https://github.com/kairen/kubeadm-ansible

Build a Kubernetes cluster using kubeadm via Ansible.
https://github.com/kairen/kubeadm-ansible

ansible kubeadm kubernetes-cluster

Last synced: 27 days ago
JSON representation

Build a Kubernetes cluster using kubeadm via Ansible.

• Host: GitHub
• URL: https://github.com/kairen/kubeadm-ansible
• Owner: kairen
• License: apache-2.0
• Created: 2017-05-16T14:43:09.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2024-05-30T08:10:17.000Z (5 months ago)
• Last Synced: 2024-09-30T01:41:43.395Z (about 1 month ago)
• Topics: ansible, kubeadm, kubernetes-cluster
• Language: Jinja
• Homepage:
• Size: 126 KB
• Stars: 723
• Watchers: 34
• Forks: 380
• Open Issues: 27
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-list-ansible - kubeadm-ansible

README

        
# Kubeadm Ansible Playbook

Build a Kubernetes cluster using Ansible with kubeadm. The goal is easily install a Kubernetes cluster on machines running:

  - Ubuntu 16.04

  - CentOS 7

  - Debian 9

System requirements:

  - Deployment environment must have Ansible `2.4.0+`

  - Master and nodes must have passwordless SSH access

# Usage

Add the system information gathered above into a file called `hosts.ini`. For example:

```

[master]

192.16.35.12

[node]

192.16.35.[10:11]

[kube-cluster:children]

master

node

```

If you're working with ubuntu, add the following properties to each host `ansible_python_interpreter='python3'`:

```

[master]

192.16.35.12 ansible_python_interpreter='python3'

[node]

192.16.35.[10:11] ansible_python_interpreter='python3'

[kube-cluster:children]

master

node

```

Before continuing, edit `group_vars/all.yml` to your specified configuration.

For example, I choose to run `flannel` instead of calico, and thus:

```yaml

# Network implementation('flannel', 'calico')

network: flannel

```

**Note:** Depending on your setup, you may need to modify `cni_opts` to an available network interface. By default, `kubeadm-ansible` uses `eth1`. Your default interface may be `eth0`.

After going through the setup, run the `site.yaml` playbook:

```sh

$ ansible-playbook site.yaml

...

==> master1: TASK [addon : Create Kubernetes dashboard deployment] **************************

==> master1: changed: [192.16.35.12 -> 192.16.35.12]

==> master1:

==> master1: PLAY RECAP *********************************************************************

==> master1: 192.16.35.10               : ok=18   changed=14   unreachable=0    failed=0

==> master1: 192.16.35.11               : ok=18   changed=14   unreachable=0    failed=0

==> master1: 192.16.35.12               : ok=34   changed=29   unreachable=0    failed=0

```

The playbook will download `/etc/kubernetes/admin.conf` file to `$HOME/admin.conf`.

If it doesn't work download the `admin.conf` from the master node:

```sh

$ scp k8s@k8s-master:/etc/kubernetes/admin.conf .

```

Verify cluster is fully running using kubectl:

```sh

$ export KUBECONFIG=~/admin.conf

$ kubectl get node

NAME      STATUS    AGE       VERSION

master1   Ready     22m       v1.6.3

node1     Ready     20m       v1.6.3

node2     Ready     20m       v1.6.3

$ kubectl get po -n kube-system

NAME                                    READY     STATUS    RESTARTS   AGE

etcd-master1                            1/1       Running   0          23m

...

```

# Resetting the environment

Finally, reset all kubeadm installed state using `reset-site.yaml` playbook:

```sh

$ ansible-playbook reset-site.yaml

```

# Additional features

These are features that you could want to install to make your life easier.

Enable/disable these features in `group_vars/all.yml` (all disabled by default):

```

# Additional feature to install

additional_features:

  helm: false

  metallb: false

  healthcheck: false

```

## Helm

This will install helm in your cluster (https://helm.sh/) so you can deploy charts.

## MetalLB

This will install MetalLB (https://metallb.universe.tf/), very useful if you deploy the cluster locally and you need a load balancer to access the services.

## Healthcheck

This will install k8s-healthcheck (https://github.com/emrekenci/k8s-healthcheck), a small application to report cluster status.

# Utils

Collection of scripts/utilities

## Vagrantfile

This Vagrantfile is taken from https://github.com/ecomm-integration-ballerina/kubernetes-cluster and slightly modified to copy ssh keys inside the cluster (install https://github.com/dotless-de/vagrant-vbguest is highly recommended)

# Tips & Tricks

## Specify user for Ansible

If you use vagrant or your remote user is root, add this to `hosts.ini`

```

[master]

192.16.35.12 ansible_user='root'

[node]

192.16.35.[10:11] ansible_user='root'

```

## Access Kubernetes Dashboard

As of release 1.7 Dashboard no longer has full admin privileges granted by default, so you need to create a token to access the resources:

```sh

$ kubectl -n kube-system create sa dashboard

$ kubectl create clusterrolebinding dashboard --clusterrole cluster-admin --serviceaccount=kube-system:dashboard

$ kubectl -n kube-system get sa dashboard -o yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  creationTimestamp: 2017-11-27T17:06:41Z

  name: dashboard

  namespace: kube-system

  resourceVersion: "69076"

  selfLink: /api/v1/namespaces/kube-system/serviceaccounts/dashboard

  uid: 56b880bf-d395-11e7-9528-448a5ba4bd34

secrets:

- name: dashboard-token-vg52j

$ kubectl -n kube-system describe secrets dashboard-token-vg52j

...

token:      eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtdG9rZW4tdmc1MmoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTZiODgwYmYtZDM5NS0xMWU3LTk1MjgtNDQ4YTViYTRiZDM0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZCJ9.bVRECfNS4NDmWAFWxGbAi1n9SfQ-TMNafPtF70pbp9Kun9RbC3BNR5NjTEuKjwt8nqZ6k3r09UKJ4dpo2lHtr2RTNAfEsoEGtoMlW8X9lg70ccPB0M1KJiz3c7-gpDUaQRIMNwz42db7Q1dN7HLieD6I4lFsHgk9NPUIVKqJ0p6PNTp99pBwvpvnKX72NIiIvgRwC2cnFr3R6WdUEsuVfuWGdF-jXyc6lS7_kOiXp2yh6Ym_YYIr3SsjYK7XUIPHrBqWjF-KXO_AL3J8J_UebtWSGomYvuXXbbAUefbOK4qopqQ6FzRXQs00KrKa8sfqrKMm_x71Kyqq6RbFECsHPA

$ kubectl proxy

```

> Copy and paste the `token` from above to dashboard.

Login the dashboard:

- Dashboard: [https://API_SERVER:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/](https://API_SERVER:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/)

- Logging: [https://API_SERVER:8001/api/v1/namespaces/kube-system/services/kibana-logging/proxy/](https://API_SERVER:8001/api/v1/namespaces/kube-system/services/kibana-logging/proxy/)