Compare commits
4 Commits
2de0448c12
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 8db7202686 | |||
| ef43cde916 | |||
| e078b85055 | |||
| 922280c28a |
16
README.md
16
README.md
@@ -94,3 +94,19 @@ After the playbook completes:
|
||||
kubectl get pods -A
|
||||
```
|
||||
Ensure `coredns` and `kube-flannel` are running.
|
||||
|
||||
## Kubernetes Dashboard
|
||||
|
||||
A dashboard has been installed and is accessible via NodePort on the master node.
|
||||
|
||||
1. **Get the Token**:
|
||||
Run this command on the master node to get your login token:
|
||||
```bash
|
||||
kubectl get secret admin-user-token -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
|
||||
```
|
||||
|
||||
2. **Access the Dashboard**:
|
||||
Open your browser and navigate to:
|
||||
`https://<master-ip>:30443`
|
||||
|
||||
*Note: Since it uses a self-signed certificate, you will need to bypass the browser security warning (usually click "Advanced" -> "Proceed").*
|
||||
|
||||
@@ -3,5 +3,6 @@ inventory = ./inventory/hosts.ini
|
||||
host_key_checking = False
|
||||
retry_files_enabled = False
|
||||
interpreter_python = auto_silent
|
||||
stdout_callback = yaml
|
||||
bin_ansible_callbacks = True
|
||||
stdout_callback = ansible.builtin.default
|
||||
result_format = yaml
|
||||
|
||||
@@ -1,11 +1,20 @@
|
||||
---
|
||||
ansible_user: pi
|
||||
ansible_user: mastermito
|
||||
# Use ansible-vault to encrypt the password:
|
||||
# ansible-vault encrypt_string 'your_password' --name 'vault_ssh_password'
|
||||
# then put the result here.
|
||||
# For now, we expect these variables to be defined, e.g. in a vault file or extra vars.
|
||||
# ansible_password: "{{ vault_ssh_password }}"
|
||||
# ansible_become_password: "{{ vault_become_password }}"
|
||||
ansible_password: "{{ vault_ssh_password }}"
|
||||
ansible_become_password: "{{ vault_ssh_password }}"
|
||||
|
||||
# Kubernetes Version
|
||||
k8s_version: "1.28.0-00"
|
||||
|
||||
vault_ssh_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36633632343864633038356262396462343166383432306136346239353334376637333735303534
|
||||
3132323064333838643735623665393031393766653938310a383531653039366462623261646162
|
||||
34336361333838373531663262623064363338353930363735323336343562623738326434343763
|
||||
3837646335653035640a656436643939303466663962323365383238303965666239333564363865
|
||||
6137
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
[masters]
|
||||
pi1 ansible_host=192.168.1.10
|
||||
pi1 ansible_host=192.168.240.200
|
||||
|
||||
[workers]
|
||||
pi2 ansible_host=192.168.1.11
|
||||
pi3 ansible_host=192.168.1.12
|
||||
pi4 ansible_host=192.168.1.13
|
||||
pi2 ansible_host=192.168.240.201
|
||||
pi3 ansible_host=192.168.240.202
|
||||
pi4 ansible_host=192.168.240.203
|
||||
|
||||
[all:vars]
|
||||
# These are placeholders, update with real IPs
|
||||
|
||||
@@ -1,4 +1,13 @@
|
||||
---
|
||||
- name: Wait for APT lock
|
||||
shell: |
|
||||
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
|
||||
echo "Waiting for other software managers to finish..."
|
||||
sleep 5
|
||||
done
|
||||
register: apt_lock_wait
|
||||
changed_when: false
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
@@ -8,6 +17,26 @@
|
||||
apt:
|
||||
upgrade: dist
|
||||
|
||||
- name: Check if cloud-init exists
|
||||
stat:
|
||||
path: /etc/cloud/cloud.cfg
|
||||
register: cloud_init_cfg
|
||||
|
||||
- name: Prevent cloud-init from changing hostname
|
||||
copy:
|
||||
dest: /etc/cloud/cloud.cfg.d/99-preserve-hostname.cfg
|
||||
content: "preserve_hostname: true"
|
||||
when: cloud_init_cfg.stat.exists
|
||||
|
||||
- name: Set hostname
|
||||
command: "hostnamectl set-hostname {{ inventory_hostname }}"
|
||||
|
||||
- name: Update /etc/hosts with inventory hostname
|
||||
lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: '^127\.0\.1\.1'
|
||||
line: "127.0.1.1 {{ inventory_hostname }}"
|
||||
|
||||
- name: Install required system packages
|
||||
apt:
|
||||
name:
|
||||
@@ -22,16 +51,32 @@
|
||||
command: swapoff -a
|
||||
when: ansible_swaptotal_mb > 0
|
||||
|
||||
- name: Disable swap in dphys-swapfile
|
||||
lineinfile:
|
||||
path: /etc/dphys-swapfile
|
||||
regexp: '^CONF_SWAPSIZE='
|
||||
line: 'CONF_SWAPSIZE=0'
|
||||
notify: restart kubelet
|
||||
- name: Disable swap in /etc/fstab
|
||||
replace:
|
||||
path: /etc/fstab
|
||||
regexp: '^([^#].*?\sswap\s+.*)$'
|
||||
replace: '# \1'
|
||||
|
||||
- name: Stop and disable dphys-swapfile service (if exists)
|
||||
service:
|
||||
name: dphys-swapfile
|
||||
state: stopped
|
||||
enabled: no
|
||||
failed_when: false
|
||||
when: ansible_distribution == 'Raspbian'
|
||||
|
||||
- name: Determine cmdline.txt location
|
||||
stat:
|
||||
path: /boot/firmware/cmdline.txt
|
||||
register: cmdline_firmware
|
||||
|
||||
- name: Set cmdline path
|
||||
set_fact:
|
||||
cmdline_path: "{{ '/boot/firmware/cmdline.txt' if cmdline_firmware.stat.exists else '/boot/cmdline.txt' }}"
|
||||
|
||||
- name: Enable cgroup features in cmdline.txt
|
||||
replace:
|
||||
path: /boot/cmdline.txt
|
||||
path: "{{ cmdline_path }}"
|
||||
regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1\b).*)$'
|
||||
replace: '\1 cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1'
|
||||
register: cgroup_update
|
||||
@@ -100,13 +145,13 @@
|
||||
|
||||
- name: Download Kubernetes GPG key
|
||||
get_url:
|
||||
url: https://pkgs.k8s.io/core:/stable:/v1.35/deb/Release.key
|
||||
url: "https://pkgs.k8s.io/core:/stable:/v{{ k8s_version | regex_search('^[0-9]+\\.[0-9]+') }}/deb/Release.key"
|
||||
dest: /etc/apt/keyrings/kubernetes-apt-keyring.asc
|
||||
mode: '0644'
|
||||
|
||||
- name: Add Kubernetes apt repository
|
||||
apt_repository:
|
||||
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v1.35/deb/ /"
|
||||
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v{{ k8s_version | regex_search('^[0-9]+\\.[0-9]+') }}/deb/ /"
|
||||
state: present
|
||||
filename: kubernetes
|
||||
|
||||
|
||||
64
roles/dashboard/tasks/main.yml
Normal file
64
roles/dashboard/tasks/main.yml
Normal file
@@ -0,0 +1,64 @@
|
||||
---
|
||||
- name: Install Metrics Server
|
||||
command: kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
|
||||
- name: Patch Metrics Server for self-signed certs (RPi workaround)
|
||||
command: >
|
||||
kubectl patch deployment metrics-server -n kube-system --type='json'
|
||||
-p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
|
||||
- name: Install Kubernetes Dashboard
|
||||
command: kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
|
||||
- name: Create Dashboard Admin Service Account
|
||||
shell: |
|
||||
cat <<EOF | kubectl apply -f -
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: admin-user
|
||||
namespace: kubernetes-dashboard
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: admin-user
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: admin-user
|
||||
namespace: kubernetes-dashboard
|
||||
EOF
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
|
||||
- name: Create Dashboard Admin Token Secret (for K8s 1.24+)
|
||||
shell: |
|
||||
cat <<EOF | kubectl apply -f -
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: admin-user-token
|
||||
namespace: kubernetes-dashboard
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: admin-user
|
||||
type: kubernetes.io/service-account-token
|
||||
EOF
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
|
||||
- name: Change Dashboard service to NodePort
|
||||
command: >
|
||||
kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard
|
||||
-p '{"spec": {"type": "NodePort", "ports": [{"port": 443, "nodePort": 30443}]}}'
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
@@ -1,4 +1,7 @@
|
||||
---
|
||||
- name: Pre-pull Kubernetes images
|
||||
command: kubeadm config images pull
|
||||
|
||||
- name: Initialize Kubernetes Control Plane
|
||||
command: kubeadm init --pod-network-cidr=10.244.0.0/16
|
||||
args:
|
||||
@@ -23,13 +26,15 @@
|
||||
|
||||
- name: Install Flannel Pod Network
|
||||
command: kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
|
||||
become: yes
|
||||
become_user: "{{ ansible_user }}"
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
when: kubeadm_init.changed
|
||||
|
||||
- name: Get join command
|
||||
command: kubeadm token create --print-join-command
|
||||
register: join_command_raw
|
||||
environment:
|
||||
KUBECONFIG: /etc/kubernetes/admin.conf
|
||||
|
||||
- name: Add dummy host with variable
|
||||
add_host:
|
||||
|
||||
Reference in New Issue
Block a user