diff --git a/bootstrap/README.md b/bootstrap/README.md index f0c798e..86c04e9 100644 --- a/bootstrap/README.md +++ b/bootstrap/README.md @@ -2,10 +2,15 @@ The following lines document how to initalize a fresh cluster. On a real cluster, or using Vagrant. It therefore assumes to clone kubespray to this folder. It will be excluded in *.gitignore* and all files are in this folder. +Use [kubespray tag](https://github.com/kubernetes-sigs/kubespray/releases) as parameter + +```sh +./init.sh "release-2.12" +``` + ## Vagrant ```sh -./init.sh cd kubespray vagrant up # up and abkle to ssh @@ -22,10 +27,11 @@ ssh centos@ sudo su - root adduser moritz visudo # add as sudo user +su - moritz sudo yum -y install vim python3 ssh-keygen vim .ssh/authorized_users # paste key -chmod 644 .ssh/authorized_users +chmod 644 .ssh/authorized_keys # check whether login works with ssh key sudo vim /etc/ssh/sshd_config # remove pw auth & root login sudo yum upgrade -y && sudo reboot @@ -37,7 +43,7 @@ Install Kubernetes: $ ./init.sh $ # follow instructions from output, sth like: $ cd kubespray │nginx-ingress-default-backend-5b967cf596-sk7p7 1/1 Running 0 22h -$ ansible-playbook -i inventory/prod/inventory.ini cluster.yml +$ ansible-playbook -i inventory/prod/inventory.ini cluster.yml ``` And get credentials: @@ -54,4 +60,34 @@ kubectl get ns # test connection scp haumdaucher.de:/home/moritz/.kube/config .kube/config ``` -Foreward in k8s-directory. \ No newline at end of file +Foreward in k8s-directory. + +## Upgrade cluster + +Check the current default value of `kube_version` in cloned repository. + +```sh +cd kubespray +ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.8 -e upgrade_cluster_setup=true cluster.yml +``` + +History: + +* 2020-04-18 kube_version=v1.16.8 kubespray_branch=release-2.12 + +## Add node + +See [documentation](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/nodes.md). + +Note: This was more or less a trial and error approach. Running different playbooks over and over again got it right at some point. + +```sh +ansible-playbook -i inventory/prod/inventory.ini --limit=ns3088070.ip-37-59-40.eu,ns3100058.ip-37-59-61.eu scale.yml +ansible-playbook -i inventory/prod/inventory.ini --limit=etcd,kube-master -e ignore_assert_errors=yes cluster.yml +``` + +This runs everything and is kind of idempotent: + +```sh +ansible-playbook -i inventory/prod/inventory.ini cluster.yml +``` diff --git a/bootstrap/init.sh b/bootstrap/init.sh index 600ff15..1364cf0 100755 --- a/bootstrap/init.sh +++ b/bootstrap/init.sh @@ -2,12 +2,13 @@ echo "######################################################################################" echo "## Reinit repository" rm -rf kubespray -git clone https://github.com/kubernetes-sigs/kubespray.git +VERSION=${1:-release-2.12} +git clone --branch $VERSION https://github.com/kubernetes-sigs/kubespray.git echo "######################################################################################" echo "## Activating python3 venv" VENVDIR=venv -virtualenv --python=/usr/bin/python3.7 $VENVDIR +virtualenv $VENVDIR source $VENVDIR/bin/activate pip install -r kubespray/requirements.txt @@ -41,4 +42,5 @@ cp -r kubespray/inventory/sample kubespray/inventory/prod rm kubespray/inventory/prod/inventory.ini cp ./prod.ini kubespray/inventory/prod/inventory.ini gsed -i "s/kube_network_plugin: .*/kube_network_plugin: flannel/" ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml +#echo 'calico_iptables_backend: "NFT"' >> ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-net-cluster.yml gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml \ No newline at end of file diff --git a/bootstrap/prod.ini b/bootstrap/prod.ini index 5ee065b..3b1df5f 100644 --- a/bootstrap/prod.ini +++ b/bootstrap/prod.ini @@ -3,6 +3,8 @@ # ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value. [all] ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3 +ns3088070.ip-37-59-40.eu ansible_host=37.59.40.95 etcd_member_name=etcd2 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3 +ns3100058.ip-37-59-61.eu ansible_host=37.59.61.198 etcd_member_name=etcd3 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3 # node1 ansible_host=95.54.0.12 # ip=10.3.0.1 etcd_member_name=etcd1 # node2 ansible_host=95.54.0.13 # ip=10.3.0.2 etcd_member_name=etcd2 # node3 ansible_host=95.54.0.14 # ip=10.3.0.3 etcd_member_name=etcd3 @@ -15,22 +17,17 @@ ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansi [kube-master] ns3032787.ip-91-121-84.eu -# node1 -# node2 +ns3088070.ip-37-59-40.eu [etcd] ns3032787.ip-91-121-84.eu -# node1 -# node2 -# node3 +ns3088070.ip-37-59-40.eu +ns3100058.ip-37-59-61.eu [kube-node] ns3032787.ip-91-121-84.eu -# node2 -# node3 -# node4 -# node5 -# node6 +ns3088070.ip-37-59-40.eu +ns3100058.ip-37-59-61.eu [calico-rr] diff --git a/terraform/ovh.tf b/terraform/ovh.tf index 96646ed..1258e7f 100644 --- a/terraform/ovh.tf +++ b/terraform/ovh.tf @@ -42,6 +42,30 @@ resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" { target = "haumdaucher.de." } +## nodes + +resource "ovh_domain_zone_record" "one" { + zone = "haumdaucher.de" + subdomain = "one" + fieldtype = "A" + ttl = local.ttl + target = "91.121.84.190" +} +resource "ovh_domain_zone_record" "two" { + zone = "haumdaucher.de" + subdomain = "two" + fieldtype = "A" + ttl = local.ttl + target = "37.59.40.95" +} +resource "ovh_domain_zone_record" "three" { + zone = "haumdaucher.de" + subdomain = "three" + fieldtype = "A" + ttl = local.ttl + target = "37.59.61.198" +} + ## krassescheisse resource "ovh_domain_zone_record" "krassescheisse_subdomains" { diff --git a/terraform/terraform.tfstate b/terraform/terraform.tfstate index 1df105d..9f17038 100644 --- a/terraform/terraform.tfstate +++ b/terraform/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.24", - "serial": 109, + "serial": 117, "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "outputs": {}, "resources": [ @@ -1003,6 +1003,26 @@ } ] }, + { + "mode": "managed", + "type": "ovh_domain_zone_record", + "name": "one", + "provider": "provider.ovh", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fieldtype": "A", + "id": "5114515103", + "subdomain": "one", + "target": "91.121.84.190", + "ttl": 60, + "zone": "haumdaucher.de" + }, + "private": "bnVsbA==" + } + ] + }, { "mode": "managed", "type": "ovh_domain_zone_record", @@ -1202,6 +1222,46 @@ "private": "bnVsbA==" } ] + }, + { + "mode": "managed", + "type": "ovh_domain_zone_record", + "name": "three", + "provider": "provider.ovh", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fieldtype": "A", + "id": "5114515102", + "subdomain": "three", + "target": "37.59.61.198", + "ttl": 60, + "zone": "haumdaucher.de" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "ovh_domain_zone_record", + "name": "two", + "provider": "provider.ovh", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fieldtype": "A", + "id": "5114515101", + "subdomain": "two", + "target": "37.59.40.95", + "ttl": 60, + "zone": "haumdaucher.de" + }, + "private": "bnVsbA==" + } + ] } ] } diff --git a/terraform/terraform.tfstate.backup b/terraform/terraform.tfstate.backup index 880ca0e..c1cde96 100644 --- a/terraform/terraform.tfstate.backup +++ b/terraform/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.24", - "serial": 105, + "serial": 113, "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "outputs": {}, "resources": [ @@ -512,19 +512,6 @@ }, "private": "bnVsbA==" }, - { - "index_key": "tt-rss", - "schema_version": 0, - "attributes": { - "fieldtype": "CNAME", - "id": "5113532232", - "subdomain": "tt-rss", - "target": "krassescheisse.de.", - "ttl": 60, - "zone": "krassescheisse.de" - }, - "private": "bnVsbA==" - }, { "index_key": "webapp", "schema_version": 0, @@ -840,19 +827,6 @@ }, "private": "bnVsbA==" }, - { - "index_key": "tt-rss", - "schema_version": 0, - "attributes": { - "fieldtype": "CNAME", - "id": "5106870441", - "subdomain": "tt-rss", - "target": "moritzgraf.de.", - "ttl": 60, - "zone": "moritzgraf.de" - }, - "private": "bnVsbA==" - }, { "index_key": "webapp", "schema_version": 0, @@ -913,6 +887,19 @@ "zone": "moritzgraf.de" }, "private": "bnVsbA==" + }, + { + "index_key": "tt-rss", + "schema_version": 0, + "attributes": { + "fieldtype": "CNAME", + "id": "5113719565", + "subdomain": "tt-rss", + "target": "haumdaucher.de.", + "ttl": 60, + "zone": "moritzgraf.de" + }, + "private": "bnVsbA==" } ] }, @@ -1016,6 +1003,26 @@ } ] }, + { + "mode": "managed", + "type": "ovh_domain_zone_record", + "name": "one", + "provider": "provider.ovh", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fieldtype": "A", + "id": "5114515103", + "subdomain": "1", + "target": "91.121.84.190", + "ttl": 60, + "zone": "haumdaucher.de" + }, + "private": "bnVsbA==" + } + ] + }, { "mode": "managed", "type": "ovh_domain_zone_record", @@ -1215,6 +1222,46 @@ "private": "bnVsbA==" } ] + }, + { + "mode": "managed", + "type": "ovh_domain_zone_record", + "name": "three", + "provider": "provider.ovh", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fieldtype": "A", + "id": "5114515102", + "subdomain": "3", + "target": "37.59.61.198", + "ttl": 60, + "zone": "haumdaucher.de" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "ovh_domain_zone_record", + "name": "two", + "provider": "provider.ovh", + "instances": [ + { + "schema_version": 0, + "attributes": { + "fieldtype": "A", + "id": "5114515101", + "subdomain": "2", + "target": "37.59.40.95", + "ttl": 60, + "zone": "haumdaucher.de" + }, + "private": "bnVsbA==" + } + ] } ] }