gmoker/k8s
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: playbook to install k8s deps

Browse Source
This commit is contained in:
AngeD 2023-06-04 18:35:04 +02:00
parent d9243c5931
commit 11ed2bcab0
9 changed files with 255 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
# Created by https://www.toptal.com/developers/gitignore/api/ansible
# Edit at https://www.toptal.com/developers/gitignore?templates=ansible
### Ansible ###
*.retry
test/hosts
# End of https://www.toptal.com/developers/gitignore/api/ansible

1
hosts Normal file
View File

@ -0,0 +1 @@
debian@37.187.67.96

72
playbook.yaml Normal file
View File

@ -0,0 +1,72 @@
---
- name: Install k8s
become: true
hosts: all
vars:
arch: "amd64"
os: "Debian_11"
k8s_version: "1.27"
k_version: "{{ k8s_version }}.2"
tasks:
- name: Copy conf
copy:
src: rootfs/
dest: /
- name: Upgrade
apt:
update_cache: true
cache_valid_time: 604800 # 60s * 60m * 24h * 7d
upgrade: full
- name: Install deps
apt:
name:
- gpg
- vim
- name: Add libcontainers repo key (CRI-O)
apt_key:
url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key"
keyring: /etc/apt/trusted.gpg.d/libcontainers-archive-keyring.gpg
- name: Add libcontainers-crio repo key (CRI-O)
apt_key:
url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/Release.key"
keyring: /etc/apt/trusted.gpg.d/libcontainers-crio-archive-keyring.gpg
- name: Add libcontainers repo (CRI-O)
apt_repository:
repo: "deb [signed-by=/etc/apt/trusted.gpg.d/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /"
filename: devel:kubic:libcontainers:stable.list
- name: Add libcontainers-crio repo (CRI-O)
apt_repository:
repo: "deb [signed-by=/etc/apt/trusted.gpg.d/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/ /"
filename: "devel:kubic:libcontainers:stable:cri-o:{{ k8s_version }}.list"
- name: Install cri-o
apt:
name:
- cri-o
- cri-o-runc
update_cache: true
- name: Install kubectl
get_url:
url: "https://dl.k8s.io/release/v{{ k_version }}/bin/linux/{{ arch }}/kubectl"
dest: /usr/local/bin/kubectl
mode: 755
- name: Install kubeadm
get_url:
url: "https://dl.k8s.io/release/v{{ k_version}}/bin/linux/{{ arch }}/kubeadm"
dest: /usr/local/bin/kubeadm
mode: 755
- name: Install kubelet
get_url:
url: "https://dl.k8s.io/release/v{{ k_version }}/bin/linux/{{ arch }}/kubelet"
dest: /usr/local/bin/kubelet
mode: 755
- name: Start kubelet service
service:
name: kubelet.service
enabled: true
state: started

14
rootfs/etc/systemd/system/kubelet.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home/
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target

9
rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf Normal file
View File

@ -0,0 +1,9 @@
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

9
test/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM python:3.11-slim
RUN apt-get update \
&& apt-get install -y \
ssh \
sudo \
&& rm -rf /var/lib/apt/lists/*
RUN passwd -d root
COPY sshd_config /etc/ssh/
CMD ["sh", "-c", "/etc/init.d/ssh start && sleep infinity"]

6
test/docker-compose.yaml Normal file
View File

@ -0,0 +1,6 @@
---
version: "3.7"
services:
app:
build: .

123
test/sshd_config Normal file
View File

@ -0,0 +1,123 @@
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords yes
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

13
test/start.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash -e
cd "$(dirname "$0")"/..
(cd test
sudo docker-compose up -d --build
)
IP="$(
sudo docker inspect test-app-1 | grep IPAddress | grep -Po '\d+(.\d+){3}'
)"
echo "root@$IP" > test/hosts
ansible-playbook playbook.yaml -i test/hosts