Skip to content

jenciso/kubernetes-cluster

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Kube-Cluster

This playbook is based in Kubernetes the Hard Way

Requirements

  • Centos 7 OS
  • 1 ansible host
  • 2 servers for Load Balancer
  • 3 servers for API Server (could be 2)
  • 3 servers for etcd
  • 2 servers for nodes minions

Features

  • All kubernetes core services are binaries (not containers)
  • Etcd cluster separated of the kube-apiserver for best practices in HA.
  • Kube-Api HA
  • Automatic node register using bootstrap option
  • Simple network configuration, using Kubenet or Calico (default)
  • RBAC Authentication
  • Add support for Docker Storage LVM (default)
  • Docker Engine 1.13.1
  • Heapster/Grafana/Influxdb deploy
  • Kubernetes Dasboard UI deploy
  • Kube-DNS / Ingress Nginx deploy with node-affinity (master node)

Installation

First, create a domain for your apiserver. Replace it in group_vars/all/main.yml

api_domain: apik8s-lab.iplanet.work

Start the installation:

sudo ansible-playbook site.yml -i inventory-lab \
-e "deploy_certificates=true" \
-e "deploy_kubeconfig=true" \
-e "deploy_etcd=true" \
-e "deploy_cni=true" \
-e "deploy_network=true" \
-e "deploy_node=true" \
-e "deploy_master=true" \
-e "deploy_docker=true" \
-e "deploy_addons=true"

Tips

  • Re-create new certificates
sudo ansible-playbook site.yml -i inventory-lab \
-e "deploy_certificates=true" \
-e "deploy_kubeconfig=true" 

Remember: when you create new certificates, you need to delete all secrets for the kube-controller-manager recreate again

kubectl delete secrets --all -n default
kubectl delete secrets --all -n kube-system
kubectl delete secrets --all -n kube-public
  • Setup Admin Kubectl

Download kubectl. Ex v1.7.5

wget https://storage.googleapis.com/kubernetes-release/release/v1.7.5/bin/linux/amd64/kubectl

Download certificates created in rol "create-keys". it is located into master[0] or main_host

Ex. copy using sz (if you don't have sz, try install it: yum -y install lrzsz)

cd /opt/kubernetes
sz admin-key.pem
sz admin.pem
sz ca.pem

Setup kubeconfig for your desktop

kubectl config set-cluster k8s-lab \
  --certificate-authority=ca.pem \
  --embed-certs=true \
  --server=https://apik8s-lab.iplanet.work
kubectl config set-credentials admin \
  --embed-certs=true \
  --client-certificate=admin.pem \
  --client-key=admin-key.pem 
kubectl config set-context k8s-lab \
  --cluster=k8s-lab \
  --user=admin
kubectl config use-context k8s-lab
  • Uninstall

MASTER

sudo ansible -m shell -a "systemctl stop kube-apiserver kube-controller-manager kube-scheduler" -i inventory-lab master

ETCD

sudo ansible -m shell -a "systemctl stop etcd" -i inventory-lab etcd
sudo ansible -m shell -a 'rm -rf /var/lib/etcd/*' -i inventory-lab etcd 

NODE

sudo ansible -m shell -a "systemctl stop kubelet kube-proxy docker" -i inventory-lab node

MASTER/NODE

sudo ansible -m shell -a "rm -f /etc/sysconfig/network-scripts/route-eth0" -i inventory-lab master,node
sudo ansible -m shell -a 'rm -rf /var/lib/kubernetes' -i inventory-lab master,node
sudo ansible -m shell -a 'rm -rf /opt/kubernetes' -i inventory-lab master
sudo ansible -m shell -a 'rm -rf /var/lib/kubelet /var/lib/kube-proxy' -i inventory-lab node

Validate the installation

[root@dcbvm090dv921 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.6", GitCommit:"17d7182a7ccbb167074be7a87f0a68bd00d58d97", GitTreeState:"clean", BuildDate:"2017-08-31T09:14:02Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.6", GitCommit:"17d7182a7ccbb167074be7a87f0a68bd00d58d97", GitTreeState:"clean", BuildDate:"2017-08-31T08:56:23Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
[root@dcbvm090dv921 ~]# 
[root@dcbvm090dv921 ~]# kubectl get nodes 
NAME                             STATUS    AGE       VERSION
dcbvm090dv941.iplanet.work   Ready     39s       v1.7.6
dcbvm090dv942.iplanet.work   Ready     40s       v1.7.6
[root@dcbvm090dv921 ~]# kubectl get nodes -o wide
NAME                             STATUS    AGE       VERSION   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION
dcbvm090dv941.iplanet.work   Ready     44s       v1.7.6    <none>        CentOS Linux 7 (Core)   3.10.0-327.36.3.el7.x86_64
dcbvm090dv942.iplanet.work   Ready     45s       v1.7.6    <none>        CentOS Linux 7 (Core)   3.10.0-327.36.3.el7.x86_64
[root@dcbvm090dv921 ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                        READY     STATUS    RESTARTS   AGE       IP           NODE
kube-system   kube-dns-2700442311-2cbbw   3/3       Running   0          3m        172.18.1.2   dcbvm090dv941.iplanet.work
kube-system   kube-dns-2700442311-g9dmt   3/3       Running   0          3m        172.18.0.2   dcbvm090dv942.iplanet.work
[root@dcbvm090dv921 ~]# 

Live demo

LAB Deployment

asciicast

About

Ansible playbook for deploy kubernetes Cluster

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published