Description
This project is used to setup kubernetes and ci/cd toolchain automatically via ansible-playbook.
Dependence
- ansible==2.8.3
playbook workflow
- chrony
- Synchronization time (All components communicate using SSL,so asynchronization of time may result in invalid certificates )
- Certficates
- Generate certificate on ansible controller,include ca,etcd, kube_proxy,kubeconfig
- Prepare
- os_init: remove redundant packages and install required packages
- Common init: disable swap, load kernel module, and modify kernel parameters
- Distributation files, include binary files and certification
- nexus
- install nexus and init nexus via grovvy script, include create blob,create repo,change admin password.
- pull images from @images.json to nexus local
- Retag images and push to nexus use the nexus admin password defined in inventory files
- Etcd
- install docker
- install kubelet
- install etcd
- Kube_master
- install docker when not installed
- install kubelet when not installed
- install kube_master(kube-apiserver,kube-controller-manager,kube-scheduler)
- install kube-proxy
- Kube_node
- install kubelet when not installed
- network plugins
- flannel, depends on the var set in inventory CLUSTER_NETWORK
- calico , depends on the var set in inventory CLUSTER_NETWORK
- Install addons
- Coredns
- ingress-nginx
- demoapp
Usage
- Prepare some VMs depends on the inventory files, change the root password for ssh login.
- download necessary dependence binary file and put it into ${base_dir}/bin dir detail file tree as download/binary_filelist.txt,current can be download from official sites or baidupan sharedfile links: https://pan.baidu.com/s/1UhGugwOeh1mp1mJBNScoQA password:3ka4
- change inventory/k8s.dev before you run ansible-playbook
- run command ansible-playbook -i inventory/k8s.dev --extra-vars "@images.json" 90_install.yml, after few min the kubernetes is finnish setup
todo list
- nexus
- [ok]setup a nexus and init by groovy scripts automation.
- [ok]download image and push used image to repo
- create a a proxy registry,a private registry listen port 9001, and a group listen port 9002 add member proxy and private to this group.
- add nginx loadbalace in front of nexus,forward get request to port 9002 and put request to port 9001
- Enhancement
- multi-version support
- helm support
- more addon support, eg prometheus,grafana,efk,argocd,istio
- [ok]put some of service config to configmap: kube-proxy
- after installation, check per service status
- [ok] 更改daemonset的pod更新策略,默认是ondelete,查看方法:kubectl get ds/nginx-ingress-controller -n ingress-nginx -o go-template='{{.spec.updateStrategy.type}}{{"\n"}}'
- Check the service before deploying it, and if the check is installed, skip it.
- Accessibility
- download binary file and put file to dir by script
- [ok] Packing the entire environment for Dockerfile improves script portability and compatibility
- create a Vargrantfile to build a development easily.
- bug to fix
- [ok] When the yum module fails to install the package when the network is bad, the play and task will not continue to execute. Solution: Add the number of retries
- There are some problems in detecting kube-proxy, flannel, ingress and other start-up modes. At present, the detection service on the first master is detected, and kubectl is not deployed on node node
- If the first step time is not synchronized, the certificate will be invalid
- notice
- If the service's IP access is not available, but the pod's IP access is available, please note that the service selector is correctly written.