This Ansible role installs and configures a highly available Kubernetes cluster using kubeadm, automating the entire installation process. It demonstrates how to use Ansible for Kubernetes setup. For production environments, it is recommended to use Kubespray.
High availability features include multiple master nodes to prevent a single point of failure, kube-vip for a failover virtual IP address ensuring control plane accessibility, Longhorn for distributed block storage and data resilience, and an Nginx ingress controller for load balancing and reliable ingress traffic routing.
Install ansible, ipaddr and netaddr:
pip install -r requirements.txt
Download the role form GitHub:
ansible-galaxy install git+https://github.com/amine-baaa/ansible-role-kubernetes.git
This role accept this variables:
| Var | Required | Default | Desc |
|---|---|---|---|
kubernetes_subnet |
yes |
192.168.25.0/24 |
Subnet where Kubernetess will be deployed. If the VM or bare metal server has more than one interface, Ansible will filter the interface used by Kubernetes based on the interface subnet |
disable_firewall |
no |
no |
If set to yes Ansible will disable the firewall. |
kubernetes_version |
no |
1.25.0 |
Kubernetes version to install |
kubernetes_cri |
no |
containerd |
Kubernetes CRI to install. |
kubernetes_cni |
no |
flannel |
Kubernetes CNI to install. |
kubernetes_dns_domain |
no |
cluster.local |
Kubernetes default DNS domain |
kubernetes_pod_subnet |
no |
10.244.0.0/16 |
Kubernetes pod subnet |
kubernetes_service_subnet |
no |
10.96.0.0/12 |
Kubernetes service subnet |
kubernetes_api_port |
no |
6443 |
kubeapi listen port |
setup_vip |
no |
no |
Setup kubernetes VIP addres using kube-vip |
kubernetes_vip_ip |
no |
192.168.25.225 |
Required if setup_vip is set to yes. Vip ip address for the control plane |
kubevip_version |
no |
v0.4.3 |
kube-vip container version |
install_longhorn |
no |
no |
Install Longhorn, Cloud native distributed block storage for Kubernetes. |
longhorn_version |
no |
v1.3.1 |
Longhorn release. |
install_nginx_ingress |
no |
no |
Install nginx ingress controller |
nginx_ingress_controller_version |
no |
controller-v1.3.0 |
nginx ingress controller version |
nginx_ingress_controller_http_nodeport |
no |
30080 |
NodePort used by nginx ingress controller for the incoming http traffic |
nginx_ingress_controller_https_nodeport |
no |
30443 |
NodePort used by nginx ingress controller for the incoming https traffic |
enable_nginx_ingress_proxy_protocol |
no |
no |
Enable nginx ingress controller proxy protocol mode |
enable_nginx_real_ip |
no |
no |
Enable nginx ingress controller real-ip module |
nginx_ingress_real_ip_cidr |
no |
0.0.0.0/0 |
Required if enable_nginx_real_ip is set to yes Trusted subnet to use with the real-ip module |
nginx_ingress_proxy_body_size |
no |
20m |
nginx ingress controller max proxy body size |
sans_base |
no |
[list of values, see defaults/main.yml] |
list of ip addresses or FQDN uset to sign the kube-api certificate |
- Use Vagrant and VirtualBox to test the role by bringing up an example infrastructure. After downloading this repository, start the virtual machines with:
vagrant up
Adjust the hosts.ini file with your hosts and run the playbook:
user@mintrrr:~$ ansible-playbook -i hosts-ubuntu.ini site.yml -e kubernetes_init_host=
PLAY [kubemaster]
TASK [Gathering Facts]
TASK [ansible-role-kubernetes : include_tasks]
TASK [ansible-role-kubernetes : Install required system packages]
TASK [ansible-role-kubernetes : Add Google GPG apt Key]
TASK [ansible-role-kubernetes : Add K8s Repository]
TASK [ansible-role-kubernetes : Add Docker GPG apt Key]
TASK [ansible-role-kubernetes : shell]
TASK [ansible-role-kubernetes : Add Docker Repository]
TASK [ansible-role-kubernetes : setup]
TASK [ansible-role-kubernetes : include_tasks]
TASK [ansible-role-kubernetes : disable ufw]
TASK [ansible-role-kubernetes : Install iptables-legacy]
TASK [ansible-role-kubernetes : Remove zram-generator-defaults]
TASK [ansible-role-kubernetes : disable firewalld]
TASK [ansible-role-kubernetes : Put SELinux in permissive mode, logging actions that would be blocked.]
TASK [ansible-role-kubernetes : Disable SELinux]
TASK [ansible-role-kubernetes : Install openssl]
TASK [ansible-role-kubernetes : load overlay kernel module]
TASK [ansible-role-kubernetes : load br_netfilter kernel module]
TASK [ansible-role-kubernetes : Add KUBELET_ROOT_DIR env var]
TASK [ansible-role-kubernetes : Add KUBELET_ROOT_DIR env var, set value]
TASK [ansible-role-kubernetes : Install longhorn]
TASK [ansible-role-kubernetes : Install longhorn storageclass]
TASK [ansible-role-kubernetes : include_tasks]
TASK [ansible-role-kubernetes : Check if ingress-nginx is installed]
TASK [ansible-role-kubernetes : Install ingress-nginx]
TASK [ansible-role-kubernetes : render nginx_ingress_config.yml]
TASK [ansible-role-kubernetes : Apply nginx ingress config]
kubectl get nodes
kubectl get pods --all-namespaces
We can also inspect the service of the nginx ingress controller:
kubectl get svc -n ingress-nginx
From an external machine we can test the ingress controller:
user@mintrrr:~$ curl -v http://[HOST]:[HTTP_PORT]
>
<