From c66efd482c9c4aabf8a82d1f554ef5fca91b3bcb Mon Sep 17 00:00:00 2001 From: "Mytnyk, Volodymyr" Date: Fri, 11 May 2018 17:36:20 +0100 Subject: [PATCH] Add ansible scripts to deploy Kubernetes For know, only one node is supported. - build/configure CNI drivers - Init Kubernetes Change-Id: I6dd9dff7a4c7dfe2d7148812d2656966115c5ce9 Signed-off-by: Mytnyk, Volodymyr --- ansible/deploy_kube.yml | 28 ++++ ansible/group_vars/master.yml | 39 ++++++ ansible/kube-inventory.ini | 6 + ansible/roles/build_cni/defaults/main.yml | 16 +++ ansible/roles/build_cni/tasks/main.yml | 49 +++++++ ansible/roles/docker/tasks/main.yml | 6 +- ansible/roles/docker/templates/daemon.json.j2 | 1 + ansible/roles/init_kubeadm/defaults/main.yml | 27 ++++ ansible/roles/init_kubeadm/tasks/kubeadm.yml | 50 +++++++ ansible/roles/init_kubeadm/tasks/kubectl.yml | 26 ++++ ansible/roles/init_kubeadm/tasks/main.yml | 70 ++++++++++ .../init_kubeadm/templates/10-multus-cni.conf.j2 | 1 + .../init_kubeadm/templates/cmk-init-pod.yaml.j2 | 18 +++ .../init_kubeadm/templates/crd-network.yaml.j2 | 13 ++ .../init_kubeadm/templates/kube-flannel.yaml.j2 | 145 +++++++++++++++++++++ .../init_kubeadm/templates/net-flannel.yaml.j2 | 10 ++ ansible/roles/init_kubeadm/templates/roles.yaml.j2 | 16 +++ .../install_dependencies_kubernetes/tasks/main.yml | 19 +++ ansible/roles/install_go/defaults/main.yml | 18 +++ ansible/roles/install_go/tasks/main.yml | 40 ++++++ ansible/roles/install_kube/defaults/main.yml | 16 +++ ansible/roles/install_kube/tasks/main.yml | 30 +++++ .../templates/apt_conf.j2 | 3 + tools/kube-setup-one-node.sh | 44 +++++++ 24 files changed, 690 insertions(+), 1 deletion(-) create mode 100644 ansible/deploy_kube.yml create mode 100644 ansible/group_vars/master.yml create mode 100644 ansible/kube-inventory.ini create mode 100644 ansible/roles/build_cni/defaults/main.yml create mode 100644 ansible/roles/build_cni/tasks/main.yml create mode 100644 ansible/roles/docker/templates/daemon.json.j2 create mode 100644 ansible/roles/init_kubeadm/defaults/main.yml create mode 100644 ansible/roles/init_kubeadm/tasks/kubeadm.yml create mode 100644 ansible/roles/init_kubeadm/tasks/kubectl.yml create mode 100644 ansible/roles/init_kubeadm/tasks/main.yml create mode 100644 ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 create mode 100644 ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 create mode 100644 ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 create mode 100644 ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 create mode 100644 ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 create mode 100644 ansible/roles/init_kubeadm/templates/roles.yaml.j2 create mode 100644 ansible/roles/install_dependencies_kubernetes/tasks/main.yml create mode 100644 ansible/roles/install_go/defaults/main.yml create mode 100644 ansible/roles/install_go/tasks/main.yml create mode 100644 ansible/roles/install_kube/defaults/main.yml create mode 100644 ansible/roles/install_kube/tasks/main.yml create mode 100755 tools/kube-setup-one-node.sh diff --git a/ansible/deploy_kube.yml b/ansible/deploy_kube.yml new file mode 100644 index 000000000..b71e7dc7c --- /dev/null +++ b/ansible/deploy_kube.yml @@ -0,0 +1,28 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- hosts: master + become: yes + environment: "{{ proxy_env }}" + roles: + - set_package_installer_proxy + - install_dependencies_kubernetes + - docker + - install_go + - install_kube + - build_cni + - role: download_dpdk + dpdk_version: "17.02.1" + - install_dpdk + - init_kubeadm diff --git a/ansible/group_vars/master.yml b/ansible/group_vars/master.yml new file mode 100644 index 000000000..f5f703a2f --- /dev/null +++ b/ansible/group_vars/master.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_info: + multus-cni: + repo_url: https://github.com/Intel-Corp/multus-cni + repo_ver: v1.2 + build_script: build + sriov-cni: + repo_url: https://github.com/Intel-Corp/sriov-cni + repo_ver: v0.4.0 + build_script: build + containernetworking-cni: + repo_url: https://github.com/containernetworking/cni + repo_ver: v0.6.0 + build_script: build.sh + containernetworking-plugins: + repo_url: https://github.com/containernetworking/plugins + repo_ver: v0.7.1 + build_script: build.sh +kubeadm_kubernetes_version: 1.9.3 +# Default CIDR defined in kube-flannel.yml +kubeadm_pod_network_cidr: 10.244.0.0/16 +kubelet_cluster_dns_ip: 172.20.0.10 +docker_daemon_config: + bip: 172.10.1.1/16 + fixed-cidr: 172.10.0.0/24 + mtu: 1500 diff --git a/ansible/kube-inventory.ini b/ansible/kube-inventory.ini new file mode 100644 index 000000000..ff11b391d --- /dev/null +++ b/ansible/kube-inventory.ini @@ -0,0 +1,6 @@ +[master] +kube-master ansible_host=192.168.1.155 + +[master:vars] +ansible_user=ubuntu +ansible_ssh_private_key_file=ubuntu.key diff --git a/ansible/roles/build_cni/defaults/main.yml b/ansible/roles/build_cni/defaults/main.yml new file mode 100644 index 000000000..18aa418f4 --- /dev/null +++ b/ansible/roles/build_cni/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_src_dir: /opt/cni/src +cni_bin_dir: /opt/cni/bin diff --git a/ansible/roles/build_cni/tasks/main.yml b/ansible/roles/build_cni/tasks/main.yml new file mode 100644 index 000000000..ee66686f8 --- /dev/null +++ b/ansible/roles/build_cni/tasks/main.yml @@ -0,0 +1,49 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Get CNI driver sources + git: + repo: "{{ item.value.repo_url }}" + dest: "{{ cni_src_dir }}/{{ item.key }}" + version: "{{ item.value.repo_ver }}" + with_dict: "{{ cni_info }}" + +- name: Compile CNI drivers + command: "{{ cni_src_dir }}/{{ item.key }}/{{ item.value.build_script }}" + environment: "{{ go_env }}" + args: + chdir: "{{ cni_src_dir }}/{{ item.key }}" + with_dict: "{{ cni_info }}" + +- name: Get list of compiled CNI binaries + shell: ls -1 {{ item.key }}/bin/* + register: ls_cni_binaries_result + args: + chdir: "{{ cni_src_dir }}" + with_dict: "{{ cni_info }}" + +- set_fact: + cni_binary_list: "{{ cni_binary_list|default([]) + item.stdout_lines }}" + with_items: "{{ ls_cni_binaries_result.results }}" + +- name: Create CNI binaries dir + file: path={{ cni_bin_dir }} state=directory + +- name: Copy CNI binaries into kublet bin dir + copy: + src: "{{ cni_src_dir }}/{{ item }}" + dest: "{{ cni_bin_dir }}/" + remote_src: yes + mode: 0755 + with_items: "{{ cni_binary_list }}" diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index bbec371a8..18e441462 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation. +# Copyright (c) 2017-2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,10 @@ - name: create docker service config dir file: path=/etc/systemd/system/docker.service.d state=directory + - name: docker configuration + template: src=daemon.json.j2 dest=/etc/docker/daemon.json owner=root mode=0644 + when: 'docker_daemon_config is defined' + - name: create docker proxy config template: src=http-proxy-conf.j2 dest=/etc/systemd/system/docker.service.d/http-proxy.conf owner=root mode=0644 when: 'proxy_env is defined and "http_proxy" in proxy_env or "https_proxy" in proxy_env' diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 new file mode 100644 index 000000000..57bdc9f63 --- /dev/null +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -0,0 +1 @@ +{{ docker_daemon_config | to_nice_json }} diff --git a/ansible/roles/init_kubeadm/defaults/main.yml b/ansible/roles/init_kubeadm/defaults/main.yml new file mode 100644 index 000000000..3d868398d --- /dev/null +++ b/ansible/roles/init_kubeadm/defaults/main.yml @@ -0,0 +1,27 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cmk_rbc_rules_url: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-rbac-rules.yaml +cmk_serviceaccount: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-serviceaccount.yaml +dpdk_devbind_path: "{{ INSTALL_BIN_PATH|default('/opt') }}" +multus_config: + name: node-cni-network + type: multus + kubeconfig: /etc/kubernetes/kubelet.conf + delegates: + - type: flannel + delegate: + isDefaultGateway: true + hairpinMode: true + masterplugin: true diff --git a/ansible/roles/init_kubeadm/tasks/kubeadm.yml b/ansible/roles/init_kubeadm/tasks/kubeadm.yml new file mode 100644 index 000000000..7c808a01c --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubeadm.yml @@ -0,0 +1,50 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- set_fact: + service_cidr_param: --service-cidr={{ kubeadm_service_cidr }} + when: 'kubeadm_service_cidr is defined' + +- set_fact: + pod_network_cidr_param: --pod-network-cidr={{ kubeadm_pod_network_cidr }} + when: 'kubeadm_pod_network_cidr is defined' + +- set_fact: + kubernetes_version: --kubernetes-version {{ kubeadm_kubernetes_version }} + when: 'kubeadm_kubernetes_version is defined' + +- name: Initialize Kubernetes cluster + command: > + kubeadm init {{ pod_network_cidr_param|default('') }} + {{ service_cidr_param|default('') }} {{ kubernetes_version|default('') }} + --ignore-preflight-errors=all + +- name: Create Kubernetes configuration dir + file: path={{ ansible_env.HOME }}/.kube state=directory + +- name: Setup Kubernetes environment + copy: + src: /etc/kubernetes/admin.conf + dest: "{{ ansible_env.HOME }}/.kube/config" + remote_src: yes + +- name: Allow to schedule pods on the master + command: kubectl taint nodes --all node-role.kubernetes.io/master- + +- name: Wait for kube-dns pod to be in running state + command: kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o json + register: result + until: result.stdout|from_json|json_query('items[].status.phase|[0]') == "Running" + retries: 30 + delay: 2 diff --git a/ansible/roles/init_kubeadm/tasks/kubectl.yml b/ansible/roles/init_kubeadm/tasks/kubectl.yml new file mode 100644 index 000000000..3e9f2d71a --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubectl.yml @@ -0,0 +1,26 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Generate temporary resource file + tempfile: state=file prefix=kubectl.{{ item }}. + register: config_file + +- name: Generate {{ item }} resource file + template: src={{ item }}.j2 dest={{ config_file.path }} + +- name: Create {{ item }} resource + command: kubectl create -f {{ config_file.path }} + +- name: Create Kubernetes configuration dir + file: path={{ config_file.path }} state=absent diff --git a/ansible/roles/init_kubeadm/tasks/main.yml b/ansible/roles/init_kubeadm/tasks/main.yml new file mode 100644 index 000000000..df7334ce1 --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/main.yml @@ -0,0 +1,70 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Disable swap + command: swapoff -a + ignore_errors: true + +- name: Reset Kubernetes cluster + command: kubeadm reset + +- name: Clean Kubernetes directories (w/o removing the folder itself) + shell: rm -fr {{ item }}/* + with_items: + - /etc/kubernetes + - /var/lib/cni + - /etc/cmk + +- name: Create Multus CNI plugin dir + file: path=/etc/cni/net.d state=directory + +- name: Configure Multus CNI plugin + template: src=10-multus-cni.conf.j2 dest=/etc/cni/net.d/10-multus-cni.conf owner=root mode=0644 + +- name: Change default kubelet cluster dns IP + lineinfile: + path: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + regexp: '^(.*)--cluster-dns=([0-9\.]*)( +.*)$' + line: '\1--cluster-dns={{ kubelet_cluster_dns_ip }}\3' + backrefs: yes + backup: yes + +- name: Systemd daemon reload + command: systemctl daemon-reload + +- name: Restart kubelet + service: name=kubelet state=restarted + +- name: Initialize kubeadm + include: kubeadm.yml + +- name: Create CMK Kubernetes resources + command: kubectl create -f {{ item }} + with_items: + - "{{ cmk_rbc_rules_url }}" + - "{{ cmk_serviceaccount }}" + +- name: Create Kubernetes resources + include: kubectl.yml + with_items: + - crd-network.yaml + - net-flannel.yaml + - roles.yaml + - kube-flannel.yaml + - cmk-init-pod.yaml + +- name: Create a ClusterRoleBinding for a particular ClusterRole + command: > + kubectl create clusterrolebinding multus-node-{{ ansible_hostname }} + --clusterrole=multus-crd-overpowered --user=system:node:{{ ansible_hostname }} diff --git a/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 new file mode 100644 index 000000000..a68afaf26 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 @@ -0,0 +1 @@ +{{ multus_config | to_nice_json }} diff --git a/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 new file mode 100644 index 000000000..a4c735394 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + app: cmk-cluster-init-pod + name: cmk-cluster-init-pod +spec: + serviceAccountName: cmk-serviceaccount + containers: + - args: + # Change this value to pass different options to cluster-init. + - "/cmk/cmk.py cluster-init --host-list={{ ansible_hostname }} --saname=cmk-serviceaccount --cmk-img=si-docker.ir.intel.com/vcmts-ubuntu/cmk --num-dp-cores=4 --dp-mode=spread --num-cp-cores=1 --cp-mode=spread" + command: + - "/bin/bash" + - "-c" + image: si-docker.ir.intel.com/vcmts-ubuntu/cmk + name: cmk-cluster-init-pod + restartPolicy: Never diff --git a/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 new file mode 100644 index 000000000..180038b07 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: CustomResourceDefinition +metadata: + name: networks.kubernetes.com +spec: + group: kubernetes.com + version: v1 + scope: Namespaced + names: + plural: networks + singular: network + kind: Network diff --git a/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 new file mode 100644 index 000000000..4cf63d6ca --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 @@ -0,0 +1,145 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel +subjects: +- kind: ServiceAccount + name: flannel + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flannel + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: kube-flannel-cfg + namespace: kube-system + labels: + tier: node + app: flannel +data: + cni-conf.json: | + { + "name": "cbr0", + "plugins": [ + { + "type": "flannel", + "delegate": { + "hairpinMode": true, + "isDefaultGateway": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + net-conf.json: | + { + "Network": "{{ kubeadm_pod_network_cidr }}", + "Backend": { + "Type": "vxlan" + } + } +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kube-flannel-ds + namespace: kube-system + labels: + tier: node + app: flannel +spec: + template: + metadata: + labels: + tier: node + app: flannel + spec: + hostNetwork: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: flannel + containers: + - name: kube-flannel + image: quay.io/coreos/flannel:v0.10.0-amd64 + command: + - /opt/bin/flanneld + args: + - --ip-masq + - --kube-subnet-mgr + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: run + mountPath: /run + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + volumes: + - name: run + hostPath: + path: /run + - name: cni + hostPath: + path: /etc/cni/net.d + - name: flannel-cfg + configMap: + name: kube-flannel-cfg diff --git a/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 new file mode 100644 index 000000000..b872cd613 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 @@ -0,0 +1,10 @@ +apiVersion: "kubernetes.com/v1" +kind: Network +metadata: + name: flannel +plugin: flannel +args: '[{ + "delegate": { + "isDefaultGateway": true + } + }]' diff --git a/ansible/roles/init_kubeadm/templates/roles.yaml.j2 b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 new file mode 100644 index 000000000..635ba0c1e --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 @@ -0,0 +1,16 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: multus-crd-overpowered +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' diff --git a/ansible/roles/install_dependencies_kubernetes/tasks/main.yml b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml new file mode 100644 index 000000000..90098a48e --- /dev/null +++ b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml @@ -0,0 +1,19 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Install https download transport for APT + apt: + name: apt-transport-https + state: latest + update_cache: yes diff --git a/ansible/roles/install_go/defaults/main.yml b/ansible/roles/install_go/defaults/main.yml new file mode 100644 index 000000000..dee4f82d2 --- /dev/null +++ b/ansible/roles/install_go/defaults/main.yml @@ -0,0 +1,18 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +golang_repo_key_server: keyserver.ubuntu.com +golang_repo_key_id: C73998DC9DFEA6DCF1241057308C15A29AD198E9 +golang_repo_url: deb http://ppa.launchpad.net/gophers/archive/ubuntu xenial main +golang_bin_dir: /usr/lib/go-1.10/bin diff --git a/ansible/roles/install_go/tasks/main.yml b/ansible/roles/install_go/tasks/main.yml new file mode 100644 index 000000000..5489fadae --- /dev/null +++ b/ansible/roles/install_go/tasks/main.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add go language gophers repo key + # due to a proxy issue in the ansible apt_key module on Ubuntu 17.10, + # it doesn't work to add key via `id` and `keyserver` parametes. Similar + # issue is described here: https://github.com/debops/ansible-elastic_co/issues/2 + # apt_key: + # keyserver: "{{ golang_repo_key_server }}" + # id: "{{ golang_repo_key_id }}" + # As a workaround, we can use `apt-key` tool directly with proxy specified. + command: > + apt-key adv --keyserver {{ golang_repo_key_server }} --recv-keys + --keyserver-options http-proxy={{ proxy_env.http_proxy }} + {{ golang_repo_key_id }} + +- name: Add apt golang repository + apt_repository: + repo: "{{ golang_repo_url }}" + filename: golang-1.10-go + +- name: Install golang-1.10-go + apt: + name: golang-1.10-go + +- name: Setup Go environment variable + set_fact: + go_env: + PATH: "{{ golang_bin_dir }}:{{ ansible_env.PATH }}" diff --git a/ansible/roles/install_kube/defaults/main.yml b/ansible/roles/install_kube/defaults/main.yml new file mode 100644 index 000000000..1ae57469d --- /dev/null +++ b/ansible/roles/install_kube/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kubernetes_key_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg +kubernetes_repo_url: deb http://apt.kubernetes.io/ kubernetes-xenial main diff --git a/ansible/roles/install_kube/tasks/main.yml b/ansible/roles/install_kube/tasks/main.yml new file mode 100644 index 000000000..ea4f0cdb5 --- /dev/null +++ b/ansible/roles/install_kube/tasks/main.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add kubernetes repo key + apt_key: + url: "{{ kubernetes_key_url }}" + +- name: Add apt kubernetes repository + apt_repository: + repo: "{{ kubernetes_repo_url }}" + filename: kubernetes + +- name: Install kubelet kubeadm kubectl kubernetes-cni + apt: + name: + - kubelet=1.9.3* + - kubeadm=1.9.3* + - kubectl=1.9.3* + force: yes diff --git a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 index 5b57178a7..cba8eacd4 100644 --- a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 +++ b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 @@ -1,3 +1,6 @@ {% if "http_proxy" in proxy_env %} Acquire::http::Proxy "{{ proxy_env.http_proxy }}"; {% endif %} +{% if "https_proxy" in proxy_env %} +Acquire::https::Proxy "{{ proxy_env.https_proxy }}"; +{% endif %} diff --git a/tools/kube-setup-one-node.sh b/tools/kube-setup-one-node.sh new file mode 100755 index 000000000..180f11b46 --- /dev/null +++ b/tools/kube-setup-one-node.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +proxy_vars=(http_proxy https_proxy ftp_proxy no_proxy) +# get proxy environment values from /etc/environment if not set +for proxy_var in ${proxy_vars[@]} +do + env_proxy=$(sed -ne "s/^$proxy_var=[\"\']\(.*\)[\"\']/\1/p" /etc/environment) + if [[ -z ${!proxy_var} ]] && [[ ! -z ${env_proxy} ]]; then + export ${proxy_var}=${env_proxy} + fi +done +# add proxy configuration into proxy file +add_extra_env=false +echo "proxy_env:" > /tmp/proxy.yml +for proxy_var in ${proxy_vars[@]} +do + if [[ ! -z ${!proxy_var} ]]; then + echo " ${proxy_var}: ${!proxy_var}" >> /tmp/proxy.yml + add_extra_env=true + fi +done +# add extra arguments file if needed +if ${add_extra_env}; then + extra_args="${extra_args} -e @/tmp/proxy.yml " +fi + +ANSIBLE_SCRIPTS="${0%/*}/../ansible" + +cd ${ANSIBLE_SCRIPTS} && \ +ansible-playbook \ + ${extra_args} -i kube-inventory.ini deploy_kube.yml -- 2.16.6