Add new roles (#54)

* Fix insecure registries length check and add docs

* Add the following roles:
- helm
- metallb
- healthcheck

Add task to download admin.conf from master to ansible controller

* Revert hosts.ini to upstream

README.md

@@ -65,7 +65,9 @@ $ ansible-playbook site.yaml
 ==> master1: 192.16.35.12               : ok=34   changed=29   unreachable=0    failed=0
 ```
 
-Download the `admin.conf` from the master node:
+The playbook will download `/etc/kubernetes/admin.conf` file to `$HOME/admin.conf`.
+
+If it doesn't work download the `admin.conf` from the master node:
 
 ```sh
 $ scp k8s@k8s-master:/etc/kubernetes/admin.conf .
@@ -95,3 +97,40 @@ Finally, reset all kubeadm installed state using `reset-site.yaml` playbook:
 ```sh
 $ ansible-playbook reset-site.yaml
 ```
+
+# Additional features
+These are features that you could want to install to make your life easier.
+
+Enable/disable these features in `group_vars/all.yml` (all disabled by default):
+```
+# Additional feature to install
+additional_features:
+  helm: false
+  metallb: false
+  healthcheck: false
+```
+
+## Helm
+This will install helm in your cluster (https://helm.sh/) so you can deploy charts.
+
+## MetalLB
+This will install MetalLB (https://metallb.universe.tf/), very useful if you deploy the cluster locally and you need a load balancer to access the services.
+
+## Healthcheck
+This will install k8s-healthcheck (https://github.com/emrekenci/k8s-healthcheck), a small application to report cluster status.
+
+# Utils
+Collection of scripts/utilities
+
+## Vagrantfile
+This Vagrantfile is taken from https://github.com/ecomm-integration-ballerina/kubernetes-cluster and slightly modified to copy ssh keys inside the cluster (install https://github.com/dotless-de/vagrant-vbguest is highly recommended)
+
+# Tips & Tricks
+If you use vagrant or your remote user is root, add this to `hosts.ini`
+```
+[master]
+192.16.35.12 ansible_user='root'
+
+[node]
+192.16.35.[10:11] ansible_user='root'
+```

group_vars/all.yml

@@ -28,11 +28,21 @@ network_interface: ""
 enable_dashboard: yes
 
 # A list of insecure registries you might need to define
-insecure_registries: []
-# insecure_registries: ['gcr.io']
+# insecure_registries: []
+insecure_registries: ['gcr.io']
 
 systemd_dir: /lib/systemd/system
 system_env_dir: /etc/sysconfig
 network_dir: /etc/kubernetes/network
 kubeadmin_config: /etc/kubernetes/admin.conf
 kube_addon_dir: /etc/kubernetes/addon
+
+# Additional feature to install
+additional_features:
+  helm: false
+  metallb: false
+  healthcheck: false
+
+# temporary directory used by additional features
+tmp_dir: /tmp/kubeadm-ansible-files
+

hosts.ini

@@ -7,3 +7,4 @@
 [kube-cluster:children]
 master
 node
+

roles/docker/tasks/main.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Install Docker container engine
   include_tasks: pkg.yml
 

roles/healthcheck/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: "Create tmp directory"
+  file:
+    path: "{{ tmp_dir }}"
+    state: directory
+    mode: 0755
+  tags: healthcheck
+
+- name: "Create checkout directory"
+  file:
+    path: "{{ tmp_dir }}/healthcheck"
+    state: directory
+    mode: 0755
+  tags: healthcheck
+
+- name: "Clone git repo"
+  git:
+    repo: "{{ healthcheck_git_url }}"
+    dest: "{{ tmp_dir }}/healthcheck"
+  tags: healthcheck
+
+- name: "Install Healthcheck"
+  shell: "kubectl apply -f {{ tmp_dir }}/healthcheck/kubernetes/"
+  tags: healthcheck
+
+- name: "Clean-up"
+  file:
+    path: "{{ tmp_dir }}"
+    state: absent
+  ignore_errors: yes
+  tags: healthcheck

roles/healthcheck/vars/main.yml

@@ -0,0 +1,2 @@
+---
+healthcheck_git_url: https://github.com/emrekenci/k8s-healthcheck.git

roles/helm/files/rbac-config.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system

roles/helm/tasks/main.yml

@@ -0,0 +1,53 @@
+---
+- name: "Create tmp directory"
+  file:
+    path: "{{ tmp_dir }}"
+    state: directory
+    mode: 0755
+  tags: helm
+
+- name: "Check if Helm is installed"
+  shell: command -v helm >/dev/null 2>&1
+  register: helm_exists
+  ignore_errors: yes
+  tags: helm
+
+- name: "Install Helm"
+  block:
+    - name: "Get Helm installer"
+      get_url:
+        url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
+        dest: "{{ tmp_dir }}/get_helm.sh"
+        mode: 0755
+
+    - name: "Run the installer"
+      shell: "{{ tmp_dir }}/get_helm.sh"
+
+  when: helm_exists.rc > 0
+  tags: helm
+
+- name: "Copy yaml file"
+  copy:
+    src: "rbac-config.yml"
+    dest: "{{ tmp_dir }}/rbac-config.yml"
+    mode: 0644
+  tags: helm
+
+- name: "RBAC configuration"
+  shell: "kubectl apply -f {{ tmp_dir }}/rbac-config.yml"
+  tags: helm
+
+- name: "Init Helm"
+  shell: "helm init --service-account tiller"
+  tags: helm
+
+- name: "Update Helm repo"
+  shell: "helm repo update"
+  tags: helm
+
+- name: "Clean-up"
+  file:
+    path: "{{ tmp_dir }}"
+    state: absent
+  ignore_errors: yes
+  tags: helm

roles/kubernetes/master/tasks/main.yml

@@ -17,3 +17,12 @@
     state: started
     enabled: yes
   register: started_kubelet
+
+- name: "Copy config file"
+  fetch:
+    src: /etc/kubernetes/admin.conf 
+    dest: "{{ lookup('env', 'HOME') }}/admin.conf"
+    flat: yes
+  run_once: yes
+  ignore_errors: yes
+

roles/metallb/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: "Create tmp directory"
+  file:
+    path: "{{ tmp_dir }}"
+    state: directory
+    mode: 0755
+  tags: metallb
+
+- name: "Install MetalLB"
+  shell: "kubectl apply -f {{ metallb_yaml_url }}"
+  tags: metallb
+
+- name: "Create configmap file"
+  template:
+    src: metallb-layer-2-config.yml.j2
+    dest: "{{ tmp_dir }}/metallb-layer-2-config.yml"
+  tags: metallb
+
+- name: "Create MetalLB configmap in kubernetes"
+  shell: "kubectl apply -f {{ tmp_dir }}/metallb-layer-2-config.yml"
+  tags: metallb
+
+- name: "Clean-up"
+  file:
+    path: "{{ tmp_dir }}"
+    state: absent
+  ignore_errors: yes
+  tags: metallb

roles/metallb/templates/metallb-layer-2-config.yml.j2

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: metallb-ip-space
+      protocol: layer2
+      addresses:
+      - {{ metallb_address_space }}

roles/metallb/vars/main.yml

@@ -0,0 +1,4 @@
+---
+metallb_version: v0.7.3
+metallb_yaml_url: "https://raw.githubusercontent.com/google/metallb/{{ metallb_version }}/manifests/metallb.yaml"
+metallb_address_space: 192.168.205.200-192.168.205.210

site.yaml

@@ -1,5 +1,4 @@
 ---
-
 - hosts: kube-cluster
   gather_facts: yes
   become: yes
@@ -18,3 +17,29 @@
   become: yes
   roles:
     - { role: kubernetes/node, tags: node }
+
+- hosts: master
+  gather_facts: yes
+  become: yes
+  tasks:
+    - name: "Helm role"
+      include_role:
+        name: helm
+      when: "additional_features.helm"
+      run_once: yes
+      tags: helm
+
+    - name: "MetalLB role"
+      include_role:
+        name: metallb
+      when: "additional_features.metallb"
+      run_once: yes
+      tags: metallb
+
+    - name: "Healthcheck role"
+      include_role:
+        name: healthcheck
+      when: "additional_features.healthcheck"
+      run_once: yes
+      tags: healthcheck
+

utils/Vagrantfile

@@ -0,0 +1,89 @@
+servers = [
+    {
+        :name => "k8s-nxt-head-1",
+        :type => "master",
+        :box => "ubuntu/xenial64",
+        :box_version => "20180831.0.0",
+        :eth1 => "192.168.205.16",
+        :mem => "4096",
+        :cpu => "2"
+    },
+    {
+        :name => "k8s-nxt-node-1",
+        :type => "node",
+        :box => "ubuntu/xenial64",
+        :box_version => "20180831.0.0",
+        :eth1 => "192.168.205.17",
+        :mem => "4096",
+        :cpu => "2"
+    },
+    {
+        :name => "k8s-nxt-node-2",
+        :type => "node",
+        :box => "ubuntu/xenial64",
+        :box_version => "20180831.0.0",
+        :eth1 => "192.168.205.18",
+        :mem => "4096",
+        :cpu => "2"
+    }
+]
+
+# This script to install k8s using kubeadm will get executed after a box is provisioned
+$configureBox = <<-SCRIPT
+    # install docker v17.03
+    # reason for not using docker provision is that it always installs latest version of the docker, but kubeadm requires 17.03 or older
+    apt-get update
+    apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+    add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
+    apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
+    # run docker commands as vagrant user (sudo not required)
+    usermod -aG docker vagrant
+    # install kubeadm
+    apt-get install -y apt-transport-https curl
+    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+    cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+    deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+    apt-get update
+    apt-get install -y kubelet kubeadm kubectl
+    apt-mark hold kubelet kubeadm kubectl
+    # kubelet requires swap off
+    swapoff -a
+    # keep swap off after reboot
+    sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+    # ip of this box
+    IP_ADDR=`ifconfig enp0s8 | grep Mask | awk '{print $2}'| cut -f2 -d:`
+    # set node-ip
+    sudo sed -i "/^[^#]*KUBELET_EXTRA_ARGS=/c\KUBELET_EXTRA_ARGS=--node-ip=$IP_ADDR" /etc/default/kubelet
+    sudo systemctl restart kubelet
+    sudo cp /tmp/authorized_keys_root /root/.ssh/authorized_keys
+SCRIPT
+
+Vagrant.configure("2") do |config|
+
+    servers.each do |opts|
+        config.vm.define opts[:name] do |config|
+
+            config.vm.box = opts[:box]
+            config.vm.box_version = opts[:box_version]
+            config.vm.hostname = opts[:name]
+            config.vm.network :private_network, ip: opts[:eth1]
+            config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "/tmp/authorized_keys_root"
+
+            config.vm.provider "virtualbox" do |v|
+
+                v.name = opts[:name]
+                v.customize ["modifyvm", :id, "--groups", "/k8s_nxt"]
+                v.customize ["modifyvm", :id, "--memory", opts[:mem]]
+                v.customize ["modifyvm", :id, "--cpus", opts[:cpu]]
+
+            end
+
+            config.vm.provision "shell", inline: $configureBox
+
+        end
+
+    end
+
+end