test

.env.example

@@ -0,0 +1,13 @@
+export KUBE_USER="ubuntu"
+export PRIVATE_KEY_PATH="$HOME/.ssh/id_ed25519"
+export KUBE_CP="k8s-control-plane"
+## Add workers to this list!
+export KUBE_WORKERS=("k8s-worker1")
+export ANSIBLE_DIR="ansible"
+export POD_NET_CIDR="192.168.0.0/16"
+export CNI_VER="v3.30.2"
+export API_ADDR=$(getent hosts "$KUBE_CP" | awk '{ print $1 }')
+export ACME_MAIL="name@mail.example"
+export IP_POOL_RANGE="192.168.1.10-192.168.1.20"
+export LOAD_BALANCER_IP="192.168.1.10"
+export LONGHORN_DNS_NAME="longhorn.domain.tld"

README.md

@@ -2,7 +2,7 @@
 
 This guide describes how to deploy a Kubernetes cluster tailored to my environment using the provided `redbutton.sh` script.
 
-Just be sure to edit the variables in the `redbutton.sh` script. I think you can scale this out by adding more hosts and adjusting the for loop but I haven't tried it yet. I needed three machines and that is what I worked with.
+Just be sure to edit the variables in the `redbutton.sh` script. I think you can scale this out by adding more hosts and adjusting the for loop but I haven't tried it yet. I needed four machines and that is what I worked with.
 
 ## ⚙️ Pre-requisites
 
@@ -29,7 +29,9 @@ This setup will create a Kubernetes cluster with the following topology and comp
 To initiate the deployment, run the provided script:
 
 ```bash
-echo "CF_API=YourSuperSecretAPIKey" > .env
+cp .env.example .env
+
+echo "export CF_API=YourSuperSecretAPIKey" >> .env
 
 chmod +x redbutton.sh
 

ansible/k8s-install-deps.yaml

@@ -3,100 +3,96 @@
   become: true
 
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Add Docker signing key
-      apt:
+      ansible.builtin.apt_key:
-        update_cache: yes
+        url: https://download.docker.com/linux/ubuntu/gpg
-        cache_valid_time: 3600
+        state: present
+
+    - name: Add Docker repository
+      ansible.builtin.apt_repository:
+        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu noble stable
+        state: present
 
     - name: Install required packages
-      apt:
+      ansible.builtin.apt:
         name:
           - apt-transport-https
           - ca-certificates
           - curl
           - gpg
-          - containerd
+          - containerd.io
         state: present
+        update_cache: yes
 
 ## Questo non è nella documentazione! bisogna generare il file di configurazione di containerd
-## ed scriverlo nella directory apposita, altrimenti usa un suo default che non va bene
+## ed scriverlo nella directory apposita, altrimenti usa un suo default che non va bene.
 
-    - name: Ensure containerd config directory exists
+    - name: Ensure containerd config directory exists.
-      file:
+      ansible.builtin.file:
         path: /etc/containerd
         state: directory
-        mode: '0755'
 
-    - name: Generate default containerd config if missing
+    - name: Get defaults from containerd.
-      command: containerd config default
+      ansible.builtin.command: containerd config default
-      register: containerd_config
+      register: containerd_config_default
-      when: not lookup('file', '/etc/containerd/config.toml', errors='ignore')
-      changed_when: false
 
-    - name: Write default containerd config
+    - name: Create config file
-      copy:
+      ansible.builtin.copy:
-        content: "{{ containerd_config.stdout }}"
+        content: "{{ containerd_config_default.stdout }}"
         dest: /etc/containerd/config.toml
-      when: containerd_config is defined
 
-    - name: Set SystemdCgroup = true in containerd config
+    - name: Set SystemdCgroup to true
-      replace:
+      ansible.builtin.replace:
         path: /etc/containerd/config.toml
-        regexp: '^(\s*SystemdCgroup\s*=\s*)false'
+        regexp: '^(\s*)SystemdCgroup\s*=\s*false'
-        replace: '\1true'
+        replace: '\1SystemdCgroup = true'
 
     - name: Restart containerd
-      systemd:
+      ansible.builtin.service:
         name: containerd
         state: restarted
-        enabled: yes
+        enabled: true
-
+  
 ## Importantissimo per la gestione interna della network
 
     - name: Enable IPv4 forwarding at runtime
-      sysctl:
+      ansible.posix.sysctl:
         name: net.ipv4.ip_forward
         value: '1'
-        state: present
+        reload: true
-        reload: yes
         sysctl_set: yes
 
 ## Installa kubectl, kubeadm e kubelet dal repo ufficiale kubernetes
 
-    - name: Create /etc/apt/keyrings directory
+    - name: Add Kubernetes signing key
-      file:
+      ansible.builtin.apt_key:
-        path: /etc/apt/keyrings
+        url: https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key
-        state: directory
+        state: present
-        mode: '0755'
 
-    - name: Download and save the Kubernetes APT key
+    - name: Add Kubernetes repository
-      ansible.builtin.shell: |
+      ansible.builtin.apt_repository:
-        curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+        repo: deb [arch=amd64] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /
-      args:
+        state: present
-        creates: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-
-    - name: Add Kubernetes APT repository
-      copy:
-        dest: /etc/apt/sources.list.d/kubernetes.list
-        content: |
-          deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /
-
-    - name: Update apt cache after adding Kubernetes repo
-      apt:
-        update_cache: yes
 
     - name: Install Kubernetes components
-      apt:
+      ansible.builtin.apt:
         name:
           - kubelet
           - kubeadm
           - kubectl
         state: present
+        update_cache: true
 
 ## Ferma i pacchetti ad una specifica versione
 
     - name: Hold Kubernetes packages
-      ansible.builtin.shell: apt-mark hold kubelet kubeadm kubectl
+      ansible.builtin.dpkg_selections:
+        name: "{{ item }}"
+        selection: hold
+      loop:
+        - kubelet
+        - kubeadm
+        - kubectl
 
 ## Abilita il servizio di kubelet
 

ansible/longhorn-deps.yaml

@@ -3,9 +3,8 @@
   hosts: all
   become: true
   tasks:
-
     - name: Install required packages
-      apt:
+      ansible.builtin.apt:
         name:
           - open-iscsi
           - nfs-common
@@ -14,39 +13,34 @@
         state: present
         update_cache: yes
 
-    - name: Ensure iscsi_tcp kernel module is loaded
+    - name: Ensure required kernel modules are loaded
-      modprobe:
+      community.general.modprobe:
-        name: iscsi_tcp
+        name: "{{ item }}"
         state: present
+      loop:
+        - iscsi_tcp
+        - dm_crypt
 
-    - name: Ensure dm_crypt kernel module is loaded
+    - name: Ensure required modules load on boot
-      modprobe:
+      ansible.builtin.copy:
-        name: dm_crypt
+        content: "{{ item.name }}"
-        state: present
+        dest: "/etc/modules-load.d/{{ item.name }}.conf"
-
-    - name: Ensure iscsi_tcp module loads on boot
-      copy:
-        dest: /etc/modules-load.d/iscsi.conf
-        content: |
-          iscsi_tcp
-        owner: root
-        group: root
-        mode: '0644'
-
-    - name: Ensure dm_crypt module loads on boot
-      copy:
-        dest: /etc/modules-load.d/dm_crypt.conf
-        content: |
-          dm_crypt
         owner: root
         group: root
         mode: '0644'
+      loop:
+        - { name: iscsi_tcp }
+        - { name: dm_crypt }
 
     - name: Disable and stop multipathd service
-      systemd:
+      ansible.builtin.systemd_service:
         name: multipathd
+        state: stopped
+        enabled: false
+
+    - name: Disable multipathd socket (if exists)
+      ansible.builtin.systemd_service:
+        name: multipathd.socket
         enabled: false
         state: stopped
-        masked: true
+      ignore_errors: true
-        daemon_reload: yes
-      ignore_errors: true

ansible/master-k8s.yaml

@@ -1,3 +0,0 @@
-# master-k8s.yaml
-- import_playbook: k8s-install-deps.yaml
-- import_playbook: longhorn-deps.yaml

redbutton.sh

@@ -1,28 +1,18 @@
 #!/bin/bash
 
 source .env
-KUBE_USER="ubuntu"
-PRIVATE_KEY_PATH="$HOME/.ssh/id_ed25519"
-KUBE_CP="k8s-control-plane"
-KUBE_W1="k8s-worker1"
-KUBE_W2="k8s-worker2"
-ANSIBLE_DIR="ansible"
-POD_NET_CIDR="192.168.0.0/16"
-CNI_VER="v3.30.2"
-API_ADDR=$(getent hosts "$KUBE_CP" | awk '{ print $1 }')
-LOAD_BALANCER_IP="10.50.3.30"
 
-## Variables for envsubst
+ALL_NODES=("$KUBE_CP" "${KUBE_WORKERS[@]}")
-
-export ACME_MAIL="kevin@nixit.it"
-export IP_POOL_RANGE="10.50.3.30-10.50.3.40"
-export LONGHORN_DNS_NAME="longhorn.nixit.it"
 
 ## Prepare all of the nodes with k8s using the ansible playbooks I prepared
 
-ansible-playbook ./"$ANSIBLE_DIR"/master-k8s.yaml \
+ansible-playbook ./"$ANSIBLE_DIR"/k8s-install-deps.yaml \
-  -i "$KUBE_CP,$KUBE_W1,$KUBE_W2," \
+  -i "$(IFS=, ; echo "${ALL_NODES[*]}",)" \
-  -e "k8s-control-plane=["$KUBE_CP"] k8s_nodes=["$KUBE_W1","$KUBE_W2"]" \
+  -u "$KUBE_USER" \
+  --private-key "$PRIVATE_KEY_PATH"
+
+ansible-playbook ./"$ANSIBLE_DIR"/longhorn-deps.yaml \
+  -i "$(IFS=, ; echo "${KUBE_WORKERS[*]}",)" \
   -u "$KUBE_USER" \
   --private-key "$PRIVATE_KEY_PATH"
 
@@ -51,7 +41,7 @@ kubectl apply -f \
 JOIN_TOKEN=$(ssh "$KUBE_USER@$KUBE_CP" \
   "sudo kubeadm token create --print-join-command")
 
-for NODE in "$KUBE_W1" "$KUBE_W2"; do 
+for NODE in "${KUBE_WORKERS[@]}"; do 
     echo "Joining $NODE"
     ssh "$KUBE_USER@$NODE" "sudo $JOIN_TOKEN"
 done