JibinBao · yunfeng1983 · Jul 25, 2018 · Jul 25, 2018 · Jul 25, 2018 · Jul 25, 2018
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,33 @@
+<<<<<<< HEAD
+<<<<<<< HEAD
+down/*
+!down/download.sh
+!down/offline_images
+
+# k8s binaries directory
+bin/*
+!bin/readme.md
+
+# ansible hosts
+hosts
+
+# k8s storage manifests 
+manifests/storage/*
+!manifests/storage/test.yaml
+
+# k8s backup directory
+roles/cluster-backup/files/*
+!roles/cluster-backup/files/readme.md
+
+# role based variable settings, exclude roles/os-harden/vars/
+/roles/*/vars/*
+!/roles/os-harden/vars/
+
+# cluster backups
+.cluster/
+=======
+=======
+>>>>>>> 53dfdbb4e1f8b5c083287ab4fca256fab9cdc731
 # built application files
 *.apk
 *.ap_
@@ -27,3 +57,7 @@ proguard/
 *.ipr
 *.iws
 .idea/
+<<<<<<< HEAD
+>>>>>>> Initial commit
+=======
+>>>>>>> 53dfdbb4e1f8b5c083287ab4fca256fab9cdc731
diff --git a/01.prepare.yml b/01.prepare.yml
@@ -0,0 +1,24 @@
+# [optional] to synchronize time of nodes with 'chrony' 
+- hosts: all
+  roles:
+  - { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes'" }
+
+# to create CA, kubeconfig, kube-proxy.kubeconfig etc. on 'deploy' node
+- hosts: deploy
+  roles:
+  - deploy
+
+# prepare tasks for all nodes
+- hosts:
+  - kube-master
+  - kube-node
+  - deploy
+  - etcd
+  - lb
+  roles:
+  - prepare
+
+#  [optional] to install loadbalance service, only needed by multi-master cluster 
+- hosts: lb
+  roles:
+  - lb
diff --git a/02.etcd.yml b/02.etcd.yml
@@ -0,0 +1,4 @@
+# to install etcd cluster
+- hosts: etcd
+  roles:
+  - etcd
diff --git a/03.docker.yml b/03.docker.yml
@@ -0,0 +1,6 @@
+# to install docker service
+- hosts:
+  - kube-master
+  - kube-node
+  roles:
+  - docker
diff --git a/04.kube-master.yml b/04.kube-master.yml
@@ -0,0 +1,16 @@
+# to set up 'kube-master' nodes
+- hosts: kube-master
+  roles:
+  - kube-master
+  - kube-node
+  tasks:
+  - name: Making master nodes SchedulingDisabled
+    shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} "
+    delegate_to: "{{ groups.deploy[0] }}"
+    when: DEPLOY_MODE != "allinone"
+    ignore_errors: true
+
+  - name: Setting master role name 
+    shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=master --overwrite"
+    ignore_errors: true
+    delegate_to: "{{ groups.deploy[0] }}"
diff --git a/05.kube-node.yml b/05.kube-node.yml
@@ -0,0 +1,4 @@
+# to set up 'kube-node' nodes
+- hosts: kube-node
+  roles:
+  - kube-node
diff --git a/06.network.yml b/06.network.yml
@@ -0,0 +1,9 @@
+# to install network plugin, only one can be choosen 
+- hosts:
+  - kube-master
+  - kube-node
+  roles:
+  - { role: calico, when: "CLUSTER_NETWORK == 'calico'" }
+  - { role: cilium, when: "CLUSTER_NETWORK == 'cilium'" }
+  - { role: flannel, when: "CLUSTER_NETWORK == 'flannel'" }
+  - { role: kube-router, when: "CLUSTER_NETWORK == 'kube-router'" }
diff --git a/07.cluster-addon.yml b/07.cluster-addon.yml
@@ -0,0 +1,5 @@
+# to install clust-addons
+- hosts:
+  - kube-node 
+  roles:
+  - cluster-addon
diff --git a/1.txt b/1.txt
@@ -0,0 +1 @@
+aaa
diff --git a/11.harbor.yml b/11.harbor.yml
@@ -0,0 +1,41 @@
+# [optional] to set up a HARBOR, and to integrate the HARBOR with k8s cluster
+# read the guide: 'guide/harbor.md'
+
+- hosts: harbor
+  roles:
+  - { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes' and NEW_INSTALL == 'yes'" }
+  - { role: prepare, when: "NEW_INSTALL == 'yes'" }
+  - { role: docker, when: "NEW_INSTALL == 'yes'" }
+  - { role: harbor, when: "NEW_INSTALL == 'yes'" }
+  tasks:
+  - name: Fetching the HARBOR SERVER's CA cert
+    fetch:
+      src: "{{ ca_dir }}/ca.pem"
+      dest: "{{ base_dir }}/down/"
+      flat: yes
+
+- hosts: 
+  - kube-master
+  - kube-node
+  tasks:
+  - name: Define 'harbor_host', a domain
+    set_fact: harbor_host="{{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}"
+
+  - name: Define 'harbor_host', an IP Addr
+    set_fact: harbor_host="{{ groups['harbor'][0] }}"
+    when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''"
+
+  - name: Creating cert dir of the HARBOR SERVER for the docker daemon
+    file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory
+
+  - name: Installing the HARBOR SERVER's cert on k8s nodes
+    copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt
+
+  # [optional] if you have a DNS server, add an 'A record' instead
+  - name: Adding an '/etc/hosts' entry for the HARBOR DOMAIN
+    lineinfile:
+      dest: /etc/hosts
+      state: present
+      regexp: '{{ harbor_host }}'
+      line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
+    when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''"
diff --git a/22.upgrade.yml b/22.upgrade.yml
@@ -0,0 +1,23 @@
+# WARNING: Upgrade the k8s cluster can be risky. Make sure you know what you are doing.
+# Read the guide: 'op/upgrade.md' .
+
+# update kubectl binary
+- hosts:
+  - kube-master
+  - kube-node
+  - deploy
+  roles:
+  - prepare
+
+# update masters
+- hosts: 
+  - kube-master
+  roles:
+  - kube-master
+  - kube-node
+
+# update nodes
+- hosts: 
+  - kube-node
+  roles:
+  - { role: kube-node, when: "DEPLOY_MODE != 'allinone'" }
diff --git a/23.backup.yml b/23.backup.yml
@@ -0,0 +1,51 @@
+# cluster-backup playbook
+# read the guide: 'op/cluster_restore.md'
+
+- hosts:
+  - etcd
+  roles:
+  - cluster-backup
+
+- hosts:
+  - deploy
+  tasks:
+  - name: Creating backup dirs
+    file: name={{ item }} state=directory
+    with_items:
+    - "{{ base_dir }}/roles/cluster-backup/files/ca"    
+    - "{{ base_dir }}/roles/cluster-backup/files/hosts"   
+    - "{{ base_dir }}/roles/cluster-backup/files/snapshot"   
+
+  - name: Backing up CA sth
+    copy:
+      src: "{{ ca_dir }}/{{ item }}"
+      dest: "{{ base_dir }}/roles/cluster-backup/files/ca/{{ item }}"
+    with_items:
+    - ca.pem
+    - ca-key.pem
+    - ca.csr
+    - ca-csr.json
+    - ca-config.json
+
+  - name: Backing up ansible hosts-1
+    copy:
+      src: "{{ base_dir }}/hosts"
+      dest: "{{ base_dir }}/roles/cluster-backup/files/hosts/hosts"
+    register: p
+
+  - name: Backing up ansible hosts-2
+    shell: "cd {{ base_dir }}/roles/cluster-backup/files/hosts && \
+	cp -fp hosts hosts-$(date +'%Y%m%d%H%M')"
+    when: 'p is changed'
+
+  - name: Backing up etcd snapshot-1
+    copy:
+      src: "{{ base_dir }}/roles/cluster-backup/files/snapshot.db"
+      dest: "{{ base_dir }}/roles/cluster-backup/files/snapshot/snapshot.db"
+    register: q
+
+  - name: Backing up etcd snapshot-2
+    shell: "cd {{ base_dir }}/roles/cluster-backup/files/ && \
+	mv -f snapshot.db snapshot/snapshot-$(date +'%Y%m%d%H%M').db"
+    when: 'q is changed'
+
diff --git a/24.restore.yml b/24.restore.yml
@@ -0,0 +1,74 @@
+# cluster-restore playbook
+# read the guide: 'op/cluster_restore.md'
+
+# to restore CA sth on 'deploy' node
+- hosts: deploy
+  tasks: 
+  - name: Restoring dirs of CA sth
+    file: name=/etc/kubernetes/ssl/ state=directory
+
+  - name: Restoring CA sth
+    copy: 
+      src: "{{ base_dir }}/roles/cluster-backup/files/ca/{{ item }}"
+      dest: "{{ ca_dir }}/{{ item }}"
+    with_items:
+    - ca.pem
+    - ca-key.pem
+    - ca.csr
+    - ca-csr.json
+    - ca-config.json
+
+- hosts: deploy
+  roles:
+  - deploy
+
+# pre-tasks on all nodes
+- hosts: all
+  roles:
+  - prepare
+
+# [optional] only needed by multi-master cluster
+- hosts: lb
+  roles:
+  - lb
+
+# to install etcd cluster
+- hosts: etcd
+  roles:
+  - etcd
+
+# to install docker
+- hosts:
+  - kube-master
+  - kube-node
+  roles:
+  - docker
+
+# to set up 'kube-master' nodes
+- hosts:
+  - kube-master
+  roles:
+  - kube-master
+  - kube-node
+  # 
+  tasks:
+  - name: Making master nodes SchedulingDisabled
+    shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} "
+    when: DEPLOY_MODE != "allinone"
+    ignore_errors: true
+
+  - name: Setting master role name
+    shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=master --overwrite"
+    ignore_errors: true
+
+# to set up 'kube-node' nodes
+- hosts:
+  - kube-node
+  roles:
+  - kube-node
+
+# to restore data of etcd cluster
+- hosts: etcd
+  roles:
+  - cluster-restore
+
diff --git a/90.setup.yml b/90.setup.yml
@@ -0,0 +1,76 @@
+# [optional] to synchronize time of nodes with 'chrony'
+- hosts: all
+  roles:
+  - { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes'" }
+
+# to create CA, kubeconfig, kube-proxy.kubeconfig etc. on 'deploy' node
+- hosts: deploy
+  roles:
+  - deploy
+
+# prepare tasks for all nodes
+- hosts:
+  - kube-master
+  - kube-node
+  - deploy
+  - etcd
+  - lb
+  roles:
+  - prepare
+
+# [optional] to install loadbalance service, only needed by multi-master cluster
+- hosts: lb
+  roles:
+  - lb
+
+# to install etcd cluster
+- hosts: etcd
+  roles:
+  - etcd
+
+# to install docker service
+- hosts:
+  - kube-master
+  - kube-node
+  roles:
+  - docker
+
+# to set up 'kube-master' nodes
+- hosts: kube-master
+  roles:
+  - kube-master
+  - kube-node
+  # 
+  tasks:
+  - name: Making master nodes SchedulingDisabled
+    shell: "{{ bin_dir }}/kubectl cordon {{ inventory_hostname }} "
+    delegate_to: "{{ groups.deploy[0] }}"
+    when: DEPLOY_MODE != "allinone"
+    ignore_errors: true
+
+  - name: Setting master role name
+    shell: "{{ bin_dir }}/kubectl label node {{ inventory_hostname }} kubernetes.io/role=master --overwrite"
+    ignore_errors: true
+    delegate_to: "{{ groups.deploy[0] }}"
+
+# to set up 'kube-node' nodes
+- hosts: kube-node
+  roles:
+  - { role: kube-node, when: "DEPLOY_MODE != 'allinone'" }
+
+# to install network plugin, only one can be choosen
+- hosts:
+  - kube-master
+  - kube-node
+  roles:
+  - { role: calico, when: "CLUSTER_NETWORK == 'calico'" }
+  - { role: cilium, when: "CLUSTER_NETWORK == 'cilium'" }
+  - { role: flannel, when: "CLUSTER_NETWORK == 'flannel'" }
+  - { role: kube-router, when: "CLUSTER_NETWORK == 'kube-router'" }
+
+# to install clust-addons
+- hosts:
+  - kube-node
+  roles:
+  - cluster-addon 
+