From fe49ee9006e9396c79f90365b9e814ee70c9fcee Mon Sep 17 00:00:00 2001 From: Petr OspalĂ˝ Date: Sat, 20 Apr 2019 00:53:01 +0200 Subject: Add support for RKE kubernetes implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added a new playbook rke.yml and role rke which uses rancher RKE: https://github.com/rancher/rke It's an implementation of the kubernetes from rancher.com folks and it is an alternative to the official kubernetes tool: kubeadm. NOTE: Rancher has a notion of a 'control plane' which cannot run with etcd on all nodes in a multi-node setup. Control-plane node is the first kubernetes node from the inventory (as of now). Change-Id: I0bf669442a5183efa20d44fb1cac823e7ce54348 Issue-ID: OOM-1778 Signed-off-by: Petr OspalĂ˝ Signed-off-by: Michal Zegan --- ansible/inventory/hosts.yml | 9 ++ ansible/rke.yml | 26 ++++++ ansible/roles/rke/defaults/main.yml | 33 +++++++ ansible/roles/rke/tasks/main.yml | 2 + ansible/roles/rke/tasks/rke_config.yml | 46 +++++++++ ansible/roles/rke/tasks/rke_deploy.yml | 5 + ansible/roles/rke/tasks/rke_node.yml | 11 +++ ansible/roles/rke/templates/cluster.yml.j2 | 145 +++++++++++++++++++++++++++++ 8 files changed, 277 insertions(+) create mode 100644 ansible/rke.yml create mode 100644 ansible/roles/rke/defaults/main.yml create mode 100644 ansible/roles/rke/tasks/main.yml create mode 100644 ansible/roles/rke/tasks/rke_config.yml create mode 100644 ansible/roles/rke/tasks/rke_deploy.yml create mode 100644 ansible/roles/rke/tasks/rke_node.yml create mode 100644 ansible/roles/rke/templates/cluster.yml.j2 (limited to 'ansible') diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index a29072c5..37ae4e39 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -31,6 +31,15 @@ all: #ip of the node that it uses for communication with k8s cluster. cluster_ip: 10.8.8.19 + # This is a group of hosts that are to be used as kubernetes control plane nodes. + # This means they host kubernetes api server, controller manager and scheduler. + # This example uses infra for this purpose, however note that any + # other host could be used including kubernetes nodes. + # cluster_ip needs to be set for hosts used as control planes. + kubernetes-control-plane: + hosts: + infrastructure-server + nfs-server: hosts: kubernetes-node-1 diff --git a/ansible/rke.yml b/ansible/rke.yml new file mode 100644 index 00000000..81e964d9 --- /dev/null +++ b/ansible/rke.yml @@ -0,0 +1,26 @@ +--- +- name: Gather facts for all hosts + hosts: all + +- name: Configure kubernetes cluster (RKE) + hosts: infrastructure + roles: + - role: rke + vars: + mode: config + +- name: Prepare kubernetes nodes (RKE) + hosts: + - kubernetes + - kubernetes-control-plane + roles: + - role: rke + vars: + mode: node + +- name: Deploy kubernetes cluster (RKE) + hosts: infrastructure + roles: + - role: rke + vars: + mode: deploy diff --git a/ansible/roles/rke/defaults/main.yml b/ansible/roles/rke/defaults/main.yml new file mode 100644 index 00000000..3e1c26a6 --- /dev/null +++ b/ansible/roles/rke/defaults/main.yml @@ -0,0 +1,33 @@ +--- +rke_binary: rke +rke_username: rke +rke_bin_dir: /usr/local/bin +cluster_config_dir: "{{ app_data_path }}/cluster" +rke: + etcd: rancher/coreos-etcd:v3.2.24-rancher1 + alpine: rancher/rke-tools:v0.1.27 + nginx_proxy: rancher/rke-tools:v0.1.27 + cert_downloader: rancher/rke-tools:v0.1.27 + kubernetes_services_sidecar: rancher/rke-tools:v0.1.27 + kubedns: rancher/k8s-dns-kube-dns:1.15.0 + dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.0 + kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.0 + kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.0.0 + coredns: coredns/coredns:1.2.6 + coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.0.0 + kubernetes: rancher/hyperkube:v1.13.5-rancher1 + flannel: rancher/coreos-flannel:v0.10.0-rancher1 + flannel_cni: rancher/flannel-cni:v0.3.0-rancher1 + calico_node: rancher/calico-node:v3.4.0 + calico_cni: rancher/calico-cni:v3.4.0 + calico_controllers: "" + calico_ctl: rancher/calico-ctl:v2.0.0 + canal_node: rancher/calico-node:v3.4.0 + canal_cni: rancher/calico-cni:v3.4.0 + canal_flannel: rancher/coreos-flannel:v0.10.0 + weave_node: weaveworks/weave-kube:2.5.0 + weave_cni: weaveworks/weave-npc:2.5.0 + pod_infra_container: rancher/pause:3.1 + ingress: rancher/nginx-ingress-controller:0.21.0-rancher3 + ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.4-rancher1 + metrics_server: rancher/metrics-server:v0.3.1 diff --git a/ansible/roles/rke/tasks/main.yml b/ansible/roles/rke/tasks/main.yml new file mode 100644 index 00000000..2f832973 --- /dev/null +++ b/ansible/roles/rke/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "rke_{{ mode }}.yml" diff --git a/ansible/roles/rke/tasks/rke_config.yml b/ansible/roles/rke/tasks/rke_config.yml new file mode 100644 index 00000000..49503192 --- /dev/null +++ b/ansible/roles/rke/tasks/rke_config.yml @@ -0,0 +1,46 @@ +--- +- name: "Ensure the .ssh directory exists" + file: + path: "{{ ansible_env.HOME }}/.ssh" + mode: 0700 + state: directory + +- name: Add kubernetes nodes host keys to known_hosts file + known_hosts: + name: "{{ hostvars[item].cluster_ip }}" + key: "{{ hostvars[item].cluster_ip }} ssh-rsa {{ hostvars[item].ansible_ssh_host_key_rsa_public }}" + hash_host: true + state: present + loop: "{{ groups['kubernetes'] }}" + +- name: "Ensure {{ cluster_config_dir }} is present" + file: + path: "{{ cluster_config_dir }}" + state: directory + mode: 0755 + +- name: Generate cluster wide ssh key pair + command: "ssh-keygen -q -b 4096 -t rsa -N '' -f {{ cluster_config_dir }}/cluster_key" + args: + creates: "{{ cluster_config_dir }}/cluster_key" + +- name: Get ssh public key + slurp: + src: "{{ cluster_config_dir }}/cluster_key.pub" + register: cluster_public_key_out + +- name: Decode ssh public key + set_fact: + cluster_public_key: "{{ cluster_public_key_out.content | b64decode }}" + +- name: Prepare rke cluster.yml + template: + src: cluster.yml.j2 + dest: "{{ cluster_config_dir }}/cluster.yml" + +- name: Install rke cli tool + copy: + src: "{{ app_data_path }}/downloads/{{ rke_binary }}" + dest: "{{ rke_bin_dir }}/rke" + remote_src: true + mode: 0755 diff --git a/ansible/roles/rke/tasks/rke_deploy.yml b/ansible/roles/rke/tasks/rke_deploy.yml new file mode 100644 index 00000000..7b3e2510 --- /dev/null +++ b/ansible/roles/rke/tasks/rke_deploy.yml @@ -0,0 +1,5 @@ +--- +- name: Run rke up + command: "{{ rke_bin_dir }}/rke up --config cluster.yml" + args: + chdir: "{{ cluster_config_dir }}" diff --git a/ansible/roles/rke/tasks/rke_node.yml b/ansible/roles/rke/tasks/rke_node.yml new file mode 100644 index 00000000..9ec9f073 --- /dev/null +++ b/ansible/roles/rke/tasks/rke_node.yml @@ -0,0 +1,11 @@ +--- +- name: Create a rke user on the node + user: + name: "{{ rke_username }}" + groups: docker + password_lock: yes + +- name: Distribute rke user ssh public key + authorized_key: + user: "{{ rke_username }}" + key: "{{ hostvars[groups['infrastructure'][0]].cluster_public_key }}" diff --git a/ansible/roles/rke/templates/cluster.yml.j2 b/ansible/roles/rke/templates/cluster.yml.j2 new file mode 100644 index 00000000..d55a486c --- /dev/null +++ b/ansible/roles/rke/templates/cluster.yml.j2 @@ -0,0 +1,145 @@ +nodes: +{# Note that we iterate through all nodes in relevant groups. +We check which groups they belong to exactly later to determine roles. #} +{% for node in groups['kubernetes'] | union(groups['kubernetes-control-plane']) %} +- address: "{{ hostvars[node].cluster_ip }}" + port: "22" + internal_address: "{{ hostvars[node].cluster_ip }}" + role: +{% if node in groups['kubernetes-control-plane'] %} + - controlplane +{% endif %} +{% if node in groups['kubernetes'] %} + - worker + - etcd +{% endif %} + hostname_override: "" + user: "{{ rke_username }}" + docker_socket: /var/run/docker.sock + ssh_key: "" + ssh_key_path: "{{ cluster_config_dir }}/cluster_key" + ssh_cert: "" + ssh_cert_path: "" + labels: {} +{% endfor %} +services: + etcd: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + external_urls: [] + ca_cert: "" + cert: "" + key: "" + path: "" + snapshot: null + retention: "" + creation: "" + backup_config: null + kube-api: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + service_cluster_ip_range: 10.43.0.0/16 + service_node_port_range: "" + pod_security_policy: false + always_pull_images: false + kube-controller: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + cluster_cidr: 10.42.0.0/16 + service_cluster_ip_range: 10.43.0.0/16 + scheduler: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + kubelet: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] + cluster_domain: cluster.local + infra_container_image: "" + cluster_dns_server: 10.43.0.10 + fail_swap_on: false + kubeproxy: + image: "" + extra_args: {} + extra_binds: [] + extra_env: [] +network: + plugin: canal + options: {} +authentication: + strategy: x509 + sans: [] + webhook: null +addons: "" +addons_include: [] +system_images: + etcd: "{{ rke.etcd }}" + alpine: "{{ rke.alpine }}" + nginx_proxy: "{{ rke.nginx_proxy }}" + cert_downloader: "{{ rke.cert_downloader }}" + kubernetes_services_sidecar: "{{ rke.kubernetes_services_sidecar }}" + kubedns: "{{ rke.kubedns }}" + dnsmasq: "{{ rke.dnsmasq }}" + kubedns_sidecar: "{{ rke.kubedns_sidecar }}" + kubedns_autoscaler: "{{ rke.kubedns_autoscaler }}" + coredns: "{{ rke.coredns }}" + coredns_autoscaler: "{{ rke.coredns_autoscaler }}" + kubernetes: "{{ rke.kubernetes }}" + flannel: "{{ rke.flannel }}" + flannel_cni: "{{ rke.flannel_cni }}" + calico_node: "{{ rke.calico_node }}" + calico_cni: "{{ rke.calico_cni }}" + calico_controllers: "" + calico_ctl: "{{ rke.calico_ctl }}" + canal_node: "{{ rke.canal_node }}" + canal_cni: "{{ rke.canal_cni }}" + canal_flannel: "{{ rke.canal_flannel }}" + weave_node: "{{ rke.weave_node }}" + weave_cni: "{{ rke.weave_cni }}" + pod_infra_container: "{{ rke.pod_infra_container }}" + ingress: "{{ rke.ingress }}" + ingress_backend: "{{ rke.ingress_backend }}" + metrics_server: "{{ rke.metrics_server }}" +ssh_key_path: "{{ cluster_config_dir }}/cluster_key" +ssh_cert_path: "" +ssh_agent_auth: false +authorization: + mode: none + options: {} +ignore_docker_version: false +kubernetes_version: "" +private_registries: [] +ingress: + provider: "" + options: {} + node_selector: {} + extra_args: {} +cluster_name: "" +cloud_provider: + name: "" +prefix_path: "" +addon_job_timeout: 0 +bastion_host: + address: "" + port: "" + user: "" + ssh_key: "" + ssh_key_path: "" + ssh_cert: "" + ssh_cert_path: "" +monitoring: + provider: "" + options: {} +restore: + restore: false + snapshot_name: "" +dns: null -- cgit 1.2.3-korg