---
# Copyright kubeinit contributors
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Deploy the cluster nodes
ansible.builtin.include_role:
name: kubeinit.kubeinit.kubeinit_libvirt
tasks_from: deploy_centos_guest.yml
public: yes
loop: "{{ groups['all_cluster_nodes'] }}"
loop_control:
loop_var: kubeinit_deployment_node_name
vars:
kubeinit_deployment_delegate: "{{ hostvars[kubeinit_deployment_node_name].target }}"
when: kubeinit_cluster_nodes_deployed is not defined or not kubeinit_cluster_nodes_deployed
- name: Copy cert to pki directory
ansible.builtin.copy:
content: "{{ kubeinit_cluster_hostvars.domain_cert }}"
dest: /etc/pki/ca-trust/source/anchors/domain.crt
mode: 0644
loop: "{{ groups['all_cluster_nodes'] }}"
loop_control:
loop_var: cluster_node
delegate_to: "{{ cluster_node }}"
- name: Insert the local registry auth details
ansible.builtin.shell: |
set -eo pipefail
mkdir -p .docker
# cat << EOF > .docker/config.json
# {
# "auths": {{ kubeinit_cluster_hostvars.registry_disconnected_auth }},
# "HttpHeaders": {
# "User-Agent": "Docker-Client/18.09.7 (linux)"
# }
# }
# EOF
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
loop: "{{ groups['all_cluster_nodes'] }}"
loop_control:
loop_var: cluster_node
delegate_to: "{{ cluster_node }}"
when: "'registry' in kubeinit_cluster_hostvars.services"
- name: Create registry auth pullsecret file
ansible.builtin.copy:
content: |
{{ kubeinit_registry_pullsecret }}
dest: ".docker/config.json"
group: "{{ kubeinit_service_user }}"
owner: "{{ kubeinit_service_user }}"
mode: '0644'
force: yes
loop: "{{ groups['all_cluster_nodes'] }}"
loop_control:
loop_var: cluster_node
delegate_to: "{{ cluster_node }}"
when: "'registry' in kubeinit_cluster_hostvars.services"
- name: Update the CA certs files
ansible.builtin.command: update-ca-trust extract
register: _result
changed_when: "_result.rc == 0"
loop: "{{ groups['all_cluster_nodes'] }}"
loop_control:
loop_var: cluster_node
delegate_to: "{{ cluster_node }}"
when: "'registry' in kubeinit_cluster_hostvars.services"
- name: Setup the first controller node
block:
- name: Get etcd tag
ansible.builtin.shell: |
set -eo pipefail
curl -v --silent --user {{ kubeinit_registry_user }}:{{ kubeinit_registry_password }} https://{{ kubeinit_registry_uri }}/v2/etcd/tags/list --stderr - | grep '"name":"etcd"' | jq .tags[0]
args:
executable: /bin/bash
register: _result_etcd_tag
changed_when: "_result_etcd_tag.rc == 0"
- name: Clean kubeadm
ansible.builtin.shell: |
set -eo pipefail
kubeadm reset -f || true
kubeadm config images list
kubeadm config images list --image-repository {{ kubeinit_registry_uri }}
kubeadm config images list --kubernetes-version latest
args:
executable: /bin/bash
register: _result_kubeadm_init_output
changed_when: "_result_kubeadm_init_output.rc == 0"
- name: Create the cluster init template
ansible.builtin.copy:
dest: ~/config.yml
mode: '0644'
content: |
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
etcd:
local:
imageRepository: "{{ kubeinit_registry_uri }}"
imageTag: {{ _result_etcd_tag.stdout }}
controlPlaneEndpoint: "api.{{ kubeinit_cluster_fqdn }}:6443"
kubernetesVersion: "stable-{{ kubeinit_eks_kubernetes_version }}"
networking:
serviceSubnet: "{{ kubeinit_eks_service_network_cidr }}"
podSubnet: "{{ kubeinit_eks_pod_network_cidr }}"
- name: Initialize Kubernetes cluster
ansible.builtin.shell: |
set -eo pipefail
kubeadm init --upload-certs --config=config.yml
args:
executable: /bin/bash
register: _result_kubeadm_init_output
changed_when: "_result_kubeadm_init_output.rc == 0"
- name: Debug
ansible.builtin.debug:
var: _result_kubeadm_init_output
- name: Get the controller join key
ansible.builtin.set_fact:
eks_controller_join_key: "{{ item }}"
loop: "{{ _result_kubeadm_init_output.stdout_lines }}"
when: ('--control-plane --certificate-key' in item)
- name: Debug
ansible.builtin.debug:
var: eks_controller_join_key
- name: Storing the controller join key to add the other controller nodes.
ansible.builtin.copy:
content: "{{ eks_controller_join_key }}"
dest: ~/eks_controller_join_key
mode: '0644'
when: kubeinit_controller_count|int > 1
- name: Create kube directory
ansible.builtin.file:
path: ~/.kube
state: directory
mode: '0644'
- name: Copying required files
ansible.builtin.shell: |
cp -f /etc/kubernetes/admin.conf ~/.kube/config
chown $(id -u):$(id -g) ~/.kube/config
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
- name: Get the join command
ansible.builtin.command: kubeadm token create --print-join-command
register: _result_join_command
changed_when: "_result_join_command.rc == 0"
- name: Storing the join cluster command token.
ansible.builtin.copy:
content: "{{ _result_join_command.stdout }}"
dest: ~/eks_token
mode: '0644'
when: kubeinit_controller_count|int > 1
- name: Install Network Add-on
ansible.builtin.command: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
register: _result
changed_when: "_result.rc == 0"
delegate_to: "{{ kubeinit_first_controller_node }}"
##
## Execute to configure all the other controller nodes
##
- name: Join additional controller nodes using the PK
ansible.builtin.shell: |
kubeadm reset -f || true
echo "{{ _result_join_command.stdout }} {{ eks_controller_join_key }}" > ~/eks_controller_join_command.sh
sh ~/eks_controller_join_command.sh
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
loop: "{{ groups['all_controller_nodes'] }}"
loop_control:
loop_var: controller_node
delegate_to: "{{ controller_node }}"
when: kubeinit_controller_count|int > 1 and controller_node not in kubeinit_first_controller_node
- name: Create kube directory
ansible.builtin.file:
path: ~/.kube
state: directory
mode: '0777'
loop: "{{ groups['all_controller_nodes'] }}"
loop_control:
loop_var: controller_node
delegate_to: "{{ controller_node }}"
when: kubeinit_controller_count|int > 1 and controller_node not in kubeinit_first_controller_node
- name: Copying required files
ansible.builtin.shell: |
cp -f /etc/kubernetes/admin.conf ~/.kube/config
chown $(id -u):$(id -g) ~/.kube/config
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
loop: "{{ groups['all_controller_nodes'] }}"
loop_control:
loop_var: controller_node
delegate_to: "{{ controller_node }}"
when: kubeinit_controller_count|int > 1 and controller_node not in kubeinit_first_controller_node
- name: Join compute nodes with kubernetes control plane
ansible.builtin.shell: |
kubeadm reset -f || true
echo "{{ _result_join_command.stdout }}" > ~/eks_compute_join_command.sh
sh ~/eks_compute_join_command.sh
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
loop: "{{ groups['all_compute_nodes'] | default([]) }}"
loop_control:
loop_var: compute_node
delegate_to: "{{ compute_node }}"
- name: Fetch the kubeconfig from the first controller node
ansible.builtin.slurp:
src: ~/.kube/config
register: _result_cluster_kubeconfig
delegate_to: "{{ kubeinit_first_controller_node }}"
- name: Create kube directory
ansible.builtin.file:
path: ~/.kube
state: directory
mode: '0644'
delegate_to: "{{ kubeinit_provision_service_node }}"
- name: Store the kubeconfig to the provision services machine.
ansible.builtin.copy:
content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}"
dest: ~/.kube/config
mode: '0644'
delegate_to: "{{ kubeinit_provision_service_node }}"
- name: Label compute nodes
ansible.builtin.shell: |
kubectl label node {{ hostvars[item].fqdn }} node-role.kubernetes.io/worker=
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
loop: "{{ groups['all_compute_nodes'] | default([]) }}"
delegate_to: "{{ kubeinit_provision_service_node }}"
- name: Allow schedule workloads in controller nodes if there are no compute nodes
ansible.builtin.shell: |
set -o pipefail
# Deprecated in 1.24
for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/master") | .metadata.labels."kubernetes.io/hostname"');
do
kubectl taint node ${node} node-role.kubernetes.io/master:NoSchedule-
done
# Working starting on 1.24
for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/control-plane") | .metadata.labels."kubernetes.io/hostname"');
do
kubectl taint node ${node} node-role.kubernetes.io/control-plane:NoSchedule-
done
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
when: not kubeinit_compute_count|int > 0
vars:
kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
delegate_to: "{{ kubeinit_deployment_node_name }}"
- name: Install kustomize
ansible.builtin.shell: |
curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.1.0/kustomize_v5.1.0_linux_amd64.tar.gz > kustomize.tar.gz
tar xzf ./kustomize.tar.gz
mv ./kustomize /bin/
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
delegate_to: "{{ kubeinit_provision_service_node }}"
- name: Deploy EKS manifests
ansible.builtin.shell: |
kubectl apply -f https://distro.eks.amazonaws.com/crds/releases.distro.eks.amazonaws.com-v1alpha1.yaml
kubectl apply -f https://distro.eks.amazonaws.com/kubernetes-{{ kubeinit_eks_kubernetes_major_minor }}/kubernetes-{{ kubeinit_eks_kubernetes_major_minor }}-eks-{{ kubeinit_eks_revision }}.yaml
kubectl get release kubernetes-{{ kubeinit_eks_kubernetes_major_minor }}-eks-{{ kubeinit_eks_revision }}
kubectl get release kubernetes-{{ kubeinit_eks_kubernetes_major_minor }}-eks-{{ kubeinit_eks_revision }} -o yaml
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
delegate_to: "{{ kubeinit_provision_service_node }}"