From ba45b91e00a84831c7faf26652ce64baede780f3 Mon Sep 17 00:00:00 2001 From: Michael Swann Date: Fri, 8 Jan 2021 16:24:57 +0200 Subject: [PATCH] Added config support for kubeadm. `kubeadmin` can now take a --config argument instead of parsing in flags. This was required in order to increase the number of pods running on a host from 110 to 500. Can now align the pod-network-cidr with kubeadm and Calico instead of use the Calico default network of 192.168.0.0/16. --- README.md | 4 ++-- defaults/main.yml | 5 ++++- meta/.galaxy_install_info | 2 ++ tasks/master-setup.yml | 43 +++++++++++++++++++++++++++---------- templates/kubeadm-config.j2 | 42 ++++++++++++++++++++++++++++++++++++ 5 files changed, 82 insertions(+), 14 deletions(-) create mode 100644 meta/.galaxy_install_info create mode 100644 templates/kubeadm-config.j2 diff --git a/README.md b/README.md index 4d540c4..f269f91 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,8 @@ Available variables are listed below, along with default values (see `defaults/m Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc. - kubernetes_version: '1.17' - kubernetes_version_rhel_package: '1.17.2' + kubernetes_version: '1.19' + kubernetes_version_rhel_package: '1.19.0' The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers. diff --git a/defaults/main.yml b/defaults/main.yml index 5bb912d..2340608 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -50,4 +50,7 @@ kubernetes_flannel_manifest_file_rbac: https://raw.githubusercontent.com/coreos/ kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml # Calico config files -kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.10/manifests/calico.yaml +kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.17/manifests/calico.yaml + +# Kubeadm config extras +kubernetes_kube_controller_manager_node_cidr_mask_size: 24 diff --git a/meta/.galaxy_install_info b/meta/.galaxy_install_info new file mode 100644 index 0000000..3d1e013 --- /dev/null +++ b/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Wed Jan 6 10:17:50 2021 +version: 5.0.1 diff --git a/tasks/master-setup.yml b/tasks/master-setup.yml index fffcd39..3fc2c32 100644 --- a/tasks/master-setup.yml +++ b/tasks/master-setup.yml @@ -1,12 +1,25 @@ --- +- name: Ensure .kube directory exists. + file: + path: ~/.kube + state: directory + mode: 0755 + +- name: Get Kubernetes bootstrap token. + command: kubeadm token generate + register: kubernetes_bootstrap_token + +- name: Add Kubernetes kube controller manager extra options override file. + template: + src: kubeadm-config.j2 + dest: ~/.kube/kubeadm-config.yml + mode: 0644 + - name: Initialize Kubernetes master with kubeadm init. command: > kubeadm init - --pod-network-cidr={{ kubernetes_pod_network.cidr }} - --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }} - --kubernetes-version {{ kubernetes_version_kubeadm }} + --config ~/.kube/kubeadm-config.yml --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }} - {{ kubernetes_kubeadm_init_extra_opts }} register: kubeadmin_init when: not kubernetes_init_stat.stat.exists @@ -16,12 +29,6 @@ verbosity: 2 when: not kubernetes_init_stat.stat.exists -- name: Ensure .kube directory exists. - file: - path: ~/.kube - state: directory - mode: 0755 - - name: Symlink the kubectl admin.conf to ~/.kube/conf. file: src: /etc/kubernetes/admin.conf @@ -38,10 +45,24 @@ changed_when: "'created' in flannel_result.stdout" when: kubernetes_pod_network.cni == 'flannel' +- name: Download Calico networking manifest. + get_url: + url: "{{ kubernetes_calico_manifest_file }}" + dest: "~/.kube/calico_manifest.yaml" + mode: "0644" + when: kubernetes_pod_network.cni == 'calico' + +- name: Replace Calico default CIDR network with Kuberenetes pod networking. + replace: + path: ~/.kube/calico_manifest.yaml + regexp: "192.168.0.0/16" + replace: "{{ kubernetes_pod_network.cidr }}" + when: kubernetes_pod_network.cni == 'calico' + - name: Configure Calico networking. command: "{{ item }}" with_items: - - kubectl apply -f {{ kubernetes_calico_manifest_file }} + - kubectl apply -f ~/.kube/calico_manifest.yaml register: calico_result changed_when: "'created' in calico_result.stdout" when: kubernetes_pod_network.cni == 'calico' diff --git a/templates/kubeadm-config.j2 b/templates/kubeadm-config.j2 new file mode 100644 index 0000000..9af7ceb --- /dev/null +++ b/templates/kubeadm-config.j2 @@ -0,0 +1,42 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: {{ kubernetes_bootstrap_token.stdout }} + ttl: 24h0m0s + usages: + - signing + - authentication +localAPIEndpoint: + advertiseAddress: {{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }} + bindPort: 6443 +nodeRegistration: + criSocket: /var/run/dockershim.sock + name: node1 + taints: + - effect: NoSchedule + key: node-role.kubernetes.io/master +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +apiServer: + timeoutForControlPlane: 4m0s +certificatesDir: /etc/kubernetes/pki +clusterName: kubernetes +controllerManager: {} +dns: + type: CoreDNS +etcd: + local: + dataDir: /var/lib/etcd +imageRepository: k8s.gcr.io +kubernetesVersion: v1.17.0 +networking: + dnsDomain: cluster.local + serviceSubnet: 10.96.0.0/12 + podSubnet: {{ kubernetes_pod_network.cidr }} +controllerManager: + extraArgs: + node-cidr-mask-size: "{{ kubernetes_kube_controller_manager_node_cidr_mask_size }}" +scheduler: {} \ No newline at end of file