K8S HA Control Plane Init

Contents

Abstract

This role initializes a k8s Control Plane suitable for a high availability cluster.

K8S HA Control Plane Init#

HA Clusters with Kubeadm is helped with use of the tool kube-vip.

Tasks#

The role uses kubeadm to handle the initialization of the primary control plane. It should be run after the reset role and before the join role.

---
  ###
  # ```{rubric} Prep for Kubeadm
  # ```
  # ---
  # Prepare the first control plane for init.
  #
  # ```{literalinclude} /roles/init/tasks/main.yml
  # :language: yaml
  # :start-at: "- name: Create kube group\n"
  # :end-at: "    mode: ugo+rw\n"
  # ```
- name: Create kube group
  ansible.builtin.group:
    name: kube
    state: present
- name: Create kube user
  ansible.builtin.user:
    name: kube
    group: kube
    state: present
- name: Create kubeadm directory
  ansible.builtin.file:
    state: directory
    recurse: true
    dest: /etc/kubeadm
    owner: kube
    group: kube
    mode: ug+rwx,o+r
- name: Drop init token
  ansible.builtin.file:
    dest: /etc/kubeadm/init.token
    state: absent
- name: Generate a boostrap token
  ansible.builtin.shell:
    cmd: kubeadm token generate
  register: token_out
- name: Template token init config
  ansible.builtin.template:
    src: init.yaml
    dest: /etc/kubeadm/init.yaml
    owner: kube
    group: kube
    mode: ugo+rw
  ###
  # ```{rubric} Init 1
  # ```
  # ---
  # Run the command to initialize the first control plane.
  #
  # ```{literalinclude} /roles/init/tasks/main.yml
  # :language: yaml
  # :start-at: "- name: Init new cluster\n"
  # ```
- name: Init new cluster
  ansible.builtin.shell:
    chdir: /etc/kubeadm
    cmd: kubeadm init --config init.yaml --upload-certs &> /root/join.md
    creates: /etc/kubernetes/admin.conf
  register: init_result
- name: Debug
  ansible.builtin.debug:
    var: init_result
- name: Pull stored output from host
  ansible.builtin.fetch:
    src: /root/join.md
    dest: roles/join/files/
    flat: true
- name: Pull admin conf from remote
  ansible.builtin.fetch:
    src: /etc/kubernetes/admin.conf
    dest: roles/init/files/
    flat: true
- name: Copy admin conf back to remote
  ansible.builtin.copy:
    src: roles/init/files/admin.conf
    dest: "{{ item.path }}"
    owner: "{{ item.owner }}"
    group: kube
    mode: u+rw,go-rwx
  loop:
    - path: /root/.kube/config
      owner: root
    - path: "/home/{{ kcp_nonroot }}/.kube/config"
      owner: "{{ kcp_nonroot }}"
- name: Copy admin conf to local
  ansible.builtin.shell:
    cmd: "scp {{ scp_cfg_src }} {{ item }}"
  loop:
    - "{{ scp_cfg_dest }}"
    - "{{ scp_cfg_home }}"
  delegate_to: localhost
  become: true
  become_user: duchess

Section author: Xander Harris xandertheharris@gmail.com

Contents