mal wieder nen update

README.md

@@ -1,13 +1,15 @@
 #
 
-Bitte den Token für Hetzner in terraform.tfvars setzen.
-In der maion.tf wird ein ssh-key referenziert, welches auf ein/das eigene SSH-Key verweisen soll.
-
-Dann folgende Befehle (oder cluster-create.sh) ausführen.
-
-
  ~~~
  terraform apply 
  bash state-extractor.sh 
  ansible-playbook -i ini  -e 'ansible_python_interpreter=/usr/bin/python3' -u root all.yml
  ~~~
+
+CNI:
+
+In  group_vars/all kann 
+cni: calico
+oder 
+cni: weave 
+gesetzt werden

TODO.md

@@ -0,0 +1,7 @@
+Install:
+ https://github.com/ahmetb/kubectx
+ und fzf für kubectx/kubedns  (https://github.com/junegunn/fzf)
+ vim als Defaulteditor
+
+
+

all.yml

@@ -1,5 +1,6 @@
-- include: user-play.yml
-- include: nodes-play.yml
-- include: master-init.yml
-- include: nodes-join.yml
+- import_playbook: user-play.yml
+- import_playbook: nodes-play.yml
+- import_playbook: master-play.yml
+- import_playbook: master-init.yml
+- import_playbook: nodes-join.yml
 

cluster-create.sh

@@ -3,5 +3,5 @@ terraform apply  -auto-approve
 sleep 15
 bash ./state-extractor.sh 
 ansible-playbook -i ini  -e 'ansible_python_interpreter=/usr/bin/python3' -u root all.yml
-test all.retry && ansible-playbook -i ini   -e 'ansible_python_interpreter=/usr/bin/python3' -u root all.yml --limit @all.retry
+test -a all.retry && ansible-playbook -i ini   -e 'ansible_python_interpreter=/usr/bin/python3' -u root all.yml --limit @all.retry
 

group_vars/all

@@ -1,2 +1,4 @@
-user: e2m
-password: dc201711
+user: k8suser
+password: KrassesPasswort4711
+cni: calico
+#cni: weave

hetzner-state-extractor.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+#  export DO_API_TOKEN=
+# cat  terraform.tfstate | jq '.modules[].resources[].primary.attributes | { ipv4_address, name}'
+# cat  terraform.tfstate | jq --raw-output '.modules[].resources[].primary.attributes | { ipv4_address, name}| .[]'
+echo '[master]' >ini
+cat  terraform.tfstate | jq --raw-output '.modules[].resources[].primary.attributes | { ipv4_address }| .[]' | head -n 1 >>ini
+echo '[nodes]' >>ini
+cat  terraform.tfstate | jq --raw-output '.modules[].resources[].primary.attributes | { ipv4_address }| .[]' | tail -n +2 >>ini

main.tf

@@ -4,17 +4,18 @@ variable "ssh_fingerprint" {}
 variable "instance_count" { default = 4 }
 variable "hcloud_token" {}
 variable "server_type" { default = "cx21" }
+variable "image" { default = "ubuntu-18.04" }
 
 
 # Configure the Hetzner Cloud Provider
 provider "hcloud" {
-  token = "${var.hcloud_token}"
+  token       = "${var.hcloud_token}"
 }
 
 resource "hcloud_server" "node1" {
-  name      = "${basename(path.cwd)}${count.index}"
-  count     = "${var.instance_count}"
-  image = "ubuntu-16.04"
-  ssh_keys = ["k8s"]
+  name        = "${basename(path.cwd)}${count.index}"
+  count       = "${var.instance_count}"
+  image       = "${var.image}"
+  ssh_keys    = ["k8s"]
   server_type = "${var.server_type}"
 }

master-init.yml

@@ -1,7 +1,11 @@
 - hosts: master
   tasks:
   - name: initialise master
-    shell: kubeadm init  --apiserver-advertise-address={{ ansible_eth0.ipv4.address }}   --pod-network-cidr=192.168.0.0/16
+    shell: kubeadm init  --apiserver-advertise-address={{ ansible_eth0.ipv4.address }}   --cri-socket /run/containerd/containerd.sock
+    when: cni == "weave"
+  - name: initialise master
+    shell: kubeadm init  --apiserver-advertise-address={{ ansible_eth0.ipv4.address }}  --cri-socket /run/containerd/containerd.sock   --pod-network-cidr=192.168.0.0/16
+    when: cni == "calico"
   - name: Create /root/.kube
     file:
       path: /root/.kube
@@ -16,13 +20,29 @@
     shell: cp /etc/kubernetes/admin.conf /root/.kube/config
   - name: Copy admin.conf to e2m
     shell: cp /etc/kubernetes/admin.conf /home/e2m/.kube/config
+  - name: bash_completition
+    shell: kubectl completion bash >/etc/bash_completion.d/kubectl
   - name: make shure /home/e2m/.kube/config belongs to 22m
     file:
       path: /home/e2m/.kube/config
       owner: e2m
+  - name: initialise weave
+    shell: kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
+    when: cni == "weave"
   - name: initialise calico
-    shell: kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
+    shell: kubectl apply -f https://docs.projectcalico.org/v3.2/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
+    when: cni == "calicoo"
   - name: initialise calico
-    shell: kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
-
+    shell: kubectl apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml 
+    when: cni == "calico"
+  - name: Install Metrics-Server
+    shell: kubectl apply  -f https://raw.githubusercontent.com/erkules/k8sworkshop/master/System/metrics-server.yaml
 
+  - name: Add IP address of all hosts to all hosts
+    lineinfile:
+      dest: /etc/hosts
+      regexp: '.*{{ item }}$'
+      line: "{{ hostvars[item].ansible_host }} {{item}}"
+      state: present
+    when: hostvars[item].ansible_host is defined
+    with_items: "{{ groups.all }}"

master-play.yml

@@ -0,0 +1,13 @@
+- hosts: master
+  tasks:
+  - name: download helm
+    unarchive: 
+      src: https://get.helm.sh/helm-v3.1.1-linux-amd64.tar.gz
+      dest: /usr/local/bin
+      remote_src: yes
+      extra_opts: [--strip-components=1]
+  - name: download istioctl
+    unarchive: 
+      src: https://github.com/istio/istio/releases/download/1.6.4/istioctl-1.6.4-linux-amd64.tar.gz
+      dest: /usr/local/bin
+      remote_src: yes

nodes-join.yml

@@ -14,7 +14,7 @@
   - debug:
       msg: "{{ token }}"
   - name: Join Node
-    shell: "{{ item  }}"
+    shell: "{{ item  }}  --cri-socket /run/containerd/containerd.sock "
     with_items: "{{ token.results[0].stdout_lines }}"
 
 

nodes-play.yml

@@ -1,21 +1,73 @@
 - hosts: all
   tasks:
+  - name: get kubernetes apt key
+    apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
   - name: add kubernetes repository
     apt_repository:
         repo: deb http://apt.kubernetes.io/ kubernetes-xenial main
         state: present
-  - name: get kubernetes apt key
+    register: apt_status
+    #until: apt_status|success
+    until: apt_status is success
+    delay: 10
+    retries: 10
+  - name: get docker apt key
     apt_key:
-      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-  - name: install docker
+      url: https://download.docker.com/linux/ubuntu/gpg
+  - name: add docker-ce repository
+    apt_repository:
+        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ansible_distribution_release}} stable
+        state: present
+    register: apt_status
+    #until: apt_status|success
+    until: apt_status is success
+    delay: 10
+    retries: 10
+
+  - name: Create /etc/containerd
+    file:
+      path: /etc/containerd
+      state: directory
+      owner: root
+
+  - name: Copy containerd conf file
+    copy:
+      src: "files/config.toml"
+      dest: "/etc/containerd/config.toml"
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Copy crictl config file
+    copy:
+      src: "files/crictl.yaml"
+      dest: "/etc/crictl.yaml"
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: install packages
     apt:
-      name:         "{{ item }}"
+      name: 
+      - docker-ce
+      - kubelet 
+      - kubeadm 
+      - kubectl
+      - socat 
+      - conntrack 
+      - ipset
+      - jq
+      - ipvsadm
+      - mc
+      - tmux
+      - git
+      - vim
       update_cache: yes
-    with_items:
-    - docker.io
-    - kubelet 
-    - kubeadm 
-    - kubectl
+    register: apt_status
+    until: apt_status is success
+    delay: 10
+    retries: 10
   - name: disable ufw
     systemd:
       name: ufw
@@ -24,3 +76,39 @@
       state: stopped 
   - name: disable ufw via shell
     shell: ufw disable
+  - name: Load Kernel Modules for K8S - ip_vs
+    modprobe:
+     name: "ip_vs"
+     state: "present"
+  - name: set EDITOR=vim :)
+    lineinfile: 
+     dest: /etc/environment
+     regexp: "^EDITOR"
+     line: "EDITOR=vim"
+     state: present
+
+
+  - name: Load Kernel Modules for K8S - ip_vs_rr
+    modprobe:
+     name: "ip_vs_rr"
+     state: "present"
+
+  - name: Load Kernel Modules for K8S - ip_vs_wrr
+    modprobe:
+     name: "ip_vs_wrr"
+     state: "present"
+
+  - name: Load Kernel Modules for K8S - ip_vs_sh
+    modprobe:
+     name: "ip_vs_sh"
+     state: "present"
+
+  - name: Copy k8s Modules Files for Modules Load
+    copy:
+      src: "files/k8s-modules.conf"
+      dest: "/etc/modules-load.d/k8s-modules.conf"
+      owner: root
+      group: root
+      mode: 0644
+
+

state-extractor.sh

@@ -3,6 +3,6 @@
 # cat  terraform.tfstate | jq '.modules[].resources[].primary.attributes | { ipv4_address, name}'
 # cat  terraform.tfstate | jq --raw-output '.modules[].resources[].primary.attributes | { ipv4_address, name}| .[]'
 echo '[master]' >ini
-cat  terraform.tfstate | jq --raw-output '.modules[].resources[].primary.attributes | { ipv4_address }| .[]' | head -n 1 >>ini
+cat  terraform.tfstate |  jq --raw-output '.resources[].instances[] | (.attributes.name + " ansible_host=" + .attributes.ipv4_address)' | head -n 1 >>ini
 echo '[nodes]' >>ini
-cat  terraform.tfstate | jq --raw-output '.modules[].resources[].primary.attributes | { ipv4_address }| .[]' | tail -n +2 >>ini
+cat  terraform.tfstate |  jq --raw-output '.resources[].instances[] | (.attributes.name + " ansible_host=" + .attributes.ipv4_address)' | tail -n +2 >>ini