latest commands: - - yamllint -c /yamllint/relaxed.yaml group_vars/all.yml + - yamllint -c /yamllint/relaxed.yaml playbooks/docker-units/init.yml + - yamllint -c /yamllint/relaxed.yaml playbooks/k8s/init.yml + - yamllint -c /yamllint/relaxed.yaml playbooks/k8s-dev/init.yml - yamllint -c /yamllint/relaxed.yaml roles/common/tasks/main.yml - yamllint -c /yamllint/relaxed.yaml roles/docker/defaults/main.yml - yamllint -c /yamllint/relaxed.yaml roles/docker/handlers/main.yml - - yamllint -c /yamllint/relaxed.yaml roles/docker/tasks/docker.yml - - yamllint -c /yamllint/relaxed.yaml roles/docker/tasks/docker-compose.yml - yamllint -c /yamllint/relaxed.yaml roles/docker/tasks/main.yml - - yamllint -c /yamllint/relaxed.yaml roles/docker/vars/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker-compose/tasks/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/docker-compose/vars/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/k8s-init-first-master/tasks/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/k8s-init-machines/tasks/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/k8s-init-workers/tasks/main.yml + - yamllint -c /yamllint/relaxed.yaml roles/k8s-join-workers-to-first-master/tasks/main.yml - yamllint -c /yamllint/relaxed.yaml .drone.yml - - yamllint -c /yamllint/relaxed.yaml ansible-desktop.yml when: event: pull_request ... diff --git a/Makefile b/Makefile index 1e9ca9d..21a2d72 100644 --- a/Makefile +++ b/Makefile @@ -9,21 +9,36 @@ lint: lint-yaml LINT-YAML-CMD=docker run --rm -it -v $(PWD):/data ${REGISTRY}/${YAMLLINT_TAG} lint-yaml: docker pull ${REGISTRY}/${YAMLLINT_TAG} - $(LINT-YAML-CMD) group_vars/all.yml + $(LINT-YAML-CMD) playbooks/docker-units/init.yml + $(LINT-YAML-CMD) playbooks/k8s/init.yml + $(LINT-YAML-CMD) playbooks/k8s-dev/init.yml $(LINT-YAML-CMD) roles/common/tasks/main.yml $(LINT-YAML-CMD) roles/docker/defaults/main.yml $(LINT-YAML-CMD) roles/docker/handlers/main.yml - $(LINT-YAML-CMD) roles/docker/tasks/docker.yml - $(LINT-YAML-CMD) roles/docker/tasks/docker-compose.yml $(LINT-YAML-CMD) roles/docker/tasks/main.yml - $(LINT-YAML-CMD) roles/docker/vars/main.yml + $(LINT-YAML-CMD) roles/docker-compose/tasks/main.yml + $(LINT-YAML-CMD) roles/docker-compose/vars/main.yml + $(LINT-YAML-CMD) roles/k8s-init-first-master/tasks/main.yml + $(LINT-YAML-CMD) roles/k8s-init-machines/tasks/main.yml + $(LINT-YAML-CMD) roles/k8s-init-workers/tasks/main.yml + $(LINT-YAML-CMD) roles/k8s-join-workers-to-first-master/tasks/main.yml $(LINT-YAML-CMD) .drone.yml - $(LINT-YAML-CMD) ansible-desktop.yml -run: - ansible-playbook ansible-desktop.yml -i hosts --ask-become-pass +check-playbooks-syntax: + ansible-playbook playbooks/docker-units/init.yml -i inventory/hosts --syntax-check + ansible-playbook playbooks/k8s/init.yml -i inventory/hosts --syntax-check + ansible-playbook playbooks/k8s-dev/init.yml -i inventory/hosts --syntax-check + +docker-units-init: + ansible-playbook playbooks/docker-units/init.yml -i inventory/hosts --ask-become-pass + +k8s-units-init: + ansible-playbook playbooks/k8s/init.yml -i inventory/hosts --ask-become-pass + +k8s-dev-units-init: + ansible-playbook playbooks/k8s-dev/init.yml -i inventory/hosts --ask-become-pass ping: - ansible -i hosts all -m ping + ansible -i inventory/hosts all -m ping .DEFAULT_GOAL := lint diff --git a/README.md b/README.md index 11ba883..2ae0ab6 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,13 @@ ### docs - [ansible](https://www.ansible.com/) - +- https://github.com/IBM/ansible-kubernetes-ha-cluster +- https://www.linuxsysadmins.com/install-kubernetes-cluster-with-ansible/ +- https://www.youtube.com/watch?v=l7gC4SgW7DU ### how to run - see Makefile + +Creating User Account +Install Kubernetes & Docker Packages. +Setting up Kubernetes Master Server +Setting Up Worker Nodes diff --git a/ansible.cfg b/ansible.cfg index f89b190..2a0c0fc 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,8 @@ [defaults] hostfile = hosts nocows = 1 +inventory = inventory +roles_path = roles [privilege_escalation] become_method = sudo diff --git a/group_vars/all.yml b/group_vars/all.yml deleted file mode 100644 index 4eda9d0..0000000 --- a/group_vars/all.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -aptcachetime: 3600 -locale: "en_US.UTF-8" -timezone: "Europe/Moscow" -... diff --git a/hosts b/hosts deleted file mode 100644 index a45e710..0000000 --- a/hosts +++ /dev/null @@ -1,8 +0,0 @@ -[docker-units] -10.10.10.6 -192.168.1.151 - -[docker-units:vars] -ansible_connection=ssh -ansible_ssh_private_key_file=/home/fedy95/.ssh/id_rsa -ansible_user=fedy95 diff --git a/inventory/hosts b/inventory/hosts new file mode 100644 index 0000000..f610e22 --- /dev/null +++ b/inventory/hosts @@ -0,0 +1,36 @@ +[k8s-dev:children] +k8s-dev-master +k8s-dev-worker + +[k8s-dev-master-first] +k8s-dev-master-01 ansible_host=192.168.1.200 + +[k8s-dev-master] +k8s-dev-master-01 ansible_host=192.168.1.200 +k8s-dev-master-02 ansible_host=192.168.1.201 + +[k8s-dev-worker] +k8s-dev-worker-01 ansible_host=192.168.1.202 +k8s-dev-worker-02 ansible_host=192.168.1.203 + +[k8s:children] +k8s-master +k8s-worker + +[k8s-master] +k8s-master-01 ansible_host=192.168.1.180 +k8s-master-02 ansible_host=192.168.1.181 + +[k8s-worker] +k8s-worker-01 ansible_host=192.168.1.190 +k8s-worker-02 ansible_host=192.168.1.191 + +[docker-units] +homeassistant ansible_host=10.10.10.6 +pi-hole ansible_host=192.168.1.151 + +[all:vars] +ansible_connection=ssh +ansible_ssh_private_key_file=/home/fedy95/.ssh/id_rsa +ansible_user=fedy95 +aptcachetime=3600 diff --git a/ansible-desktop.yml b/playbooks/docker-units/init.yml similarity index 60% rename from ansible-desktop.yml rename to playbooks/docker-units/init.yml index ff719d8..047429e 100644 --- a/ansible-desktop.yml +++ b/playbooks/docker-units/init.yml @@ -1,7 +1,8 @@ --- -- name: Base playbook +- name: docker-units playbook hosts: docker-units roles: - { role: common, become: true } - { role: docker, become: true } + - { role: docker-compose, become: true } ... diff --git a/playbooks/k8s-dev/init.yml b/playbooks/k8s-dev/init.yml new file mode 100644 index 0000000..62c71d5 --- /dev/null +++ b/playbooks/k8s-dev/init.yml @@ -0,0 +1,31 @@ +--- +- name: k8s-units playbook + hosts: k8s-dev + become: true + roles: + - common + - docker + - k8s-init-machines + +- name: k8s-units playbook 2 + hosts: k8s-dev-master-first + become: true + vars_prompt: + - name: "k8s_master_ip" + prompt: "Enter the Apiserver advertise address, example: 192.168.1.200" + private: no + roles: + - k8s-init-first-master + +- name: k8s-units playbook 3 + hosts: k8s-dev-worker + become: true + roles: + - k8s-init-workers + +- name: k8s-units playbook 4 + hosts: k8s-dev-master-first + become: true + roles: + - k8s-join-workers-to-first-master +... diff --git a/playbooks/k8s/init.yml b/playbooks/k8s/init.yml new file mode 100644 index 0000000..7ab0d8f --- /dev/null +++ b/playbooks/k8s/init.yml @@ -0,0 +1,19 @@ +--- +- name: k8s-units playbook + hosts: k8s + become: true + roles: + - common + - docker + - k8s-init-machines + +#- name: k8s playbook +# hosts: k8s-master +# roles: +# - { role: common, become: true } +# +#- name: k8s playbook +# hosts: k8s-worker +# roles: +# - { role: common, become: true } +... diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index e4c0b45..86f6edd 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -21,7 +21,11 @@ state: latest update_cache: yes cache_valid_time: "{{ aptcachetime }}" - loop: [ 'git', 'make', 'nano', 'net-tools' ] + loop: + - 'git' + - 'make' + - 'nano' + - 'net-tools' - name: Upgrade installed packages apt: upgrade=yes diff --git a/roles/docker/tasks/docker-compose.yml b/roles/docker-compose/tasks/main.yml similarity index 100% rename from roles/docker/tasks/docker-compose.yml rename to roles/docker-compose/tasks/main.yml diff --git a/roles/docker/vars/main.yml b/roles/docker-compose/vars/main.yml similarity index 100% rename from roles/docker/vars/main.yml rename to roles/docker-compose/vars/main.yml diff --git a/roles/docker/tasks/docker.yml b/roles/docker/tasks/docker.yml deleted file mode 100644 index 92c19bf..0000000 --- a/roles/docker/tasks/docker.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: Update apt cache - apt: - update_cache: yes - cache_valid_time: "{{ aptcachetime }}" - -- name: Upgrade all apt packages - apt: upgrade=dist - -- name: Install docker packages - apt: - name: "{{ item }}" - state: present - update_cache: yes - loop: - - 'apt-transport-https' - - 'ca-certificates' - - 'curl' - - 'gnupg' - - 'lsb-release' - -- name: Add Docker GPG key - apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - -- name: Add deb repository - apt_repository: - repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable - state: present - update_cache: yes - -- name: Install docker - apt: - name: "{{ item }}" - state: present - update_cache: yes - loop: - - 'docker-ce' - - 'docker-ce-cli' - - 'containerd.io' - -- name: Ensure docker users are added to the docker group. - user: - name: "{{ item }}" - groups: docker - append: true - with_items: "{{ ansible_env.USER }}" - -- name: "Ensure Docker is {{ docker.start | ternary('started','stopped') }}" - service: name=docker state={{ docker.start | ternary('restarted','stopped') }} enabled={{ docker.service_enabled }} -... diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 9e33dc7..22ca296 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,4 +1,52 @@ --- -- include_tasks: docker.yml -- include_tasks: docker-compose.yml +- name: Update apt cache + apt: + update_cache: yes + cache_valid_time: "{{ aptcachetime }}" + +- name: Upgrade all apt packages + apt: upgrade=dist + +- name: Install docker packages + apt: + name: "{{ item }}" + state: present + update_cache: yes + loop: + - 'apt-transport-https' + - 'ca-certificates' + - 'curl' + - 'gnupg' + - 'lsb-release' + +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add deb repository + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable + state: present + update_cache: yes + +- name: Install docker + apt: + name: "{{ item }}" + state: present + update_cache: yes + loop: + - 'docker-ce' + - 'docker-ce-cli' + - 'containerd.io' + +- name: Ensure docker users are added to the docker group. + user: + name: "{{ item }}" + groups: docker + append: true + with_items: "fedy95" + +- name: "Ensure Docker is {{ docker.start | ternary('started','stopped') }}" + service: name=docker state={{ docker.start | ternary('restarted','stopped') }} enabled={{ docker.service_enabled }} ... diff --git a/roles/k8s-init-first-master/tasks/main.yml b/roles/k8s-init-first-master/tasks/main.yml new file mode 100644 index 0000000..b39500c --- /dev/null +++ b/roles/k8s-init-first-master/tasks/main.yml @@ -0,0 +1,45 @@ +--- +#- name: Intilizing Kubernetes Cluster +# command: kubeadm init --pod-network-cidr 192.168.0.0/16 --apiserver-advertise-address "{{ k8s_master_ip }}" +# run_once: true +# delegate_to: "{{ k8s_master_ip }}" + +- name: Create directory for kube config. + file: + path: /home/fedy95/.kube + state: directory + owner: "fedy95" + group: "fedy95" + mode: 0755 + +- name: Copy /etc/kubernetes/admin.conf to user home directory /home/fedy95/.kube/config. + copy: + src: /etc/kubernetes/admin.conf + dest: /home/fedy95/.kube/config + remote_src: yes + owner: "fedy95" + group: "fedy95" + mode: '0644' + +- name: Remove the cache directory. + file: + path: /home/fedy95/.kube/cache + state: absent + +- name: Create Pod Network & RBAC. + command: "{{ item }}" + with_items: + - kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml + - kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml + +- name: Get the token for joining the nodes with Kuberentes master. + shell: kubeadm token create --print-join-command + register: kubernetes_join_command + +- debug: + msg: "{{ kubernetes_join_command.stdout }}" + +- name: Copy join command to local file. + become: false + local_action: copy content="{{ kubernetes_join_command.stdout_lines[0] }}" dest="/tmp/kubernetes_join_command" mode=0777 +... diff --git a/roles/k8s-init-machines/tasks/main.yml b/roles/k8s-init-machines/tasks/main.yml new file mode 100644 index 0000000..29eb13c --- /dev/null +++ b/roles/k8s-init-machines/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Disable all swaps from /proc/swaps + shell: | + swapoff --all + +- name: Disable SWAP in fstab + lineinfile: + path: /etc/fstab + regexp: 'swap' + state: absent + +- name: Add Google GPG key + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + state: present + +- name: Add Kubernetes' APT repository + apt_repository: + repo: deb http://apt.kubernetes.io/ kubernetes-xenial main + state: present + filename: 'kubernetes' + mode: 0600 + +- name: Installing Kubernetes Cluster Packages + apt: + name: "{{ item }}" + state: present + cache_valid_time: "{{ aptcachetime }}" + loop: + - 'kubeadm' + - 'kubectl' + - 'kubelet' + +- name: Enable service kubelet persistently + service: + name: kubelet + enabled: yes + +# TODO ??? +#- name: Reboot all the kubernetes nodes. +# reboot: +# post_reboot_delay: 10 +# reboot_timeout: 40 +# connect_timeout: 60 +# test_command: uptime +... diff --git a/roles/k8s-init-workers/tasks/main.yml b/roles/k8s-init-workers/tasks/main.yml new file mode 100644 index 0000000..3346375 --- /dev/null +++ b/roles/k8s-init-workers/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Copy join command to worker nodes. + copy: + src: /tmp/kubernetes_join_command + dest: /tmp/kubernetes_join_command + mode: 0777 + +- name: Join the Worker nodes with master. + command: sh /tmp/kubernetes_join_command + register: joined_or_not + +- debug: + msg: "{{ joined_or_not.stdout }}" +... diff --git a/roles/k8s-join-workers-to-first-master/tasks/main.yml b/roles/k8s-join-workers-to-first-master/tasks/main.yml new file mode 100644 index 0000000..749d9e4 --- /dev/null +++ b/roles/k8s-join-workers-to-first-master/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Configure kubectl command auto completion. + lineinfile: + dest: /home/fedy95/.bashrc + line: 'source <(kubectl completion bash)' + insertafter: EOF +...