From 71c8a417292ab010072d90caf6ef53e73cfe19be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?BENEDEK=20L=C3=A1szl=C3=B3?= <lacbenedek@gmail.com>
Date: Sat, 26 Apr 2025 16:10:03 +0200
Subject: [PATCH] joining cluster

---
 Readme.md                               | 48 +++++++++++++++++++++++++
 group_vars/main.yml                     |  1 +
 init-cluster.yml                        |  6 ++++
 inventory                               |  4 ++-
 join-control-plane.yml                  |  6 ++++
 join-workers.yml                        |  6 ++++
 roles/init-cluster/defaults/main.yml    |  2 ++
 roles/init-cluster/tasks/main.yml       | 32 +++++++++++++++++
 roles/join-control-plane/tasks/main.yml | 23 ++++++++++++
 roles/node/defaults/main.yml            |  4 +--
 roles/worker/tasks/main.yml             | 21 +++++++++++
 11 files changed, 150 insertions(+), 3 deletions(-)
 create mode 100644 Readme.md
 create mode 100644 group_vars/main.yml
 create mode 100644 init-cluster.yml
 create mode 100644 join-control-plane.yml
 create mode 100644 join-workers.yml
 create mode 100644 roles/init-cluster/defaults/main.yml
 create mode 100644 roles/init-cluster/tasks/main.yml
 create mode 100644 roles/join-control-plane/tasks/main.yml
 create mode 100644 roles/worker/tasks/main.yml

diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..9820f72
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,48 @@
+# Kubernetes cluster setup using Ansible for Debian
+
+## Description
+
+The project configures a Kubernetes cluster on Debian machines with kubeadm.\
+It uses systemd-networkd for interface configuraition, CRI-O for containerization, Calico as a CNI plugin, and stacked etcd for control-plane database.
+
+## Configuration
+
+- General node config: [*roles/node/defaults/main.yml*](roles/node/defaults/main.yml)
+- Cluster config:
+  - [*roles/init-cluster/defaults/main.yml*](roles/init-cluster/defaults/main.yml)
+  - [*group_vars/main.yml*](group_vars/main.yml)
+
+## Usage
+
+### 1. Configure ssh on all nodes
+
+1. ssh in and enable root login by editing */etc/ssh/sshd_conf*
+2. `ssh-copy-key root@NODE`
+3. `ssh-agent $SHELL`
+4. `ssh-add`
+
+### 2. Add nodes to inventory
+
+Edit the *inventory* file.
+
+### 3. Prepare nodes
+
+`ansible-playbook -i inventory -u root node.yml`
+
+### 4. Initalize cluster
+
+Uses the `[first_master]` group from the *inventory* to select the first master.
+
+`ansible-playbook -i inventory -u root init-cluster.yml`
+
+### 5. Join other masters
+
+Uses the `[other_masters]` group from the *inventory*.
+
+`ansible-playbook -i inventory -u root join-control-plane.yml`
+
+### 6. Join workers
+
+Uses the `[workers]` group from the *inventory*.
+
+`ansible-playbook -i inventory -u root join-workers.yml`
diff --git a/group_vars/main.yml b/group_vars/main.yml
new file mode 100644
index 0000000..dd99968
--- /dev/null
+++ b/group_vars/main.yml
@@ -0,0 +1 @@
+cluster_endpoint: cluster
\ No newline at end of file
diff --git a/init-cluster.yml b/init-cluster.yml
new file mode 100644
index 0000000..c9b0627
--- /dev/null
+++ b/init-cluster.yml
@@ -0,0 +1,6 @@
+- name: Initalize cluster
+  hosts: first_master
+  become: true
+  gather_facts: true
+  roles:
+    - init-cluster
diff --git a/inventory b/inventory
index f21d465..975cb18 100644
--- a/inventory
+++ b/inventory
@@ -1,7 +1,9 @@
 [nodes]
 192.168.122.79
 
-[masters]
+[first_master]
 192.168.122.79
 
+[other_masters]
+
 [workers]
diff --git a/join-control-plane.yml b/join-control-plane.yml
new file mode 100644
index 0000000..0df343c
--- /dev/null
+++ b/join-control-plane.yml
@@ -0,0 +1,6 @@
+- name: Add more masters to the cluster
+  hosts: other_masters
+  become: true
+  gather_facts: true
+  roles:
+    - join-control-plane
diff --git a/join-workers.yml b/join-workers.yml
new file mode 100644
index 0000000..7f69b4f
--- /dev/null
+++ b/join-workers.yml
@@ -0,0 +1,6 @@
+- name: Add workers to the cluster
+  hosts: workers
+  become: true
+  gather_facts: true
+  roles:
+    - worker
diff --git a/roles/init-cluster/defaults/main.yml b/roles/init-cluster/defaults/main.yml
new file mode 100644
index 0000000..44566d6
--- /dev/null
+++ b/roles/init-cluster/defaults/main.yml
@@ -0,0 +1,2 @@
+pod_network_cidr: 172.17.0.0/24
+calico_version: v3.29.3
diff --git a/roles/init-cluster/tasks/main.yml b/roles/init-cluster/tasks/main.yml
new file mode 100644
index 0000000..4745012
--- /dev/null
+++ b/roles/init-cluster/tasks/main.yml
@@ -0,0 +1,32 @@
+- name: Init cluster
+  ansible.builtin.command:
+    cmd: |-
+      kubeadm init
+        --control-plane-endpoint={{ cluster_endpoint }}
+        --pod-network-cidr={{ pod_network_cidr }}
+        --upload-certs
+        --cri-socket=unix:///var/run/crio/crio.sock
+  register: kubeadm_init
+  failed_when: kubeadm_init.rc != 0
+  changed_when: kubeadm_init.rc == 0
+
+- name: Cluster init output
+  ansible.builtin.debug:
+    msg: "{{ kubeadm_init.stdout }}"
+  when: kubeadm_init.rc == 0
+
+- name: Cluster init errors
+  ansible.builtin.debug:
+    msg: "{{ kubeadm_init.stderr }}"
+  when: kubeadm_init.rc != 0
+
+- name: Install Calico CNI
+  ansible.builtin.command:
+    cmd: |-
+      kubectl apply -f
+        https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/calico.yaml
+  register: calico_install
+  changed_when: calico_install.rc == 0
+  failed_when: calico_install.rc != 0
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
diff --git a/roles/join-control-plane/tasks/main.yml b/roles/join-control-plane/tasks/main.yml
new file mode 100644
index 0000000..b6feaad
--- /dev/null
+++ b/roles/join-control-plane/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: Join cluster as control plane
+  ansible.builtin.command:
+    cmd: |-
+      kubeadm join
+        {{ cluster_endpoint }}:6443
+        --token={{ token }}
+        --discovery-token-ca-cert-hash={{ token_hash }}
+        --control-plane
+        --certificate-key {{ certificate_key }}
+        --cri-socket=unix:///var/run/crio/crio.sock
+  register: kubeadm_join
+  failed_when: kubeadm_join.rc != 0
+  changed_when: kubeadm_join.rc == 0
+
+- name: Cluster init output
+  ansible.builtin.debug:
+    msg: "{{ kubeadm_join.stdout }}"
+  when: kubeadm_join.rc == 0
+
+- name: Cluster init errors
+  ansible.builtin.debug:
+    msg: "{{ kubeadm_join.stderr }}"
+  when: kubeadm_join.rc != 0
diff --git a/roles/node/defaults/main.yml b/roles/node/defaults/main.yml
index 0242a71..7a21b05 100644
--- a/roles/node/defaults/main.yml
+++ b/roles/node/defaults/main.yml
@@ -15,8 +15,8 @@ packages:
 
 # networking
 hostnames:
-  - ip: 192.168.1.242
-    name: orangepi4
+  - ip: 192.168.122.79
+    name: cluster
 
 interface_name: lan0
 gateway: 192.168.122.1
diff --git a/roles/worker/tasks/main.yml b/roles/worker/tasks/main.yml
new file mode 100644
index 0000000..ed1f956
--- /dev/null
+++ b/roles/worker/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Join cluster as a worker
+  ansible.builtin.command:
+    cmd: |-
+      kubeadm join
+        {{ cluster_endpoint }}:6443
+        --token={{ token }}
+        --discovery-token-ca-cert-hash={{ token_hash }}
+        --cri-socket=unix:///var/run/crio/crio.sock
+  register: kubeadm_join
+  failed_when: kubeadm_join.rc != 0
+  changed_when: kubeadm_join.rc == 0
+
+- name: Cluster init output
+  ansible.builtin.debug:
+    msg: "{{ kubeadm_join.stdout }}"
+  when: kubeadm_join.rc == 0
+
+- name: Cluster init errors
+  ansible.builtin.debug:
+    msg: "{{ kubeadm_join.stderr }}"
+  when: kubeadm_join.rc != 0