From 4c9962413e3f58605ce4610356304dce522873c9 Mon Sep 17 00:00:00 2001 From: Michael Swann Date: Tue, 12 Jan 2021 16:02:38 +0200 Subject: [PATCH] Deploy kubernetes v1.20.1 Kubernetes v1.20 drops support for docker and this role currently uses containerd as to container runtime. crictl is installed to inspect and query conainers on the host --- defaults/main.yml | 2 ++ handlers/main.yml | 3 +++ tasks/containerd.yml | 8 ++++++++ tasks/crictl.yml | 17 +++++++++++++++++ tasks/main.yml | 4 ++++ tasks/master-setup.yml | 3 +++ tasks/setup-Debian.yml | 1 + tasks/sysctl-setup.yml | 14 ++++++++++++++ templates/crictl-config.j2 | 6 ++++++ templates/kubeadm-config.j2 | 11 +++++++---- 10 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 tasks/containerd.yml create mode 100644 tasks/crictl.yml create mode 100644 templates/crictl-config.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 2340608..c671b67 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,6 +11,8 @@ kubernetes_packages: kubernetes_version: '1.19' kubernetes_version_rhel_package: '1.19.0' +kubernetes_kubeadm_version: 'v1.19.0' +crictl_version: 'v1.19.0' kubernetes_role: master diff --git a/handlers/main.yml b/handlers/main.yml index ebdb957..afc7a0d 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: restart kubelet service: name=kubelet state=restarted + +- name: restart containerd + service: name=containerd state=restarted diff --git a/tasks/containerd.yml b/tasks/containerd.yml new file mode 100644 index 0000000..33fc1a7 --- /dev/null +++ b/tasks/containerd.yml @@ -0,0 +1,8 @@ +- name: Create the containerd folder in /etc. + file: + path: /etc/containerd + state: directory + +- name: Generate a containerd config. + shell: containerd config default > /etc/containerd/config.toml + notify: restart containerd \ No newline at end of file diff --git a/tasks/crictl.yml b/tasks/crictl.yml new file mode 100644 index 0000000..c28f75f --- /dev/null +++ b/tasks/crictl.yml @@ -0,0 +1,17 @@ +- name: Download crictl tarball + get_url: + url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-linux-amd64.tar.gz" + dest: "/tmp/crictl-{{ crictl_version }}-linux-amd64.tar.gz" + +- name: Extract crictl into /usr/local/bin + unarchive: + src: "/tmp/crictl-{{ crictl_version }}-linux-amd64.tar.gz" + dest: /usr/local/bin/crictl + remote_src: yes + mode: 0751 + +- name: Create crictl config + template: + src: crictl-config.j2 + dest: /etc/crictl.yaml + mode: 0644 \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 1227585..7579cd9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,6 +20,10 @@ - include_tasks: sysctl-setup.yml +- include_tasks: containerd.yml + +- include_tasks: crictl.yml + - include_tasks: kubelet-setup.yml - name: Ensure kubelet is started and enabled at boot. diff --git a/tasks/master-setup.yml b/tasks/master-setup.yml index 3fc2c32..2248ae7 100644 --- a/tasks/master-setup.yml +++ b/tasks/master-setup.yml @@ -15,6 +15,9 @@ dest: ~/.kube/kubeadm-config.yml mode: 0644 +- name: Pull core kubernetes images. + command: kubeadm config images pull + - name: Initialize Kubernetes master with kubeadm init. command: > kubeadm init diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 4a83a58..a19be5f 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -4,6 +4,7 @@ name: - apt-transport-https - ca-certificates + - containerd state: present - name: Add Kubernetes apt key. diff --git a/tasks/sysctl-setup.yml b/tasks/sysctl-setup.yml index 174ebca..83689df 100644 --- a/tasks/sysctl-setup.yml +++ b/tasks/sysctl-setup.yml @@ -7,6 +7,17 @@ ansible_distribution != 'Debian' or ansible_distribution_major_version | int < 10 +- name: Ensure the kernel modules are loaded. + modprobe: + name: "{{ item }}" + state: present + loop: + - overlay + - br_netfilter + when: > + ansible_distribution != 'Debian' + or ansible_distribution_major_version | int < 10 + # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic - name: Let iptables see bridged traffic. sysctl: @@ -19,3 +30,6 @@ when: > ansible_distribution != 'Debian' or ansible_distribution_major_version | int < 10 + +- name: Enable ip forwarding. + shell: echo '1' > /proc/sys/net/ipv4/ip_forward diff --git a/templates/crictl-config.j2 b/templates/crictl-config.j2 new file mode 100644 index 0000000..7c08a98 --- /dev/null +++ b/templates/crictl-config.j2 @@ -0,0 +1,6 @@ +runtime-endpoint: "unix:///run/containerd/containerd.sock" +image-endpoint: "unix:///run/containerd/containerd.sock" +timeout: 2 +debug: false +pull-image-on-create: false +disable-pull-on-run: false \ No newline at end of file diff --git a/templates/kubeadm-config.j2 b/templates/kubeadm-config.j2 index 9af7ceb..d48fc3d 100644 --- a/templates/kubeadm-config.j2 +++ b/templates/kubeadm-config.j2 @@ -12,7 +12,7 @@ localAPIEndpoint: advertiseAddress: {{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }} bindPort: 6443 nodeRegistration: - criSocket: /var/run/dockershim.sock + criSocket: /run/containerd/containerd.sock name: node1 taints: - effect: NoSchedule @@ -24,14 +24,13 @@ apiServer: timeoutForControlPlane: 4m0s certificatesDir: /etc/kubernetes/pki clusterName: kubernetes -controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: k8s.gcr.io -kubernetesVersion: v1.17.0 +kubernetesVersion: {{ kubernetes_kubeadm_version }} networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 @@ -39,4 +38,8 @@ networking: controllerManager: extraArgs: node-cidr-mask-size: "{{ kubernetes_kube_controller_manager_node_cidr_mask_size }}" -scheduler: {} \ No newline at end of file +scheduler: {} +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +cgroupDriver: containerd \ No newline at end of file