naisible · nais · ![PRs Welcome](https://camo.githubusercontent.com/7f745fb7dd2a22f68fe03adcdb977963ada4c8265675e572c629b29b9b34af2b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5052732d77656c636f6d652d627269676874677265656e2e737667)
Naisable is a collection of ansible playbooks used to build, test and tear down NAIS kubernetes cluster.
- Ansible binaries
- An inventory file
- SSH access to the hosts using keys
- A user with passwordless sudo privileges on the hosts
ansible-playbook -i inventory-file setup-playbook.yaml &&\
ansible-playbook -i inventory-file test-playbook.yaml
ansible-playbook -i inventory-file teardown-playbook.yaml
- All nodes
- Install Webproxy certificate and update truststore
- Add Kubernetes RPM repository
- Add Docker RPM repository
- Master Node
- Fetch existing cluster certificates, if they exist
- Ansible master node
- Create cluster certificates, if not fetched from NAIS master
- Master Node
- Install and configure ETCD
- Copy cluster certificates
- Add flannel configuration to ETCD
- All nodes
- Install and enable Flannel
- Install and enable Docker
- Install and enable kube-proxy
- Configure iptables
- Master Node
- Install and enable Kubelet
- Install and enable kubernets controle plane:
- kube-apiserver
- kube-scheduler
- kube-controller-manager
- Worker Nodes
- Copy cluster certificates
- Install and enable Kubelet
- Enable monitoring
- Master Node
- Install and enable Kubelet
- Install and enable Helm
- Install and enable addons:
- kubernetes-dashboard
- core-dns
- traefik
- heapster
- Enable monitoring
Template for creating a NAIS cluster inventory file.
Each inventory file consist of a hosts section, where the master and worker nodes are defined, and a variables section, where both versions and cluster specific information.
[masters]
<K8S-master-hostname>
[workers]
<K8S-worker-hostname-1>
<K8S-worker-hostname-n>
Variable name | Version | Version information location |
---|---|---|
docker_version | 17.03.1.ce | https://download.docker.com/linux/centos/7/x86_64/stable/Packages/ |
cni_version | 0.5.1 | https://github.com/containernetworking/cni/releases |
etcd_version | 3.1.8 | https://github.com/coreos/etcd/releases/ |
flannel_version | 0.7.1 | https://github.com/coreos/flannel/releases |
k8s_version | 1.6.3 | https://github.com/kubernetes/kubernetes/releases |
dashboard_version | 1.6.1 | https://github.com/kubernetes/dashboard/releases |
coredns_version | latest | https://github.com/coredns/coredns/releases |
traefik_version | 1.3-alpine | https://hub.docker.com/r/library/traefik/tags/ |
helm_version | 2.4.2 | https://github.com/kubernetes/helm/releases |
Variable name | Value | Information |
---|---|---|
master_ip | 10.181.160.89 | Host IP of the master node |
cluster_name | nais-dev | The default domain name in the cluster |
service_cidr | 10.254.0.0/16 | CIDR where all k8s services will recide. Addresses in this CIDR will only exist in iptables on the cluster nodes, but should not overlap with existing network CIDRs, as there might be existing services operating in the same range |
kubernetes_default_ip | 10.254.0.1 | Normally the first address in the service CIDR. This address will be allocated for the "kubernetes.default" service |
cluster_dns_ip | 10.254.0.53 | |
pod_network_cidr | 192.168.0.0/16 | CIDR in which all pods will run. This CIDR is not accessible from the outside, but should not overlap with existing networks, as pods might need to communicate with external services operating in the same IP range |
domain | devillo.no | Domain name of your k8s nodes, required to issue certificates |
cluster_domain | nais.local | Domain name inside your cluster |
cluster_lb_suffix | nais.devillo.no | Domain your external services will be exposed |
[masters]
master.domain.com
[workers]
worker1.domain.com
worker2.domain.com
[all:vars]
docker_version=17.03.1.ce
cni_version=0.5.1
etcd_version=3.1.8
flannel_version=0.7.1
k8s_version=1.6.3
dashboard_version=1.6.1
coredns_version=latest
traefik_version=1.3-alpine
helm_version=2.4.2
heapster_version=1.3.0
heapster_influxdb_version=1.1.1
master_ip=10.181.160.89
cluster_name=nais
service_cidr=10.254.0.0/16
kubernetes_default_ip=10.254.0.1
cluster_dns_ip=10.254.0.53
pod_network_cidr=192.168.0.0/16
domain=domain.com
cluster_domain=nais.local
cluster_lb_suffix=nais.domain.com