Skip to content
/ infra-ansible-kubernetes Public

Learning ansible and kubernetes. Trying to automate kubernetes-the-hard-way

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

martopad/infra-ansible-kubernetes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
config
config
 
 
group_vars
group_vars
 
 
playbooks
playbooks
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
inventory.yaml
inventory.yaml
 
 

Repository files navigation

infra-ansible-kubernetes

My automated infrastructure deployment

  1. automates kubernetes deployment (Based on mmumshad/kubernetes-the-hard-way)
    • Note: cni pod networking, dns, ingress controller, and loadbalancer are not yet included in code.
  2. also has glusterfs -- Not yet finished.

Steps:

  1. Create the topology in both
    • inventory.yaml and config/certs/generate_all.sh
    • Nodes will be needed for etcd, control plane, load balancer, and worker nodes.
  2. config/certs/generate_all.sh ansible-playbook -i inventory.yaml playbooks/kubernetes/*
  3. etcd.yaml
  4. control_plane.yaml
  5. load_balancer.yaml
  6. worker_pre.yaml either:
  7. worker.yaml or (if with tls-bootstratpping) (currently not working)
  8. tls_bootstrapping.yaml
  9. worker_with_tls_bootstrap.yaml
  10. kubectl apply -f kube-flannel CNI pod networking
  11. init_rbac_kubelet_authorization.yaml
  12. kubectl apply -f coredns.yaml
  13. istioctl install --set profile=default -f ../istio_examples/overrides.yaml
  14. kubectl apply -f metallb-native.yaml
    • Note about WA: kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io metallb-webhook-configuration

Things to improve:

  1. server, node0, and node1 are still hardcoded names and is set in my router's dns settings. The scripts needs to adapt based on the inventory file. Currently, this wont work when I provision my next 2 (3+3) raspberry pi 5 cluster. I think majority of that work should is on the certs and kubeconfig generation.
  2. DNS stuff. I am bound by my ISP's provided router-- Orange funbox. Setting the DNS names here are less than ideal (dashes are not supported and subdomains does not work). It also doesn't have support for alternative DNS provides. So additional configuration is needed if I want to have private DNS servers (like making it a DHCP server also).
  3. The generation of certificates and kubeconfig needs to be "ansible-fy". It is handled by bash scripts.
  4. Refactor "init_server.yaml" to be 3 multiple playbooks. Currently, all of the functionalities of server (api-server, controller-manager, and scheduler) are all in one playbook. But in production environments these can be ran on different hosts and it should be decoupled for flexibility.
  5. Encryption at rest is still not implemented.
  6. Override ~/.kube/config generation behavior.
  7. Refactor glusterfs provisioning code. It feels like the vars are unorganized and the playbooks are a mess
  8. Add revert counterparts to glusterfs playbooks.

About

Learning ansible and kubernetes. Trying to automate kubernetes-the-hard-way

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages