initial commit

muraee · Jul 1, 2022 · a13c36d · a13c36d
1 parent 50db52d
commit a13c36d
Show file tree

Hide file tree

Showing 10 changed files with 322 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -12,7 +12,7 @@ crash.log
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
 #
-# example.tfvars
+terraform.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
@@ -27,3 +27,6 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+ansible/group_vars/all/defaults.yaml
+
+.vscode
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/ansible/group_vars/all/vars.yaml b/ansible/group_vars/all/vars.yaml
@@ -0,0 +1 @@
+user: "my-user"
diff --git a/ansible/master.yaml b/ansible/master.yaml
@@ -0,0 +1,64 @@
+- hosts: all
+  become: yes
+  become_user: root
+  roles:
+    - install-k8s
+
+  tasks:
+    - name: initialize the cluster
+      shell: kubeadm init --pod-network-cidr=192.168.0.0/16 --upload-certs
+      args:
+        chdir: $HOME
+        creates: cluster_initialized.yaml
+
+    - name: create .kube directory
+      become: yes
+      become_user: "{{ user }}"
+      file:
+        path: $HOME/.kube
+        state: directory
+        mode: 0755
+
+    - name: copies admin.conf to user's config
+      copy:
+        src: /etc/kubernetes/admin.conf
+        dest: /home/{{ user }}/.kube/config
+        remote_src: yes
+        owner: "{{ user }}"
+
+    - name: setup kubectl autocompletion
+      become: yes
+      become_user: "{{ user }}"
+      shell: |
+        echo 'source <(kubectl completion bash)' >>~/.bashrc
+        echo 'alias k=kubectl' >>~/.bashrc
+        echo 'complete -F __start_kubectl k' >>~/.bashrc
+      args:
+        chdir: $HOME
+
+    - name: Untaint master node
+      become: yes
+      become_user: "{{ user }}"
+      shell: kubectl taint nodes $(hostname) node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master-
+      args:
+        chdir: $HOME
+
+    - name: install Pod network
+      become: yes
+      become_user: "{{ user }}"
+      shell: kubectl apply -f https://projectcalico.docs.tigera.io/manifests/calico.yaml
+      args:
+        chdir: $HOME
+
+    - name: Get the token for joining the worker nodes
+      become: yes
+      become_user: "{{ user }}"
+      shell: kubeadm token create  --print-join-command
+      register: kubernetes_join_command
+
+    - debug:
+        msg: "{{ kubernetes_join_command.stdout }}"
+
+    - name: Copy join command to local file.
+      become: yes
+      local_action: copy content="{{ kubernetes_join_command.stdout_lines[0] }}" dest="/tmp/kubernetes_join_command" mode=0777
diff --git a/ansible/roles/install-k8s/defaults/main.yaml b/ansible/roles/install-k8s/defaults/main.yaml
@@ -0,0 +1 @@
+k8s_version: 1.24.0-00
diff --git a/ansible/roles/install-k8s/tasks/main.yaml b/ansible/roles/install-k8s/tasks/main.yaml
@@ -0,0 +1,75 @@
+---
+# - hosts: "masters, workers"
+#   remote_user: ubuntu
+#   become: yes
+#   become_method: sudo
+#   become_user: root
+#   gather_facts: yes
+#   connection: ssh
+
+- name: Create containerd config file
+  file:
+    path: "/etc/modules-load.d/containerd.conf"
+    state: "touch"
+
+- name: Add conf for containerd
+  blockinfile:
+    path: "/etc/modules-load.d/containerd.conf"
+    block: |
+      overlay
+      br_netfilter
+
+- name: modprobe
+  shell: |
+    sudo modprobe overlay
+    sudo modprobe br_netfilter
+
+- name: Set system configurations for Kubernetes networking
+  file:
+    path: "/etc/sysctl.d/99-kubernetes-cri.conf"
+    state: "touch"
+
+- name: Add conf for containerd
+  blockinfile:
+    path: "/etc/sysctl.d/99-kubernetes-cri.conf"
+    block: |
+      net.bridge.bridge-nf-call-iptables = 1
+      net.ipv4.ip_forward = 1
+      net.bridge.bridge-nf-call-ip6tables = 1
+
+- name: Apply new settings
+  command: sudo sysctl --system
+
+- name: install containerd
+  shell: |
+    sudo apt-get update && sudo apt-get install -y containerd
+    sudo mkdir -p /etc/containerd
+    sudo containerd config default | sudo tee /etc/containerd/config.toml
+    sudo systemctl restart containerd
+
+- name: disable swap
+  shell: |
+    sudo swapoff -a
+    sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+
+- name: install and configure dependencies
+  shell: |
+    sudo apt-get update && sudo apt-get install -y apt-transport-https curl
+    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+
+- name: Create kubernetes repo file
+  file:
+    path: "/etc/apt/sources.list.d/kubernetes.list"
+    state: "touch"
+
+- name: Add K8s Source
+  blockinfile:
+    path: "/etc/apt/sources.list.d/kubernetes.list"
+    block: |
+      deb https://apt.kubernetes.io/ kubernetes-xenial main
+
+- name: install kubernetes
+  shell: |
+    sudo apt-get update
+    sudo apt-get install -y kubelet='{{ k8s_version }}' kubeadm='{{ k8s_version }}' kubectl='{{ k8s_version }}'
+    sudo apt-mark hold kubelet kubeadm kubectl
diff --git a/ansible/worker.yaml b/ansible/worker.yaml
@@ -0,0 +1,28 @@
+- hosts: all
+  become: true
+  gather_facts: true
+  roles:
+    - install-k8s
+
+  tasks:
+    - name: Wait kubernetes_join_command to be available
+      local_action: wait_for path=/tmp/kubernetes_join_command
+
+    - name: Copy join command from Ansiblehost to the worker nodes.
+      become: true
+      copy:
+        src: /tmp/kubernetes_join_command
+        dest: /tmp/kubernetes_join_command
+        mode: 0777
+
+    - name: delete kubernetes_join_command
+      become: true
+      local_action:
+        module: file
+        state: absent
+        path: /tmp/kubernetes_join_command
+
+    - name: Join the Worker nodes to the cluster.
+      become: true
+      command: sh /tmp/kubernetes_join_command
+      register: joined_or_not
diff --git a/main.tf b/main.tf
@@ -0,0 +1,78 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "4.22.0"
+    }
+  }
+}
+
+provider "google" {
+  credentials = file(var.gcp_creds_file_path)
+
+  project = var.project
+  region  = var.region
+  zone    = var.zone
+}
+
+resource "google_compute_network" "vpc_network" {
+  name = "terraform-network"
+}
+
+resource "google_compute_instance" "vm_instance" {
+  for_each = var.nodes
+
+  name         = each.value.name
+  machine_type = "e2-standard-2"
+
+  boot_disk {
+    initialize_params {
+      image = "ubuntu-os-cloud/ubuntu-2004-lts"
+      type  = "pd-balanced"
+      size  = 20
+    }
+  }
+
+  network_interface {
+    network = google_compute_network.vpc_network.name
+    access_config {
+    }
+  }
+
+  metadata = {
+    ssh-keys = join("\n", [for key in var.ssh_keys : "${key.user}:${key.publickey}"])
+  }
+
+  provisioner "remote-exec" {
+    inline = ["sudo apt update", "sudo apt install python3 -y", "echo Done!"]
+
+    connection {
+      host        = self.network_interface.0.access_config.0.nat_ip
+      type        = "ssh"
+      user        = var.ssh_keys[0].user
+      private_key = file(var.ssh_keys[0].privatekeyPath)
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ${var.ssh_keys[0].user} -i '${self.network_interface.0.access_config.0.nat_ip},' --private-key ${var.ssh_keys[0].privatekeyPath} ${each.value.playbook}"
+  }
+}
+
+resource "google_compute_firewall" "allow_all" {
+  name = "allow-all-firewall"
+
+  allow {
+    protocol = "tcp"
+  }
+
+  source_tags = []
+  network     = google_compute_network.vpc_network.name
+}
+
+output "vm_instance_ip_addresses" {
+  value = {
+    for instance in google_compute_instance.vm_instance :
+    instance.name => instance.network_interface.0.access_config.0.nat_ip
+  }
+}
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
@@ -0,0 +1,8 @@
+ssh_keys = [{
+  privatekeyPath = "~/.ssh/id_ed25519"
+  publickey      = "ssh-ed25519 AAAAC3N...."
+  user           = "Max"
+}]
+
+gcp_creds_file_path = "~/gcp-credentials-key.json"
+project = "my-project"
diff --git a/values.tf b/values.tf
@@ -0,0 +1,41 @@
+variable "ssh_keys" {
+  type = list(object({
+    privatekeyPath = string
+    publickey = string
+    user      = string
+  }))
+}
+
+variable "gcp_creds_file_path" {
+  type = string
+}
+
+variable "project" {
+  type = string
+}
+
+variable "region" {
+  default = "europe-west1"
+}
+
+variable "zone" {
+  default = "europe-west1-b"
+}
+
+variable "nodes" {
+  type = map(any)
+  default = {
+    control-plane = {
+      name = "k8s-cp"
+      playbook = "./ansible/master.yaml"
+    },
+    worker = {
+      name = "k8s-worker"
+      playbook = "./ansible/worker.yaml"
+    },
+    worker2 = {
+      name = "k8s-worker-2"
+      playbook = "./ansible/worker.yaml"
+    }
+  }
+}