From af79b9f67f00c546eceb6eed7777d85edf48f251 Mon Sep 17 00:00:00 2001 From: dannc Date: Fri, 17 Mar 2023 11:10:28 +0700 Subject: [PATCH] [stage-2] create kubectl_init ansible-playbook fix cluster.tf, update readme --- ansible/kubectl_init/.gitignore | 1 + ansible/kubectl_init/group_vars/all/all.yml | 2 ++ kubectl_init.yml | 23 +++++++++++++++++++++ kubespray_init.yml | 4 ++++ readme.md | 16 +++++++++++--- templates/kubectl/conf.j2 | 20 ++++++++++++++++++ templates/kubectl/inventory.j2 | 2 ++ terraform/cluster.tf | 2 +- 8 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 ansible/kubectl_init/.gitignore create mode 100644 ansible/kubectl_init/group_vars/all/all.yml create mode 100644 kubectl_init.yml create mode 100644 templates/kubectl/conf.j2 create mode 100644 templates/kubectl/inventory.j2 diff --git a/ansible/kubectl_init/.gitignore b/ansible/kubectl_init/.gitignore new file mode 100644 index 0000000..bbfeca5 --- /dev/null +++ b/ansible/kubectl_init/.gitignore @@ -0,0 +1 @@ +/inventory diff --git a/ansible/kubectl_init/group_vars/all/all.yml b/ansible/kubectl_init/group_vars/all/all.yml new file mode 100644 index 0000000..aca8715 --- /dev/null +++ b/ansible/kubectl_init/group_vars/all/all.yml @@ -0,0 +1,2 @@ +--- +ansible_user: ubuntu diff --git a/kubectl_init.yml b/kubectl_init.yml new file mode 100644 index 0000000..97f3ed4 --- /dev/null +++ b/kubectl_init.yml @@ -0,0 +1,23 @@ +--- +- name: Get kubectl configuration from control-node + hosts: control + tasks: + - name: Kubectl - get internal k8s config + become: yes + ansible.builtin.slurp: + src: /etc/kubernetes/admin.conf + register: k8s_internal_config + - name: Kubectl - get certificate values from internal k8s config + set_fact: + k8s_certificate_auth_data={{ (k8s_internal_config['content']|b64decode|from_yaml).clusters[0].cluster['certificate-authority-data'] }} + k8s_user_client_cert_data={{ (k8s_internal_config['content']|b64decode|from_yaml).users[0].user['client-certificate-data'] }} + k8s_user_client_key_data={{ (k8s_internal_config['content']|b64decode|from_yaml).users[0].user['client-key-data'] }} + - name: Kubectl - create kubectl config from template + delegate_to: localhost + ansible.builtin.template: + src: "{{ playbook_dir }}/templates/kubectl/conf.j2" + dest: "~/.kube/config" + - name: Kubectl - check connection + delegate_to: localhost + ansible.builtin.command: + cmd: kubectl get pods -A diff --git a/kubespray_init.yml b/kubespray_init.yml index 982ede6..338ed7c 100644 --- a/kubespray_init.yml +++ b/kubespray_init.yml @@ -27,3 +27,7 @@ ansible.builtin.pip: chdir: "{{ playbook_dir }}/vendor/kubespray" requirements: requirements.txt + - name: Kubectl - initialize inventory + ansible.builtin.template: + src: "{{ playbook_dir }}/templates/kubectl/inventory.j2" + dest: "{{ playbook_dir }}/ansible/kubectl_init/inventory" diff --git a/readme.md b/readme.md index a68cf30..10c2a79 100644 --- a/readme.md +++ b/readme.md @@ -4,6 +4,8 @@ ## Использование +Необходимо последовательно выполнить все шаги, описанные ниже. Каждый ansible-playbook описывает один шаг. + ### Инициализация конфигурации terraform * [ansible playbook `terraform_init.yml`](/terraform_init.yml) @@ -40,9 +42,6 @@ terraform apply ansible-playbook -i ansible/kubespray_init kubespray_init.yml ``` -__NOTES__: -* на данном этапе необходимо, чтобы инфрастуктура уже была задеплоена через `terraform`. - ### Запуск kubespray: установка кластера kubernetes * [ansible playbook `vendor/kubespray/cluster.yml`](/vendor/kubespray/cluster.yml) (будет создан на этапе конфигурации kubespray) @@ -53,3 +52,14 @@ __NOTES__: ```shell ansible-playbook -i ansible/kubespray/inventory.ini vendor/kubespray/cluster.yml ``` + +### Инициализация конфигурации kubectl + +* [ansible playbook `kubectl_init.yml`](/kubectl_init.yml) +* [ansible inventory](/ansible/kubectl_init) (сам файл `inventory` будет создан на этапе конфигурации kubespray) + +Запуск: + +```shell +ansible-playbook -i ansible/kubectl_init kubectl_init.yml +``` diff --git a/templates/kubectl/conf.j2 b/templates/kubectl/conf.j2 new file mode 100644 index 0000000..b9b7abc --- /dev/null +++ b/templates/kubectl/conf.j2 @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +clusters: + - cluster: + certificate-authority-data: {{ k8s_certificate_auth_data }} + server: https://{{ hostvars['control'].ansible_host }}:6443 + name: cluster.local +contexts: + - context: + cluster: cluster.local + user: kubernetes-admin + name: kubernetes-admin@cluster.local +current-context: kubernetes-admin@cluster.local +kind: Config +preferences: {} +users: +- name: kubernetes-admin + user: + client-certificate-data: {{ k8s_user_client_cert_data }} + client-key-data: {{ k8s_user_client_key_data }} diff --git a/templates/kubectl/inventory.j2 b/templates/kubectl/inventory.j2 new file mode 100644 index 0000000..ce8bfee --- /dev/null +++ b/templates/kubectl/inventory.j2 @@ -0,0 +1,2 @@ +[all] +control ansible_host={{ kube_control_node_host }} diff --git a/terraform/cluster.tf b/terraform/cluster.tf index b12d428..fd8b59a 100644 --- a/terraform/cluster.tf +++ b/terraform/cluster.tf @@ -21,7 +21,7 @@ resource "yandex_compute_instance" "k8s-cluster" { } network_interface { - subnet_id = random_shuffle.netology-gw-subnet-random.result + subnet_id = random_shuffle.netology-gw-subnet-random.result[0] nat = true }