Skip to content
Snippets Groups Projects
Verified Commit ebfbf89b authored by Ing. Klára Moravcová's avatar Ing. Klára Moravcová
Browse files

Refactoring.

parent d6e6f131
No related branches found
No related tags found
No related merge requests found
Prerequisites:
terraform
pip requirments.txt
ansible-galaxy install -r requirements.yml
1. group project (quotas?)
1. create openstack application credentials
1. git clone kubernetes-infra-example
1. application credential -> group_vars
1. terraform - main - values
1. source application credentials
1. terraform apply
1. ansible/ group_vars (all possible group vars are in kubespray project)
1. application credential -> group_vars -> all -> openstack
2. Install Kubernetes - ansible-playbook -i ~/kubernetes-example/ansible/ansible_inventory --user=ubuntu --become --become-user=root play.yml
\ No newline at end of file
[ssh_connection]
pipelining=True
ansible_ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null
#control_path = ~/.ssh/ansible-%%r@%%h:%%p
[defaults]
# https://github.com/ansible/ansible/issues/56930 (to ignore group names with - and .)
force_valid_group_names = ignore
host_key_checking=False
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /tmp
fact_caching_timeout = 86400
stdout_callback = default
display_skipped_hosts = no
library = ./library
callbacks_enabled = profile_tasks,ara_default
roles_path = roles:$VIRTUAL_ENV/usr/local/share/kubespray/roles:$VIRTUAL_ENV/usr/local/share/ansible/roles:/usr/share/kubespray/roles
deprecation_warnings=False
inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo, .creds, .gpg
[inventory]
ignore_patterns = artifacts, credentials
- name: Install Kubernetes
ansible.builtin.import_playbook: kubernetes_sigs.kubespray.cluster
- hosts: bastion
roles:
- { role: haproxy }
\ No newline at end of file
collections:
- name: https://github.com/kubernetes-sigs/kubespray
type: git
version: v2.23.1
\ No newline at end of file
---
- name: restart haproxy
service: name=haproxy state=restarted
\ No newline at end of file
---
- name: Ensure HAProxy is installed.
package: name=haproxy state=present
- name: Ensure HAProxy is enabled (so init script will start it on Debian).
lineinfile:
dest: /etc/default/haproxy
regexp: "^ENABLED.+$"
line: "ENABLED=1"
state: present
when: ansible_os_family == 'Debian'
- name: Get HAProxy version.
command: haproxy -v
register: haproxy_version_result
changed_when: false
check_mode: false
- name: Set HAProxy version.
set_fact:
haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-?Proxy version (\d+(\.\d+)*).*$", "\1") }}'
- name: Copy HAProxy configuration in place.
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
mode: 0644
validate: haproxy -f %s -c -q
notify: restart haproxy
- name: Ensure HAProxy is started and enabled on boot.
service: name=haproxy state=started enabled=yes
\ No newline at end of file
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen kubernetes-apiserver-https
bind 0.0.0.0:8383
mode tcp
option log-health-checks
timeout client 3h
timeout server 3h
{% for host in groups['kube_control_plane'] %}
server {{ host }} {{ hostvars[host].ansible_host }}:6443 check
{% endfor %}
balance roundrobin
---
## External LB example config
## apiserver_loadbalancer_domain_name: "elb.some.domain"
#loadbalancer_apiserver:
# address: 10.10.10.196
# port: 8383
## Internal loadbalancers for apiservers
loadbalancer_apiserver_localhost: false
# valid options are "nginx" or "haproxy"
......
## Values for the external OpenStack Cloud Controller
external_openstack_lbaas_enabled: true
# external_openstack_lbaas_floating_subnet_id: "Neutron subnet ID to get floating IP from"
# external_openstack_lbaas_method: ROUND_ROBIN
external_openstack_lbaas_provider: amphora
## Application credentials to authenticate against Keystone API
## Those settings will take precedence over username and password that might be set your environment
## All of them are required
external_openstack_application_credential_name: <MUST-BE-FILLED>
external_openstack_application_credential_id: <MUST-BE-FILLED>
external_openstack_application_credential_secret: <MUST-BE-FILLED>
external_openstack_application_credential_name: <FILL_APPLICATION_CREDENTIALS>
external_openstack_application_credential_id: <FILL_APPLICATION_CREDENTIALS>
external_openstack_application_credential_secret: <FILL_APPLICATION_CREDENTIALS>
## The tag of the external OpenStack Cloud Controller image
external_openstack_cloud_controller_image_tag: "latest"
......@@ -17,4 +18,4 @@ external_openstack_cloud_controller_image_tag: "latest"
## Make sure to source in the openstack credentials
cinder_csi_enabled: true
cinder_csi_controller_replicas: 1
cinder_application_credential_name: <MUST-BE-FILLED>
\ No newline at end of file
cinder_application_credential_name: <FILL_APPLICATION_CREDENTIALS>
module "kubernetes_infra" {
# source = "./../../kubernetes-infra"
source = "git::https://gitlab.ics.muni.cz/cloud/terraform/modules/kubernetes-infra.git?ref=1.0.0"
# source = "./../../kubernetes-infra"
source = "git::https://gitlab.ics.muni.cz/cloud/terraform/modules/kubernetes-infra.git?ref=2.0.0"
# Example of variable override
ssh_public_key = "~/.ssh/klaris-tp.pub"
ssh_public_key = "~/.ssh/id_rsa.pub"
infra_name = "g1-tf-test"
infra_name = "infra-name"
control_nodes_count = 3
control_nodes_volume_size = 30
control_nodes_flavor = "hpc.8core-16ram"
worker_nodes_count = 1
worker_nodes_volume_size = 30
worker_nodes_flavor = "standard.large"
worker_nodes = [
{
name = "wg-blue"
flavor = "standard.small"
volume_size = 30
count = 2
},
{
name = "wg-red"
flavor = "standard.small"
volume_size = 30
count = 3
}
]
# If you are using this modul for install kubespray
kube_vip = "10.20.0.5"
kube_fip = false
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment