|
111
|
1 # leave kube.py running single-host and try again
|
|
|
2 import os
|
|
|
3
|
|
|
4 from pyinfra import host
|
|
|
5 from pyinfra.facts.files import FindInFile
|
|
|
6 from pyinfra.facts.server import Arch, LinuxDistribution
|
|
|
7 from pyinfra.operations import files, server, systemd
|
|
|
8
|
|
|
9 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
|
|
|
10
|
|
112
|
11 from multikube_config import server_node, server_ip, nodes, admin_from, k3s_version, skaffold_version
|
|
111
|
12
|
|
|
13 def download_k3s():
|
|
|
14 tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf'
|
|
|
15 files.download(
|
|
|
16 src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}',
|
|
|
17 dest='/usr/local/bin/k3s',
|
|
|
18 user='root',
|
|
|
19 group='root',
|
|
|
20 mode='755',
|
|
|
21 cache_time=43000,
|
|
|
22 #force=True, # to get a new version
|
|
|
23 )
|
|
|
24
|
|
|
25
|
|
|
26 def install_skaffold():
|
|
|
27 files.download(src=f'https://storage.googleapis.com/skaffold/releases/{skaffold_version}/skaffold-linux-amd64',
|
|
|
28 dest='/usr/local/bin/skaffold',
|
|
|
29 user='root',
|
|
|
30 group='root',
|
|
|
31 mode='755',
|
|
|
32 cache_time=1000)
|
|
|
33 # one time; writes to $HOME
|
|
|
34 #skaffold config set --global insecure-registries bang5:5000
|
|
|
35
|
|
|
36
|
|
|
37 def pi_cgroup_setup():
|
|
|
38 old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0]
|
|
|
39 if 'cgroup' not in old_cmdline:
|
|
|
40 cmdline = old_cmdline + ' cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
|
|
|
41 files.line(path='/boot/cmdline.txt', line='.*', replace=cmdline)
|
|
|
42 # pi needs reboot now
|
|
|
43
|
|
|
44
|
|
|
45 def host_prep():
|
|
|
46 server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True)
|
|
|
47 server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True)
|
|
|
48 server.sysctl(key='net.ipv6.conf.all.disable_ipv6' , value='1',persist=True)
|
|
|
49 server.sysctl(key='fs.inotify.max_user_instances', value='8192', persist=True)
|
|
|
50 server.sysctl(key='fs.inotify.max_user_watches', value='524288', persist=True)
|
|
|
51
|
|
|
52 # https://sysctl-explorer.net/net/ipv4/rp_filter/
|
|
|
53 #none, strict, loose = 0, 1, 2
|
|
|
54 #server.sysctl(key='net.ipv4.conf.default.rp_filter', value=loose, persist=True)
|
|
|
55
|
|
|
56 if is_pi:
|
|
|
57 pi_cgroup_setup()
|
|
|
58
|
|
|
59 def service_name():
|
|
|
60 return 'k3s.service' if host.name == server_node else 'k3s-node.service'
|
|
|
61
|
|
|
62 def config_and_run_service():
|
|
|
63 download_k3s()
|
|
|
64 role = 'server' if host.name == server_node else 'agent'
|
|
|
65 which_conf = 'config-server.yaml.j2' if host.name == server_node else 'config-agent.yaml.j2'
|
|
|
66
|
|
|
67 if host.name == server_node:
|
|
|
68 token = "unused"
|
|
|
69 else:
|
|
|
70 token = open('/tmp/k3s-token', 'rt').read().strip()
|
|
|
71 files.template(
|
|
|
72 src=f'templates/kube/{which_conf}',
|
|
|
73 dest='/etc/k3s_config.yaml',
|
|
112
|
74 server_ip=server_ip,
|
|
111
|
75 token=token,
|
|
|
76 wg_ip=host.host_data['mk_addr'],#wireguard_address'],
|
|
|
77 )
|
|
|
78
|
|
|
79 files.template(
|
|
|
80 src='templates/kube/k3s.service.j2',
|
|
|
81 dest=f'/etc/systemd/system/{service_name()}',
|
|
|
82 role=role,
|
|
|
83 )
|
|
|
84 systemd.service(service=service_name(), daemon_reload=True, enabled=True, restarted=True)
|
|
|
85
|
|
|
86 if host.name == server_node:
|
|
|
87 files.get(src='/var/lib/rancher/k3s/server/node-token', dest='/tmp/k3s-token')
|
|
|
88 files.get(src='/etc/rancher/k3s/k3s.yaml', dest='/tmp/k3s-yaml')
|
|
|
89
|
|
112
|
90
|
|
111
|
91 if host.name in nodes + [server_node]:
|
|
|
92 host_prep()
|
|
|
93 files.directory(path='/etc/rancher/k3s')
|
|
|
94
|
|
|
95 config_and_run_service()
|
|
|
96
|
|
|
97 # docs: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
|
|
|
98 # user confusions: https://github.com/rancher/k3s/issues/1802
|
|
|
99 files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml')
|
|
|
100 # for the possible registries update:
|
|
|
101 systemd.service(service=service_name(), daemon_reload=True, enabled=True, restarted=True)
|
|
|
102
|
|
|
103 if host.name in admin_from:
|
|
|
104 files.directory(path='/etc/rancher/k3s')
|
|
|
105 install_skaffold()
|
|
|
106 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s')
|
|
|
107 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp')
|
|
|
108 # .zshrc has: export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
|
|
|
109
|
|
|
110 # assumes our pyinfra process is running on server_node
|
|
|
111 if host.name != server_node:
|
|
|
112 files.put(src='/tmp/k3s-yaml', dest='/etc/rancher/k3s/k3s.yaml')
|
|
|
113
|
|
|
114 files.file(path='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp', mode='640')
|
|
112
|
115 server.shell(f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml")
|
