control plane stand up working

2022-11-01 02:56:41 +13:00 · 2022-11-01 02:56:41 +13:00 · a60c397d1b
commit a60c397d1b
parent 37da64cacf
5 changed files with 105 additions and 16 deletions
--- a/ansible/inventory/host_vars/localhost/vault.yaml
+++ b/ansible/inventory/host_vars/localhost/vault.yaml
@ -0,0 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
 62366563373934316433393435313132323662363838613262646237386332346564326531376335
 3436653065616663356263633632313530386661333134620a326132376466646537313039633834
 64653131623563383039373536363739313939393439306466643264323933346464326137333735
 3935373966333335320a363666663732353332373936666631346536393365643937313130393166
 30663636303133346439376361393532373363343035623864616533653733383236353538376362
 6161313334363461633436373737333263303666363333343464
--- a/ansible/playbooks/88_scratch.yaml
+++ b/ansible/playbooks/88_scratch.yaml
@ -0,0 +1,7 @@
 ---
 - name: scratch testing
  hosts: localhost
  gather_facts: false
  become: false
  roles:
    - scratch
--- a/ansible/roles/k8s_control/defaults/main.yaml
+++ b/ansible/roles/k8s_control/defaults/main.yaml
@ -1,2 +1,9 @@
 ---
 k8s_control_master_node: kube01.balsillie.net
 k8s_endpoint: k8s.balsillie.net
 k8s_api_port: "6443"
 k8s_cri_socket: /run/containerd/containerd.sock
 k8s_service_domain: cluster.internal
 k8s_pod_cidr: 10.128.0.0/16
 k8s_service_cidr: 10.96.0.0/16
 local_user: michael
--- a/ansible/roles/k8s_control/tasks/main.yaml
+++ b/ansible/roles/k8s_control/tasks/main.yaml
@ -12,6 +12,7 @@
    cmd: |
      containerd config default > /etc/containerd/config.toml
    creates: /etc/containerd/config.toml
  register: containerd_config
 - name: enable systemd cgroups in containerd config
  ansible.builtin.lineinfile:
@ -20,27 +21,86 @@
    line: '            SystemdCgroup = true'
    backrefs: true
    state: present
  register: containerd_cgroup
- name: enable and start containerd service
+- name: restart containerd service if either of the above changed
  when: (containerd_config is changed) or (containerd_cgroup is changed)
  ansible.builtin.service:
    name: containerd
    state: restarted
    enabled: true
- name: kubeadm init
+- name: ensure containerd is running
-  when: ansible_host == {{ k8s_control_master_node }}
+  ansible.builtin.service:
    name: containerd
    state: started
    enabled: true
 - name: kubeadm init master node
  when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host']
  block:
  - name: init the master node
    ansible.builtin.shell:
      cmd: |
        kubeadm init \
        --control-plane-endpoint {{ k8s_endpoint }} \
        --cri-socket /run/containerd/containerd.sock \
        --pod-network-cidr {{ k8s_pod_cidr }} \
        --service-cidr {{ k8s_service_cidr }} \
        --apiserver-bind-port {{ k8s_api_port }} \
        --apiserver-cert-extra-sans {{ k8s_endpoint }} \
        --node-name {{ ansible_hostname }} \
        --feature-gates IPv6DualStack=false \
        --feature-gates PublicKeysECDSA=true \
        --service-dns-domain {{ k8s_service_domain }} \
      creates: /etc/kubernetes/admin.conf
    register: k8s_init
  - name: register the control plane certificate key
    ansible.builtin.shell:
      cmd: |
        kubeadm init phase upload-certs --upload-certs --one-output
    register: join_key
  - name: register the join command
    ansible.builtin.shell:
      cmd: |
        kubeadm token create --print-join-command
    register: join_command
  - name: prepare local folder for kube config
    delegate_to: localhost
    ansible.builtin.file:
      path: /home/{{ local_user }}/.kube
      state: directory
      owner: "{{ local_user }}"
      group: "{{ local_user }}"
      mode: 0770
  - name: retrieve kube config and store locally
    ansible.builtin.fetch:
      flat: true
      src: /etc/kubernetes/admin.conf
      dest: /home/{{ local_user }}/.kube/config
      fail_on_missing: true
      validate_checksum: true
  - name: set permissions on local kube config
    delegate_to: localhost
    ansible.builtin.file:
      path: /home/{{ local_user }}/.kube/config
      owner: "{{ local_user }}"
      group: "{{ local_user }}"
      mode: 0600
 - name: kubeadm join remaining control plain nodes
  when: ansible_host != hostvars[groups['k8s_control'][0]]['ansible_host']
  ansible.builtin.shell:
    cmd: |
-      kubeadm init \
+      {{ hostvars[groups['k8s_control'][0]]['join_command']['stdout'] }} \
-      --apiserver-advertise-address="" \
+      --control-plane \
-      --apiserver-cert-extra-sans="" \
+      --certificate-key {{ hostvars[groups['k8s_control'][0]]['join_key']['stdout_lines'][2] }} \
-      --node-name k8s-master \
+      --cri-socket /run/containerd/containerd.sock \
-      --pod-network-cidr=192.168.0.0/16
+      --node-name {{ ansible_hostname }}
    creates: /etc/kubernetes/admin.conf
 - name: join remaining nodes
  when: ansible_host != {{ k8s_control_master_node }}
  ansible.builtin.shell:
    cmd: |
    creates: 
--- a/ansible/roles/scratch/tasks/main.yaml
+++ b/ansible/roles/scratch/tasks/main.yaml
@ -0,0 +1,8 @@
 ---
 - name: debug hostname
  ansible.builtin.debug:
    msg: 
      - "{{ hostvars[groups['k8s_control'][0]]['ansible_host'] }}"
      - "{{ ansible_host }}"
    # ['hosts'][0]