forked from edevil/kubernetes-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
kubernetes_setup.yml
140 lines (137 loc) · 6.79 KB
/
kubernetes_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
- name: Initialize etcd nodes
hosts: etcd:&{{ resource_group }}
become: yes
tags: ectd
tasks:
- name: Create certificates directory
file: path=/etc/kubernetes/ssl state=directory
- name: Copy CA SSL certificate
copy: src=certs/ca.pem dest=/etc/kubernetes/ssl/ca.pem mode=0644
- name: Copy node certificate
copy: src=certs/{{ ansible_fqdn }}-worker.pem dest=/etc/kubernetes/ssl/worker.pem mode=0644 owner=etcd
- name: Copy node private key
copy: src=certs/{{ ansible_fqdn }}-worker-key.pem dest=/etc/kubernetes/ssl/worker-key.pem mode=0600 owner=etcd
- name: Create locksmithd systemd dropin dir
file: path=/etc/systemd/system/locksmithd.service.d state=directory
- name: Write locksmithd configuration
template: src=lock-remote.conf dest=/etc/systemd/system/locksmithd.service.d/40-lock-remote.conf
- name: Create etcd config dir
file: path=/etc/systemd/system/etcd-member.service.d state=directory
- name: Configure etcd
template: src=etcd-unit.conf dest=/etc/systemd/system/etcd-member.service.d/20-clct-etcd-member.conf
- name: Reload systemd daemons
shell: systemctl daemon-reload
- name: Start etcd
service: name=etcd-member state=started enabled=yes
- name: Restart locksmithd
service: name=locksmithd state=restarted enabled=yes
- name: Initialize Kubernetes master
hosts: master:&{{ resource_group }}
become: yes
tags: master
tasks:
- name: Create certificates directory
file: path=/etc/kubernetes/ssl state=directory
- name: Copy CA SSL certificate
copy: src=certs/ca.pem dest=/etc/kubernetes/ssl/ca.pem mode=0644
- name: Copy API certificate
copy: src=certs/apiserver.pem dest=/etc/kubernetes/ssl/apiserver.pem mode=0644
- name: Copy API private key
copy: src=certs/apiserver-key.pem dest=/etc/kubernetes/ssl/apiserver-key.pem mode=0600
- name: Create locksmithd systemd dropin dir
file: path=/etc/systemd/system/locksmithd.service.d state=directory
- name: Write locksmithd configuration
template: src=lock-remote.conf dest=/etc/systemd/system/locksmithd.service.d/40-lock-remote.conf
- name: Format ephemeral drive
copy: src=format-ephemeral.service dest=/etc/systemd/system/format-ephemeral.service mode=0644
- name: Mount ephemeral drive
copy: src=var-lib-docker.mount dest=/etc/systemd/system/var-lib-docker.mount mode=0644
- name: Create Docker systemd dropin dir
file: path=/etc/systemd/system/docker.service.d state=directory
- name: Write Docker systemd dropin
copy: src=50-docker-opts.conf dest=/etc/systemd/system/docker.service.d/50-docker-opts.conf mode=0644
- name: Create Kubelet unit
template: src=kubelet-master.service dest=/etc/systemd/system/kubelet.service
- name: Create manifest dir
file: path=/etc/kubernetes/manifests state=directory
- name: Configure API server
template: src=apiserver.yaml dest=/etc/kubernetes/manifests/kube-apiserver.yaml
- name: Copy kubeconfig
copy: src=kubeconfig-master dest=/etc/kubernetes/kubeconfig
- name: Copy sample tokens
copy: src=tokens.csv dest=/etc/kubernetes/tokens.csv mode=0600 force=no
- name: Copy proxy config
template: src=kube-proxy.conf dest=/etc/kubernetes/proxy.conf
- name: Configure Kube-proxy
template: src=kube-proxy-master.yaml dest=/etc/kubernetes/manifests/kube-proxy.yaml
- name: Configure Controller Manager
template: src=controller-manager.yaml dest=/etc/kubernetes/manifests/kube-controller-manager.yaml
- name: Configure Scheduler
template: src=scheduler.yaml dest=/etc/kubernetes/manifests/kube-scheduler.yaml
- name: Reload systemd daemons
shell: systemctl daemon-reload
- name: Restart locksmithd
service: name=locksmithd state=restarted enabled=yes
- name: Enable formatter
service: name=format-ephemeral enabled=yes
- name: Enable mounter
service: name=var-lib-docker.mount enabled=yes
- name: Start Kubelet
service: name=kubelet state=started enabled=yes
- name: Initialize Kubernetes nodes
hosts: node:&{{ resource_group }}
become: yes
tags: node
tasks:
- name: Create certificates directory
file: path=/etc/kubernetes/ssl state=directory
- name: Copy CA SSL certificate
copy: src=certs/ca.pem dest=/etc/kubernetes/ssl/ca.pem mode=0644
- name: Copy node certificate
copy: src=certs/{{ ansible_fqdn }}-worker.pem dest=/etc/kubernetes/ssl/worker.pem mode=0644
- name: Copy node private key
copy: src=certs/{{ ansible_fqdn }}-worker-key.pem dest=/etc/kubernetes/ssl/worker-key.pem mode=0600
- name: Copy proxy certificate
copy: src=certs/proxy.pem dest=/etc/kubernetes/ssl/proxy.pem mode=0644
- name: Copy proxy private key
copy: src=certs/proxy-key.pem dest=/etc/kubernetes/ssl/proxy-key.pem mode=0600
- name: Create locksmithd systemd dropin dir
file: path=/etc/systemd/system/locksmithd.service.d state=directory
- name: Write locksmithd configuration
template: src=lock-remote.conf dest=/etc/systemd/system/locksmithd.service.d/40-lock-remote.conf
- name: Format ephemeral drive
copy: src=format-ephemeral.service dest=/etc/systemd/system/format-ephemeral.service mode=0644
- name: Mount ephemeral drive
copy: src=var-lib-docker.mount dest=/etc/systemd/system/var-lib-docker.mount mode=0644
- name: Create Docker systemd dropin dir
file: path=/etc/systemd/system/docker.service.d state=directory
- name: Write Docker systemd dropin
copy: src=50-docker-opts.conf dest=/etc/systemd/system/docker.service.d/50-docker-opts.conf mode=0644
- name: Create Kubelet unit
template: src=kubelet.service dest=/etc/systemd/system/kubelet.service
- name: Create manifest dir
file: path=/etc/kubernetes/manifests state=directory
- name: Setup kubelet kubeconfig
template: src=worker-kubeconfig.yaml dest=/etc/kubernetes/worker-kubeconfig.yaml
- name: Setup proxy kubeconfig
template: src=proxy-kubeconfig.yaml dest=/etc/kubernetes/proxy-kubeconfig.yaml
- name: Copy proxy config
template: src=kube-proxy.conf dest=/etc/kubernetes/proxy.conf
- name: Configure Kube-proxy
template: src=kube-proxy.yaml dest=/etc/kubernetes/manifests/kube-proxy.yaml
- name: Reload systemd daemons
shell: systemctl daemon-reload
- name: Restart locksmithd
service: name=locksmithd state=restarted enabled=yes
- name: Enable formatter
service: name=format-ephemeral enabled=yes
- name: Enable mounter
service: name=var-lib-docker.mount enabled=yes
- name: Start Kubelet
service: name=kubelet state=started enabled=yes
- name: Wait for API
hosts: master:&{{ resource_group }}
tags: master
tasks:
- name: Wait for API to spin up
wait_for: port=8080 timeout=360