diff --git a/group_vars/all.example b/group_vars/all.example index 9e4e2fc..3bec873 100644 --- a/group_vars/all.example +++ b/group_vars/all.example @@ -1,2 +1,8 @@ -docker_ce_version_to_install: 18.03.1 -kube_init_network_interface: enp0s8 \ No newline at end of file +docker_ce_version_to_install: 18.03.1 +kube_init_network_interface: enp0s8 + +# Kubernetes pod network. Choices are: +# flannel +# weavenet +# calico +kube_network: weavenet \ No newline at end of file diff --git a/roles/initialize-kubernetes/files/install-pod-network.sh b/roles/initialize-kubernetes/files/install-pod-network.sh deleted file mode 100644 index ba8d2d3..0000000 --- a/roles/initialize-kubernetes/files/install-pod-network.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')" -#kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml \ No newline at end of file diff --git a/roles/initialize-kubernetes/tasks/main.yml b/roles/initialize-kubernetes/tasks/main.yml index eee2754..cd8a074 100644 --- a/roles/initialize-kubernetes/tasks/main.yml +++ b/roles/initialize-kubernetes/tasks/main.yml @@ -31,19 +31,14 @@ line: 'export KUBECONFIG={{ ansible_env.HOME }}/admin.conf' - name: Copy pod network install script - copy: - src: ../files/install-pod-network.sh + template: + src: ../templates/install-pod-network.sh.j2 dest: "{{ ansible_env.HOME }}/install-pod-network.sh" -- name: Copy networking yaml - template: - src: ../templates/kube-flannel.yml.j2 - dest: "{{ ansible_env.HOME }}/kube-flannel.yml" - name: Install Pod Network shell: > bash {{ ansible_env.HOME }}/install-pod-network.sh - #kubectl apply -f {{ ansible_env.HOME }}/kube-flannel.yml environment: KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf" @@ -53,8 +48,13 @@ KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf" ignore_errors: true +- name: Copy Traefik yml + template: + src: ../templates/traefik-ds.yml.j2 + dest: "{{ ansible_env.HOME }}/traefik-ds.yml" + - name: Install Traefik Ingress Controller shell: > - kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml + kubectl apply -f {{ ansible_env.HOME }}/traefik-ds.yml environment: KUBECONFIG: "{{ ansible_env.HOME }}/admin.conf" \ No newline at end of file diff --git a/roles/initialize-kubernetes/templates/install-pod-network.sh.j2 b/roles/initialize-kubernetes/templates/install-pod-network.sh.j2 new file mode 100644 index 0000000..8cef7c2 --- /dev/null +++ b/roles/initialize-kubernetes/templates/install-pod-network.sh.j2 @@ -0,0 +1,10 @@ +#!/bin/bash + +{% if kube_network == "weavenet" %} +kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')" +{% elif kube_network == "flannel" %} +kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml +{% elif kube_network == "calico" %} +kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml +kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml +{% endif %} \ No newline at end of file diff --git a/roles/initialize-kubernetes/templates/kube-flannel.yml.j2 b/roles/initialize-kubernetes/templates/kube-flannel.yml.j2 deleted file mode 100644 index 6a9d7a2..0000000 --- a/roles/initialize-kubernetes/templates/kube-flannel.yml.j2 +++ /dev/null @@ -1,475 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: flannel -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: flannel -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flannel -subjects: -- kind: ServiceAccount - name: flannel - namespace: kube-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: flannel - namespace: kube-system ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: kube-flannel-cfg - namespace: kube-system - labels: - tier: node - app: flannel -data: - cni-conf.json: | - { - "name": "cbr0", - "plugins": [ - { - "type": "flannel", - "delegate": { - "hairpinMode": true, - "isDefaultGateway": true - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] - } - net-conf.json: | - { - "Network": "10.244.0.0/16", - "Backend": { - "Type": "vxlan" - } - } ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-flannel-ds-amd64 - namespace: kube-system - labels: - tier: node - app: flannel -spec: - template: - metadata: - labels: - tier: node - app: flannel - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: amd64 - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: flannel - initContainers: - - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-amd64 - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - containers: - - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-amd64 - command: - - /opt/bin/flanneld - args: - - --ip-masq - - --kube-subnet-mgr - - --iface={{ kube_init_network_interface }} - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - volumes: - - name: run - hostPath: - path: /run - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-flannel-ds-arm64 - namespace: kube-system - labels: - tier: node - app: flannel -spec: - template: - metadata: - labels: - tier: node - app: flannel - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: arm64 - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: flannel - initContainers: - - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-arm64 - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - containers: - - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-arm64 - command: - - /opt/bin/flanneld - args: - - --ip-masq - - --kube-subnet-mgr - - --iface={{ kube_init_network_interface }} - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - volumes: - - name: run - hostPath: - path: /run - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-flannel-ds-arm - namespace: kube-system - labels: - tier: node - app: flannel -spec: - template: - metadata: - labels: - tier: node - app: flannel - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: arm - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: flannel - initContainers: - - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-arm - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - containers: - - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-arm - command: - - /opt/bin/flanneld - args: - - --ip-masq - - --kube-subnet-mgr - - --iface={{ kube_init_network_interface }} - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - volumes: - - name: run - hostPath: - path: /run - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-flannel-ds-ppc64le - namespace: kube-system - labels: - tier: node - app: flannel -spec: - template: - metadata: - labels: - tier: node - app: flannel - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: ppc64le - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: flannel - initContainers: - - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-ppc64le - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - containers: - - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-ppc64le - command: - - /opt/bin/flanneld - args: - - --ip-masq - - --kube-subnet-mgr - - --iface={{ kube_init_network_interface }} - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - volumes: - - name: run - hostPath: - path: /run - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-flannel-ds-s390x - namespace: kube-system - labels: - tier: node - app: flannel -spec: - template: - metadata: - labels: - tier: node - app: flannel - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: s390x - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: flannel - initContainers: - - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-s390x - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - containers: - - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-s390x - command: - - /opt/bin/flanneld - args: - - --ip-masq - - --kube-subnet-mgr - - --iface={{ kube_init_network_interface }} - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - volumes: - - name: run - hostPath: - path: /run - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg diff --git a/roles/initialize-kubernetes/templates/traefik-ds.yml.j2 b/roles/initialize-kubernetes/templates/traefik-ds.yml.j2 new file mode 100644 index 0000000..a085774 --- /dev/null +++ b/roles/initialize-kubernetes/templates/traefik-ds.yml.j2 @@ -0,0 +1,61 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ingress-controller + namespace: kube-system +--- +kind: DaemonSet +apiVersion: extensions/v1beta1 +metadata: + name: traefik-ingress-controller + namespace: kube-system + labels: + k8s-app: traefik-ingress-lb +spec: + template: + metadata: + labels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + spec: + serviceAccountName: traefik-ingress-controller + terminationGracePeriodSeconds: 60 + containers: + - image: traefik + name: traefik-ingress-lb + ports: + - name: http + containerPort: 80 + hostPort: 80 + - name: admin + containerPort: 8080 + hostPort: 8080 + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + args: + - --api + - --kubernetes + - --logLevel=INFO + - --ping + - --insecureskipverify +--- +kind: Service +apiVersion: v1 +metadata: + name: traefik-ingress-service + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - protocol: TCP + port: 80 + name: web + - protocol: TCP + port: 8080 + name: admin \ No newline at end of file diff --git a/roles/install-kubernetes/tasks/main.yml b/roles/install-kubernetes/tasks/main.yml index f609cd6..72139fd 100644 --- a/roles/install-kubernetes/tasks/main.yml +++ b/roles/install-kubernetes/tasks/main.yml @@ -66,4 +66,5 @@ state: present sysctl_set: yes reload: yes - become: true \ No newline at end of file + become: true + when: kube_network == "flannel" or kube_network == "weavenet" \ No newline at end of file diff --git a/tests/files/group_vars_all b/tests/files/group_vars_all index cc810d2..f0bfd8f 100644 --- a/tests/files/group_vars_all +++ b/tests/files/group_vars_all @@ -1,2 +1,3 @@ docker_ce_version_to_install: 18.03.1 -kube_init_network_interface: enp0s8 \ No newline at end of file +kube_init_network_interface: enp0s8 +kube_network: weavenet \ No newline at end of file