From f48650456be8ed6103b956f0a1782511b0aff8ef Mon Sep 17 00:00:00 2001 From: Moritz Graf Date: Sat, 4 Apr 2020 12:18:18 +0200 Subject: [PATCH] Working k8s cluster --- README.md | 15 ++++++--- bootstrap/README.md | 1 + bootstrap/{dev.inventory => dev.ini} | 0 bootstrap/init.sh | 45 +++++++++++++++++++++++++++ bootstrap/init_kubespray.sh | 31 ------------------ bootstrap/prod.ini | 40 ++++++++++++++++++++++++ terraform/1.58532e+09 | Bin 0 -> 21592 bytes terraform/ovh.tf | 2 +- terraform/terraform.tfstate | 4 +-- terraform/terraform.tfstate.backup | 15 ++++++++- 10 files changed, 114 insertions(+), 39 deletions(-) rename bootstrap/{dev.inventory => dev.ini} (100%) create mode 100755 bootstrap/init.sh delete mode 100755 bootstrap/init_kubespray.sh create mode 100644 bootstrap/prod.ini create mode 100644 terraform/1.58532e+09 diff --git a/README.md b/README.md index 830dc81..63cae4e 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,19 @@ Infrapuzzle is the newly restructured way of implementing my private infrastruct * host directory storage * Ingress via host network -## Bootstrap +## terraform -Bootstrap is documented in the subfolders [REAMDE](./bootstrap/README.md) +[Documentation in subfolder](./terraform/README.md). It takes care of setting DNS records on OVH nameservers. + +## bootstrap + +[Documentation in subfolder](./bootstrap/README.md). It takes care of setting up the k8s cluster itself, including a vagrant dev environment. + +## k8s + +[Documentation in subfolder](./k8s/README.md). The services themselfes. ## Links used * [ingress via host network](https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network) -* [Install K8s with Kubespray](https://kubernetes.io/docs/setup/production-environment/tools/kubespray/) -* \ No newline at end of file +* [Install K8s with Kubespray](https://kubernetes.io/docs/setup/production-environment/tools/kubespray/) \ No newline at end of file diff --git a/bootstrap/README.md b/bootstrap/README.md index d6cb708..3a644bb 100644 --- a/bootstrap/README.md +++ b/bootstrap/README.md @@ -4,6 +4,7 @@ The following lines document hwo to initalize a fresh cluster. On a real cluster ```sh git clone https://github.com/kubernetes-sigs/kubespray.git +#git clone git@github.com:iptizer/kubespray.git ./init_kubespray.sh cd kubespray vagrant up diff --git a/bootstrap/dev.inventory b/bootstrap/dev.ini similarity index 100% rename from bootstrap/dev.inventory rename to bootstrap/dev.ini diff --git a/bootstrap/init.sh b/bootstrap/init.sh new file mode 100755 index 0000000..c4f0cd4 --- /dev/null +++ b/bootstrap/init.sh @@ -0,0 +1,45 @@ +#!/bin/sh +echo "######################################################################################" +echo "## Reinit repository" +rm -rf kubespray +git clone https://github.com/kubernetes-sigs/kubespray.git + +echo "######################################################################################" +echo "## Activating python3 venv" +VENVDIR=venv +virtualenv --python=/usr/bin/python3.7 $VENVDIR +source $VENVDIR/bin/activate +pip install -r kubespray/requirements.txt + + +echo "######################################################################################" +echo "## Customizing vagrant dev env" +mkdir -p kubespray/vagrant +cat << EOF > kubespray/vagrant/config.rb +\$instance_name_prefix = "k8s" +\$vm_cpus = 4 +\$num_instances = 1 +\$os = "centos" +\$subnet = "10.0.20" +\$network_plugin = "calico" +\$shared_folders = { 'temp/docker_rpms' => "/var/cache/yum/x86_64/7/docker-ce/packages" } +\$kube_node_instances_with_disks_number = 0 +EOF + +# make the rpm cache +mkdir -p kubespray/temp/docker_rpms + +echo "###############" +echo "Now cd to kubespray and 'vagrant up'" +echo "" +echo "export KUBECONFIG=\"$( pwd )/kubespray/inventory/sample/artifacts/admin.conf\"" + + +echo "######################################################################################" +echo "## Preparing real prod environment" +cp -r kubespray/inventory/sample kubespray/inventory/prod +rm kubespray/inventory/prod/inventory.ini +cp ./prod.ini kubespray/inventory/prod/inventory.ini +echo "to deploy execute:" +echo "$ cd kubespray" +echo "$ ansible-playbook -i inventory/prod/inventory.ini cluster.yml" \ No newline at end of file diff --git a/bootstrap/init_kubespray.sh b/bootstrap/init_kubespray.sh deleted file mode 100755 index c789baf..0000000 --- a/bootstrap/init_kubespray.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -# use virtualenv to install all python requirements -VENVDIR=venv -virtualenv --python=/usr/bin/python3.7 $VENVDIR -source $VENVDIR/bin/activate -pip install -r kubespray/requirements.txt - -# prepare an inventory to test with -INV=dev -mv kubespray/${INV} kubespray/${INV}.bak &> /dev/null -cp -a kubespray/inventory/sample kubespray/${INV} - -# customize the vagrant environment -mkdir -p kubespray/vagrant -cat << EOF > kubespray/vagrant/config.rb -\$instance_name_prefix = "k9s" -\$vm_cpus = 4 -\$num_instances = 1 -\$os = "centos" -\$subnet = "10.0.20" -\$network_plugin = "flannel" -\$inventory = "$INV" -\$shared_folders = { 'temp/docker_rpms' => "/var/cache/yum/x86_64/7/docker-ce/packages" } -\$kube_node_instances_with_disks_number = 0 -EOF - -# make the rpm cache -mkdir -p kubespray/temp/docker_rpms - -echo "Now cd to kubespray and 'vagrant up'" \ No newline at end of file diff --git a/bootstrap/prod.ini b/bootstrap/prod.ini new file mode 100644 index 0000000..5ee065b --- /dev/null +++ b/bootstrap/prod.ini @@ -0,0 +1,40 @@ +# ## Configure 'ip' variable to bind kubernetes services on a +# ## different ip than the default iface +# ## We should set etcd_member_name for etcd cluster. The node that is not a etcd member do not need to set the value, or can set the empty string value. +[all] +ns3032787.ip-91-121-84.eu ansible_host=91.121.84.190 etcd_member_name=etcd1 ansible_become=yes ansible_become_method=sudo ansible_python_interpreter=/usr/bin/python3 +# node1 ansible_host=95.54.0.12 # ip=10.3.0.1 etcd_member_name=etcd1 +# node2 ansible_host=95.54.0.13 # ip=10.3.0.2 etcd_member_name=etcd2 +# node3 ansible_host=95.54.0.14 # ip=10.3.0.3 etcd_member_name=etcd3 +# node4 ansible_host=95.54.0.15 # ip=10.3.0.4 etcd_member_name=etcd4 +# node5 ansible_host=95.54.0.16 # ip=10.3.0.5 etcd_member_name=etcd5 +# node6 ansible_host=95.54.0.17 # ip=10.3.0.6 etcd_member_name=etcd6 + +# ## configure a bastion host if your nodes are not directly reachable +# bastion ansible_host=x.x.x.x ansible_user=some_user + +[kube-master] +ns3032787.ip-91-121-84.eu +# node1 +# node2 + +[etcd] +ns3032787.ip-91-121-84.eu +# node1 +# node2 +# node3 + +[kube-node] +ns3032787.ip-91-121-84.eu +# node2 +# node3 +# node4 +# node5 +# node6 + +[calico-rr] + +[k8s-cluster:children] +kube-master +kube-node +calico-rr diff --git a/terraform/1.58532e+09 b/terraform/1.58532e+09 new file mode 100644 index 0000000000000000000000000000000000000000..9eb88dbf25ee04cada40aed4e65cea2eb4403cb8 GIT binary patch literal 21592 zcmeHuc|4SD-}fnHY$dydDJjZUmh3Z0QVCI-vStfWw#Yt8C}N_dWXYDjxh&b4vP%*M zWtV+xY{M8cb3SL!ay?z{uKT&)=kvVpbG`RxPM_nCIp>_?IKIF0``ZuT7jOjFeeU$x z(*Oel18@fV13(&p&@$52ykuacy3gKL`i85W{XVZ_GDr7GczQVAvfp?1oX);;7qoTu zc_|+~EVa+p?z)wy^X+|Zo>tC|w|!W_en1OgW@3Ud?O=w%U@R=mtn55H+1c3G_i%A@ z@CXaSMT7-~g!YNai0>1XIv^w@p>$a4=rIKa1-Q71hO(TxjJ$%}k4YFyjFNST5+jlU*m|0la zpaxMRom?a(E3c@nt8Zv*YHs<^ z*@f@!>HYGxZ}i*P_{8MY^vvwi^2#c4ZJo41{(*}D!ucQ9zX98Vixa}NZToh{?XVxX z7`EMk1|#S89s7?lacLUDtlYRoc+YY`-e{56+P#C7PfTI-;L;Ch|BCD% z19tDfh3t1=|B0&)U}t22ULGSSfCSdb5~)F~^g)*aoda|Z&^bWo0G$JL4$wJ3=K!4p zbPmutK<5CR19T41Iq;8hASGv5SV^Y_$GH*O1ABRW{#IZ57&62%&xH@&oSY8=z4t+Y zES;s0!Fwb+;%l*gSN4s#zUndaS$?B|Ps0rd>>0&Ie0LczZp$__9}Y$cfk3Tgx-OcU zy=EZe6=wf+eTp?xWdK=yMeHlt_{OU1(~Zn@RNRKpLEgFH#WWC@wFZF}S=v_}iUhRK zbKJ5n2$WnLx94A*WTXWKa!@e)Q>*=GJZS29%Z-B|&<{Np0tbPM{Is*^wGS!+=v&v2 zQ&S@#(7Y@t*^3+10Remi2*g-Y3o#@^5Fj2ykH>+4b6RxRUvkPs_)lW^6m=Tj|D0oE zgM?gG4-F?0enMdXvxtiR9M0Dc5MV{pUdvKqKwy4)+=^Nr1Omy)!60y;*#T?uv;1zO zYcU{@9RUJjxJ}i+C(M7gZ91p@%&EUCqz}lSN%eQ$(Em4cV)v(anI?LhdBJ(nHj@1T zg2VWAy*6ATNBv!DxCHQ599s-p?)8GIs~{j6SPB9b+#oPr@~S6n z$z~QOKk;GRG8n!rZVm!pG(lk1%yZQEJB|rCt`EWf4N{`%vN?%c0l3}ha^xjn4IV?2 zWF{U%ZD8v-$YXe7$A2-{w0SNt{AyV4@9m9U7Ph}Y{v-ebakw?Ytnd0e5ZJ(=`*Acp z)&jeq1R23&gv~o3&=)(`ZTMx`qkWy6EZYLDdC6!0uO|H~+`BR)1p?7XQxL$iK*BY> z+-BolL_0-wp;d{4K*vqZe2#BT-GTP4v0G(cn>!fDj&4qb09(PJN8NfZ3~UDO0|EEI ztW{r$)VBzBiPUgl>p1s&Adq7cm1&p$Rb!A^@3kn4@`wu1Xk$Fv^7WQ^YL!PlQeeW% z;r8BZ;mVum$Hb`o6pvM`I-a7P=Okl#0e{OLM%uH8TW|iB(sp35&UNij&ScgGYKTT4 ziFd{cu3?-S8gp$}R%1r_H{xwA4t{>E9AVOxK$h<0rp!&mANJGgFgvC{T#t4m*1M-? zi725ic03&y4De61%Nm;L+<1oa=*O+6KF+2}mVd61aWe7C^G!XJ;_|tGK@5IU8To+X znEfV`??9O3dyA(}aZG*wXez(3-Ol#XZyf95vlyM!aLJ1! zkcE4-ZOhpHZ^ka)&xa||MscF`ekhO3ydT4f&YNHNBpq5(j0;(PU0td6Jh9+p`mN|{ z7!jM~ul>zjtG@4HB`)r6w2@!v&`qv)|XDroXx)8xh-mt?6d)t6U%b>J4!!_b?b@$q`&M}LO5nO1zesy|7 z_P{Jw6}NL|8Ouber?tDsDkGlzu~Qq?`HjNd*SzoF95O?~&qU${r`5T~_F|ZC80?Gq zR8-bi%6Z$G$@N3PX#)|`s;G50QLTu%H#e+?@3P-a@1&n%X&r{8?+sJ5P||Xx3RO>6 zypF(nF2q#3l#v?q0e#e=XelwDm~h9<xLxl9B8A)uZL#k31M!O1qvx!J6?aF*pQfTR@t>-LrUYDDF$K|xpwnfU~aN2D0 z^#Dh0kEC5o3KkNdZK?%y?{CN)fY*+ZMWE<5-(1+)U&F*bLrMQe8)TU^pVO7`|F$w> z50jd(#e80UJkr5P!W0O&!k-3;K|Y>=ceZ=Q0ONV6Tm5E^UP8M2bM7zVt(5o3$n%5I z3*!QIro3&^so0fiTSrw}a$~+zWnOv#hQWxO({!b>|&bQ^wa1()kMuAF+q^ z>cZh zSd2bieVc(Muo%3W7tVUmC;L%;nugTe;kBhTJgTO2#d6Y1)tI=Jv6$B2+KP5xKknY- zDHLjCwoAT!)SMdkaK1R#Wmlq>iLS~Ug}2vkal5y)dzf+5t@6Vcqi6J*t2@(Kk$nJO zM7Bg}k;FH^{^E8629DbH7I82ae&Xstb<460J6G7FGlJ?1c1V*&*#`)Ikv&UnQfv`> zAKR6#TKHJjZE#u;(rXI_&2|V}F;eqfV}1L{-?)=0W2EI4uZMKR!?>9aoK|w}>vPk@ zLNn94Z!u{0Vsy%6G8=KNqv|Seab$!O<;2J;2L-mG3<7sipJSKR-PMhx9yFL=k^60y z8JklaF`7NygL>!YwoMmvKFIN60EgDYqaPFxT=ndr;IQwiwRwz_<)r^CPV*15v_Lg` zCTh(o+t8rQsUMd;H_QkElNyk>1c6PXYTv4`5j3RH&9q(9h;VR^V%m z4@IEbO;@!%7D&O=7IIq0bZR)Bbo3X|Kf{lxOmaN;MPviME2&Toso|qY%=eG=U@5JL zXY5h3ox(B|Wd)$vO^AV(+24m@BUh?;Y=!MAyj)szR^L>jHmpit(tPyqQ{}_Q135kw zk|Y{c8*a}I$0X00Kg-|q7ItIOk{2psiOHnXlU;_P*ZV(kQ|G-9)fh`7 zkEgzAv+mAg&%XE)^f9aGl$Rsb*LSit@Ri1$qQ0Drx(p;pvU7*e`oC05=Jyuekt814 z!*WO2Ig4$76M}+@NBN8p_C#Fa*Xceb?cg2mxSK0^zJNwZS?J2t-eY?Dw*6IuVgpW1 zzd;lld9lCPCBD9G$Vc!zRZno0&0};>AGTR&(wsScsoRpZ<~CXi9&^}yx37dc>szdT z$&fI93SB9j_bBkL-VOgq$;~tU6$oQ&IzmWqih}GEA~MgkZ_2b%B`3*btxHeI$f5eX$ zduyPu{i7dk5CqmTe2G3BKj$+!QB6;h&^Y`?;2DT3X)S-*^F57A_LPU@VXC(Qqz-*0 zPJ0`Ym&NDM#8D`Kys^^(&4_w|z2Yv zJHA4rDwr$lTe)3vY)t?=Ay}}mF3WO;>$v(VcRj~?TqrymMq{*SIpXuU0`1Ldd1OX4 zfqXpQDa%wyk1n=LsOZT=wz=`#lXy5~y@@jOe0I(F zrF-dirG4Sct&P=PMEmaI25y#6nVT)|UEK81dn`UB89&2#PDKaV30!bslt*r6j*)N1#q#^_l+h1qRQH^n$%@?hAj8}|(FypdKJJ}47tPSL!-kC=# zlzhQ|yhk9hW!jPio0Nyb7;MTBC>e~ce;#`zIT3oo`q(v$qTE1AG@WZ~xY;eDU>Y-4*^&|JowfOoz>r1=6``ytOtg1;P-SHBFH`UT6Ie5KqP1TYIp2<(7A{DsC z_I4GJ$vv2R>P{Y`YRf_jeg5@6pY1a@bqN%*FXwlQLyK*3;R>${EB9Uz?l}MIR%Epf zlp9uQk0$EW@lW>9qz)r1p9i$SvXEW*b_YLv$CSRa$(puI#_-SZfg-k(O$S(4_sZ|W_$&N}Pku89*viA3S##4`yw%Tnt+{W$ z_?Ud(7P9$XV>D`bl*|1N9kyaJrIp#ptWW|ljzo=#MBE6uJ?9khRgFu%n9`2S@JW6^ z@yPdn5pLc-VKNor5NJ&COKw_CpNyU!l~Xr%6j%IEwZ8diFtGQ0QFli0*=oN^+jm@r z*Z2s*1Aa>+qC);n`|8T@p1$KTK39&2t{+OYv-8LrY;tsDYf}$neITdj*AzryDp#)Kf~(~DLskXmLq$eueh*>{xM(YL0}|$0mR^ zVxc6t90bmWtwSv&oHx>kM#u-Qq~^3_U#Wf4BE3){jU!Jw0-PXFJwxgd53jPf8BJz6 z`)wc2ZA>+J=mM0+>WSeOfSI|RmEH?sk~<& zQgW`KS)egsm#Uz%YGOzmzNBQmq;o)wC1CS=v; zPF0k=WSft>P<&d>=ZfP~VGtOc>+R3ix@TV*`i))hV5^~rY&jJK7CD|eV6*fvp+wym zuZ~w357z5&>r6C$PbTb2Tgr3cMTYouj`ru@2-vG{AYm=0Yr9h_?0eQ2abC{PXw5#g zEGhBrYud`x1033qH{q1V$2>0OID(1>AUyZESoXee&#Tr$Su>gM@!9*wkwGJY;)__7 z#reL(sYVWtS(6Iqa$NPjahc1h?){bc)n9+BCZ< z#@cDqyu#~qI0#M1xs}NZ^>{Ov5(g7LACGg(Hht;6aC1n~)0OnNp)C0+r6$ORcQsAI z^T@m1r`ON$tP}ym&^R5WZ|A;HH{Napbqnks#+$DGRQ(E|&uR2%zpZ1P9&X1JDEnFUJQ*rz*H1$S##G~=(iN2oI z0M)ruq};55s}0fI43ud#%8^~RHL@N zPZB(p;oqZFCu?5j7)_IHmlcW}dt%NsNfB6M0yB9SmS2}IF`mcMBxh&FQLgoq|-Xm zGr;0g&v^gA*3)Lxo@o@`ekpUvn^3zZsPP)>nQzi$b0@i|wJcd)*cB!&Od6|p7nBKe zALh&dPEaV1jQ6&XP@j2)FlnvUJRcp|uj|&k=MCIoae*2Z{SC$jVReXr z{7=~q@u~e)1t!fTsrP3u1jrK}^~Mf34jsbR@D9B{j!}>5!@Kt@m|QDOnpA((Dkh<< zvC@lAdYheVGVDMTTcYN-hZ2R2^a8)^WsC5$5k1NoUGS3R6@w%s!OjPHk_r|Kf#2eq3N)^Om^tR#IFg-GquvL#guv%WT_ z^SetJT`mcn8c7hc@dSLGL4ezz-)Tp2m-oGHqnSGm>kqAB$`9-j3hot_%q%Itx7MTf z(lN&2;Dx1@y|*sIQkbgjoBGroYh)^_I_HTCir=N~TaW1%nzlOSxlO1mZ=gju%yl-cv})yHaNpC`z5EI>y}1q(A)FHS-pW(6y-y;CAsZdO-C4&;LOG=Xam=-*GK; zKlckimri1ABBMeS_RPEF6U3hBK6@^}c?QUdnpfFy5>S&T$X6&zTA3ZrtxOx3#zJM^ zkoM8`jpc4MVE|2W$B@iu&>5s;X%vmx1OiQx7PkI()-Eg20*X5R>!&3qHL0PAUDo zuP9si*DJ#tYwbFzRbyKx+PcsS7=6cd8UGWpVs2b@-EymD*5;}duOXg*{OB z?I&vZ{oG1HZ8>gKHt(%6wMjLI8^8DCq|xKlzv@Y&1@{knx|(=rt0M=?N@94VKl2$e zp;bFl@1=?FIV=;_yxbthRb`YW_TXHF@_QrIdq-5sZ`QRsJrCdS?K4mOnBol-tmdmv(Q zkOg!h==@{zBYSRGt}IZeH{8R?P~?u>1p=QLp+lVSAk$2WM~-qY5~zRzj>3omfrn{d z!^myAv;bT+T*lDS5K1J(M~BIPBbo$*Of0t!MKln~dtWidfk4m?8>`@V6a=njquWc@ z(R+xMptDsT@GbJ1ucKavWQ7-qz{}UhS^8bIvf7j$4t8)(&+H?)0z3Mzg#jbAW z`&ubJvody|3=uo~)bMg_EGDke+Tuu6uA&pvr#?UVtC~0c-j>ehpLIOx_y4hfIH1dk qE+;w%=p3MPfX)Fr2k0E2bAZkPItS<+pmTuE0Xhf%X*hrczy1raS`*U% literal 0 HcmV?d00001 diff --git a/terraform/ovh.tf b/terraform/ovh.tf index 49830b7..5033f4f 100644 --- a/terraform/ovh.tf +++ b/terraform/ovh.tf @@ -49,7 +49,7 @@ resource "ovh_domain_zone_record" "haumdaucher_domain" { subdomain = "" fieldtype = "A" ttl = local.ttl - target = "91.121.64.43" + target = "91.121.84.190" } diff --git a/terraform/terraform.tfstate b/terraform/terraform.tfstate index b350394..e5e07d0 100644 --- a/terraform/terraform.tfstate +++ b/terraform/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.20", - "serial": 67, + "serial": 69, "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "outputs": {}, "resources": [ @@ -217,7 +217,7 @@ "fieldtype": "A", "id": "5106871420", "subdomain": "", - "target": "91.121.64.43", + "target": "91.121.84.190", "ttl": 60, "zone": "haumdaucher.de" }, diff --git a/terraform/terraform.tfstate.backup b/terraform/terraform.tfstate.backup index 362a1fb..b350394 100644 --- a/terraform/terraform.tfstate.backup +++ b/terraform/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.12.20", - "serial": 65, + "serial": 67, "lineage": "8aff5d23-05f6-10eb-0ae6-1084c787677e", "outputs": {}, "resources": [ @@ -352,6 +352,19 @@ }, "private": "bnVsbA==" }, + { + "index_key": "corona-api", + "schema_version": 0, + "attributes": { + "fieldtype": "CNAME", + "id": "5110478866", + "subdomain": "corona-api", + "target": "moritzgraf.de.", + "ttl": 60, + "zone": "moritzgraf.de" + }, + "private": "bnVsbA==" + }, { "index_key": "git", "schema_version": 0,