ofilter/ansible_kubernetes_cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Commit

Browse Source
This commit is contained in:
savagebidoof 2023-08-01 15:39:36 +02:00
parent ae6fa536f6
commit 7144c2d74b
10 changed files with 104 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Initial_Setup/armbian_initial_setup.yaml
View File

@ -8,8 +8,8 @@
vars:
# Connect
ansible_user: "root"
ansible_password: "1234"
ansible_user: "{{ initial_user }}"
ansible_password: "{{ initial_password }}"
ansible_become_password: "{{ ansible_password }}"
# New values
@ -74,7 +74,8 @@
- name: Configure locale to '{{ new_locale }}' and language to '{{ new_language }}'
command: localectl set-locale LANG={{ new_locale }} LANGUAGE={{ new_language }}
# changed_when: locale_lang != new_locale or locale_language != new_language
# become: yes # no idea if it's needed nor I care about
# become: yes # no idea if it's needed, nor I care about
# Wheel group with sudo access
# https://stackoverflow.com/a/33362805
@ -120,13 +121,20 @@
# become: yes
# Disable SSH with ROOT
- name: PermitRootLogin = no
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: PermitRootLogin = no
backrefs: yes
# Disable SSH with empty password users
- name: PermitEmptyPasswords = no
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitEmptyPasswords'
line: PermitEmptyPasswords = no
backrefs: yes
# become: yes
# REBOOT

40
README.md
View File

@ -1,6 +1,6 @@
# Intended for OrangePI5 **(might work on other devices)**
- Tested on [ARMBIAN](https://www.armbian.com/orangepi-5/) Bullseye
- Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html) official Debian versions, but can't **confirm still works**
- Previously on the [orangepi](http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-pi-5.html)
# Files
@ -17,7 +17,9 @@ ksetup/:
- tasks_master.yaml
- tasks_slave.yaml
- tasks_end.yaml
- kubeadm-join.command
- Exported:
- kubeadm-join.command (exported file)
- kubeconfig.conf (exported file)
inventory.yaml: Example inventory
```
@ -36,6 +38,8 @@ For more info regarding Ansible Inventory, refer to their [documentation regardi
It will:
- `apt-get update && apt-get upgrade`
- Install locale tools and `sudo`.
- Set the `loacale` for the ROOT user
- Set the `language` for the ROOT user
- Create the `wheel` group
@ -44,13 +48,18 @@ It will:
- Add the new user to the `wheel` group
- Change the ROOT password
- Disable SSH login to the ROOT user
- Executes `sleep 1 && dhclient -r && dhclient && reboot`. The `dhclient` is for my own usage so **modify it if it bothers you**.
- Reboots the device and ignores if you can't connect back, why? Cause might receive a different IP from the DHCP client. This is convenient for myself.
### Vars
A reminder that the point of this script, is to normalize the process of setting up a **fresh** ARMBIAN OS.
```yaml
# Initial Setup
initial_username: username used to to the first connection
initial_password: password used to to the first connection
# Connect
ansible_user: User used to connect
ansible_password: Password used to connect
@ -99,7 +108,7 @@ _kubeadm_join_command: Placeholder, will be populated at later stages of the scr
- Installs Docker (Debian) and Kubernetes repos.
- Installs `containerd.io`, `kubelet`, `kubeadm`, `kubectl`, `git`, `vim`.
- Sets default config for `containerd` with cGroups enabled.
- Enables some `iptables`.
- Enables some `iptables` modules.
- "Resets" `/etc/hosts` file
#### tasks_master.yaml
@ -107,22 +116,22 @@ _kubeadm_join_command: Placeholder, will be populated at later stages of the scr
##### Will only be executed if the variable `is_master` is set to `True`
- Executes `kubeadm init` aka initializes the node without further arguments assigned.
- Sets the `kubectl` conf to the user specified.
- Deploys `Calico` network plugin (might change in the future)
- Export the `kubeconfig` file.
- Removes `node-role.kubernetes.io/control-plane` taint to allow deploying containers in the control plane node.
- Generates a "join cluster" command and stores it in a file **LOCALLY** as `kubeadm-join.command`, this file will be later used by the slave nodes, who will execute this file's contents.
- Deploys `Calico` CNI network plugin.
- Deploys `MetalLB` CRDs.
- Generates a "join cluster" command and stores it in a file **LOCALLY** as `/Exported/ubeadm-join.command`, this file will be later used by the slave nodes, who will execute this file's contents.
#### tasks_slave.yaml
##### Will only be executed if the variable `is_master` is set to `False`
- Executes the "command" stored in the file `kubeadm-join.command` located **LOCALLY**.
- Executes the "command" stored in the file `./Exported/kubeadm-join.command` located **LOCALLY**.
#### tasks_end.yaml
- As per the moment, only reboots.
# USAGE
## Setup
@ -143,6 +152,16 @@ dd if=Armbian_23.02.2_Orangepi5_bullseye_legacy_5.10.110_minimal.img of=/dev/sdg
### arm_initial_setup.yaml
#### Log in Values
I set up the variables on the `inventory.yaml` file.
```yaml
initial_username: username used to to the first connection
initial_password: password used to to the first connection
```
#### Change the values of the desired variables
@ -168,9 +187,6 @@ ansible_user: "root"
ansible_password: "1234"
```
## Run (?)

17
inventory.yaml
View File

@ -1,11 +1,16 @@
masters:
hosts:
pi4.filter.home:
# masterk.filter.home:
vars:
is_master: yes
#slaves:
# hosts:
# slave[01:01].filter.home:
# vars:
# is_master: no
initial_username: root
initial_password: ""
slaves:
hosts:
slave[02:02].filter.home:
vars:
is_master: no
initial_username: orangepi
initial_password: orangepi
delete_user_name: orangepi

0
ksetup/kubeadm-join.command → ksetup/Exported/kubeadm-join.command
View File

0
ksetup/Exported/kubeconfig.conf Normal file
View File

41
ksetup/playbook.yaml
View File

@ -1,7 +1,7 @@
# Author: Oriol Filter
# 11/03/2023
# 30/07/2023
# Intended for armbian (bullseye, fuck ubuntu tho) it's aarch64
# Maybe still works for orangepi "official" versions, but I don't care about them unless I used soooooo... gl!
# Maybe still works for orangepi "official" versions, but I only care of make it work for myself soooooo... gl!
# https://medium.com/karlmax-berlin/how-to-install-kubernetes-on-raspberry-pi-53b4ce300b58
- name: Preparethings
order: inventory
@ -19,30 +19,29 @@
# is_master: Figurative
# Cluster shit
kubeadm_join_path: "./kubeadm-join.command"
kubeadm_join_path: "./Exported/kubeadm-join.command"
_kubeadm_join_command: "" #placeholder
tasks:
## - check vars
# - debug: var=set_hostname
# - debug: var=is_master
#
## Init / Basic setup
# - name: set up node
# import_tasks: tasks_prepare_node.yaml
# become: true
# - check vars
- debug: var=set_hostname
- debug: var=is_master
# Init / Basic setup
- name: set up node
import_tasks: tasks_prepare_node.yaml
become: true
# If is_master: init
- name: init cluster
import_tasks: tasks_master.yaml
when: is_master
#
## else: join
# - name: join cluster
# import_tasks: tasks_slave.yaml
# when: not is_master
#
## Do other stuff
# - name: post setup
# import_tasks: tasks_end.yaml
# else: join
- name: join cluster
import_tasks: tasks_slave.yaml
when: not is_master
# Do other stuff
- name: post setup
import_tasks: tasks_end.yaml

7
ksetup/tasks_end.yaml
View File

@ -1,3 +1,10 @@
- name: Delete user
ansible.builtin.user:
name: "{{ delete_user_name }}"
remove: true
state: absent
when: not is_master
become: true
#reboot
- name: reboot

81
ksetup/tasks_master.yaml
View File

@ -1,9 +1,10 @@
## Init
#- name: Init cluster
# ansible.builtin.command: "kubeadm init"
# become: true
- name: Init cluster
ansible.builtin.command: "kubeadm init"
become: true
### get kubectl file
## Export kubeconfig file
- name: Export remote kubeconfig file
ansible.builtin.fetch:
@ -13,6 +14,12 @@
become: true
## Taints
### Schedule pods on master
- name: Remove Taint (allows deployment in control plane node)
ansible.builtin.shell: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
## CNI
### Calico
@ -26,59 +33,19 @@
ansible.builtin.command: "kubectl create --kubeconfig /etc/kubernetes/admin.conf -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml"
become: true
#- name: Calico custom
# ansible.builtin.command: "kubectl create --kubeconfig /etc/kubernetes/admin.conf -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml"
# become: true
## Export join command
- name: Generate join token
shell: kubeadm token create --print-join-command
register: kubeadm_join_cmd
- set_fact:
kubeadm_join_command: "{{ kubeadm_join_cmd.stdout }}"
- debug: var=kubeadm_join_command
## Set kubectl tool
#- user:
# name: "{{ ansible_user_id }}"
# state: present
# register: user_info_registered
#- name: create .kube directory
# become: yes
# become_user: "{{ ansible_user_id }}"
# file:
# path: "{{ user_info_registered.home }}/.kube"
# state: directory
# mode: 0755
#- debug: var=user_info_registered.home
#- name: copy admin.conf to user's kube config
# copy:
# src: /etc/kubernetes/admin.conf
# remote_src: yes
# dest: "{{ user_info_registered.home }}/.kube/config"
# owner: "{{ ansible_user_id }}"
# become: true
## Network Plugin
#- name: Calico
# ansible.builtin.command: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml"
#
## Remove taints
#- name: Remove Taint (allows deployment in control plane)
# ansible.builtin.shell: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
#
## Join token / command
#- name: Generate join token
# shell: kubeadm token create --print-join-command
# register: kubeadm_join_cmd
#
#- set_fact:
# kubeadm_join_command: "{{ kubeadm_join_cmd.stdout }}"
#
#- debug: var=kubeadm_join_command
#
#- name: Store join command in "{{ kubeadm_join_path }}"
# copy:
# dest: "{{ kubeadm_join_path }}"
# content: |
# {{ kubeadm_join_command }}
# delegate_to: localhost
- name: Store join command in "{{ kubeadm_join_path }}"
copy:
dest: "{{ kubeadm_join_path }}"
content: |
{{ kubeadm_join_command }}
delegate_to: localhost

21
main_issues.md
View File

@ -1,21 +0,0 @@
# Main issues I ran into
## kubeadm init
### Something something API V1
Probably ~~(surely)~~ the `containerd` version you are using is 1.4 something, that's due being the default version installed / from the default repositories.
To fix it, install `containerd.io`.
If currently can't find `containerd.io`, follow the [Set up the repository](https://docs.docker.com/engine/install/debian/#install-using-the-repository) to set up the repositories and finally run `apt-get install containerd.io`
You can check the version by running `containerd --version`
## CNI plugin initializing
Wait, if after a while it still this way, confirm that you actually deployed the (right) network plugin.
```shell
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
```

4
run.sh
View File

@ -2,10 +2,10 @@
export ANSIBLE_HOST_KEY_CHECKING=False
# Replace for an inventory
IP="192.168.1.2"
#IP="192.168.1.2"
#IP="192.168.1.50,192.168.1.51"
#ansible-playbook -i $IP, Initial_Setup/armbian_initial_setup.yaml && sleep 25 # Wait for reboot
ansible-playbook -i inventory.yaml Initial_Setup/armbian_initial_setup.yaml && sleep 25 # Wait for reboot
ansible-playbook -i inventory.yaml ksetup/playbook.yaml