First version

create-k8s-basic/README.md

@@ -0,0 +1,15 @@
+# Creation of a simple Kubernetes cluster with Ansible
+
+The create-k8s-basic directory contains an ansible playbook (k8s_create.yaml) that may be used to create a simple 3-node kubernetes cluster using the latest stable version of kubernetes and the containerd runtime.
+
+* Pre-Requisites
+- Three pre-provisioned RHEL 8 nodes with connectivity to the Internet to download packages and images from repositories and registries.
+- A user account (auto.svc in my playbook) with sudo (root) privileges provisioned on the ansible control node and all RHEL 8 nodes. Also ensure that the user’s SSH keys are set up to allow execution of the ansible playbook.
+
+* Implementation
+- Set the POD and SERVICE network CIDR blocks in vars/main.yaml
+- Add details for the pre-provisioned RHEL 8 nodes to the files/inventory
+- Execute the following command:
+
+    ansible-playbook -i files/inventory k8s_create.yaml
+

create-k8s-basic/files/calico-base.yaml

@@ -0,0 +1,17 @@
+# This section includes base Calico installation configuration.
+# For more information, see: https://docs.projectcalico.org/v3.18/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+    - blockSize: 26
+      cidr: POD_NETWORK 
+      encapsulation: VXLANCrossSubnet
+      natOutgoing: Enabled
+      nodeSelector: all()
+

create-k8s-basic/files/crictl.yaml

@@ -0,0 +1,4 @@
+runtime-endpoint: unix:///run/containerd/containerd.sock
+image-endpoint: unix:///run/containerd/containerd.sock
+timeout: 10
+debug: false

create-k8s-basic/files/inventory

@@ -0,0 +1,10 @@
+[control-plane]
+172.30.100.10
+
+[nodes]
+172.30.100.11
+172.30.100.12
+
+[k8s-cluster:children]
+control-plane
+nodes

create-k8s-basic/k8s_calico.yaml

@@ -0,0 +1,38 @@
+---
+# cybergavin 
+# Install Calico with Tigera operator - https://docs.projectcalico.org/getting-started/kubernetes/quickstart
+
+- name: Create .kube directory
+  file:
+    path: /root/.kube
+    state: directory
+
+- name: Copy kubernetes config file for kubectl
+  copy:
+    src: /etc/kubernetes/admin.conf
+    remote_src: yes
+    dest: /root/.kube/config
+
+- name: Include variables
+  include_vars: dir=vars
+
+- name: Install the Tigera Operator 
+  command: kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml 
+  register: tigera_operator_install
+  failed_when: tigera_operator_install.rc != 0
+
+- name: Copy calico manifest file
+  copy:
+    src: "{{ playbook_dir }}/files/calico-base.yaml" 
+    dest: /root/calico-base.yaml
+
+- name: Set pod network CIDR in Calico manifest 
+  replace:
+    path: /root/calico-base.yaml 
+    regexp: 'POD_NETWORK'
+    replace: "{{ pod_network }}"
+
+- name: Install Calico 
+  command: kubectl create -f /root/calico-base.yaml 
+  register: calico_install
+  failed_when: calico_install.rc != 0

create-k8s-basic/k8s_cp_init.yaml

@@ -0,0 +1,11 @@
+---
+# cybergavin 
+# Control Plane Init 
+
+- name: Include variables
+  include_vars: dir=vars
+
+- name: Initialize the Kubernetes Cluster
+  command: kubeadm init --pod-network-cidr "{{ pod_network }}" --service-cidr "{{ service_network }}" 
+  register: kubeadm_init
+  failed_when: kubeadm_init.rc != 0

create-k8s-basic/k8s_create.yaml

@@ -0,0 +1,30 @@
+---
+# cybergavin 
+# Create a Kubernetes cluster with a single-node control plane
+# Uses inventory details in files/inventory
+#
+- name: Prepare all nodes for the creation of the Kubernetes cluster 
+  hosts: all 
+  remote_user: auto.svc
+  become: yes
+  gather_facts: True
+  tasks:
+    - include: k8s_prep.yaml
+
+- name: Create the Kubernetes cluster 
+  hosts: control-plane 
+  remote_user: auto.svc
+  become: yes
+  gather_facts: True
+  tasks:
+    - include: k8s_cp_init.yaml 
+    - include: k8s_calico.yaml 
+    - include: k8s_joincommand.yaml 
+
+- name: Join nodes to the Kubernetes cluster 
+  hosts: nodes 
+  remote_user: auto.svc
+  become: yes
+  gather_facts: True
+  tasks:
+    - include: k8s_join_node.yaml 

create-k8s-basic/k8s_join_node.yaml

@@ -0,0 +1,5 @@
+---
+# cybergavin 
+
+- name: Join {{ ansible_facts['nodename'] }} to the k8s cluster
+  command: "{{ hostvars['kubeadm']['join_command'] }}"

create-k8s-basic/k8s_joincommand.yaml

@@ -0,0 +1,12 @@
+---
+# cybergavin 
+# Obtaining information for adding worker nodes
+# 
+- name: Create bootstrap token with kubeadm {{ ansible_facts['nodename'] }}
+  command: kubeadm token create --print-join-command 
+  register: kubeadm_join_command 
+
+- name: Generate kubeadm join command
+  add_host:
+    name: "kubeadm"
+    join_command: "{{ kubeadm_join_command.stdout }}"

create-k8s-basic/k8s_prep.yaml

@@ -0,0 +1,99 @@
+---
+# cybergavin 
+# Prepare a node for Kubernetes
+#
+- name: Turn off swap 
+  command: swapoff -a 
+  changed_when: true
+  when: ansible_swaptotal_mb > 0
+   
+- name: Disable swap  
+  lineinfile:
+    path: '/etc/fstab'
+    regexp: '\sswap\s'
+    state: absent 
+
+- name: Put SELinux in permissive mode, logging actions that would be blocked.
+  selinux:
+    policy: targeted
+    state: permissive
+
+- name: Disable firewalld 
+  systemd:
+    name: firewalld
+    state: stopped
+    enabled: no
+
+- name: Load the required kernel modules 
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - br_netfilter
+    - overlay
+
+- name: Persist kernel module loading  
+  copy:
+    dest: '/etc/modules-load.d/k8s.conf' 
+    content: |
+      br_netfilter
+      overlay
+
+- name: Tune sysctl parameters  in /proc and the sysctl file
+  sysctl:
+    name: "{{ item }}" 
+    value: '1'
+    sysctl_set: yes
+    state: present
+  with_items:
+    - net.ipv4.ip_forward
+    - net.bridge.bridge-nf-call-iptables
+    - net.bridge.bridge-nf-call-ip6tables
+
+- name: Add Kubernetes repository 
+  yum_repository:
+    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
+    name: "Kubernetes"
+    state: present 
+    description: "Kubernetes Repository"
+    gpgcheck: yes
+    gpgkey: "https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" 
+    exclude: "kubelet kubeadm kubectl"
+
+- name: Add docker-ce repository for containerd 
+  yum_repository:
+    name: "Docker-CE" 
+    description: "Docker CE Stable" 
+    baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable 
+    state: present
+    gpgcheck: yes
+    gpgkey: https://download.docker.com/linux/centos/gpg 
+    
+- name: Install required packages (containerd, kubeadmn, kubectl, kubelet) 
+  yum:
+    name: "{{ packages }}"
+    disable_excludes: "Kubernetes"
+  vars:
+    packages:
+    - containerd.io
+    - kubeadm
+    - kubelet
+    - kubectl
+    - iproute-tc
+
+- name: Dump default configuration for containerd
+  shell: containerd config default > /etc/containerd/config.toml
+
+- name: Configure crictl to use containerd
+  copy:
+    src: files/crictl.yaml 
+    dest: /etc/crictl.yaml
+
+- name: Enable and start the required services (containerd.io, kubelet) 
+  systemd:
+    name: "{{ item }}" 
+    enabled: yes
+    state: started
+  with_items:
+    - containerd
+    - kubelet

create-k8s-basic/vars/main.yaml

@@ -0,0 +1,3 @@
+---
+pod_network: "10.10.0.0/16"
+service_network: "10.20.0.0/16"