mmul.kubelab

Panoramica Versioni Approfondimenti

Kubelab Ansible Role

This role helps you to set up a Kubernetes cluster automatically and ensures that it runs consistently every time.

Lint the project Ansible Galaxy

Features

You can configure this role to enable a variety of features:

  • Single or multi control plane cluster using HAProxy and Keepalived for better availability.
  • Network add-ons like Flannel and Calico.
  • Kubernetes Dashboard for visual management.
  • User management, including certificate generation and kubeconfig updates.
  • Ceph-CSI for block storage.
  • MetalLB for load balancing in physical server environments.
  • Ingress NGINX for exposing services.
  • Cert Manager for automatic certificate management.

Installing the Cluster with Ansible

To prepare your environment, create a Python VirtualEnv and install Ansible with pip3:

user@lab ~ # python3 -m venv ansible
user@lab ~ # source ansible/bin/activate
(ansible) user@lab ~ # pip3 install ansible

Next, you can use ansible-galaxy to install this role automatically:

(ansible) user@lab ~ # ansible-galaxy install mmul.kubelab -p ansible/roles/

After installing the role, you will need to fulfill additional requirements:

(ansible) user@lab ~ # pip3 install -r ansible/roles/mmul.kubelab/requirements.txt

Once everything is set up, run the tests/kubelab.yml playbook:

(ansible) user@lab ~ # ansible-playbook -i tests/inventory/kubelab tests/kubelab.yml

NOTE: Ensure that the date & time are accurate on all machines involved to avoid certificate verification issues.

NOTE: You can reset the entire cluster by using k8s_reset=true. Use this option carefully:

(ansible) user@lab ~ # ansible-playbook -i tests/inventory/kubelab tests/kubelab.yml -e k8s_reset=true

Interacting with the Cluster After Installation

After the playbook runs, you can interact with the cluster using the kubectl command. First, install it:

user@lab ~ # curl -s -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
user@lab ~ # chmod +x kubectl
user@lab ~ # sudo mv kubectl /usr/local/bin

The main kubeconfig file will be created in a local directory named admin.conf. To easily use it, set the KUBECONFIG variable:

user@lab ~ # export KUBECONFIG=~/kubernetes/admin.conf

Now, you can run kubectl commands which will utilize the credentials from this file:

user@lab ~ # kubectl cluster-info
user@lab ~ # kubectl get nodes

You can also log in with different users. Check the Users section for details.

Configuration

Inventory

The inventory shows which nodes you want to deploy. For example, inside the hosts file, you can list all your nodes:

# Kubernetes hosts
[kubelab]
kubernetes-1 k8s_role=control-plane run_non_infra_pods=true
kubernetes-2 k8s_role=control-plane run_non_infra_pods=true
kubernetes-3 k8s_role=control-plane run_non_infra_pods=true
kubernetes-4 k8s_role=worker

You can specify which nodes act as control planes and if they run regular pods.

Kubernetes Cluster

To set up a multi-control-plane cluster for high availability, you need to add these variables:

k8s_cluster_name: kubelab
k8s_control_plane_node: kubernetes-1
k8s_control_plane_port: 6443
k8s_multi_control_plane: true
k8s_balancer_VIP: 192.168.122.199

Note: Change security-sensitive values like k8s_control_plane_cert_key and k8s_balancer_password.

Network Add-ons

The role supports Flannel and Calico. For Flannel, add:

k8s_network_addon: flannel

To set up Calico, see the relevant defaults file.

Kubernetes Dashboard

To enable the Kubernetes dashboard, add this in the configuration:

k8s_dashboard_enable: true

Once the installation is done, you can access the dashboard using kubectl proxy.

Users

You can add users to your cluster as follows:

k8s_users:
  - name: pod-viewer
    namespace: default
    role_name: pod-viewer-role

This will create the necessary files for the user.

Ceph CSI

To enable Ceph CSI StorageClass, define:

k8s_ceph_csi_enable: true

It allows you to declare new PVCs easily.

MetalLB

To use MetalLB, simply declare:

k8s_metallb_enable: true

Ingress NGINX

To enable Ingress NGINX, declare:

k8s_ingress_nginx_enable: true

With this simple configuration, you can expose services.

Cert Manager

To enable Cert Manager, declare:

k8s_cert_manager_enable: true

This will set up automatic certificate management.

License

MIT

Author Information

Raoul Scarazzini (rascasoft)

Informazioni sul progetto

This role automates the creation of a Kubernetes cluster complete of additional dashboard, users and operators.

role kubernetes kubelab
Installa
ansible-galaxy install mmul.kubelab
GitHub repository
21 stelle
1 fork
1 problemi aperti
Licenza
mit
Download
139
Proprietario