diff --git a/tasks/hetzner_nat/configuration_client.yml b/tasks/hetzner_nat/configuration_client.yml new file mode 100644 index 0000000..c644a23 --- /dev/null +++ b/tasks/hetzner_nat/configuration_client.yml @@ -0,0 +1,31 @@ +###################################### +# Configuration Client-Server # +###################################### +--- +- name: Edit Network interface file on Client Server + blockinfile: + path: /etc/network/interfaces + block: | + auto enp7s0 + iface enp7s0 inet dhcp + post-up ip route add default via 10.0.0.1 + +- name: Add Hetzner Nameserver + blockinfile: + path: /etc/resolvconf/resolv.conf.d/head + block: | + nameserver 8.8.8.8 + nameserver 8.8.4.4 + +- name: Enable Updates for resolvconf + raw: "resolvconf --enable-updates" + +- name: Update resolvconf + raw: "resolvconf -u" + +- name: Reboot Clients + reboot: + + + + diff --git a/tasks/hetzner_nat/configuration_nat.yml b/tasks/hetzner_nat/configuration_nat.yml new file mode 100644 index 0000000..45a51e9 --- /dev/null +++ b/tasks/hetzner_nat/configuration_nat.yml @@ -0,0 +1,26 @@ +###################################### +# Configuration NAT-Server # +###################################### +--- +- name: Copy Public ssh-key and paste to NAT-Server + copy: + src: /tmp/id_rsa.pub + dest: ~/.ssh/ + +- name: Copy Private ssh-key and paste to NAT-Server + copy: + src: /tmp/id_rsa + dest: ~/.ssh/ + +- name: Change Permission of the Private ssh-key only to read for the User + raw: "chmod 0400 ~/.ssh/id_rsa" + +- name: Edit Network interface file on NAT-Server + blockinfile: + path: /etc/network/interfaces + block: | + auto eth0 + iface eth0 inet dhcp + post-up echo 1 > /proc/sys/net/ipv4/ip_forward + post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/16' -o eth0 -j MASQUERADE + diff --git a/tasks/hetzner_nat/generate_ssh_key.yml b/tasks/hetzner_nat/generate_ssh_key.yml new file mode 100644 index 0000000..afe1cb1 --- /dev/null +++ b/tasks/hetzner_nat/generate_ssh_key.yml @@ -0,0 +1,10 @@ +###################################### +# Generate SSH-Key # +###################################### +--- +- name: Generate an OpenSSH keypair local + community.crypto.openssh_keypair: + path: /tmp/id_rsa + type: rsa + + diff --git a/tasks/k8s_cluster/10_k8s_example_web.yml b/tasks/k8s_cluster/10_k8s_example_web.yml new file mode 100644 index 0000000..871daa2 --- /dev/null +++ b/tasks/k8s_cluster/10_k8s_example_web.yml @@ -0,0 +1,5 @@ +--- +- name: Deploy example-app from manifest + kubernetes.core.k8s: + state: present + definition: "{{ lookup('file', './manifests/example-app/deploy.yml') | from_yaml_all }}" diff --git a/tasks/k8s_cluster/cert_manager/install_cert_manager.yml b/tasks/k8s_cluster/cert_manager/install_cert_manager.yml new file mode 100644 index 0000000..a42e222 --- /dev/null +++ b/tasks/k8s_cluster/cert_manager/install_cert_manager.yml @@ -0,0 +1,52 @@ +###################################### +# Install cert-manager in cluster # +###################################### +--- +- name: Read cert-manager values + include_vars: + file: ../vars/k8s_cluster/cert_manager/certManager.yml + +- name: Create cert-manager namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ namespace }}" + annotations: + linkerd.io/inject: 'enabled' + +- name: Add cert-manager repo + kubernetes.core.helm_repository: + name: "{{ helm.releaseName }}" + repo_url: "{{ helm.repoUrl }}" + +- name: Install CRDs for cert-manager + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/cert_manager/cert_manager_crds.yaml') | from_yaml_all }}" + + +- name: Deploy cert-manager from helm chart + kubernetes.core.helm: + name: "{{ helm.releaseName }}" + state: present + chart_ref: "{{ helm.chart }}" + release_namespace: "{{ namespace }}" + chart_version: "{{ helm.chartVersion }}" + update_repo_cache: "true" + +- name: Pause for 1.5 minutes and wait for cert-manager webhook + ansible.builtin.pause: + seconds: 90 + +- name: Deploy cert-manager lets-encrypt staging config file + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/cert_manager/lets_encrypt_staging.yml.j2') | from_yaml_all }}" + +- name: Deploy cert-manager lets-encrypt production config file + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/cert_manager/lets_encrypt_production.yml.j2') | from_yaml_all }}" \ No newline at end of file diff --git a/tasks/k8s_cluster/cluster/vanilla_kubernetes/add_controller_to_cluster.yml b/tasks/k8s_cluster/cluster/vanilla_kubernetes/add_controller_to_cluster.yml new file mode 100644 index 0000000..a397231 --- /dev/null +++ b/tasks/k8s_cluster/cluster/vanilla_kubernetes/add_controller_to_cluster.yml @@ -0,0 +1,17 @@ +###################################### +# add controller to existing cluster # +###################################### +--- +- name: copy clusterConfig to remote location + template: + src: '../templates/k8s_cluster/cluster/joinController.yml.j2' + dest: /tmp/joinController.yml + +- name: Join the controller node to cluster + command: kubeadm join --config=/tmp/joinController.yml + +- name: Setup kubeconfig for local usage + command: "{{ item }}" + loop: + - mkdir -p ~/.kube + - cp -i /etc/kubernetes/admin.conf ~/.kube/config \ No newline at end of file diff --git a/tasks/k8s_cluster/cluster/vanilla_kubernetes/add_worker_to_cluster.yml b/tasks/k8s_cluster/cluster/vanilla_kubernetes/add_worker_to_cluster.yml new file mode 100644 index 0000000..4d9f4fe --- /dev/null +++ b/tasks/k8s_cluster/cluster/vanilla_kubernetes/add_worker_to_cluster.yml @@ -0,0 +1,12 @@ +###################################### +# add worker to existing cluster # +###################################### +--- +- name: Copy the worker join command to server location + copy: src=join_command_worker.sh dest=/tmp/join_command_worker.sh mode=0777 + +- name: Join the worker node to cluster + command: sh /tmp/join_command_worker.sh + +- name: Delete local copy of join worker + local_action: file path=./join_command_worker.sh state=absent diff --git a/tasks/k8s_cluster/cluster/vanilla_kubernetes/generate_join_command.yml b/tasks/k8s_cluster/cluster/vanilla_kubernetes/generate_join_command.yml new file mode 100644 index 0000000..4c5fbc2 --- /dev/null +++ b/tasks/k8s_cluster/cluster/vanilla_kubernetes/generate_join_command.yml @@ -0,0 +1,28 @@ +###################################### +# Tasks for init k8s cluster # +###################################### +--- +- name: Generate join command + command: kubeadm token create --print-join-command + register: join_command + +- name: Copy join command to local file + local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="./join_command_worker.sh" + +- name: Generate join command controller token + command: kubeadm token create + register: join_command_token + +- name: Generate join command controller certsKey + command: kubeadm init phase upload-certs --upload-certs + register: join_command_controller_certskey + +- name: Generate join command controller certssh256 + shell: openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' + register: join_command_controller_certsha256 + +- name: save facts for controller join + set_fact: + token: '{{ join_command_token.stdout }}' + certskey: '{{ join_command_controller_certskey.stdout_lines[-1] }}' + certsha256: '{{ join_command_controller_certsha256.stdout }}' diff --git a/tasks/k8s_cluster/cluster/vanilla_kubernetes/init_kubernetes_cluster.yml b/tasks/k8s_cluster/cluster/vanilla_kubernetes/init_kubernetes_cluster.yml new file mode 100644 index 0000000..9208db3 --- /dev/null +++ b/tasks/k8s_cluster/cluster/vanilla_kubernetes/init_kubernetes_cluster.yml @@ -0,0 +1,69 @@ +###################################### +# Tasks for init k8s cluster # +###################################### +--- +- name: Get hostname + command: hostname + register: old_hostname + changed_when: false + +- set_fact: hostname={{ old_hostname.stdout | lower }} + +- name: Pull k8s images + command: kubeadm config images pull --kubernetes-version=v{{ kubernetesVersion }} + +- name: copy clusterConfig to remote location + template: + src: '../templates/k8s_cluster/cluster/clusterConfiguration.yml.j2' + dest: /tmp/clusterConfiguration.yml + +- name: Initialize the Kubernetes cluster using kubeadm + command: + argv: + - kubeadm + - init + - --config=/tmp/clusterConfiguration.yml + - --node-name={{ hostname }} + - --ignore-preflight-errors + - Swap + - --upload-certs + +- name: Remove clusterConfig on remote location + ansible.builtin.file: + path: /tmp/clusterConfiguration.yml + state: absent + +- name: Setup kubeconfig for local usage + command: "{{ item }}" + loop: + - mkdir -p ~/.kube + - cp -i /etc/kubernetes/admin.conf ~/.kube/config + +- name: Wait for all k8s nodes to be ready + shell: kubectl wait --for=condition=Ready nodes --all --timeout=600s + register: nodes_ready + +- name: create Calico NetworkManager directory + file: + path: '/etc/NetworkManager/conf.d/' + state: directory + mode: 0755 + +- name: Configure Calico NetworkManager + template: + src: ../templates/k8s_cluster/cluster/calico.conf.j2 + dest: /etc/NetworkManager/conf.d/calico.conf + owner: root + mode: '0644' + +- name: Install calico pod network + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/cluster/calico.yml.j2') | from_yaml_all }}" + +- name: Wait for calico daemonset become ready + command: "kubectl rollout status daemonset calico-node -n kube-system --timeout 60s" + +- name: Generate join command + command: kubeadm token create --print-join-command + register: join_command diff --git a/tasks/k8s_cluster/cluster/vanilla_kubernetes/restart_coredns.yml b/tasks/k8s_cluster/cluster/vanilla_kubernetes/restart_coredns.yml new file mode 100644 index 0000000..0b40aa3 --- /dev/null +++ b/tasks/k8s_cluster/cluster/vanilla_kubernetes/restart_coredns.yml @@ -0,0 +1,9 @@ +######################################## +#Restart DNS after DeamonSet Deployment# +######################################## +--- +- name: Wait for calico pods become ready + command: "kubectl rollout status daemonset calico-node -n kube-system --timeout 120s" + +- name: Restart CoreDNS deployment + command: "kubectl rollout restart deployments/coredns -n kube-system" diff --git a/tasks/k8s_cluster/helm/install_helm3.yml b/tasks/k8s_cluster/helm/install_helm3.yml new file mode 100644 index 0000000..80397dd --- /dev/null +++ b/tasks/k8s_cluster/helm/install_helm3.yml @@ -0,0 +1,21 @@ +###################################### +# INstall Helm3 in cluster # +###################################### +--- +- name: Read helm3 values + include_vars: + file: ../vars/k8s_cluster/helm/helm3.yml + +- name: Download Helm install script + get_url: + url: "{{ helm_install_script }}" + dest: "~/get_helm.sh" + mode: 0700 + +- name: Install Helm + command: "~/get_helm.sh" + +- name: Delete Helm install script + file: + state: absent + path: "~/get_helm.sh" \ No newline at end of file diff --git a/tasks/k8s_cluster/ingress/install_nginx_ingress.yml b/tasks/k8s_cluster/ingress/install_nginx_ingress.yml new file mode 100644 index 0000000..0a746bd --- /dev/null +++ b/tasks/k8s_cluster/ingress/install_nginx_ingress.yml @@ -0,0 +1,34 @@ +###################################### +# Deploy nginx ingress controller # +###################################### +--- +- name: Read ingress nginx values + include_vars: + file: ../vars/k8s_cluster/ingress/ingressNginx.yml + +- name: "Create namespace '{{ namespace }}'" + kubernetes.core.k8s: + state: present + definition: + api_version: v1 + kind: Namespace + metadata: + name: '{{ namespace }}' + labels: + name: '{{ namespace }}' + +- name: Add nginx ingress controller chart repo + kubernetes.core.helm_repository: + name: "{{ helm.releaseName }}" + repo_url: "{{ helm.repoUrl }}" + +- name: Deploy nginx ingress controller from helm chart + kubernetes.core.helm: + name: '{{ helm.releaseName }}' + state: present + chart_ref: '{{ helm.chart }}' + release_namespace: '{{ namespace }}' + chart_version: '{{ helm.chartVersion }}' + update_repo_cache: 'true' +## ToDo: Nginx Controller mit eigenen Values deployen +# values: "{{ lookup('template', '../templates/k8s_cluster/ingress/ingressNginxValues.yml') | from_yaml }}" diff --git a/tasks/k8s_cluster/kube_vip/install_kube_vip.yml b/tasks/k8s_cluster/kube_vip/install_kube_vip.yml new file mode 100644 index 0000000..7f9dd74 --- /dev/null +++ b/tasks/k8s_cluster/kube_vip/install_kube_vip.yml @@ -0,0 +1,11 @@ +###################################### +# Deploy kube-vip virtualIP # +###################################### +--- +- name: Deploy kube-vip as static pod + template: + src: ../templates/k8s_cluster/kube_vip/kube_vip.yml.j2 + dest: /etc/kubernetes/manifests/kube-vip.yml + owner: root + mode: '0600' + when: installKubeVip \ No newline at end of file diff --git a/tasks/k8s_cluster/kubernetes/install_vanilla_kubernetes.yml b/tasks/k8s_cluster/kubernetes/install_vanilla_kubernetes.yml new file mode 100644 index 0000000..faacc98 --- /dev/null +++ b/tasks/k8s_cluster/kubernetes/install_vanilla_kubernetes.yml @@ -0,0 +1,129 @@ +###################################### +#tasks for vanilla kubernetes install# +###################################### +--- +- name: Get OS version name + command: lsb_release -cs + register: os_codename + changed_when: false + +- name: Get OS release number + command: lsb_release -rs + register: os_release + changed_when: false + +- name: Add an apt signing key for CRI-O + apt_key: + url: "{{ item }}" + state: present + loop: + - 'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/Debian_{{ os_release.stdout }}/Release.key' + - 'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_{{ os_release.stdout }}/Release.key' + +- name: Add CRI-O apt repository for stable version + apt_repository: + repo: deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_{{ os_release.stdout }}/ / + filename: devel:kubic:libcontainers:stable.list + state: present + update_cache: yes +- apt_repository: + repo: deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/Debian_{{ os_release.stdout }}/ / + filename: devel:kubic:libcontainers:stable:cri-o:{{ crio_version }}.list + state: present + update_cache: yes + +- name: Install CRI-O packages + apt: + name: "{{ packages }}" + state: present + update_cache: yes + allow_unauthenticated: true + vars: + packages: + - cri-o + - cri-o-runc + +- name: Enable and start CRI-O service + ansible.builtin.systemd: + name: crio.service + state: started + enabled: yes + +- name: CRI-O use systemd cgroup driver + copy: + dest: "/etc/crio/crio.conf.d/02-cgroup-manager.conf" + content: | + [crio.runtime] + conmon_cgroup = "pod" + cgroup_manager = "systemd" + +- name: Overriding the CRI-O sandbox (pause) image + lineinfile: + path: /etc/crio/crio.conf + regexp: '#? ?pause_image ?= ?"registry\.k8s\.io/pause:(.+)"' + backrefs: True + line: pause_image = "registry.k8s.io/pause:\1" + +- name: Forwarding IPv4 and letting iptables see bridged traffic + copy: + dest: "/etc/modules-load.d/k8s.conf" + content: | + overlay + br_netfilter + +- name: modprobe overlay & br-netfilter + command: "{{ item }}" + loop: + - modprobe overlay + - modprobe br_netfilter + +#sysctl params required by setup, params persist across reboots +- name: ipv4 bridge forward + copy: + dest: "/etc/sysctl.d/k8s.conf" + content: | + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + +- name: Apply sysctl params without reboot + command: sysctl --system + + +- name: Import Kubernetes GPG key + raw: "curl -fsSL https://pkgs.k8s.io/core:/stable:/v{{ kubernetesVersion.split('.')[:2] | join('.') }}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" + +- name: Add Kubernetes apt repository + raw: "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v{{ kubernetesVersion.split('.')[:2] | join('.') }}/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list" + +- name: Remove swapfile from /etc/fstab + mount: + name: "{{ item }}" + fstype: swap + state: absent + with_items: + - swap + - none + +- name: Disable swap + command: swapoff -a + +- name: Update apt cache + raw: apt-get -y update + changed_when: False + +- name: Install Kubernetes binaries + apt: + name: "{{ packages }}" + state: present + update_cache: yes + vars: + packages: + - "kubelet={{ kubernetesVersion }}-1.1" + - "kubeadm={{ kubernetesVersion }}-1.1" + - "kubectl={{ kubernetesVersion }}-1.1" + +- name: Add kubectl completion bash + lineinfile: + path: ~/.bashrc + line: source <(kubectl completion bash) \ No newline at end of file diff --git a/tasks/k8s_cluster/kubernetes/setupK8sCluster.yml b/tasks/k8s_cluster/kubernetes/setupK8sCluster.yml new file mode 100644 index 0000000..ea636b7 --- /dev/null +++ b/tasks/k8s_cluster/kubernetes/setupK8sCluster.yml @@ -0,0 +1,39 @@ +###################################### +# Setup k8s Cluster # +###################################### +--- +- name: kubernetes installation + block: + - name: vanilla kubernetes install block + when: kubernetesClusterType == 'vanilla' + block: + - name: Read vanilla kubernetes values + include_vars: + file: ../vars/k8s_cluster/kubernetes/vanilla_kubernetes.yml + + - import_tasks: ../tasks/k8s_cluster/kubernetes/install_vanilla_kubernetes.yml + + # ToDo: find solution for VIP +# - name: Read kube_vip values for virtual IP +# include_vars: +# file: ../vars/k8s_cluster/kube_vip/kube_vip.yml +# - import_tasks: ../tasks/k8s_cluster/kube_vip/install_kube_vip.yml +# when: inventory_hostname in groups['controller'] + + - import_tasks: ../tasks/k8s_cluster/cluster/vanilla_kubernetes/init_kubernetes_cluster.yml + when: inventory_hostname in groups['controller_init'] + - import_tasks: ../tasks/k8s_cluster/cluster/vanilla_kubernetes/generate_join_command.yml + when: inventory_hostname in groups['controller_init'] + #ToDo: when controller replica exists +## - import_tasks: ../tasks/k8s_cluster/cluster/vanilla_kubernetes/add_controller_to_cluster.yml +## when: inventory_hostname in groups['controller_replica'] + - import_tasks: ../tasks/k8s_cluster/cluster/vanilla_kubernetes/add_worker_to_cluster.yml + when: inventory_hostname in groups['worker'] + - import_tasks: ../tasks/k8s_cluster/cluster/vanilla_kubernetes/restart_coredns.yml + when: inventory_hostname in groups['controller_init'] +# +# - name: install microk8s block +# when: kubernetesClusterType == 'microk8s' +# block: +# - debug: msg='ToDo install microk8s' + diff --git a/tasks/k8s_cluster/loadbalancer/install_metallb.yml b/tasks/k8s_cluster/loadbalancer/install_metallb.yml new file mode 100644 index 0000000..5acb340 --- /dev/null +++ b/tasks/k8s_cluster/loadbalancer/install_metallb.yml @@ -0,0 +1,46 @@ +###################################### +# Install MetalLB in cluster # +###################################### +--- +- name: Read metallb values + include_vars: + file: ../vars/k8s_cluster/loadbalancer/metallb.yml + +- name: Create metallb namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ namespace }}" + annotations: + linkerd.io/inject: 'enabled' + +- name: Add metallb repo + kubernetes.core.helm_repository: + name: "{{ helm.releaseName }}" + repo_url: "{{ helm.repoUrl }}" + +- name: Deploy metalb from helm chart + kubernetes.core.helm: + name: "{{ helm.releaseName }}" + state: present + chart_ref: "{{ helm.chart }}" + release_namespace: "{{ namespace }}" + chart_version: "{{ helm.chartVersion }}" + update_repo_cache: "true" + values: "{{ lookup('template', '../templates/k8s_cluster/loadbalancer/metallb.yml') | from_yaml }}" + +- name: Pause for 25 seconds and wait for metallb + ansible.builtin.pause: + seconds: 25 + +- name: Pause for 15 seconds and wait for metallb webhook + ansible.builtin.pause: + seconds: 15 + +- name: Deploy metallb IPAddressPool + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/loadbalancer/metal_lb_configmap.yml.j2') | from_yaml_all }}" \ No newline at end of file diff --git a/tasks/k8s_cluster/mongodb/install_mongodb.yml b/tasks/k8s_cluster/mongodb/install_mongodb.yml new file mode 100644 index 0000000..eae5934 --- /dev/null +++ b/tasks/k8s_cluster/mongodb/install_mongodb.yml @@ -0,0 +1,43 @@ +--- +- name: Read mongodb community operator values + include_vars: + file: ../vars/k8s_cluster/mongodb/mongodb.yml +# +#- name: "Create namespace '{{ namespace }}'" +# kubernetes.core.k8s: +# state: present +# definition: +# api_version: v1 +# kind: Namespace +# metadata: +# name: '{{ namespace }}' +# labels: +# name: '{{ namespace }}' +# +#- name: Add mongodb community operator chart repo +# kubernetes.core.helm_repository: +# name: "{{ helm.releaseName }}" +# repo_url: "{{ helm.repoUrl }}" +# +#- name: Deploy mongodb community operator from helm chart +# kubernetes.core.helm: +# name: '{{ helm.releaseName }}' +# state: present +# chart_ref: '{{ helm.chart }}' +# release_namespace: '{{ namespace }}' +# chart_version: '{{ helm.chartVersion }}' +# update_repo_cache: 'true' +# values: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-operator-values.yml') | from_yaml }}" + +#- name: Deploy mongodb database +# kubernetes.core.k8s: +# state: present +# namespace: '{{ namespace }}' +# definition: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-deploy-db.yml') | from_yaml }}" + +- name: Add secret for mongodb + kubernetes.core.k8s: + state: present + namespace: "{{ namespace }}" + definition: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-secret.yml') | from_yaml }}" + diff --git a/tasks/k8s_cluster/serviceMesh/installLinkerd.yml b/tasks/k8s_cluster/serviceMesh/installLinkerd.yml new file mode 100644 index 0000000..e1454fe --- /dev/null +++ b/tasks/k8s_cluster/serviceMesh/installLinkerd.yml @@ -0,0 +1,42 @@ +###################################### +# Install linkerd service mesh # +###################################### +--- +- name: install linkerd service mesh + when: inventory_hostname in groups['controller'] + block: + - name: Download linkerd install scrip + get_url: + url: https://run.linkerd.io/install + dest: /tmp/linkerd.sh + + - name: Install linkerd CLI + shell: + cmd: cat /tmp/linkerd.sh | sh + + - name: Set linkerd .bashrc + lineinfile: + path: ~/.bashrc + line: 'PATH=$PATH:/root/.linkerd2/bin' + + - name: init linkerd on controller1 + when: inventory_hostname in groups['controller_init'] + block: + - name: Install linkerd CRD in Cluster + shell: "linkerd install --crds | kubectl apply -f -" + + - name: Install linkerd in Cluster + shell: "linkerd install | kubectl apply -f -" + + - name: Wait for linkerd pods become ready + command: "kubectl rollout status deployment linkerd-destination -n linkerd --timeout 150s" + + - name: Wait for linkerd pods become ready + command: "kubectl rollout status deployment linkerd-proxy-injector -n linkerd --timeout 150s" + + - name: Install linkerd Dashboard + shell: "linkerd viz install | kubectl apply -f -" + + - name: Pause for 15 seconds and wait for linkerd installation + pause: + seconds: 15 \ No newline at end of file diff --git a/tasks/k8s_cluster/storage/cephAddPrometheusMonitoring.yml b/tasks/k8s_cluster/storage/cephAddPrometheusMonitoring.yml new file mode 100644 index 0000000..821fc63 --- /dev/null +++ b/tasks/k8s_cluster/storage/cephAddPrometheusMonitoring.yml @@ -0,0 +1,27 @@ +###################################### +# Setup ceph prometheus Monitoring # +###################################### +--- +- name: Storage monitoring block + when: inventory_hostname in groups['kubernetes_api'] + block: + - name: Read rook-ceph storage values + include_vars: + file: ../vars/k8s_cluster/storage/rook_ceph.yml + + - name: Deploy rook CRDs, common resources and operator from manifest + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/monitoring/{{ item }}') | from_yaml_all }}" + loop: + - 'csi-metrics-service-monitor.yaml' + - 'service-monitor.yaml' + - 'rbac.yaml' + + - name: Setting monitoring fact rook-ceph + set_fact: cephMonitoring=true + + - name: Deploy rook cluster from manifest + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/cluster' + ('-test' if rook_cluster_type == 'dev' else '') + '.yaml') | from_yaml_all }}" diff --git a/tasks/k8s_cluster/storage/install_rook_ceph_storage.yml b/tasks/k8s_cluster/storage/install_rook_ceph_storage.yml new file mode 100644 index 0000000..ee16218 --- /dev/null +++ b/tasks/k8s_cluster/storage/install_rook_ceph_storage.yml @@ -0,0 +1,82 @@ +###################################### +# Setup rook-ceph storage # +###################################### +--- +- name: "Create namespace '{{ namespace }}'" + kubernetes.core.k8s: + state: present + definition: + api_version: v1 + kind: Namespace + metadata: + name: '{{ namespace }}' + labels: + name: '{{ namespace }}' + annotations: + linkerd.io/inject: 'enabled' + +- name: Deploy rook CRDs, common resources and operator from manifest + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/{{ item }}') | from_yaml_all }}" + loop: + - 'crds.yaml' + - 'common.yaml' + - 'operator.yaml' + +- name: Verify if the rook operator is up and running + k8s: + kind: Deployment + name: rook-ceph-operator + namespace: "rook-ceph" + register: ret + until: "ret.get('result', {}).get('status', {}).get('conditions', []) | length and ret.get('result', {}).get('status', {}).get('conditions', [])[0].get('status') == 'True'" + retries: 10 + delay: 20 + +# ToDo: Tobi bitte prüfen, ob die Methode so okay ist? Monitoring wird in k8scluster/storage/cephAddPrometheus nochmal gesetzt +- name: Setting monitoring fact rook-ceph + set_fact: cephMonitoring=false + +- name: Deploy rook cluster from manifest + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/cluster' + ('-test' if rook_cluster_type == 'dev' else '') + '.yaml') | from_yaml_all }}" + +- name: Verify the cluster deploy is complete + k8s: + kind: CephCluster + name: '{{ rook_cluster_config["name"] }}' + namespace: "rook-ceph" + register: cluster_data + until: "cluster_data.get('result', {}).get('status', {}).get('state') == 'Created'" + retries: 20 + delay: 30 + ignore_errors: yes + +- name: Safety puffer for osd enrollment + pause: + seconds: 60 + +- name: Deploy rook block storage class + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/csi/rbd/storageclass' + ('-test' if rook_cluster_type == 'dev' else '') + '.yaml') | from_yaml_all }}" + +- name: Create rook filesystem + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/filesystem' + ('-test' if rook_cluster_type == 'dev' else '') + '.yaml') | from_yaml_all }}" + +- name: Safety puffer for filesystem enrolment + pause: + seconds: 25 + +- name: Wait ceph fs pods become ready + shell: kubectl wait --namespace=rook-ceph --for=condition=Ready pods --selector app=rook-ceph-mds --timeout=600s + register: ceph_pods_ready + +- name: Deploy rook file storage class + kubernetes.core.k8s: + state: present + definition: "{{ lookup('template', '../templates/k8s_cluster/storage/rook/csi/cephfs/storageclass.yaml') | from_yaml_all }}" \ No newline at end of file diff --git a/tasks/k8s_cluster/storage/setupStorage.yml b/tasks/k8s_cluster/storage/setupStorage.yml new file mode 100644 index 0000000..83f89c4 --- /dev/null +++ b/tasks/k8s_cluster/storage/setupStorage.yml @@ -0,0 +1,15 @@ +###################################### +# Setup Storage # +###################################### +--- +- name: Storage block + when: inventory_hostname in (groups['controller_init']) + block: + - name: Read rook-ceph storage values + include_vars: + file: ../vars/k8s_cluster/storage/rook_ceph.yml + + - name: rook internal ceph + when: inventory_hostname in groups['controller_init'] + block: + - import_tasks: ../tasks/k8s_cluster/storage/install_rook_ceph_storage.yml diff --git a/tasks/k8s_cluster/system/prepare_debian_system.yml b/tasks/k8s_cluster/system/prepare_debian_system.yml new file mode 100644 index 0000000..fa21617 --- /dev/null +++ b/tasks/k8s_cluster/system/prepare_debian_system.yml @@ -0,0 +1,38 @@ +####################################### +## Tasks to prepare a Debian System # +####################################### +--- +- name: Read debian values and prepare system + include_vars: + file: ../vars/k8s_cluster/system/debian.yml + +- name: Update apt cache + raw: apt-get -y update + changed_when: False + +- name: Install required system packages + apt: name={{ sys_packages }} state=present update_cache=yes cache_valid_time=3600 + +- name: Install required kubernetes system packages + apt: name={{ k8s_sys_packages }} state=present update_cache=yes cache_valid_time=3600 + when: inventory_hostname in groups['kubernetes'] + +- name: Delete EXTERNALLY-MANAGED python venv + ansible.builtin.file: + state: absent + path: /usr/lib/python3.11/EXTERNALLY-MANAGED + +- name: Install required Python modules + pip: name={{ pip_packages }} state=present + when: inventory_hostname in groups['kubernetes'] + +- name: Get hostname + command: hostname + register: old_hostname + changed_when: false + +- set_fact: hostname={{ old_hostname.stdout | lower }} + +# No capital letters in the hostname +- name: Change the hostname + command: hostnamectl set-hostname {{ hostname }}