naisible · nais ·
Naisable is a collection of ansible playbooks used to build, test and tear down NAIS kubernetes cluster.
- Ansible binaries
- An inventory file
- SSH access to the hosts using keys
- A user with passwordless sudo privileges on the hosts
ansible-playbook -i inventory-file setup-playbook.yaml &&\
ansible-playbook -i inventory-file test-playbook.yaml
ansible-playbook -i inventory-file teardown-playbook.yaml
- All nodes
- Install Webproxy certificate and update truststore
- Add Kubernetes RPM repository
- Add Docker RPM repository
- Master Node
- Fetch existing cluster certificates, if they exist
- Ansible master node
- Create cluster certificates, if not fetched from NAIS master
- Master Node
- Install and configure ETCD
- Copy cluster certificates
- Add flannel configuration to ETCD
- All nodes
- Install and enable Flannel
- Install and enable Docker
- Install and enable kube-proxy
- Configure iptables
- Master Node
- Install and enable Kubelet
- Install and enable kubernets controle plane:
- kube-apiserver
- kube-scheduler
- kube-controller-manager
- Worker Nodes
- Copy cluster certificates
- Install and enable Kubelet
- Enable monitoring
- Master Node
- Install and enable Kubelet
- Install and enable Helm
- Install and enable addons:
- kubernetes-dashboard
- core-dns
- traefik
- heapster
- Enable monitoring
Template for creating a NAIS cluster inventory file.
Each inventory file consist of a hosts section, where the master and worker nodes are defined, and a variables section, where both versions and cluster specific information.
[masters]
<K8S-master-hostname>
[workers]
<K8S-worker-hostname-1>
<K8S-worker-hostname-n>
Variable name | Version | Version information location |
---|---|---|
docker_version | 17.03.2.ce | https://download.docker.com/linux/centos/7/x86_64/stable/Packages/ |
cni_version | 0.6.0 | https://github.com/containernetworking/cni/releases |
etcd_version | 3.2.9 | https://github.com/coreos/etcd/releases/ |
flannel_version | 0.9.0 | https://github.com/coreos/flannel/releases |
k8s_version | 1.8.1 | https://github.com/kubernetes/kubernetes/releases |
dashboard_version | 1.7.1 | https://github.com/kubernetes/dashboard/releases |
coredns_version | 011 | https://github.com/coredns/coredns/releases |
traefik_version | 1.4-alpine | https://hub.docker.com/r/library/traefik/tags/ |
helm_version | 2.7.0 | https://github.com/kubernetes/helm/releases |
heapster_version | 1.4.3 | https://github.com/kubernetes/heapster/releases |
heapster_influxdb_version | 1.3.3 | https://gcr.io/google_containers/heapster-influxdb-amd64 |
Variable name | Value | Information |
---|---|---|
master_ip | 10.181.160.89 | Host IP of the master node |
cluster_name | nais-dev | The default domain name in the cluster |
service_cidr | 10.254.0.0/16 | CIDR where all k8s services will recide. Addresses in this CIDR will only exist in iptables on the cluster nodes, but should not overlap with existing network CIDRs, as there might be existing services operating in the same range |
kubernetes_default_ip | 10.254.0.1 | Normally the first address in the service CIDR. This address will be allocated for the "kubernetes.default" service |
cluster_dns_ip | 10.254.0.53 | |
pod_network_cidr | 192.168.0.0/16 | CIDR in which all pods will run. This CIDR is not accessible from the outside, but should not overlap with existing networks, as pods might need to communicate with external services operating in the same IP range |
domain | devillo.no | Domain name of your k8s nodes, required to issue certificates |
cluster_domain | nais.local | Domain name inside your cluster |
cluster_lb_suffix | nais.devillo.no | Domain your external services will be exposed |
nais_http_proxy | http://webproxy.domain.com:8088 | Address to proxy for http traffic |
nais_https_proxy | http://webproxy.domain.com:8088 | Address to proxy for https traffic |
nais_no_proxy | "localhost,127.0.0.1,.local,.devillo.no,{{ansible_default_ipv4.address}}" | This variable should contain a comma-separated list of domain extensions proxy should not be used for. |
nais_remote_user | deployer | User for remote access to the hosts configured under [masters] and [workers] section. Defaults to deployer |
[masters]
master.domain.com
[workers]
worker1.domain.com
worker2.domain.com
[all:vars]
master_ip=10.181.160.89
cluster_name=nais
service_cidr=10.254.0.0/16
kubernetes_default_ip=10.254.0.1
cluster_dns_ip=10.254.0.53
pod_network_cidr=192.168.0.0/16
domain=domain.com
cluster_domain=nais.local
cluster_lb_suffix=nais.domain.com
3 node cluster with a HTTP proxy to internett. Uses a remote user
named deployuser
to access [master] and [worker] hosts.
[masters]
master.domain.com
[workers]
worker1.domain.com
worker2.domain.com
[all:vars]
master_ip=10.181.160.89
cluster_name=nais
service_cidr=10.254.0.0/16
kubernetes_default_ip=10.254.0.1
cluster_dns_ip=10.254.0.53
pod_network_cidr=192.168.0.0/16
domain=domain.com
cluster_domain=nais.local
cluster_lb_suffix=nais.domain.com
nais_http_proxy=http://webproxy.domain.com:8088
nais_https_proxy=http://webproxy.domain.com:8088
nais_no_proxy="localhost,127.0.0.1,.local,.domain.com,.devillo.no,{{ansible_default_ipv4.address}}"
nais_remote_user=deployuser