├── .gitignore
├── README.md
└── install.yaml


/.gitignore:
--------------------------------------------------------------------------------
1 | hosts
2 | .idea/*
3 | metallb-config.yaml
4 | .DS_Store
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # kubernetes-deploy
 2 | 
 3 | Ansible playbooks for deploying a 3 node Kubernetes cluster with 1 master node and 2 worker nodes. The default user 
 4 | that will be used is `k8sadmin` so this user must exist on your servers (with sudo permissions).
 5 | 
 6 | # Ansible setup
 7 | 
 8 | Your local machine will need to have Ansible installed. This can be done with the following command:
 9 | 
10 | ```
11 | brew install ansible
12 | ```
13 | 
14 | # Pre-requisites
15 | 
16 | This project assumes that you have 3 Ubuntu servers set up and configured with access via ssh keys and configured in 
17 | your `~/.ssh/config` file. 
18 | 
19 | Because the installation of Kubernetes requires the ability to run commands as root, you will need to be able to 
20 | sudo on the servers without a password. 
21 | 
22 | This can be done by running the following command on each of the servers:
23 | 
24 | ```
25 | echo "<username> ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/<username>
26 | ```
27 | 
28 | The ansible playbooks deploy metallb as the load balancer for the cluster. This requires that you have a range of IP 
29 | defined in a config map.
30 | 
31 | Create a file in the repository named `metallb-config.yaml` with the following contents (replacing the IP addresses):
32 | 
33 | ```
34 | apiVersion: metallb.io/v1beta1
35 | kind: IPAddressPool
36 | metadata:
37 |   name: default
38 |   namespace: metallb-system
39 | spec:
40 |   addresses:
41 |     - 192.168.0.150-192.168.0.170
42 | ---
43 | apiVersion: metallb.io/v1beta1
44 | kind: L2Advertisement
45 | metadata:
46 |   name: l2advertisement
47 |   namespace: metallb-system
48 | spec:
49 |   ipAddressPools:
50 |    - default
51 | ```
52 | 
53 | # Host configuration
54 | 
55 | ```
56 | Host master
57 |     HostName <master-ip>
58 |     User ubuntu
59 | 
60 | Host worker-1
61 |     HostName <worker-1-ip>
62 |     User ubuntu
63 |     
64 | Host worker-2
65 |     HostName <worker-2-ip>
66 |     User ubuntu
67 | ```
68 | 
69 | You will need to create a `hosts` file in the root of the project with the following contents:
70 | 
71 | ```
72 | [master]
73 | <master>
74 | 
75 | [worker]
76 | <worker-1>
77 | <worker-2>
78 | ```
79 | 
80 | You can then test that Ansible can connect to the servers with the following command:
81 | 
82 | ```
83 | ansible -i hosts all -m ping
84 | ```
85 | 
86 | # Running the playbooks
87 | 
88 | The playbooks can be run with the following command:
89 | 
90 | ```
91 | ansible-playbook -i hosts install.yaml
92 | ```
93 | 
94 | Once the playbook has completed you should have a fully functional Kubernetes cluster!


--------------------------------------------------------------------------------
/install.yaml:
--------------------------------------------------------------------------------
  1 | # Ansible playbook to install the required packages on the master and worker nodes
  2 | - hosts: "master, worker"
  3 |   become: yes # Run as root
  4 | 
  5 |   tasks:
  6 |     - name: Configure containerd
  7 |       shell: |
  8 |         sudo tee /etc/modules-load.d/containerd.conf <<EOF
  9 |         overlay
 10 |         br_netfilter
 11 |         EOF
 12 |         sudo modprobe overlay
 13 |         sudo modprobe br_netfilter
 14 |     - name: Configure kernel
 15 |       shell: |
 16 |         sudo tee /etc/sysctl.d/kubernetes.conf <<EOF
 17 |         net.bridge.bridge-nf-call-ip6tables = 1
 18 |         net.bridge.bridge-nf-call-iptables = 1
 19 |         net.ipv4.ip_forward = 1
 20 |         EOF
 21 |     - name: Apply changes
 22 |       shell: sudo sysctl --system
 23 |     - name: Install containerd dependencies
 24 |       apt:
 25 |         name: [ 'apt-transport-https','ca-certificates','curl','gnupg-agent','software-properties-common' ]
 26 |         state: present
 27 |         update_cache: yes
 28 |     - name: Add containerd gpg key
 29 |       apt_key:
 30 |         url: https://download.docker.com/linux/ubuntu/gpg
 31 |         state: present
 32 |     - name: Add containerd software repository
 33 |       apt_repository:
 34 |         repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
 35 |         state: present
 36 |         filename: docker.list
 37 |         update_cache: yes
 38 |     - name: Install containerd
 39 |       apt:
 40 |         name: [ 'containerd.io' ]
 41 |         state: present
 42 |         update_cache: yes
 43 |     - name: Configure containerd
 44 |       shell: |
 45 |         sudo mkdir -p /etc/containerd
 46 |         sudo containerd config default | sudo tee /etc/containerd/config.toml
 47 |         sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
 48 |     - name: Restart and enable containerd
 49 |       systemd:
 50 |         name: containerd
 51 |         state: restarted
 52 |         enabled: yes
 53 |     - name: Disable swap
 54 |       shell: swapoff -a
 55 |     - name: Stop swap from mounting
 56 |       shell: sed -i 's/^\/swap/#\/swap/g' /etc/fstab
 57 |     - name: Install dependencies
 58 |       apt:
 59 |         name: [ 'apt-transport-https','ca-certificates','curl','gnupg-agent','software-properties-common' ]
 60 |         state: present
 61 |         update_cache: yes
 62 |     - name: Add Kubernetes gpg key
 63 |       apt_key:
 64 |         url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
 65 |         state: present
 66 |     - name: Add Kubernetes software repository
 67 |       apt_repository:
 68 |         repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
 69 |         state: present
 70 |         filename: kubernetes.list
 71 |         update_cache: yes
 72 |     - name: Install kubernetes
 73 |       apt:
 74 |         name: [ 'kubelet','kubeadm','kubectl' ]
 75 |         state: present
 76 |         update_cache: yes
 77 |     - name: Hold kubelet package at current version
 78 |       ansible.builtin.dpkg_selections:
 79 |         name: 'kubelet'
 80 |         selection: hold
 81 |     - name: Hold kubeadm package at current version
 82 |       ansible.builtin.dpkg_selections:
 83 |         name: 'kubeadm'
 84 |         selection: hold
 85 |     - name: Hold kubectl package at current version
 86 |       ansible.builtin.dpkg_selections:
 87 |         name: 'kubectl'
 88 |         selection: hold
 89 |     # Setup isci for Longhorn
 90 |     - name: Install iscsi and nfs-common
 91 |       apt:
 92 |         name: [ 'open-iscsi', 'nfs-common' ]
 93 |         state: present
 94 |         update_cache: yes
 95 | 
 96 | # Ansible playbook to initialize the master node
 97 | - hosts: master
 98 |   become: yes # Run as root
 99 | 
100 |   tasks:
101 |     - name: Check if the master node is already initialized
102 |       stat:
103 |         path: /etc/kubernetes/admin.conf
104 |       register: kubeadm_init
105 |     - name: Initialize the master node
106 |       command: kubeadm init --pod-network-cidr=10.244.0.0/16
107 |       when: kubeadm_init.stat.exists == false # Only run if the master node is not already initialized
108 |     - name: Create .kube directory
109 |       file:
110 |         path: /home/k8sadmin/.kube
111 |         state: directory
112 |         owner: k8sadmin
113 |         group: k8sadmin
114 |         mode: 0755
115 |       when: kubeadm_init.stat.exists == false # Only run if the master node is not already initialized
116 |     - name: Copy the kube config file
117 |       copy:
118 |         src: /etc/kubernetes/admin.conf
119 |         dest: /home/k8sadmin/.kube/config
120 |         remote_src: yes
121 |         owner: k8sadmin
122 |         group: k8sadmin
123 |         mode: 0644
124 |       when: kubeadm_init.stat.exists == false # Only run if the master node is not already initialized
125 |     - name: Install calico CNI
126 |       command: kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
127 |       become: yes
128 |       become_user: k8sadmin
129 |     - name: Get the token for joining the worker nodes
130 |       become: yes
131 |       become_user: k8sadmin
132 |       shell: kubeadm token create  --print-join-command
133 |       register: kubernetes_join_command
134 |     - name: Display registered output
135 |       debug:
136 |         var: kubernetes_join_command.stdout_lines
137 |     - name: Set strictARP for metallb
138 |       shell: |
139 |         kubectl get configmap kube-proxy -n kube-system -o yaml | \
140 |         sed -e "s/strictARP: false/strictARP: true/" | \
141 |         kubectl apply -f - -n kube-system
142 |       become: yes
143 |       become_user: k8sadmin
144 |     - name: Install metallb namespace
145 |       command: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.10.3/manifests/namespace.yaml
146 |       become: yes
147 |       become_user: k8sadmin
148 |     - name: Install metallb
149 |       command: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.12/config/manifests/metallb-native.yaml
150 |       become: yes
151 |       become_user: k8sadmin
152 |     # Setup Metallb
153 |     - name: Copy metallb config file
154 |       copy:
155 |         src: "{{ playbook_dir }}/metallb-config.yaml"
156 |         dest: /home/k8sadmin/metallb-config.yaml
157 |         owner: k8sadmin
158 |         group: k8sadmin
159 |         mode: 0644
160 |     - name: Install metallb config
161 |       command: kubectl apply -f /home/k8sadmin/metallb-config.yaml
162 |       become: yes
163 |       become_user: k8sadmin
164 |     - name: Rolling restart of metallb pods
165 |       command: kubectl rollout restart deployment controller -n metallb-system
166 |       become_user: k8sadmin
167 |       become: yes
168 |     # Setup Longhorn
169 |     - name: Remove taint from master node to allow disk replication
170 |       command: kubectl taint nodes --all node-role.kubernetes.io/control-plane-
171 |       become: yes
172 |       become_user: k8sadmin
173 |     - name: Install Longhorn
174 |       command: kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.5.3/deploy/longhorn.yaml
175 |       become: yes
176 |       become_user: k8sadmin
177 |     - name: Create dummy host to store variable for node config
178 |       add_host:
179 |         name: "DUMMY_HOST"
180 |         JOIN_COMMAND: "{{ kubernetes_join_command.stdout_lines[0] }}"
181 | 
182 | # Ansible playbook to join the worker nodes to the cluster
183 | - hosts: worker
184 |   become: yes # Run as root
185 | 
186 |   tasks:
187 |     - name: Check if the worker node is already joined
188 |       stat:
189 |         path: /etc/kubernetes/kubelet.conf
190 |       register: kubeadm_join
191 |     - name: Join the worker nodes to the cluster
192 |       command: "{{ hostvars['DUMMY_HOST']['JOIN_COMMAND'] }}"
193 |       become: yes
194 |       when: kubeadm_join.stat.exists == false # Only run if the worker node is not already joined
195 | 


--------------------------------------------------------------------------------