infra-ansible
ansible script to ship alpine/ssh/wireguard
git clone https://9o.is/git/infra-ansible.git
commit 83c8e99de7ff9314fdbfe6dfd07a13a4fe6757ea parent ade533c607f7ae9d53e1ecdc2e3749b154cbc6a8 Author: Jul <jul@9o.is> Date: Sat, 11 May 2024 18:20:28 +0800 install k0s Diffstat:
| A | host/.gitignore | | | 1 | + |
| M | host/group_vars/all | | | 1 | + |
| D | host/init.yml | | | 8 | -------- |
| M | host/readme.md | | | 4 | ++-- |
| A | host/roles/k0s/defaults/main.yml | | | 3 | +++ |
| A | host/roles/k0s/handlers/main.yml | | | 11 | +++++++++++ |
| A | host/roles/k0s/tasks/main.yml | | | 123 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | host/roles/k0s/templates/env.conf.j2 | | | 2 | ++ |
| A | host/roles/k0s/templates/k0s.yaml.j2 | | | 72 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| M | host/site.yml | | | 19 | ++++++++++++++++++- |
10 files changed, 233 insertions(+), 11 deletions(-)
diff --git a/host/.gitignore b/host/.gitignore @@ -0,0 +1 @@ +.output/ diff --git a/host/group_vars/all b/host/group_vars/all @@ -1,5 +1,6 @@ openssh_port: 57123 net_interface: ens3 +k0s_version: v1.30.0+k0s.0 fwknop_key_base64: !vault | $ANSIBLE_VAULT;1.2;AES256;infra diff --git a/host/init.yml b/host/init.yml @@ -1,8 +0,0 @@ ---- -- name: Initiate server - hosts: servers - remote_user: root - roles: - - hostname - - openssh - diff --git a/host/readme.md b/host/readme.md @@ -6,7 +6,7 @@ - else 1984 hosting will drop fragmented packets from large, sftp files ``` -ansible-playbook init.yml --ssh-extra-args '-o Port=22' -ansible-playbook site.yml +ansible-playbook site.yml --tags init --ssh-extra-args '-o Port=22' +ansible-playbook site.yml --tags firewall kubes ``` diff --git a/host/roles/k0s/defaults/main.yml b/host/roles/k0s/defaults/main.yml @@ -0,0 +1,3 @@ +--- +k0s_distros: '{{ inventory_dir }}/.output/k0s/distros' +k0s_artifacts: '{{ inventory_dir }}/.output/k0s/artifacts' diff --git a/host/roles/k0s/handlers/main.yml b/host/roles/k0s/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: restart k0s + block: + - service: + name: k0scontroller + state: restarted + - wait_for: + host: localhost + port: 6443 + delay: 15 + timeout: 180 diff --git a/host/roles/k0s/tasks/main.yml b/host/roles/k0s/tasks/main.yml @@ -0,0 +1,123 @@ +--- +- name: create k0s user + user: + name: k0s + password: '*' + +- name: Make dir for k0s distro + delegate_to: localhost + become: false + file: + path: '{{ k0s_distros }}' + state: directory + +- name: Download k0s binary k0s-{{ k0s_version }}-amd64 + delegate_to: localhost + become: false + get_url: + url: https://github.com/k0sproject/k0s/releases/download/{{ k0s_version }}/k0s-{{ k0s_version }}-amd64 + dest: '{{ k0s_distros }}' + when: item == 'x86_64' and not (k0s_distros + '/k0s-' + k0s_version + '-amd64') is exists + with_items: '{{ ansible_facts.architecture }}' + +- name: Upload k0s binary + copy: + src: '{{ k0s_distros }}/k0s-{{ k0s_version }}-amd64' + dest: '/usr/local/bin/k0s' + owner: 'k0s' + group: 'k0s' + mode: '0755' + when: ansible_facts.architecture == 'x86_64' + notify: restart k0s + +- name: Create k0s Directories + file: + path: '{{ item }}' + state: directory + mode: '0755' + owner: 'k0s' + group: 'k0s' + loop: + - '/etc/k0s' + - '/var/lib/k0s' + - '/usr/libexec/k0s' + +# - name: Configure k0s +# template: +# src: k0s.yaml.j2 +# dest: '/etc/k0s/k0s.yaml' +# owner: 'k0s' +# group: 'k0s' +# mode: '0600' +# notify: restart k0s + +- name: Generate default k0s config file + block: + - name: Create default k0s config + register: default_k0s_config + command: k0s default-config > /etc/k0s/k0s.yaml + - name: Store default k0s config + copy: + dest: '/etc/k0s/k0s.yaml' + content: '{{ default_k0s_config.stdout }}' + owner: 'k0s' + group: 'k0s' + mode: '0600' + +- name: Install k0s controller + register: install_initial_controller_cmd + command: k0s install controller --single + args: + creates: /etc/systemd/system/k0scontroller.service + changed_when: install_initial_controller_cmd | length > 0 + +- name: Ensure k0scontroller service dir exists + file: + path: /etc/systemd/system/k0scontroller.service.d + state: directory + +- name: Ensure systemd drop-in unit for custom Env exists + template: + src: env.conf.j2 + dest: /etc/systemd/system/k0scontroller.service.d/env.conf + notify: restart k0s + +- name: Enable and start k0s service + systemd: + name: k0scontroller + daemon_reload: yes + enabled: yes + state: started + +- name: Wait for k8s apiserver + wait_for: + host: localhost + port: 6443 + delay: 15 + timeout: 180 + +- name: Copy config file to home directory + copy: + src: '/var/lib/k0s/pki/admin.conf' + dest: ~k0s/k0s-kubeconfig.yml + remote_src: yes + owner: 'k0s' + mode: '0644' + +- name: Set controller IP in kubeconfig + replace: + path: ~k0s/k0s-kubeconfig.yml + regexp: 'localhost' + replace: '{{ ansible_host }}' + +- name: Fetch kubeconfig + become: false + fetch: + src: '~k0s/k0s-kubeconfig.yml' + dest: '{{ k0s_artifacts }}/k0s-kubeconfig.yml' + flat: yes + validate_checksum: no + +- name: Print kubeconfig command + debug: + msg: 'To use Cluster: export KUBECONFIG={{ k0s_artifacts }}/k0s-kubeconfig.yml' diff --git a/host/roles/k0s/templates/env.conf.j2 b/host/roles/k0s/templates/env.conf.j2 @@ -0,0 +1,2 @@ +[Service] + diff --git a/host/roles/k0s/templates/k0s.yaml.j2 b/host/roles/k0s/templates/k0s.yaml.j2 @@ -0,0 +1,72 @@ +apiVersion: k0s.k0sproject.io/v1beta1 +kind: ClusterConfig +metadata: + creationTimestamp: null + name: k0s +spec: + api: + address: {{ ansible_default_ipv4.address }} + externalAddress: {{ ansible_host }} + k0sApiPort: 9443 + port: 6443 + sans: + - {{ ansible_default_ipv4.address }} + controllerManager: {} + extensions: + helm: + charts: null + concurrencyLevel: 5 + repositories: null + storage: + create_default_storage_class: false + type: external_storage + installConfig: + users: + etcdUser: etcd + kineUser: kube-apiserver + konnectivityUser: konnectivity-server + kubeAPIserverUser: kube-apiserver + kubeSchedulerUser: kube-scheduler + konnectivity: + adminPort: 8133 + agentPort: 8132 + network: + calico: null + clusterDomain: cluster.local + dualStack: {} + kubeProxy: + iptables: + minSyncPeriod: 0s + syncPeriod: 0s + ipvs: + minSyncPeriod: 0s + syncPeriod: 0s + tcpFinTimeout: 0s + tcpTimeout: 0s + udpTimeout: 0s + metricsBindAddress: 0.0.0.0:10249 + mode: iptables + kuberouter: + autoMTU: true + hairpin: Enabled + ipMasq: false + metricsPort: 8080 + mtu: 0 + peerRouterASNs: "" + peerRouterIPs: "" + nodeLocalLoadBalancing: + envoyProxy: + apiServerBindPort: 7443 + konnectivityServerBindPort: 7132 + type: EnvoyProxy + podCIDR: 10.244.0.0/16 + provider: kuberouter + serviceCIDR: 10.96.0.0/12 + scheduler: {} + storage: + etcd: + externalCluster: null + peerAddress: {{ ansible_default_ipv4.address }} + type: etcd + telemetry: + enabled: true diff --git a/host/site.yml b/host/site.yml @@ -1,9 +1,26 @@ --- -- name: Set up kubernetes +- name: Initiate + hosts: servers + remote_user: root + tags: init + roles: + - hostname + - openssh + +- name: Firewall hosts: servers remote_user: user become: true + tags: firewall roles: - iptables - fwknop +- name: Kubernetes + hosts: servers + remote_user: user + become: true + tags: kubes + roles: + - k0s +