WIP on Worker nodes join

Dario Tranchitella · Dario Tranchitella · commit 835920f5c997 · 2018-02-20T09:57:53.000+01:00
diff --git a/roles/worker-nodes-bootstrap/tasks/main.yml b/roles/worker-nodes-bootstrap/tasks/main.yml
@@ -43,6 +43,13 @@
       - kubectl
       - kube-proxy
   
+  - name: Installing containerd
+    uri:
+      force: yes
+      url: https://github.com/containerd/cri-containerd/releases/download/v1.0.0-beta.1/cri-containerd-1.0.0-beta.1.linux-amd64.tar.gz
+      dest: "/tmp/cri-containerd-1.0.0-beta.1.linux-amd64.tar.gz"
+      status_code: 200,304
+  
   - name: Installing runc binary
     uri:
       force: yes
@@ -83,6 +90,12 @@
       src: "/tmp/cni-plugins-amd64-v0.6.0.tgz"
       dest: /opt/cni/bin/
 
+  - name: Unzipping containerd
+    unarchive:
+      remote_src: yes
+      src: "/tmp/cri-containerd-1.0.0-beta.1.linux-amd64.tar.gz"
+      dest: /
+
   - name: Unzipping CRI-O
     unarchive:
       remote_src: yes
@@ -119,3 +132,64 @@
     with_items:
       - conmon
       - pause
+
+  - name: Configure CNI Networking
+    template:
+      src: "{{ item }}.j2"
+      dest: "/etc/cni/net.d/{{ item }}"
+    with_items:
+      - 10-bridge.conf
+      - 99-loopback.conf
+
+  - name: "Configure the Kubelet: CA"
+    copy:
+      remote_src: yes
+      src:  "/home/{{ ansible_user }}/ca.pem"
+      dest: "/var/lib/kubernetes/ca.pem"
+
+  - name: "Configure the Kubelet: worker key"
+    copy:
+      remote_src: yes
+      src:  "/home/{{ ansible_user }}/{{ item }}"
+      dest: "/var/lib/kubelet/{{ item }}"
+    with_items:
+      - "{{ ansible_hostname }}-key.pem"
+      - "{{ ansible_hostname }}.pem"
+
+  - name: "Configure the Kubelet: kubeconfig"
+    copy:
+      remote_src: yes
+      src:  "/home/{{ ansible_user }}/{{ ansible_hostname }}.kubeconfig"
+      dest: /var/lib/kubelet/kubeconfig
+  
+  - name: Setting up `Kubelet` systemd unit
+    template:
+      src: kubelet.service.j2
+      dest: /etc/systemd/system/kubelet.service
+
+  - name: "Configure the Kubernetes Proxy"
+    copy:
+      remote_src: yes
+      src:  "/home/{{ ansible_user }}/kube-proxy.kubeconfig"
+      dest: "/var/lib/kube-proxy/kubeconfig"
+  
+  - name: Setting up `kube-proxy` systemd unit
+    template:
+      src: kube-proxy.service.j2
+      dest: /etc/systemd/system/kube-proxy.service
+
+  - name: Starting services
+    systemd:
+      daemon_reload: yes
+      name: "{{ item }}"
+      enabled: yes
+      state: started
+    with_items:
+      - containerd
+      - cri-containerd
+      - kubelet
+      - kube-proxy
+  
+  - name: Verification
+    shell: |
+      kubectl get nodes
diff --git a/roles/worker-nodes-bootstrap/templates/10-bridge.conf.j2 b/roles/worker-nodes-bootstrap/templates/10-bridge.conf.j2
@@ -0,0 +1,15 @@
+{
+    "cniVersion": "0.3.1",
+    "name": "bridge",
+    "type": "bridge",
+    "bridge": "cnio0",
+    "isGateway": true,
+    "ipMasq": true,
+    "ipam": {
+        "type": "host-local",
+        "ranges": [
+          [{"subnet": "10.0.{{ play_hosts.index(inventory_hostname) }}.0/24"}]
+        ],
+        "routes": [{"dst": "0.0.0.0/0"}]
+    }
+}
diff --git a/roles/worker-nodes-bootstrap/templates/99-loopback.conf.j2 b/roles/worker-nodes-bootstrap/templates/99-loopback.conf.j2
@@ -0,0 +1,4 @@
+{
+    "cniVersion": "0.3.1",
+    "type": "loopback"
+}
diff --git a/roles/worker-nodes-bootstrap/templates/kube-proxy.service.j2 b/roles/worker-nodes-bootstrap/templates/kube-proxy.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Kubernetes Kube Proxy
+Documentation=https://github.com/kubernetes/kubernetes
+
+[Service]
+ExecStart=/bin/kube-proxy \
+  --cluster-cidr=10.200.0.0/16 \
+  --kubeconfig=/var/lib/kube-proxy/kubeconfig \
+  --proxy-mode=iptables \
+  --v=2
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/worker-nodes-bootstrap/templates/kubelet.service.j2 b/roles/worker-nodes-bootstrap/templates/kubelet.service.j2
@@ -0,0 +1,31 @@
+[Unit]
+Description=Kubernetes Kubelet
+Documentation=https://github.com/kubernetes/kubernetes
+After=cri-containerd.service
+Requires=cri-containerd.service
+
+[Service]
+ExecStart=/bin/kubelet \
+  --allow-privileged=true \
+  --anonymous-auth=false \
+  --authorization-mode=Webhook \
+  --client-ca-file=/var/lib/kubernetes/ca.pem \
+  --cloud-provider= \
+  --cluster-dns=10.32.0.10 \
+  --cluster-domain=cluster.local \
+  --container-runtime=remote \
+  --container-runtime-endpoint=unix:///var/run/cri-containerd.sock \
+  --image-pull-progress-deadline=2m \
+  --kubeconfig=/var/lib/kubelet/kubeconfig \
+  --network-plugin=cni \
+  --pod-cidr=10.0.{{ play_hosts.index(inventory_hostname) }}.0/24 \
+  --register-node=true \
+  --runtime-request-timeout=15m \
+  --tls-cert-file=/var/lib/kubelet/{{ ansible_hostname }}.pem \
+  --tls-private-key-file=/var/lib/kubelet/{{ ansible_hostname }}-key.pem \
+  --v=2
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +    "cniVersion": "0.3.1",
 +    "type": "loopback"
 +}