Current state

2020-04-18 23:49:09 +02:00 · 2020-04-18 23:49:09 +02:00 · 5e6d0d0bfe
parent 2857921a2e
commit 5e6d0d0bfe
6 changed files with 210 additions and 44 deletions
--- a/bootstrap/README.md
+++ b/bootstrap/README.md
@ -2,10 +2,15 @@

 The following lines document how to initalize a fresh cluster. On a real cluster, or using Vagrant. It therefore assumes to clone kubespray to this folder. It will be excluded in *.gitignore* and all files are in this folder.

+Use [kubespray tag](https://github.com/kubernetes-sigs/kubespray/releases) as parameter
+
+```sh
+./init.sh "release-2.12"
+```
+
 ## Vagrant

 ```sh
-./init.sh
 cd kubespray
 vagrant up
 # up and abkle to ssh
@ -22,10 +27,11 @@ ssh centos@<ip>
 sudo su - root
 adduser moritz
 visudo # add as sudo user
+su - moritz
 sudo yum -y install vim python3
 ssh-keygen
 vim .ssh/authorized_users # paste key
-chmod 644 .ssh/authorized_users
+chmod 644 .ssh/authorized_keys
 # check whether login works with ssh key
 sudo vim /etc/ssh/sshd_config # remove pw auth & root login
 sudo yum upgrade -y && sudo reboot
@ -37,7 +43,7 @@ Install Kubernetes:
 $ ./init.sh
 $ # follow instructions from output, sth like:
 $ cd kubespray                                                                                                                                          │nginx-ingress-default-backend-5b967cf596-sk7p7   1/1     Running   0          22h
-$ ansible-playbook -i inventory/prod/inventory.ini cluster.yml    
+$ ansible-playbook -i inventory/prod/inventory.ini cluster.yml
 ```

 And get credentials:
@ -54,4 +60,34 @@ kubectl get ns # test connection
 scp haumdaucher.de:/home/moritz/.kube/config .kube/config
 ```

-Foreward in k8s-directory.
+Foreward in k8s-directory.
+
+## Upgrade cluster
+
+Check the current default value of `kube_version` in cloned repository.
+
+```sh
+cd kubespray
+ansible-playbook -i inventory/prod/inventory.ini -e kube_version=v1.16.8 -e upgrade_cluster_setup=true cluster.yml
+```
+
+History:
+
+* 2020-04-18 kube_version=v1.16.8 kubespray_branch=release-2.12
+
+## Add node
+
+See [documentation](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/nodes.md).
+
+Note: This was more or less a trial and error approach. Running different playbooks over and over again got it right at some point.
+
+```sh
+ansible-playbook -i inventory/prod/inventory.ini --limit=ns3088070.ip-37-59-40.eu,ns3100058.ip-37-59-61.eu scale.yml
+ansible-playbook -i inventory/prod/inventory.ini --limit=etcd,kube-master -e ignore_assert_errors=yes cluster.yml
+```
+
+This runs everything and is kind of idempotent:
+
+```sh
+ansible-playbook -i inventory/prod/inventory.ini cluster.yml
+```
--- a/bootstrap/init.sh
+++ b/bootstrap/init.sh
@ -2,12 +2,13 @@
 echo "######################################################################################"
 echo "##  Reinit repository"
 rm -rf kubespray
-git clone https://github.com/kubernetes-sigs/kubespray.git
+VERSION=${1:-release-2.12}
+git clone --branch $VERSION https://github.com/kubernetes-sigs/kubespray.git

 echo "######################################################################################"
 echo "##  Activating python3 venv"
 VENVDIR=venv
-virtualenv --python=/usr/bin/python3.7 $VENVDIR
+virtualenv $VENVDIR
 source $VENVDIR/bin/activate
 pip install -r kubespray/requirements.txt

@ -41,4 +42,5 @@ cp -r kubespray/inventory/sample kubespray/inventory/prod
 rm kubespray/inventory/prod/inventory.ini
 cp ./prod.ini kubespray/inventory/prod/inventory.ini
 gsed -i "s/kube_network_plugin: .*/kube_network_plugin: flannel/" ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml
+#echo 'calico_iptables_backend: "NFT"' >> ./kubespray/inventory/prod/group_vars/k8s-cluster/k8s-net-cluster.yml
 gsed -i "s/metrics_server_enabled: .*/metrics_server_enabled: true/" ./kubespray/inventory/prod/group_vars/k8s-cluster/addons.yml
--- a/bootstrap/prod.ini
+++ b/bootstrap/prod.ini
@ -3,6 +3,8 @@
 # ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value.
 [all]
 ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3
+ns3088070.ip-37-59-40.eu ansible_host=37.59.40.95 etcd_member_name=etcd2 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3
+ns3100058.ip-37-59-61.eu ansible_host=37.59.61.198 etcd_member_name=etcd3 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3
 # node1 ansible_host=95.54.0.12  # ip=10.3.0.1 etcd_member_name=etcd1
 # node2 ansible_host=95.54.0.13  # ip=10.3.0.2 etcd_member_name=etcd2
 # node3 ansible_host=95.54.0.14  # ip=10.3.0.3 etcd_member_name=etcd3
@ -15,22 +17,17 @@ ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansi

 [kube-master]
 ns3032787.ip-91-121-84.eu
-# node1
-# node2
+ns3088070.ip-37-59-40.eu

 [etcd]
 ns3032787.ip-91-121-84.eu
-# node1
-# node2
-# node3
+ns3088070.ip-37-59-40.eu
+ns3100058.ip-37-59-61.eu

 [kube-node]
 ns3032787.ip-91-121-84.eu
-# node2
-# node3
-# node4
-# node5
-# node6
+ns3088070.ip-37-59-40.eu
+ns3100058.ip-37-59-61.eu

 [calico-rr]

--- a/terraform/ovh.tf
+++ b/terraform/ovh.tf
@ -42,6 +42,30 @@ resource "ovh_domain_zone_record" "moritzgraf_subdomains_k8s" {
    target = "haumdaucher.de."
 }

+## nodes
+
+resource "ovh_domain_zone_record" "one" {
+    zone = "haumdaucher.de"
+    subdomain = "one"
+    fieldtype = "A"
+    ttl = local.ttl
+    target = "91.121.84.190"
+}
+resource "ovh_domain_zone_record" "two" {
+    zone = "haumdaucher.de"
+    subdomain = "two"
+    fieldtype = "A"
+    ttl = local.ttl
+    target = "37.59.40.95"
+}
+resource "ovh_domain_zone_record" "three" {
+    zone = "haumdaucher.de"
+    subdomain = "three"
+    fieldtype = "A"
+    ttl = local.ttl
+    target = "37.59.61.198"
+}
+
 ## krassescheisse

 resource "ovh_domain_zone_record" "krassescheisse_subdomains" {
--- a/terraform/terraform.tfstate
+++ b/terraform/terraform.tfstate
@ -1,7 +1,7 @@
 {
  "version": 4,
  "terraform_version": "0.12.24",
-  "serial": 109,
+  "serial": 117,
  "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
  "outputs": {},
  "resources": [
@ -1003,6 +1003,26 @@
        }
      ]
    },
+    {
+      "mode": "managed",
+      "type": "ovh_domain_zone_record",
+      "name": "one",
+      "provider": "provider.ovh",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "A",
+            "id": "5114515103",
+            "subdomain": "one",
+            "target": "91.121.84.190",
+            "ttl": 60,
+            "zone": "haumdaucher.de"
+          },
+          "private": "bnVsbA=="
+        }
+      ]
+    },
    {
      "mode": "managed",
      "type": "ovh_domain_zone_record",
@ -1202,6 +1222,46 @@
          "private": "bnVsbA=="
        }
      ]
+    },
+    {
+      "mode": "managed",
+      "type": "ovh_domain_zone_record",
+      "name": "three",
+      "provider": "provider.ovh",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "A",
+            "id": "5114515102",
+            "subdomain": "three",
+            "target": "37.59.61.198",
+            "ttl": 60,
+            "zone": "haumdaucher.de"
+          },
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "ovh_domain_zone_record",
+      "name": "two",
+      "provider": "provider.ovh",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "A",
+            "id": "5114515101",
+            "subdomain": "two",
+            "target": "37.59.40.95",
+            "ttl": 60,
+            "zone": "haumdaucher.de"
+          },
+          "private": "bnVsbA=="
+        }
+      ]
    }
  ]
 }
--- a/terraform/terraform.tfstate.backup
+++ b/terraform/terraform.tfstate.backup
@ -1,7 +1,7 @@
 {
  "version": 4,
  "terraform_version": "0.12.24",
-  "serial": 105,
+  "serial": 113,
  "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e",
  "outputs": {},
  "resources": [
@ -512,19 +512,6 @@
          },
          "private": "bnVsbA=="
        },
-        {
-          "index_key": "tt-rss",
-          "schema_version": 0,
-          "attributes": {
-            "fieldtype": "CNAME",
-            "id": "5113532232",
-            "subdomain": "tt-rss",
-            "target": "krassescheisse.de.",
-            "ttl": 60,
-            "zone": "krassescheisse.de"
-          },
-          "private": "bnVsbA=="
-        },
        {
          "index_key": "webapp",
          "schema_version": 0,
@ -840,19 +827,6 @@
          },
          "private": "bnVsbA=="
        },
-        {
-          "index_key": "tt-rss",
-          "schema_version": 0,
-          "attributes": {
-            "fieldtype": "CNAME",
-            "id": "5106870441",
-            "subdomain": "tt-rss",
-            "target": "moritzgraf.de.",
-            "ttl": 60,
-            "zone": "moritzgraf.de"
-          },
-          "private": "bnVsbA=="
-        },
        {
          "index_key": "webapp",
          "schema_version": 0,
@ -913,6 +887,19 @@
            "zone": "moritzgraf.de"
          },
          "private": "bnVsbA=="
+        },
+        {
+          "index_key": "tt-rss",
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "CNAME",
+            "id": "5113719565",
+            "subdomain": "tt-rss",
+            "target": "haumdaucher.de.",
+            "ttl": 60,
+            "zone": "moritzgraf.de"
+          },
+          "private": "bnVsbA=="
        }
      ]
    },
@ -1016,6 +1003,26 @@
        }
      ]
    },
+    {
+      "mode": "managed",
+      "type": "ovh_domain_zone_record",
+      "name": "one",
+      "provider": "provider.ovh",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "A",
+            "id": "5114515103",
+            "subdomain": "1",
+            "target": "91.121.84.190",
+            "ttl": 60,
+            "zone": "haumdaucher.de"
+          },
+          "private": "bnVsbA=="
+        }
+      ]
+    },
    {
      "mode": "managed",
      "type": "ovh_domain_zone_record",
@ -1215,6 +1222,46 @@
          "private": "bnVsbA=="
        }
      ]
+    },
+    {
+      "mode": "managed",
+      "type": "ovh_domain_zone_record",
+      "name": "three",
+      "provider": "provider.ovh",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "A",
+            "id": "5114515102",
+            "subdomain": "3",
+            "target": "37.59.61.198",
+            "ttl": 60,
+            "zone": "haumdaucher.de"
+          },
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "ovh_domain_zone_record",
+      "name": "two",
+      "provider": "provider.ovh",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "fieldtype": "A",
+            "id": "5114515101",
+            "subdomain": "2",
+            "target": "37.59.40.95",
+            "ttl": 60,
+            "zone": "haumdaucher.de"
+          },
+          "private": "bnVsbA=="
+        }
+      ]
    }
  ]
 }