K8S HA Control Plane Init

Contents

Abstract

This role initializes a k8s Control Plane suitable for a high availability cluster.

K8S HA Control Plane Init#

HA Clusters with Kubeadm is helped with use of the tool kube-vip.

Tasks#

The role uses kubeadm to handle the initialization of the primary control plane. It should be run after the reset role and before the join role.

###
# ```{rubric} Prep for Kubeadm
# ```
# ---
# Prepare the first control plane for init.
#
# ```{literalinclude} /roles/init/tasks/main.yml
# :language: yaml
# :start-at: "- name: Create kube group\n"
# :end-at: "    mode: ugo+rw\n"
# ```
- name: Create kube group
  ansible.builtin.group:
    name: kube
    state: present
- name: Create kube user
  ansible.builtin.user:
    name: kube
    group: kube
    state: present
- name: Create kubeadm directory
  ansible.builtin.file:
    state: directory
    recurse: true
    dest: /etc/kubeadm
    owner: kube
    group: kube
    mode: ug+rwx,o+r
- name: Drop init token
  ansible.builtin.file:
    dest: /etc/kubeadm/init.token
    state: absent
- name: Generate a boostrap token
  ansible.builtin.shell:
    cmd: kubeadm token generate > init.token
    creates: init.token
  register: token_out
- name: Template token init config
  ansible.builtin.template:
    src: init.yaml
    dest: /etc/kubeadm/init.yaml
    owner: kube
    group: kube
    mode: ugo+rw
    ###
    # ```{rubric} Init 1
    # ```
    # ---
    # Run the command to initialize the first control plane.
    #
    # ```{literalinclude} /roles/init/tasks/main.yml
    # :language: yaml
    # :start-at: "- name: Init new cluster\n"
    # ```
- name: Init new cluster
  ansible.builtin.shell:
    chdir: /etc/kubeadm
    cmd: kubeadm init --config init.yaml --upload-certs &> /root/join.md
    creates: /etc/kubernetes/admin.conf
  register: init_result
- name: Debug
  ansible.builtin.debug:
    var: init_result
- name: Pull stored output from host
  ansible.builtin.fetch:
    src: /root/join.md
    dest: roles/join/files/
    flat: true
- name: Pull admin conf from remote
  ansible.builtin.fetch:
    src: /etc/kubernetes/admin.conf
    dest: roles/init/files/
    flat: true
- name: Copy admin conf back to remote
  ansible.builtin.copy:
    src: roles/init/files/admin.conf
    dest: "{{ item.path }}"
    owner: "{{ item.owner }}"
    group: kube
    mode: u+rw,go-rwx
  loop:
    - path: /root/.kube/config
      owner: root
    - path: "/home/{{ init_kcp_nonroot }}/.kube/config"
      owner: "{{ init_kcp_nonroot }}"
# - name: Copy admin conf to local
#   ansible.builtin.shell:
#     cmd: "scp {{ scp_cfg_src }} {{ item }}"
#   loop:
#     - "{{ scp_cfg_dest }}"
#     - "{{ scp_cfg_home }}"
#   delegate_to: localhost
#   become: true
#   become_user: duchess

Section author: Xander Harris xandertheharris@gmail.com

Contents