moritz
/
infrapuzzle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Current state

This commit is contained in:
Moritz Graf 2020-04-18 23:49:09 +02:00
parent 2857921a2e
commit 5e6d0d0bfe
6 changed files with 210 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
bootstrap/README.md
View File

@ -2,10 +2,15 @@
The following lines document how to initalize a fresh cluster. On a real cluster, or using Vagrant. It therefore assumes to clone kubespray to this folder. It will be excluded in *.gitignore* and all files are in this folder. The following lines document how to initalize a fresh cluster. On a real cluster, or using Vagrant. It therefore assumes to clone kubespray to this folder. It will be excluded in *.gitignore* and all files are in this folder.
Use [kubespray tag](https://github.com/kubernetes-sigs/kubespray/releases) as parameter
```sh
./init.sh "release-2.12"
```
## Vagrant ## Vagrant
```sh ```sh
./init.sh
cd kubespray cd kubespray
vagrant up vagrant up
# up and abkle to ssh # up and abkle to ssh
@ -22,10 +27,11 @@ ssh centos@<ip>
sudo su - root sudo su - root
adduser moritz adduser moritz
visudo # add as sudo user visudo # add as sudo user
su - moritz
sudo yum -y install vim python3 sudo yum -y install vim python3
ssh-keygen ssh-keygen
vim .ssh/authorized_users # paste key vim .ssh/authorized_users # paste key
chmod 644 .ssh/authorized_users chmod 644 .ssh/authorized_keys
# check whether login works with ssh key # check whether login works with ssh key
sudo vim /etc/ssh/sshd_config # remove pw auth & root login sudo vim /etc/ssh/sshd_config # remove pw auth & root login
sudo yum upgrade -y && sudo reboot sudo yum upgrade -y && sudo reboot
@ -55,3 +61,33 @@ scp haumdaucher.de:/home/moritz/.kube/config .kube/config
``` ```
Foreward in k8s-directory. Foreward in k8s-directory.
## Upgrade cluster
Check the current default value of `kube_version` in cloned repository.
```sh
cd kubespray
ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.8 -e upgrade_cluster_setup=true cluster.yml
```
History:
* 2020-04-18 kube_version=v1.16.8 kubespray_branch=release-2.12
## Add node
See [documentation](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/nodes.md).
Note: This was more or less a trial and error approach. Running different playbooks over and over again got it right at some point.
```sh
ansible-playbook -i inventory/prod/inventory.ini --limit=ns3088070.ip-37-59-40.eu,ns3100058.ip-37-59-61.eu scale.yml
ansible-playbook -i inventory/prod/inventory.ini --limit=etcd,kube-master -e ignore_assert_errors=yes cluster.yml
```
This runs everything and is kind of idempotent:
```sh
ansible-playbook -i inventory/prod/inventory.ini cluster.yml
```

6
bootstrap/init.sh
View File

@ -2,12 +2,13 @@
echo "######################################################################################" echo "######################################################################################"
echo "## Reinit repository" echo "## Reinit repository"
rm -rf kubespray rm -rf kubespray
git clone https://github.com/kubernetes-sigs/kubespray.git VERSION=${1:-release-2.12}
git clone --branch $VERSION https://github.com/kubernetes-sigs/kubespray.git
echo "######################################################################################" echo "######################################################################################"
echo "## Activating python3 venv" echo "## Activating python3 venv"
VENVDIR=venv VENVDIR=venv
virtualenv --python=/usr/bin/python3.7 $VENVDIR virtualenv $VENVDIR
source $VENVDIR/bin/activate source $VENVDIR/bin/activate
pip install -r kubespray/requirements.txt pip install -r kubespray/requirements.txt
@ -41,4 +42,5 @@ cp -r kubespray/inventory/sample kubespray/inventory/prod
rm kubespray/inventory/prod/inventory.ini rm kubespray/inventory/prod/inventory.ini
cp ./prod.ini kubespray/inventory/prod/inventory.ini cp ./prod.ini kubespray/inventory/prod/inventory.ini
gsed -i "s/kube_network_plugin: .*/kube_network_plugin: flannel/" ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml gsed -i "s/kube_network_plugin: .*/kube_network_plugin: flannel/" ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml
#echo 'calico_iptables_backend: "NFT"' >> ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-net-cluster.yml
gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml

17
bootstrap/prod.ini
View File

@ -3,6 +3,8 @@
# ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value. # ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.
[all] [all]
ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3 ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3
ns3088070.ip-37-59-40.eu ansible_host=37.59.40.95 etcd_member_name=etcd2 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3
ns3100058.ip-37-59-61.eu ansible_host=37.59.61.198 etcd_member_name=etcd3 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3
# node1 ansible_host=95.54.0.12 # ip=10.3.0.1 etcd_member_name=etcd1 # node1 ansible_host=95.54.0.12 # ip=10.3.0.1 etcd_member_name=etcd1
# node2 ansible_host=95.54.0.13 # ip=10.3.0.2 etcd_member_name=etcd2 # node2 ansible_host=95.54.0.13 # ip=10.3.0.2 etcd_member_name=etcd2
# node3 ansible_host=95.54.0.14 # ip=10.3.0.3 etcd_member_name=etcd3 # node3 ansible_host=95.54.0.14 # ip=10.3.0.3 etcd_member_name=etcd3
@ -15,22 +17,17 @@ ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansi
[kube-master] [kube-master]
ns3032787.ip-91-121-84.eu ns3032787.ip-91-121-84.eu
# node1 ns3088070.ip-37-59-40.eu
# node2
[etcd] [etcd]
ns3032787.ip-91-121-84.eu ns3032787.ip-91-121-84.eu
# node1 ns3088070.ip-37-59-40.eu
# node2 ns3100058.ip-37-59-61.eu
# node3
[kube-node] [kube-node]
ns3032787.ip-91-121-84.eu ns3032787.ip-91-121-84.eu
# node2 ns3088070.ip-37-59-40.eu
# node3 ns3100058.ip-37-59-61.eu
# node4
# node5
# node6
[calico-rr] [calico-rr]

24
terraform/ovh.tf
View File

@ -42,6 +42,30 @@ resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" {
target = "haumdaucher.de." target = "haumdaucher.de."
} }
## nodes
resource "ovh_domain_zone_record" "one" {
zone = "haumdaucher.de"
subdomain = "one"
fieldtype = "A"
ttl = local.ttl
target = "91.121.84.190"
}
resource "ovh_domain_zone_record" "two" {
zone = "haumdaucher.de"
subdomain = "two"
fieldtype = "A"
ttl = local.ttl
target = "37.59.40.95"
}
resource "ovh_domain_zone_record" "three" {
zone = "haumdaucher.de"
subdomain = "three"
fieldtype = "A"
ttl = local.ttl
target = "37.59.61.198"
}
## krassescheisse ## krassescheisse
resource "ovh_domain_zone_record" "krassescheisse_subdomains" { resource "ovh_domain_zone_record" "krassescheisse_subdomains" {

62
terraform/terraform.tfstate
View File

@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "0.12.24", "terraform_version": "0.12.24",
"serial": 109, "serial": 117,
"lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@ -1003,6 +1003,26 @@
} }
] ]
}, },
{
"mode": "managed",
"type": "ovh_domain_zone_record",
"name": "one",
"provider": "provider.ovh",
"instances": [
{
"schema_version": 0,
"attributes": {
"fieldtype": "A",
"id": "5114515103",
"subdomain": "one",
"target": "91.121.84.190",
"ttl": 60,
"zone": "haumdaucher.de"
},
"private": "bnVsbA=="
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "ovh_domain_zone_record", "type": "ovh_domain_zone_record",
@ -1202,6 +1222,46 @@
"private": "bnVsbA==" "private": "bnVsbA=="
} }
] ]
},
{
"mode": "managed",
"type": "ovh_domain_zone_record",
"name": "three",
"provider": "provider.ovh",
"instances": [
{
"schema_version": 0,
"attributes": {
"fieldtype": "A",
"id": "5114515102",
"subdomain": "three",
"target": "37.59.61.198",
"ttl": 60,
"zone": "haumdaucher.de"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "ovh_domain_zone_record",
"name": "two",
"provider": "provider.ovh",
"instances": [
{
"schema_version": 0,
"attributes": {
"fieldtype": "A",
"id": "5114515101",
"subdomain": "two",
"target": "37.59.40.95",
"ttl": 60,
"zone": "haumdaucher.de"
},
"private": "bnVsbA=="
}
]
} }
] ]
} }

101
terraform/terraform.tfstate.backup
View File

@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "0.12.24", "terraform_version": "0.12.24",
"serial": 105, "serial": 113,
"lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@ -512,19 +512,6 @@
}, },
"private": "bnVsbA==" "private": "bnVsbA=="
}, },
{
"index_key": "tt-rss",
"schema_version": 0,
"attributes": {
"fieldtype": "CNAME",
"id": "5113532232",
"subdomain": "tt-rss",
"target": "krassescheisse.de.",
"ttl": 60,
"zone": "krassescheisse.de"
},
"private": "bnVsbA=="
},
{ {
"index_key": "webapp", "index_key": "webapp",
"schema_version": 0, "schema_version": 0,
@ -840,19 +827,6 @@
}, },
"private": "bnVsbA==" "private": "bnVsbA=="
}, },
{
"index_key": "tt-rss",
"schema_version": 0,
"attributes": {
"fieldtype": "CNAME",
"id": "5106870441",
"subdomain": "tt-rss",
"target": "moritzgraf.de.",
"ttl": 60,
"zone": "moritzgraf.de"
},
"private": "bnVsbA=="
},
{ {
"index_key": "webapp", "index_key": "webapp",
"schema_version": 0, "schema_version": 0,
@ -913,6 +887,19 @@
"zone": "moritzgraf.de" "zone": "moritzgraf.de"
}, },
"private": "bnVsbA==" "private": "bnVsbA=="
},
{
"index_key": "tt-rss",
"schema_version": 0,
"attributes": {
"fieldtype": "CNAME",
"id": "5113719565",
"subdomain": "tt-rss",
"target": "haumdaucher.de.",
"ttl": 60,
"zone": "moritzgraf.de"
},
"private": "bnVsbA=="
} }
] ]
}, },
@ -1016,6 +1003,26 @@
} }
] ]
}, },
{
"mode": "managed",
"type": "ovh_domain_zone_record",
"name": "one",
"provider": "provider.ovh",
"instances": [
{
"schema_version": 0,
"attributes": {
"fieldtype": "A",
"id": "5114515103",
"subdomain": "1",
"target": "91.121.84.190",
"ttl": 60,
"zone": "haumdaucher.de"
},
"private": "bnVsbA=="
}
]
},
{ {
"mode": "managed", "mode": "managed",
"type": "ovh_domain_zone_record", "type": "ovh_domain_zone_record",
@ -1215,6 +1222,46 @@
"private": "bnVsbA==" "private": "bnVsbA=="
} }
] ]
},
{
"mode": "managed",
"type": "ovh_domain_zone_record",
"name": "three",
"provider": "provider.ovh",
"instances": [
{
"schema_version": 0,
"attributes": {
"fieldtype": "A",
"id": "5114515102",
"subdomain": "3",
"target": "37.59.61.198",
"ttl": 60,
"zone": "haumdaucher.de"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "ovh_domain_zone_record",
"name": "two",
"provider": "provider.ovh",
"instances": [
{
"schema_version": 0,
"attributes": {
"fieldtype": "A",
"id": "5114515101",
"subdomain": "2",
"target": "37.59.40.95",
"ttl": 60,
"zone": "haumdaucher.de"
},
"private": "bnVsbA=="
}
]
} }
] ]
} }