├── README.md ├── files └── k8s.conf ├── haproxy_installation.yml ├── inventory.ini ├── join-worker-machine.yml ├── kubernetes_master_prerequisites.yml ├── kubernetes_worker_prerequisites.yml ├── leader_master.yml ├── master_member.yml ├── templates ├── haproxy.j2 └── hosts.j2 └── update_hosts_file.yml /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes-HA-cluster-setup-using-ansible 2 | https://youtu.be/zjl6RKe13gw 3 | -------------------------------------------------------------------------------- /files/k8s.conf: -------------------------------------------------------------------------------- 1 | net.bridge.bridge-nf-call-ip6tables = 1 2 | net.bridge.bridge-nf-call-iptables = 1 3 | -------------------------------------------------------------------------------- /haproxy_installation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: haproxy 4 | become: true 5 | gather_facts: true 6 | vars: 7 | my_file: /etc/haproxy/haproxy.cfg 8 | my_template: templates/haproxy.j2 9 | tasks: 10 | - name: Update YUM package 11 | yum: name=* state=latest 12 | - name: Install haproxy 13 | yum: 14 | name: haproxy 15 | state: present 16 | - name: Stop haproxy service 17 | service: 18 | name: haproxy 19 | state: stopped 20 | - name: Set setsebool -P haproxy_connect_any=1 21 | command: setsebool -P haproxy_connect_any=1 22 | - name: Create "{{ my_file }}" 23 | template: 24 | src: "{{ my_template }}" 25 | dest: "{{ my_file }}" 26 | owner: root 27 | group: root 28 | mode: "0644" 29 | - name: start haproxy service 30 | service: 31 | name: haproxy 32 | state: started 33 | 34 | -------------------------------------------------------------------------------- /inventory.ini: -------------------------------------------------------------------------------- 1 | [k8s:children] 2 | haproxy 3 | masters 4 | worker 5 | ansible 6 | # Set variables common for all k8shosts 7 | [k8s:vars] 8 | ansible_ssh_user=root 9 | ansible_become=true 10 | 11 | [haproxy] 12 | 192.168.10.100 13 | [masters] 14 | 192.168.10.101 15 | 192.168.10.102 16 | 192.168.10.103 17 | [ansible] 18 | 192.168.50.11 19 | [leader] 20 | 192.168.10.101 21 | [member] 22 | 192.168.10.102 23 | 192.168.10.103 24 | [worker] 25 | 192.168.10.104 26 | -------------------------------------------------------------------------------- /join-worker-machine.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: worker 4 | become: true 5 | gather_facts: true 6 | tasks: 7 | - name: Generated token - 1. 8 | local_action: shell sed -n 83,84p ./token > ./workertoken 9 | - name: Copy master token 10 | copy: 11 | src: /opt/k8s/workertoken 12 | dest: /tmp/join-worker-command.sh 13 | owner: root 14 | group: root 15 | mode: '0777' 16 | - name: Add new Kubernetes master member 17 | command: sh /tmp/join-worker-command.sh 18 | -------------------------------------------------------------------------------- /kubernetes_master_prerequisites.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: masters 4 | become: true 5 | gather_facts: true 6 | tasks: 7 | - name: Upgrade all packages 8 | yum: name=* state=latest 9 | - name: Install Docker 10 | package: 11 | name: docker 12 | state: latest 13 | become: yes 14 | - name: Start Docker service 15 | service: 16 | name: docker 17 | state: started 18 | enabled: yes 19 | become: yes 20 | - name: Disable SELinux 21 | selinux: 22 | state: disabled 23 | - name: Reboot the machine 24 | reboot: 25 | - name: Copy /etc/yum.repos.d/kubernetes.repo 26 | copy: 27 | src: /opt/ansible/files/kubernetes.repo 28 | dest: /etc/yum.repos.d/kubernetes.repo 29 | owner: root 30 | group: root 31 | mode: '0644' 32 | - name: Upgrade all packages 33 | yum: name=* state=latest 34 | - name: Install Kubernetes Package 35 | yum: 36 | name: "{{packages}}" 37 | state: present 38 | vars: 39 | packages: 40 | - kubelet 41 | - kubeadm 42 | - kubectl 43 | - name: Enable / Start kubelet Service 44 | service: 45 | name: kubelet 46 | state: started 47 | enabled: yes 48 | - name: Letting iptables see bridged traffic 49 | copy: 50 | src: /opt/k8s/files/k8s.conf 51 | dest: /etc/sysctl.d/k8s.conf 52 | owner: root 53 | group: root 54 | mode: '0644' 55 | - name: Reload sysctl config for iptables 56 | command: sysctl --system 57 | - name: Disable SWAP 58 | command: swapoff -a 59 | 60 | -------------------------------------------------------------------------------- /kubernetes_worker_prerequisites.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: worker 4 | become: true 5 | gather_facts: true 6 | tasks: 7 | - name: Upgrade all packages 8 | yum: name=* state=latest 9 | - name: Install Docker 10 | package: 11 | name: docker 12 | state: latest 13 | become: yes 14 | - name: Start Docker service 15 | service: 16 | name: docker 17 | state: started 18 | enabled: yes 19 | become: yes 20 | - name: Disable SELinux 21 | selinux: 22 | state: disabled 23 | - name: Reboot the machine 24 | reboot: 25 | - name: Copy /etc/yum.repos.d/kubernetes.repo 26 | copy: 27 | src: /opt/ansible/files/kubernetes.repo 28 | dest: /etc/yum.repos.d/kubernetes.repo 29 | owner: root 30 | group: root 31 | mode: '0644' 32 | - name: Upgrade all packages 33 | yum: name=* state=latest 34 | - name: Install Kubernetes Package 35 | yum: 36 | name: "{{packages}}" 37 | state: present 38 | vars: 39 | packages: 40 | - kubelet 41 | - kubeadm 42 | - kubectl 43 | - name: Enable / Start kubelet Service 44 | service: 45 | name: kubelet 46 | state: started 47 | enabled: yes 48 | - name: Letting iptables see bridged traffic 49 | copy: 50 | src: /opt/k8s/files/k8s.conf 51 | dest: /etc/sysctl.d/k8s.conf 52 | owner: root 53 | group: root 54 | mode: '0644' 55 | - name: Reload sysctl config for iptables 56 | command: sysctl --system 57 | - name: Disable SWAP 58 | command: swapoff -a 59 | -------------------------------------------------------------------------------- /leader_master.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: leader 4 | become: true 5 | gather_facts: true 6 | vars: 7 | nodeip: var=ansible_eth1.ipv4.address 8 | tasks: 9 | - name: Initializing Kubernetes cluster 10 | shell: kubeadm init --control-plane-endpoint "haproxy.k8slabs.in:80" --upload-certs --apiserver-advertise-address {{ansible_eth1.ipv4.address}} --pod-network-cidr 192.168.0.0/16 --service-cidr 192.168.2.0/24 11 | register: output 12 | - name: Storing Logs and Generated token for future purpose. 13 | local_action: copy content={{ output.stdout }} dest="./token" 14 | - name: Copying required files 15 | shell: | 16 | mkdir -p $HOME/.kube 17 | sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config 18 | sudo chown $(id -u):$(id -g) $HOME/.kube/config 19 | - name: Install calico pod network 20 | command: kubectl create -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml 21 | 22 | -------------------------------------------------------------------------------- /master_member.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: member 4 | become: true 5 | gather_facts: true 6 | tasks: 7 | - name: Generated token - 1. 8 | local_action: shell sed -n 73,75p ./token > ./mastertoken 9 | - name: Copy master token 10 | copy: 11 | src: /opt/k8s/mastertoken 12 | dest: /tmp/join-command.sh 13 | owner: root 14 | group: root 15 | mode: '0777' 16 | - name: Generated token - 2. 17 | shell: sed -i 's/\b:80\b/& --apiserver-advertise-address {{ansible_eth1.ipv4.address}} /' /tmp/join-command.sh 18 | - name: Add new Kubernetes master member 19 | command: sh /tmp/join-command.sh 20 | -------------------------------------------------------------------------------- /templates/haproxy.j2: -------------------------------------------------------------------------------- 1 | #--------------------------------------------------------------------- 2 | # Example configuration for a possible web application. See the 3 | # full configuration options online. 4 | # 5 | # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt 6 | # 7 | #--------------------------------------------------------------------- 8 | 9 | #--------------------------------------------------------------------- 10 | # Global settings 11 | #--------------------------------------------------------------------- 12 | global 13 | # to have these messages end up in /var/log/haproxy.log you will 14 | # need to: 15 | # 16 | # 1) configure syslog to accept network log events. This is done 17 | # by adding the '-r' option to the SYSLOGD_OPTIONS in 18 | # /etc/sysconfig/syslog 19 | # 20 | # 2) configure local2 events to go to the /var/log/haproxy.log 21 | # file. A line like the following can be added to 22 | # /etc/sysconfig/syslog 23 | # 24 | # local2.* /var/log/haproxy.log 25 | # 26 | log 127.0.0.1 local2 27 | 28 | chroot /var/lib/haproxy 29 | pidfile /var/run/haproxy.pid 30 | maxconn 4000 31 | user haproxy 32 | group haproxy 33 | daemon 34 | 35 | # turn on stats unix socket 36 | stats socket /var/lib/haproxy/stats 37 | 38 | #--------------------------------------------------------------------- 39 | # common defaults that all the 'listen' and 'backend' sections will 40 | # use if not designated in their block 41 | #--------------------------------------------------------------------- 42 | defaults 43 | mode http 44 | log global 45 | option httplog 46 | option dontlognull 47 | option http-server-close 48 | option forwardfor except 127.0.0.0/8 49 | option redispatch 50 | retries 3 51 | timeout http-request 10s 52 | timeout queue 1m 53 | timeout connect 10s 54 | timeout client 1m 55 | timeout server 1m 56 | timeout http-keep-alive 10s 57 | timeout check 10s 58 | maxconn 3000 59 | 60 | #--------------------------------------------------------------------- 61 | # main frontend which proxys to the backends 62 | #--------------------------------------------------------------------- 63 | frontend k8s-api 64 | bind 0.0.0.0:80 65 | mode tcp 66 | option tcplog 67 | default_backend k8s-api 68 | 69 | #--------------------------------------------------------------------- 70 | # round robin balancing between the various backends 71 | #--------------------------------------------------------------------- 72 | backend k8s-api 73 | mode tcp 74 | option tcplog 75 | option tcp-check 76 | balance roundrobin 77 | default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100 78 | 79 | server master01 192.168.10.101:6443 check 80 | server master02 192.168.10.102:6443 check 81 | server master03 192.168.10.103:6443 check 82 | -------------------------------------------------------------------------------- /templates/hosts.j2: -------------------------------------------------------------------------------- 1 | 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 2 | ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 3 | {% for host in groups.k8s %} 4 | {{ hostvars[host].ansible_eth1.ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }} 5 | {% endfor %} 6 | -------------------------------------------------------------------------------- /update_hosts_file.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate Hosts File 3 | hosts: k8s 4 | become: true 5 | gather_facts: true 6 | vars: 7 | my_file: /etc/hosts 8 | my_template: templates/hosts.j2 9 | tasks: 10 | - name: Create "{{ my_file }}" 11 | template: 12 | src: "{{ my_template }}" 13 | dest: "{{ my_file }}" 14 | owner: root 15 | group: root 16 | mode: "0644" 17 | 18 | --------------------------------------------------------------------------------