From 3adb7f9d0ac844a0d19079926430e98056efa847 Mon Sep 17 00:00:00 2001 From: zeeclor Date: Thu, 10 Apr 2025 06:07:09 +0000 Subject: [PATCH] Repository upload. --- ansible.cfg | 3 + collections/requirements.yaml | 6 + inventory/group_vars/all.yaml | 18 +++ inventory/hosts.ini | 21 +++ roles/add-agent/tasks/main.yaml | 17 +++ .../add-agent/templates/rke2-agent-config.j2 | 5 + roles/add-server/tasks/main.yaml | 53 +++++++ .../templates/rke2-server-config.j2 | 10 ++ roles/apply-manifests/tasks/main.yaml | 60 ++++++++ .../templates/metallb-ippool.j2 | 8 ++ roles/kube-vip/defaults/main.yaml | 3 + roles/kube-vip/meta/argument_specs.yml | 22 +++ roles/kube-vip/tasks/main.yaml | 17 +++ roles/kube-vip/templates/kube-vip-config.j2 | 88 ++++++++++++ roles/prepare-nodes/tasks/main.yaml | 15 ++ roles/rke2-download/defaults/main.yml | 4 + roles/rke2-download/tasks/main.yaml | 20 +++ roles/rke2-download/vars/main.yaml | 2 + roles/rke2-prepare/tasks/main.yaml | 134 ++++++++++++++++++ .../templates/rke2-agent.service.j2 | 13 ++ .../templates/rke2-server-config.j2 | 10 ++ .../templates/rke2-server.service.j2 | 13 ++ roles/rke2-prepare/vars/main.yaml | 0 run_playbook | 3 + site.yaml | 56 ++++++++ 25 files changed, 601 insertions(+) create mode 100644 ansible.cfg create mode 100644 collections/requirements.yaml create mode 100644 inventory/group_vars/all.yaml create mode 100644 inventory/hosts.ini create mode 100644 roles/add-agent/tasks/main.yaml create mode 100644 roles/add-agent/templates/rke2-agent-config.j2 create mode 100644 roles/add-server/tasks/main.yaml create mode 100644 roles/add-server/templates/rke2-server-config.j2 create mode 100644 roles/apply-manifests/tasks/main.yaml create mode 100644 roles/apply-manifests/templates/metallb-ippool.j2 create mode 100644 roles/kube-vip/defaults/main.yaml create mode 100644 roles/kube-vip/meta/argument_specs.yml create mode 100644 roles/kube-vip/tasks/main.yaml create mode 100644 roles/kube-vip/templates/kube-vip-config.j2 create mode 100644 roles/prepare-nodes/tasks/main.yaml create mode 100644 roles/rke2-download/defaults/main.yml create mode 100644 roles/rke2-download/tasks/main.yaml create mode 100644 roles/rke2-download/vars/main.yaml create mode 100644 roles/rke2-prepare/tasks/main.yaml create mode 100644 roles/rke2-prepare/templates/rke2-agent.service.j2 create mode 100644 roles/rke2-prepare/templates/rke2-server-config.j2 create mode 100644 roles/rke2-prepare/templates/rke2-server.service.j2 create mode 100644 roles/rke2-prepare/vars/main.yaml create mode 100755 run_playbook create mode 100644 site.yaml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..db1bdd4 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +inventory = inventory/hosts.ini +host_key_checking = false diff --git a/collections/requirements.yaml b/collections/requirements.yaml new file mode 100644 index 0000000..3ffb535 --- /dev/null +++ b/collections/requirements.yaml @@ -0,0 +1,6 @@ +--- +collections: + - name: ansible.utils + - name: community.general + - name: ansible.posix + - name: kubernetes.core \ No newline at end of file diff --git a/inventory/group_vars/all.yaml b/inventory/group_vars/all.yaml new file mode 100644 index 0000000..e590215 --- /dev/null +++ b/inventory/group_vars/all.yaml @@ -0,0 +1,18 @@ +--- +os: "linux" +arch: "amd64" + +vip: 192.168.15.149 + +metallb_version: v0.13.12 +lb_range: 192.168.15.140-192.168.15.148 +lb_pool_name: first-pool + +ansible_become: true +ansible_become_method: sudo +################################################################################ +# options to change default values +kube_vip_version: "v0.8.10" +# vip_interface: "eth0" +# rke2_version: "v1.32.3+rke2r1" +# rke2_install_dir: "/usr/local/bin" diff --git a/inventory/hosts.ini b/inventory/hosts.ini new file mode 100644 index 0000000..8c84c14 --- /dev/null +++ b/inventory/hosts.ini @@ -0,0 +1,21 @@ +# Make sure Ansible host has access to these devices +# Good idea to snapshot all machines and deploy uing cloud-init + +[servers] +server1 ansible_host=192.168.15.111 +server2 ansible_host=192.168.15.112 +server3 ansible_host=192.168.15.113 + +[agents] +agent1 ansible_host=192.168.15.114 +agent2 ansible_host=192.168.15.115 +agent3 ansible_host=192.168.15.116 + +[rke2] + +[rke2:children] +servers +agents + +[rke2:vars] +ansible_user=dguest diff --git a/roles/add-agent/tasks/main.yaml b/roles/add-agent/tasks/main.yaml new file mode 100644 index 0000000..edd2aed --- /dev/null +++ b/roles/add-agent/tasks/main.yaml @@ -0,0 +1,17 @@ +# Copy agent config to all agents - we need to change agent2 & 3 later with the token +- name: Deploy RKE2 Agent Configuration + ansible.builtin.template: + src: templates/rke2-agent-config.j2 + dest: /etc/rancher/rke2/config.yaml + owner: root + group: root + mode: '0644' + when: inventory_hostname in groups['agents'] + +# Check agents have restarted to pick up config +- name: Ensure RKE2 agents are enabled and running + ansible.builtin.systemd: + name: rke2-agent + enabled: true + state: restarted + daemon_reload: true diff --git a/roles/add-agent/templates/rke2-agent-config.j2 b/roles/add-agent/templates/rke2-agent-config.j2 new file mode 100644 index 0000000..3dafb3d --- /dev/null +++ b/roles/add-agent/templates/rke2-agent-config.j2 @@ -0,0 +1,5 @@ +write-kubeconfig-mode: "0644" +token: {{ hostvars['server1']['token'] }} +server: https://{{ hostvars['server1']['ansible_host'] }}:9345 +node-label: + - "agent=true" diff --git a/roles/add-server/tasks/main.yaml b/roles/add-server/tasks/main.yaml new file mode 100644 index 0000000..3acb216 --- /dev/null +++ b/roles/add-server/tasks/main.yaml @@ -0,0 +1,53 @@ +# Copy server config with token to all servers except server 1 (this has token) +- name: Deploy RKE2 server Configuration + ansible.builtin.template: + src: templates/rke2-server-config.j2 + dest: /etc/rancher/rke2/config.yaml + owner: root + group: root + mode: '0644' + when: inventory_hostname != groups['servers'][0] + +# Keep checking the cluster API until it's functioning (deployed) +- name: Wait for cluster API to be ready (can take 5-10 mins depending on internet/hardware) + ansible.builtin.command: + cmd: "kubectl get nodes" + register: kubectl_output + until: "'connection refused' not in kubectl_output.stderr" + retries: 120 + delay: 10 + changed_when: true + become_user: "{{ ansible_user }}" + when: inventory_hostname == groups['servers'][0] + +# Use kubectl to deploy yaml. Perhaps this can be added to the manifest folder initially +- name: Apply kube vip configuration file + ansible.builtin.command: + cmd: kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml apply -f https://kube-vip.io/manifests/rbac.yaml + changed_when: true + when: inventory_hostname == groups['servers'][0] + +# Apply the kube-vip configration. Perhaps this can be added to the manifest folder initially +- name: Apply kube vip configuration file + ansible.builtin.command: + cmd: kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml apply -f https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/main/manifest/kube-vip-cloud-controller.yaml + changed_when: true + when: inventory_hostname == groups['servers'][0] + +# Check that additional servers are restarted +- name: Ensure additional RKE2 servers are enabled and running + ansible.builtin.systemd: + name: rke2-server + enabled: true + state: restarted + daemon_reload: true + when: inventory_hostname != groups['servers'][0] + +# enable additional servers +- name: Ensure RKE2 server is enabled and running + ansible.builtin.systemd: + name: rke2-server + enabled: true + state: restarted + daemon_reload: true + when: inventory_hostname != groups['servers'][0] diff --git a/roles/add-server/templates/rke2-server-config.j2 b/roles/add-server/templates/rke2-server-config.j2 new file mode 100644 index 0000000..d7a51e8 --- /dev/null +++ b/roles/add-server/templates/rke2-server-config.j2 @@ -0,0 +1,10 @@ +write-kubeconfig-mode: "0644" +token: {{ hostvars['server1']['token'] }} +server: https://{{ hostvars['server1']['ansible_host'] }}:9345 +tls-san: + - {{ vip }} + - {{ hostvars['server1']['ansible_host'] }} + - {{ hostvars['server2']['ansible_host'] }} + - {{ hostvars['server3']['ansible_host'] }} +node-label: + - server=true \ No newline at end of file diff --git a/roles/apply-manifests/tasks/main.yaml b/roles/apply-manifests/tasks/main.yaml new file mode 100644 index 0000000..bf5ea47 --- /dev/null +++ b/roles/apply-manifests/tasks/main.yaml @@ -0,0 +1,60 @@ +# Wait for Server 1 to be ready before continuing with metallb deployment +- name: Wait for k8s nodes with node label 'server=true' to be ready, otherwise we cannot start metallb deployment + ansible.builtin.command: + cmd: "kubectl wait --for=condition=Ready nodes --selector server=true --timeout=600s" + register: nodes_ready + retries: 120 + delay: 10 + changed_when: true + become_user: "{{ ansible_user }}" + when: inventory_hostname == groups['servers'][0] + +# Create namespace so that we can deploy metallb +- name: Apply metallb namespace + ansible.builtin.command: + cmd: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml + become_user: "{{ ansible_user }}" + changed_when: true + when: inventory_hostname == groups['servers'][0] + +# Apply metallb manifest +- name: Apply metallb manifest + ansible.builtin.command: + cmd: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/{{ metallb_version }}/config/manifests/metallb-native.yaml + become_user: "{{ ansible_user }}" + changed_when: true + when: inventory_hostname == groups['servers'][0] + +# Wait for metallb deployment pods to be alive before deploying metallb manifests +- name: Wait for metallb pods to be ready, otherwise we cannot start metallb deployment + ansible.builtin.command: + cmd: "kubectl wait --namespace metallb-system --for=condition=ready pod --selector=component=controller --timeout=1800s" + changed_when: true + become_user: "{{ ansible_user }}" + when: inventory_hostname == groups['servers'][0] + +# Apply L2 Advertisement for metallb +- name: Apply metallb L2 Advertisement + ansible.builtin.command: + cmd: kubectl apply -f https://raw.githubusercontent.com/JamesTurland/JimsGarage/main/Kubernetes/RKE2/l2Advertisement.yaml + become_user: "{{ ansible_user }}" + changed_when: true + when: inventory_hostname == groups['servers'][0] + +# Deploy metal IP Pool to Server 1 +- name: Copy metallb IPPool to server 1 + ansible.builtin.template: + src: templates/metallb-ippool.j2 + dest: /home/{{ ansible_user }}/ippool.yaml + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + mode: '0755' + when: inventory_hostname == groups['servers'][0] + +# don't think this will work as nodes are no execute, might need agents first +- name: Apply metallb ipppool + ansible.builtin.command: + cmd: kubectl apply -f /home/{{ ansible_user }}/ippool.yaml + become_user: "{{ ansible_user }}" + changed_when: true + when: inventory_hostname == groups['servers'][0] diff --git a/roles/apply-manifests/templates/metallb-ippool.j2 b/roles/apply-manifests/templates/metallb-ippool.j2 new file mode 100644 index 0000000..6673b63 --- /dev/null +++ b/roles/apply-manifests/templates/metallb-ippool.j2 @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: {{ lb_pool_name }} + namespace: metallb-system +spec: + addresses: + - {{ lb_range }} \ No newline at end of file diff --git a/roles/kube-vip/defaults/main.yaml b/roles/kube-vip/defaults/main.yaml new file mode 100644 index 0000000..4de5242 --- /dev/null +++ b/roles/kube-vip/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +kube_vip_version: v0.8.0 +vip_interface: eth0 diff --git a/roles/kube-vip/meta/argument_specs.yml b/roles/kube-vip/meta/argument_specs.yml new file mode 100644 index 0000000..30bc2d4 --- /dev/null +++ b/roles/kube-vip/meta/argument_specs.yml @@ -0,0 +1,22 @@ +--- +argument_specs: + main: + short_description: Install kube-vip manifest + description: Install kube-vip manifest + author: + - Jim's Garage + options: + kube_vip_version: + type: str + required: false + default: v0.8.0 + description: Version of kube-vip to install + vip_interface: + type: str + required: false + default: eth0 + description: Interface to bind kube-vip + vip: + type: str + required: true + description: The virtual IP to use with kube-vip diff --git a/roles/kube-vip/tasks/main.yaml b/roles/kube-vip/tasks/main.yaml new file mode 100644 index 0000000..9593515 --- /dev/null +++ b/roles/kube-vip/tasks/main.yaml @@ -0,0 +1,17 @@ +# Create directory to deploy kube-vip manifest +- name: Create directory for Kube VIP Manifest + ansible.builtin.file: + path: "/var/lib/rancher/rke2/server/manifests" + state: directory + mode: "0755" + when: inventory_hostname in groups['servers'] + +# Copy kube-vip to server 1 manifest folder for auto deployment at bootstrap +- name: Deploy Kube VIP Configuration + ansible.builtin.template: + src: templates/kube-vip-config.j2 + dest: /var/lib/rancher/rke2/server/manifests/kube-vip.yaml + owner: root + group: root + mode: "0644" + when: inventory_hostname == groups['servers'][0] diff --git a/roles/kube-vip/templates/kube-vip-config.j2 b/roles/kube-vip/templates/kube-vip-config.j2 new file mode 100644 index 0000000..c0731fc --- /dev/null +++ b/roles/kube-vip/templates/kube-vip-config.j2 @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: kube-vip-ds + app.kubernetes.io/version: {{ kube_vip_version }} + name: kube-vip-ds + namespace: kube-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-vip-ds + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: kube-vip-ds + app.kubernetes.io/version: {{ kube_vip_version }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + containers: + - args: + - manager + env: + - name: vip_arp + value: "true" + - name: port + value: "6443" + - name: vip_interface + value: {{ vip_interface }} + - name: vip_cidr + value: "32" + - name: cp_enable + value: "true" + - name: cp_namespace + value: kube-system + - name: vip_ddns + value: "false" + - name: svc_enable + value: "false" + - name: svc_leasename + value: plndr-svcs-lock + - name: vip_leaderelection + value: "true" + - name: vip_leasename + value: plndr-cp-lock + - name: vip_leaseduration + value: "5" + - name: vip_renewdeadline + value: "3" + - name: vip_retryperiod + value: "1" + - name: address + value: {{ vip }} + - name: prometheus_server + value: :2112 + image: ghcr.io/kube-vip/kube-vip:{{ kube_vip_version }} + imagePullPolicy: Always + name: kube-vip + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + hostNetwork: true + serviceAccountName: kube-vip + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + updateStrategy: {} +status: + currentNumberScheduled: 0 + desiredNumberScheduled: 0 + numberMisscheduled: 0 + numberReady: 0 diff --git a/roles/prepare-nodes/tasks/main.yaml b/roles/prepare-nodes/tasks/main.yaml new file mode 100644 index 0000000..400f4b0 --- /dev/null +++ b/roles/prepare-nodes/tasks/main.yaml @@ -0,0 +1,15 @@ +- name: Enable IPv4 forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: "1" + state: present + reload: true + tags: sysctl + +- name: Enable IPv6 forwarding + ansible.posix.sysctl: + name: net.ipv6.conf.all.forwarding + value: "1" + state: present + reload: true + tags: sysctl \ No newline at end of file diff --git a/roles/rke2-download/defaults/main.yml b/roles/rke2-download/defaults/main.yml new file mode 100644 index 0000000..c22189b --- /dev/null +++ b/roles/rke2-download/defaults/main.yml @@ -0,0 +1,4 @@ +--- +rke2_install_dir: "/usr/local/bin" +# rke2_version: "v1.29.4+rke2r1" +rke2_version: "v1.32.3+rke2r1" diff --git a/roles/rke2-download/tasks/main.yaml b/roles/rke2-download/tasks/main.yaml new file mode 100644 index 0000000..c273e6e --- /dev/null +++ b/roles/rke2-download/tasks/main.yaml @@ -0,0 +1,20 @@ +# Create a directory to download RKE2 binary to +- name: Create directory for RKE2 binary + ansible.builtin.file: + path: "{{ rke2_install_dir }}" + state: directory + mode: '0755' + +# Download the RKE2 binary +- name: Download RKE2 binary + ansible.builtin.get_url: + url: "{{ rke2_binary_url }}" + dest: "{{ rke2_install_dir }}/rke2" + mode: '0755' + +# Set permissions on the RKE2 binary +- name: Set executable permissions on the RKE2 binary + ansible.builtin.file: + path: "{{ rke2_install_dir }}/rke2" + mode: '0755' + state: file diff --git a/roles/rke2-download/vars/main.yaml b/roles/rke2-download/vars/main.yaml new file mode 100644 index 0000000..64557b6 --- /dev/null +++ b/roles/rke2-download/vars/main.yaml @@ -0,0 +1,2 @@ +--- +rke2_binary_url: "https://github.com/rancher/rke2/releases/download/{{ rke2_version }}/rke2.{{ os }}-{{ arch }}" diff --git a/roles/rke2-prepare/tasks/main.yaml b/roles/rke2-prepare/tasks/main.yaml new file mode 100644 index 0000000..f1fbccc --- /dev/null +++ b/roles/rke2-prepare/tasks/main.yaml @@ -0,0 +1,134 @@ +- name: Create directory for RKE2 config + ansible.builtin.file: + path: "/etc/rancher/rke2" + state: directory + mode: '0644' + +- name: Create directory for RKE2 token + ansible.builtin.file: + path: "/var/lib/rancher/rke2/server" + state: directory + mode: '0644' + +# Copy server config to server 1 for bootstrap - we need to change server2 & 3 later with the token +- name: Deploy RKE2 server Configuration + ansible.builtin.template: + src: templates/rke2-server-config.j2 + dest: /etc/rancher/rke2/config.yaml + owner: root + group: root + mode: '0644' + when: inventory_hostname in groups['servers'] + +- name: Create systemd service file for RKE2 server + ansible.builtin.template: + src: templates/rke2-server.service.j2 + dest: /etc/systemd/system/rke2-server.service + owner: root + group: root + mode: '0644' + when: inventory_hostname in groups['servers'] + +- name: Create systemd service file for RKE2 agent + ansible.builtin.template: + src: templates/rke2-agent.service.j2 + dest: /etc/systemd/system/rke2-agent.service + owner: root + group: root + mode: '0644' + when: inventory_hostname in groups['agents'] + +# we enable the first server to generate tokens etc, copy this afterwards to other servers +- name: Ensure RKE2 server is enabled and running + ansible.builtin.systemd: + name: rke2-server + enabled: true + state: restarted + daemon_reload: true + when: inventory_hostname in groups['servers'][0] + +# wait for node token to be availale so that we can copy it, we need this to join other nodes +- name: Wait for node-token + ansible.builtin.wait_for: + path: /var/lib/rancher/rke2/server/node-token + when: inventory_hostname == groups['servers'][0] + +# wait for kubectl to be downloaded, part of the rke2 installation +- name: Wait for kubectl + ansible.builtin.wait_for: + path: /var/lib/rancher/rke2/bin/kubectl + when: inventory_hostname == groups['servers'][0] + +# copy kubectl to usr bin so that all users can run kubectl commands +- name: Copy kubectl to user bin + ansible.builtin.copy: + src: /var/lib/rancher/rke2/bin/kubectl + dest: /usr/local/bin/kubectl + mode: '0755' + remote_src: true + become: true + when: inventory_hostname == groups['servers'][0] + +# wait for the kubectl copy to complete +- name: Wait for kubectl + ansible.builtin.wait_for: + path: /usr/local/bin/kubectl + when: inventory_hostname == groups['servers'][0] + +# modify token access +- name: Register node-token file access mode + ansible.builtin.stat: + path: /var/lib/rancher/rke2/server + register: p + +- name: Change file access for node-token + ansible.builtin.file: + path: /var/lib/rancher/rke2/server + mode: "g+rx,o+rx" + when: inventory_hostname == groups['servers'][0] + +# Save token as variable +- name: Fetch the token from the first server node + ansible.builtin.slurp: + src: /var/lib/rancher/rke2/server/token + register: rke2_token + when: inventory_hostname == groups['servers'][0] + run_once: true + +# convert token to fact +- name: Save Master node-token for later + ansible.builtin.set_fact: + token: "{{ rke2_token.content | b64decode | regex_replace('\n', '') }}" + +# revert token file access +- name: Restore node-token file access + ansible.builtin.file: + path: /var/lib/rancher/rke2/server + mode: "{{ p.stat.mode }}" + when: inventory_hostname == groups['servers'][0] + +# check .kube folder exists so that we can use kubectl (config resides here) +- name: Ensure .kube directory exists in user's home + ansible.builtin.file: + path: "/home/{{ ansible_user }}/.kube" + state: directory + mode: '0755' + become: true + +# copy kubectl config file to .kube folder +- name: Copy config file to user home directory + ansible.builtin.copy: + src: /etc/rancher/rke2/rke2.yaml + dest: "/home/{{ ansible_user }}/.kube/config" + remote_src: true + owner: "{{ ansible_user }}" + mode: "u=rw,g=,o=" + when: inventory_hostname == groups['servers'][0] + +# change IP from local to server 1 IP +- name: Replace IP address with server1 + ansible.builtin.replace: + path: /home/{{ ansible_user }}/.kube/config + regexp: '127.0.0.1' + replace: "{{ hostvars['server1']['ansible_host'] }}" + when: inventory_hostname == groups['servers'][0] diff --git a/roles/rke2-prepare/templates/rke2-agent.service.j2 b/roles/rke2-prepare/templates/rke2-agent.service.j2 new file mode 100644 index 0000000..b032208 --- /dev/null +++ b/roles/rke2-prepare/templates/rke2-agent.service.j2 @@ -0,0 +1,13 @@ +# rke2-agent.service.j2 +[Unit] +Description=RKE2 Agent +After=network.target + +[Service] +ExecStart=/usr/local/bin/rke2 agent +KillMode=process +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/roles/rke2-prepare/templates/rke2-server-config.j2 b/roles/rke2-prepare/templates/rke2-server-config.j2 new file mode 100644 index 0000000..a3131f1 --- /dev/null +++ b/roles/rke2-prepare/templates/rke2-server-config.j2 @@ -0,0 +1,10 @@ +write-kubeconfig-mode: "0644" +tls-san: + - {{ vip }} + - {{ hostvars['server1']['ansible_host'] }} + - {{ hostvars['server2']['ansible_host'] }} + - {{ hostvars['server3']['ansible_host'] }} +node-label: + - server=true +disable: + - rke2-ingress-nginx \ No newline at end of file diff --git a/roles/rke2-prepare/templates/rke2-server.service.j2 b/roles/rke2-prepare/templates/rke2-server.service.j2 new file mode 100644 index 0000000..a091ebd --- /dev/null +++ b/roles/rke2-prepare/templates/rke2-server.service.j2 @@ -0,0 +1,13 @@ +# rke2-server.service.j2 +[Unit] +Description=RKE2 server +After=network.target + +[Service] +ExecStart=/usr/local/bin/rke2 server +KillMode=process +Restart=on-failure +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/roles/rke2-prepare/vars/main.yaml b/roles/rke2-prepare/vars/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/run_playbook b/run_playbook new file mode 100755 index 0000000..5364f80 --- /dev/null +++ b/run_playbook @@ -0,0 +1,3 @@ +#!/bin/bash +ansible-playbook site.yaml -i inventory/hosts.ini --key-file ~/.ssh/id_rsa + diff --git a/site.yaml b/site.yaml new file mode 100644 index 0000000..fe833c6 --- /dev/null +++ b/site.yaml @@ -0,0 +1,56 @@ +# Hello, thanks for using my playbook, hopefully you can help to improve it. +# Things that need adding: (there are many more) +# 1) Support different OS & architectures +# 2) Support multiple CNIs +# 3) Improve the wait logic +# 4) Use kubernetes Ansible plugins more sensibly +# 5) Optimise flow logic +# 6) Clean up + +############################################################### +# MAKE SURE YOU CHANGE group_vars/all.yaml VARIABLES!!!!!!!!!!! +############################################################### + +# bootstraps first server and copies configs for others/agents +- name: Prepare all nodes + hosts: rke2 + gather_facts: false # fact gathering is slow and not needed for any of our tasks + become: true + roles: + - prepare-nodes + - rke2-download + +# Creates RKE2 bootstrap manifests folder and copies kube-vip template over (configured with variables) +- name: Deploy Kube VIP + hosts: servers + gather_facts: true + roles: + - kube-vip + +# bootstraps the first server, copies configs to nodes, saves token to use later +- name: Prepare RKE2 on Servers and Agents + hosts: servers,agents + gather_facts: true + roles: + - rke2-prepare + +# Adds additional servers using the token from the previous task +- name: Add additional RKE2 Servers + hosts: servers + gather_facts: true + roles: + - add-server + +# Adds agents to the cluster +- name: Add additional RKE2 Agents + hosts: agents + gather_facts: true + roles: + - add-agent + +# Finish kube-vip, add metallb +- name: Apply manifests after cluster is created + hosts: servers + gather_facts: true + roles: + - apply-manifests