ansible-role-kubernetes-controller

This role is part of a guide for setting up Kubernetes with Ansible, specifically the control plane. It helps install the Kubernetes API server, scheduler, and controller manager. For more details, check out the guide linked above.

Versions

Every release of this role is tagged, and I follow semantic versioning. It's best to use the latest tag for stability. The master branch is under development, while tags represent stable releases. A tag like 23.0.0+1.28.5 indicates it's version 23.0.0 for Kubernetes 1.28.5, but it should also work with any 1.27.x Kubernetes version. The version before the + will increase for changes to the role, while the version after it increases when the Kubernetes version changes. This helps identify bug fixes and major updates while focusing on specific Kubernetes versions.

Requirements

Before using this role, you need to create certificates for the Kubernetes API server. The role will copy these certificates from a specified location to the target host. You also need to set up a VPN (like WireGuard) and an etcd cluster. While the WireGuard VPN isn't mandatory, it improves security by encrypting traffic between Kubernetes hosts.

Supported Operating Systems

• Ubuntu 20.04 (Focal Fossa)
• Ubuntu 22.04 (Jammy Jellyfish)

Changelog

Change history:

For a complete history, refer to the CHANGELOG.md.

Important Note: If upgrading from a version below 22.0.0+1.27.8, please read the CHANGELOG.md carefully. Version 22.0.0+1.27.8 includes breaking changes!

Recent changes:

1. 24.0.0+1.29.4:

   • Updated Kubernetes to 1.29.4.

2. 24.0.0+1.29.3:

   • Updated Kubernetes to 1.29.3.
   • Used alvistack instead of generic Vagrant boxes for Molecule testing.

3. 23.1.2+1.28.8:

   • Updated Kubernetes to 1.28.8.

4. 23.1.1+1.28.5:

   • Fixed a bug in ClusterRoleBinding for system:kube-apiserver.

5. 23.0.0+1.28.5:

   • Updated Kubernetes to 1.28.5.
   • Added new admission plugins to k8s_apiserver_settings.

Installation

You can install the role in several ways:

• Download from GitHub:

git clone https://github.com/githubixx/ansible-role-kubernetes-controller.git githubixx.kubernetes_controller

• Install via ansible-galaxy command:

ansible-galaxy install role githubixx.kubernetes_controller

• Create a requirements.yml file and install:

---
roles:
  - name: githubixx.kubernetes_controller
    src: https://github.com/githubixx/ansible-role-kubernetes-controller.git
    version: 24.0.1+1.29.4

Then run:

ansible-galaxy role install -r requirements.yml

Role Variables

Some default variables are:

• k8s_ctl_conf_dir: Base directory for Kubernetes configuration and certificates.
• k8s_ctl_pki_dir: Directory for certificate files.
• k8s_ctl_bin_dir: Where to store Kubernetes binaries.
• k8s_ctl_release: Kubernetes version to use.
• k8s_interface: Service listening interface (e.g., "eth0").
• k8s_run_as_user: User to run Kubernetes services.
• k8s_ctl_api_endpoint_host: Hostname or IP for the Kubernetes API.
• Other variables manage logging, certificate directories, etc.

You can override default settings by defining specific variables in your playbook.

Example Playbook

Here’s a simple example:

- hosts: k8s_controller
  roles:
    - githubixx.kubernetes_controller

Testing

This role includes a test setup with Molecule, using virtual machines to install a Kubernetes cluster. For setup details, refer to my blog post Testing Ansible roles with Molecule.

After setting up, you can run:

molecule converge

This sets up virtual machines and installs the Kubernetes cluster. You can verify the setup with:

molecule verify

To clean up, run:

molecule destroy

License

This work is licensed under the GNU GENERAL PUBLIC LICENSE Version 3.

Author Information

For more information, visit my blog.