WIP, k8s install playbook

diff --git a/cluster.tfvars b/cluster.tfvars
new file mode 100644 (file)
index 0000000..cf61b7c
--- /dev/null
+++ b/cluster.tfvars
@@ -0,0 +1,8 @@
+vpc-name="vex-k8s-vpc"
+image="ubuntu-20-04-x64"
+droplet-size="s-2vcpu-2gb"
+region="nyc1"
+
+controller-name="vex-k8s-controller"
+workload1-name="vex-k8s-workload-1"
+workload2-name="vex-k8s-workload-2"

diff --git a/controller.tf b/controller.tf
index 575bf826e1877276d606183efa6351790c33c36e..8b7cc7882c262b98af169f784c815c25feed136b 100644 (file)
--- a/controller.tf
+++ b/controller.tf
@@ -1,13 +1,13 @@
-resource "digitalocean_vpc" "acg-k8s-vpc" {
-  name = "acg-k8s-vpc"
-  region = "nyc1"
+resource "digitalocean_vpc" "k8s-vpc" {
+  name = "${var.vpc-name}"
+  region = "${var.region}"
 }
 
 resource "digitalocean_droplet" "acg-k8s-control" {
-  image = "ubuntu-20-04-x64"
-  name = "acg-k8s-control"
-  region = "nyc1"
-  size = "s-2vcpu-2gb"
+  image = "${var.image}"
+  name = "${var.controller-name}"
+  region = "${var.region}"
+  size = "${var.droplet-size}"
   ssh_keys = [
     data.digitalocean_ssh_key.debesto.id
   ]

diff --git a/files/modules-load.d/k8s.conf b/files/modules-load.d/k8s.conf
new file mode 100644 (file)
index 0000000..43dd543
--- /dev/null
+++ b/files/modules-load.d/k8s.conf
@@ -0,0 +1,2 @@
+overlay
+br_netfilter

diff --git a/files/sysctl.d/k8s.conf b/files/sysctl.d/k8s.conf
new file mode 100644 (file)
index 0000000..ebc1ba8
--- /dev/null
+++ b/files/sysctl.d/k8s.conf
@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward = 1

diff --git a/install.yml b/install.yml
index b293cc9e3ebab792fb6139ab55af60c5c052f24e..b6d258bea60c8b882203b91d372e8bfb55474503 100644 (file)
--- a/install.yml
+++ b/install.yml
@@ -1,5 +1,5 @@
 ---
-- hosts: "masters, workers"
+- hosts: "all"
   remote_user: ubuntu
   become: yes
   become_method: sudo
@@ -7,15 +7,101 @@
   gather_facts: yes
   connection: ssh
 
+  vars:
+    docker_version: 5:23.0.1-1~ubuntu.20.04~focal
+    kubernetes_version: 1.27.0-00
+
   tasks:
+    - name: Docker package repo
+      block:
+        - name: Get key
+          ansible.builtin.get_url:
+            url: https://download.docker.com/linux/ubuntu/gpg
+            dest: /etc/apt/keyrings/docker.gpg
+        - name: Setup repo
+          ansible.builtin.apt_repository:
+            repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+            filename: docker
+            update_cache: true
+
+    - name: Kubernetes package repo
+      block:
+        - name: Get key
+          ansible.builtin.get_url:
+            url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+            dest: /etc/apt/keyrings/kubernetes.gpg
+        - name: Setup repo
+          ansible.builtin.apt_repository:
+            repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
+            filename: docker
+            update_cache: true
+
+    - name: Install basic packages
+      ansible.builtin.apt:
+        pkg:
+          - ca-certificates
+          - curl
+          - gnupg
+          - lsb-release
+          - apt-transport-https
+        update_cache: true
+
+    - name: Enable kernel modules
+      ansible.builtin.copy:
+        src: files/modules-load.d/k8s.conf
+        dest: /etc/modules-load.d/k8s.conf
+
+    - name: Modprobe
+      ansible.builtin.shell: |
+        modprobe overlay
+        modprobe br_netfilter
+
+    - name: sysctl k8s.conf
+      ansible.builtin.copy:
+        src: files/sysctl.d/k8s.conf
+        dest: /etc/sysctl.d/k8s.conf
+
+    - name: sysctl update
+      ansible.builtin.shell: sysctl --system
+
+    - name: Install Docker
+      ansible.builtin.apt:
+        pkg:
+          - docker-ce={{ docker_version }}
+          - docker-ci-cli={{ docker_version }}
+          - containerd
+          - docker-buildx-plugin
+          - docker-compose-plugin
+
+    - name: Configure user
+      ansible.builtin.user:
+        name: cloud_user
+        groups: docker
+
     - name: Create containerd config file
-    - name: Add conf for containerd
-    - name: modprobe
-    - name: Set system configurations for Kubernetes networking
-    - name: Add conf for containerd
-    - name: Apply new settings
-    - name: install containerd
+      ansible.builtin.shell: sed -i 's/disabled_plugins/#disabled_plugins/' /etc/containerd/config.toml
+
     - name: Disable swap
-    - name: Create k8s repo file
-    - name: Add k8s source
-    - name: Install k8s
+      ansible.builtin.shell: swapoff -a
+
+    - name: Install kubernetes
+      ansible.builtin.apt:
+        pkg:
+          - kubelet={{ kubernetes_version }}
+          - kubeadm={{ kubernetes_version }}
+          - kubectl={{ kubernetes_version }}
+
+    - name: Hold k8s pkg versions - kubelet
+      ansible.builtin.dpkg_selections:
+        name: kubelet
+        selection: hold
+
+    - name: Hold k8s pkg versions - kubeadm
+      ansible.builtin.dpkg_selections:
+        name: kubeadm
+        selection: hold
+
+    - name: Hold k8s pkg versions - kubectl
+      ansible.builtin.dpkg_selections:
+        name: kubectl
+        selection: hold