Deploy kubernetes v1.20.1

Kubernetes v1.20 drops support for docker and this role currently uses
    containerd as to container runtime.

    crictl is installed to inspect and query conainers on the host
This commit is contained in:
Michael Swann 2021-01-12 16:02:38 +02:00
parent ba45b91e00
commit 4c9962413e
10 changed files with 65 additions and 4 deletions

View File

@ -11,6 +11,8 @@ kubernetes_packages:
kubernetes_version: '1.19'
kubernetes_version_rhel_package: '1.19.0'
kubernetes_kubeadm_version: 'v1.19.0'
crictl_version: 'v1.19.0'
kubernetes_role: master

View File

@ -1,3 +1,6 @@
---
- name: restart kubelet
service: name=kubelet state=restarted
- name: restart containerd
service: name=containerd state=restarted

8
tasks/containerd.yml Normal file
View File

@ -0,0 +1,8 @@
- name: Create the containerd folder in /etc.
file:
path: /etc/containerd
state: directory
- name: Generate a containerd config.
shell: containerd config default > /etc/containerd/config.toml
notify: restart containerd

17
tasks/crictl.yml Normal file
View File

@ -0,0 +1,17 @@
- name: Download crictl tarball
get_url:
url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-linux-amd64.tar.gz"
dest: "/tmp/crictl-{{ crictl_version }}-linux-amd64.tar.gz"
- name: Extract crictl into /usr/local/bin
unarchive:
src: "/tmp/crictl-{{ crictl_version }}-linux-amd64.tar.gz"
dest: /usr/local/bin/crictl
remote_src: yes
mode: 0751
- name: Create crictl config
template:
src: crictl-config.j2
dest: /etc/crictl.yaml
mode: 0644

View File

@ -20,6 +20,10 @@
- include_tasks: sysctl-setup.yml
- include_tasks: containerd.yml
- include_tasks: crictl.yml
- include_tasks: kubelet-setup.yml
- name: Ensure kubelet is started and enabled at boot.

View File

@ -15,6 +15,9 @@
dest: ~/.kube/kubeadm-config.yml
mode: 0644
- name: Pull core kubernetes images.
command: kubeadm config images pull
- name: Initialize Kubernetes master with kubeadm init.
command: >
kubeadm init

View File

@ -4,6 +4,7 @@
name:
- apt-transport-https
- ca-certificates
- containerd
state: present
- name: Add Kubernetes apt key.

View File

@ -7,6 +7,17 @@
ansible_distribution != 'Debian'
or ansible_distribution_major_version | int < 10
- name: Ensure the kernel modules are loaded.
modprobe:
name: "{{ item }}"
state: present
loop:
- overlay
- br_netfilter
when: >
ansible_distribution != 'Debian'
or ansible_distribution_major_version | int < 10
# See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
- name: Let iptables see bridged traffic.
sysctl:
@ -19,3 +30,6 @@
when: >
ansible_distribution != 'Debian'
or ansible_distribution_major_version | int < 10
- name: Enable ip forwarding.
shell: echo '1' > /proc/sys/net/ipv4/ip_forward

View File

@ -0,0 +1,6 @@
runtime-endpoint: "unix:///run/containerd/containerd.sock"
image-endpoint: "unix:///run/containerd/containerd.sock"
timeout: 2
debug: false
pull-image-on-create: false
disable-pull-on-run: false

View File

@ -12,7 +12,7 @@ localAPIEndpoint:
advertiseAddress: {{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
criSocket: /run/containerd/containerd.sock
name: node1
taints:
- effect: NoSchedule
@ -24,14 +24,13 @@ apiServer:
timeoutForControlPlane: 4m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kubernetesVersion: v1.17.0
kubernetesVersion: {{ kubernetes_kubeadm_version }}
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
@ -39,4 +38,8 @@ networking:
controllerManager:
extraArgs:
node-cidr-mask-size: "{{ kubernetes_kube_controller_manager_node_cidr_mask_size }}"
scheduler: {}
scheduler: {}
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: containerd