Consolidated variables in the .env.example and added the worker to a customizable list

2025-07-05 13:22:00 +02:00
parent 6e99cd64f9
commit f6c138c46e
6 changed files with 95 additions and 103 deletions
--- a/.env.example
+++ b/.env.example
@ -0,0 +1,13 @@
+export KUBE_USER="ubuntu"
+export PRIVATE_KEY_PATH="$HOME/.ssh/id_ed25519"
+export KUBE_CP="k8s-control-plane"
+## Add workers to this list!
+export KUBE_WORKERS=("k8s-worker1")
+export ANSIBLE_DIR="ansible"
+export POD_NET_CIDR="192.168.0.0/16"
+export CNI_VER="v3.30.2"
+export API_ADDR=$(getent hosts "$KUBE_CP" | awk '{ print $1 }')
+export ACME_MAIL="name@mail.example"
+export IP_POOL_RANGE="192.168.1.10-192.168.1.20"
+export LOAD_BALANCER_IP="192.168.1.10"
+export LONGHORN_DNS_NAME="longhorn.domain.tld"
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@

 This guide describes how to deploy a Kubernetes cluster tailored to my environment using the provided `redbutton.sh` script.

-Just be sure to edit the variables in the `redbutton.sh` script. I think you can scale this out by adding more hosts and adjusting the for loop but I haven't tried it yet. I needed three machines and that is what I worked with.
+Just be sure to edit the variables in the `redbutton.sh` script. I think you can scale this out by adding more hosts and adjusting the for loop but I haven't tried it yet. I needed four machines and that is what I worked with.

 ## ⚙️ Pre-requisites

@ -29,7 +29,9 @@ This setup will create a Kubernetes cluster with the following topology and comp
 To initiate the deployment, run the provided script:

 ```bash
-echo "CF_API=YourSuperSecretAPIKey" > .env
+cp .env.example .env
+
+echo "export CF_API=YourSuperSecretAPIKey" >> .env

 chmod +x redbutton.sh

--- a/ansible/k8s-install-deps.yaml
+++ b/ansible/k8s-install-deps.yaml
@ -3,100 +3,96 @@
  become: true

  tasks:
-    - name: Ensure apt cache is updated
-      apt:
-        update_cache: yes
-        cache_valid_time: 3600
+    - name: Add Docker signing key
+      ansible.builtin.apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker repository
+      ansible.builtin.apt_repository:
+        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu noble stable
+        state: present

    - name: Install required packages
-      apt:
+      ansible.builtin.apt:
        name:
          - apt-transport-https
          - ca-certificates
          - curl
          - gpg
-          - containerd
+          - containerd.io
        state: present
+        update_cache: yes

 ## Questo non è nella documentazione! bisogna generare il file di configurazione di containerd
-## ed scriverlo nella directory apposita, altrimenti usa un suo default che non va bene
+## ed scriverlo nella directory apposita, altrimenti usa un suo default che non va bene.

-    - name: Ensure containerd config directory exists
-      file:
+    - name: Ensure containerd config directory exists.
+      ansible.builtin.file:
        path: /etc/containerd
        state: directory
-        mode: '0755'

-    - name: Generate default containerd config if missing
-      command: containerd config default
-      register: containerd_config
-      when: not lookup('file', '/etc/containerd/config.toml', errors='ignore')
-      changed_when: false
+    - name: Get defaults from containerd.
+      ansible.builtin.command: containerd config default
+      register: containerd_config_default

-    - name: Write default containerd config
-      copy:
-        content: "{{ containerd_config.stdout }}"
+    - name: Create config file
+      ansible.builtin.copy:
+        content: "{{ containerd_config_default.stdout }}"
        dest: /etc/containerd/config.toml
-      when: containerd_config is defined

-    - name: Set SystemdCgroup = true in containerd config
-      replace:
+    - name: Set SystemdCgroup to true
+      ansible.builtin.replace:
        path: /etc/containerd/config.toml
-        regexp: '^(\s*SystemdCgroup\s*=\s*)false'
-        replace: '\1true'
+        regexp: '^(\s*)SystemdCgroup\s*=\s*false'
+        replace: '\1SystemdCgroup = true'

    - name: Restart containerd
-      systemd:
+      ansible.builtin.service:
        name: containerd
        state: restarted
-        enabled: yes
+        enabled: true
  
 ## Importantissimo per la gestione interna della network

    - name: Enable IPv4 forwarding at runtime
-      sysctl:
+      ansible.posix.sysctl:
        name: net.ipv4.ip_forward
        value: '1'
-        state: present
-        reload: yes
+        reload: true
        sysctl_set: yes

 ## Installa kubectl, kubeadm e kubelet dal repo ufficiale kubernetes

-    - name: Create /etc/apt/keyrings directory
-      file:
-        path: /etc/apt/keyrings
-        state: directory
-        mode: '0755'
+    - name: Add Kubernetes signing key
+      ansible.builtin.apt_key:
+        url: https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key
+        state: present

-    - name: Download and save the Kubernetes APT key
-      ansible.builtin.shell: |
-        curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-      args:
-        creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-
-    - name: Add Kubernetes APT repository
-      copy:
-        dest: /etc/apt/sources.list.d/kubernetes.list
-        content: |
-          deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /
-
-    - name: Update apt cache after adding Kubernetes repo
-      apt:
-        update_cache: yes
+    - name: Add Kubernetes repository
+      ansible.builtin.apt_repository:
+        repo: deb [arch=amd64] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /
+        state: present

    - name: Install Kubernetes components
-      apt:
+      ansible.builtin.apt:
        name:
          - kubelet
          - kubeadm
          - kubectl
        state: present
+        update_cache: true

 ## Ferma i pacchetti ad una specifica versione

    - name: Hold Kubernetes packages
-      ansible.builtin.shell: apt-mark hold kubelet kubeadm kubectl
+      ansible.builtin.dpkg_selections:
+        name: "{{ item }}"
+        selection: hold
+      loop:
+        - kubelet
+        - kubeadm
+        - kubectl

 ## Abilita il servizio di kubelet

--- a/ansible/longhorn-deps.yaml
+++ b/ansible/longhorn-deps.yaml
@ -3,9 +3,8 @@
  hosts: all
  become: true
  tasks:
-
    - name: Install required packages
-      apt:
+      ansible.builtin.apt:
        name:
          - open-iscsi
          - nfs-common
@ -14,39 +13,34 @@
        state: present
        update_cache: yes

-    - name: Ensure iscsi_tcp kernel module is loaded
-      modprobe:
-        name: iscsi_tcp
+    - name: Ensure required kernel modules are loaded
+      community.general.modprobe:
+        name: "{{ item }}"
        state: present
+      loop:
+        - iscsi_tcp
+        - dm_crypt

-    - name: Ensure dm_crypt kernel module is loaded
-      modprobe:
-        name: dm_crypt
-        state: present
-
-    - name: Ensure iscsi_tcp module loads on boot
-      copy:
-        dest: /etc/modules-load.d/iscsi.conf
-        content: |
-          iscsi_tcp
-        owner: root
-        group: root
-        mode: '0644'
-
-    - name: Ensure dm_crypt module loads on boot
-      copy:
-        dest: /etc/modules-load.d/dm_crypt.conf
-        content: |
-          dm_crypt
+    - name: Ensure required modules load on boot
+      ansible.builtin.copy:
+        content: "{{ item.name }}"
+        dest: "/etc/modules-load.d/{{ item.name }}.conf"
        owner: root
        group: root
        mode: '0644'
+      loop:
+        - { name: iscsi_tcp }
+        - { name: dm_crypt }

    - name: Disable and stop multipathd service
-      systemd:
+      ansible.builtin.systemd_service:
        name: multipathd
+        state: stopped
+        enabled: false
+
+    - name: Disable multipathd socket (if exists)
+      ansible.builtin.systemd_service:
+        name: multipathd.socket
        enabled: false
        state: stopped
-        masked: true
-        daemon_reload: yes
      ignore_errors: true
--- a/ansible/master-k8s.yaml
+++ b/ansible/master-k8s.yaml
@ -1,3 +0,0 @@
-# master-k8s.yaml
- import_playbook: k8s-install-deps.yaml
- import_playbook: longhorn-deps.yaml
--- a/redbutton.sh
+++ b/redbutton.sh
@ -1,28 +1,18 @@
 #!/bin/bash

 source .env
-KUBE_USER="ubuntu"
-PRIVATE_KEY_PATH="$HOME/.ssh/id_ed25519"
-KUBE_CP="k8s-control-plane"
-KUBE_W1="k8s-worker1"
-KUBE_W2="k8s-worker2"
-ANSIBLE_DIR="ansible"
-POD_NET_CIDR="192.168.0.0/16"
-CNI_VER="v3.30.2"
-API_ADDR=$(getent hosts "$KUBE_CP" | awk '{ print $1 }')
-LOAD_BALANCER_IP="10.50.3.30"

-## Variables for envsubst
-
-export ACME_MAIL="kevin@nixit.it"
-export IP_POOL_RANGE="10.50.3.30-10.50.3.40"
-export LONGHORN_DNS_NAME="longhorn.nixit.it"
+ALL_NODES=("$KUBE_CP" "${KUBE_WORKERS[@]}")

 ## Prepare all of the nodes with k8s using the ansible playbooks I prepared

-ansible-playbook ./"$ANSIBLE_DIR"/master-k8s.yaml \
-  -i "$KUBE_CP,$KUBE_W1,$KUBE_W2," \
-  -e "k8s-control-plane=["$KUBE_CP"] k8s_nodes=["$KUBE_W1","$KUBE_W2"]" \
+ansible-playbook ./"$ANSIBLE_DIR"/k8s-install-deps.yaml \
+  -i "$(IFS=, ; echo "${ALL_NODES[*]}",)" \
+  -u "$KUBE_USER" \
+  --private-key "$PRIVATE_KEY_PATH"
+
+ansible-playbook ./"$ANSIBLE_DIR"/longhorn-deps.yaml \
+  -i "$(IFS=, ; echo "${KUBE_WORKERS[*]}",)" \
  -u "$KUBE_USER" \
  --private-key "$PRIVATE_KEY_PATH"

@ -51,7 +41,7 @@ kubectl apply -f \
 JOIN_TOKEN=$(ssh "$KUBE_USER@$KUBE_CP" \
  "sudo kubeadm token create --print-join-command")

-for NODE in "$KUBE_W1" "$KUBE_W2"; do 
+for NODE in "${KUBE_WORKERS[@]}"; do 
    echo "Joining $NODE"
    ssh "$KUBE_USER@$NODE" "sudo $JOIN_TOKEN"
 done