infra: kube.py annotate

annotate kube.py @ 80:bc909bf8b80e

another try at dns with /etc/k3s_resolv.conf

author	drewp@bigasterisk.com
date	Sat, 18 Jun 2022 13:42:10 -0700
parents	41008d412ec8
children	eb38553a6806

rev	line source
61 b46df76991b6 10.1 cleanups; verbose settings; address updates drewp@bigasterisk.com parents: 58 diff changeset	1 import tempfile
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	2 from pyinfra import host
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	3 from pyinfra.facts.files import FindInFile
12 15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: 8 diff changeset	4 from pyinfra.facts.server import Arch, LinuxDistribution
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: 8 diff changeset	5 from pyinfra.operations import files, server, systemd
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	6
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	7 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	8
40 193cd3b051c6 versions and ips drewp@bigasterisk.com parents: 29 diff changeset	9 # https://github.com/k3s-io/k3s/releases
75 41008d412ec8 versions drewp@bigasterisk.com parents: 72 diff changeset	10 k3s_version = 'v1.24.1+k3s1'
40 193cd3b051c6 versions and ips drewp@bigasterisk.com parents: 29 diff changeset	11
193cd3b051c6 versions and ips drewp@bigasterisk.com parents: 29 diff changeset	12 # https://github.com/GoogleContainerTools/skaffold/releases
62 50100cad1f38 new upstream versions drewp@bigasterisk.com parents: 61 diff changeset	13 skaffold_version = 'v1.38.0'
40 193cd3b051c6 versions and ips drewp@bigasterisk.com parents: 29 diff changeset	14
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	15 master_ip = "10.5.0.1"
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	16 server_node = 'bang'
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	17 nodes = ['slash', 'dash', 'frontbed', 'garage']
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	18 admin_from = ['bang', 'slash', 'dash']
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	19
64 32b32ee2211a so this was never matching, cool, cool drewp@bigasterisk.com parents: 62 diff changeset	20 if host.name in nodes + [server_node]:
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	21 server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True)
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	22 server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True)
72 f0e59adf7b91 updates that aren't pkg or version changes drewp@bigasterisk.com parents: 67 diff changeset	23 server.sysctl(key='fs.inotify.max_user_instances', value='8192', persist=True)
f0e59adf7b91 updates that aren't pkg or version changes drewp@bigasterisk.com parents: 67 diff changeset	24 server.sysctl(key='fs.inotify.max_user_watches', value='524288', persist=True)
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	25
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	26 tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf'
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	27 files.download(
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	28 src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	29 dest='/usr/local/bin/k3s',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	30 user='root',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	31 group='root',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	32 mode='755',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	33 cache_time=43000,
58 f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	34 # force=True, # to get a new version
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	35 )
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	36
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	37 if is_pi:
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	38 old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0]
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	39 if 'cgroup' not in old_cmdline:
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	40 cmdline = old_cmdline + ' cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	41 files.line(path='/boot/cmdline.txt', line='.*', replace=cmdline)
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	42 # pi needs reboot now
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	43
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	44 server.shell(commands=[
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	45 'update-alternatives --set iptables /usr/sbin/iptables-nft',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	46 'update-alternatives --set ip6tables /usr/sbin/ip6tables-nft',
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	47 ])
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	48 # needs reboot if this changed
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	49
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	50 # See https://github.com/rancher/k3s/issues/1802 and https://rancher.com/docs/k3s/latest/en/installation/private-registry/
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	51 files.directory(path='/etc/rancher/k3s')
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	52 files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml')
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	53
28 d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	54 service_name = 'k3s.service' if host.name == 'bang' else 'k3s-node.service'
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	55 which_conf = 'config.yaml.j2' if host.name == 'bang' else 'node-config.yaml.j2'
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	56
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	57 # /var/lib/rancher/k3s/server/node-token is the source of the string in secrets/k3s_token
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	58 token = open('secrets/k3s_token', 'rt').read().strip()
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	59 files.template(
28 d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	60 src=f'templates/kube/{which_conf}',
21 948d9d72267d k3s update and some config refactoring drewp@bigasterisk.com parents: 19 diff changeset	61 dest='/etc/k3s_config.yaml',
948d9d72267d k3s update and some config refactoring drewp@bigasterisk.com parents: 19 diff changeset	62 master_ip=master_ip,
28 d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	63 token=token,
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	64 wg_ip=host.host_data['wireguard_address'],
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	65 )
80 bc909bf8b80e another try at dns with /etc/k3s_resolv.conf drewp@bigasterisk.com parents: 75 diff changeset	66 files.template(
bc909bf8b80e another try at dns with /etc/k3s_resolv.conf drewp@bigasterisk.com parents: 75 diff changeset	67 src='templates/kube/k3s_resolv.conf.j2',
bc909bf8b80e another try at dns with /etc/k3s_resolv.conf drewp@bigasterisk.com parents: 75 diff changeset	68 dest='/etc/k3s_resolv.conf',
bc909bf8b80e another try at dns with /etc/k3s_resolv.conf drewp@bigasterisk.com parents: 75 diff changeset	69 master_ip=master_ip,
bc909bf8b80e another try at dns with /etc/k3s_resolv.conf drewp@bigasterisk.com parents: 75 diff changeset	70 wg_ip=host.host_data['wireguard_address'],
bc909bf8b80e another try at dns with /etc/k3s_resolv.conf drewp@bigasterisk.com parents: 75 diff changeset	71 )
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	72 files.template(
28 d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	73 src='templates/kube/k3s.service.j2',
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	74 dest=f'/etc/systemd/system/{service_name}',
d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	75 role='server' if host.name == 'bang' else 'agent',
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	76 )
28 d844cdf86164 more old changes, not sure drewp@bigasterisk.com parents: 27 diff changeset	77 systemd.service(service=service_name, daemon_reload=True, enabled=True, restarted=True)
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	78
58 f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	79 if host.name == 'bang':
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	80 files.put(
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	81 src="templates/kube/coredns.yaml",
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	82 dest="/var/lib/rancher/k3s/server/manifests/coredns.yaml",
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	83 mode="600",
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	84 )
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	85 # files.put(
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	86 # src="templates/kube/coredns-map.yaml",
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	87 # dest="/var/lib/rancher/k3s/server/manifests/coredns-map.yaml",
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	88 # mode="600",
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	89 # )
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	90 # tmp = tempfile.NamedTemporaryFile(suffix='.yaml')
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	91 # files.template(
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	92 # src='templates/kube/Corefile.yaml.j2',
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	93 # dest=tmp.name,
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	94 # )
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	95 # server.shell(commands=[
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	96 # 'kubectl replace configmap '
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	97 # # '-n kube-system '
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	98 # # 'coredns '
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	99 # f'--filename={tmp.name} '
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	100 # '-o yaml '
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	101 # # '--dry-run=client \| kubectl apply -',
f39ada0b8827 push a coredns config with the right forwarding server drewp@bigasterisk.com parents: 56 diff changeset	102 # ])
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	103 # one-time thing at cluster create time? not sure
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	104 # - name: Replace https://localhost:6443 by https://master-ip:6443
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	105 # command: >-
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	106 # k3s kubectl config set-cluster default
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	107 # --server=https://{{ master_ip }}:6443
7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	108 # --kubeconfig ~{{ ansible_user }}/.kube/config
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	109
27 7b22ff272001 refactor (may not be a correct commit) drewp@bigasterisk.com parents: 21 diff changeset	110 if host.name in admin_from:
8 226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	111 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s')
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	112 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp')
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	113 files.line(path="/home/drewp/.zshrc", line="KUBECONFIG", replace='export KUBECONFIG=/etc/rancher/k3s/k3s.yaml')
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	114
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	115 files.chown(target='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp')
226f3c8419b2 kube setup drewp@bigasterisk.com parents: diff changeset	116 files.chmod(target='/etc/rancher/k3s/k3s.yaml', mode='640')
17 0c1496e11b8f get skaffold on hosts that want to do deploys drewp@bigasterisk.com parents: 12 diff changeset	117
29 911da5e10834 bump k3s and skaffold drewp@bigasterisk.com parents: 28 diff changeset	118 # see https://github.com/GoogleContainerTools/skaffold/releases
40 193cd3b051c6 versions and ips drewp@bigasterisk.com parents: 29 diff changeset	119 files.download(src=f'https://storage.googleapis.com/skaffold/releases/{skaffold_version}/skaffold-linux-amd64',
17 0c1496e11b8f get skaffold on hosts that want to do deploys drewp@bigasterisk.com parents: 12 diff changeset	120 dest='/usr/local/bin/skaffold',
0c1496e11b8f get skaffold on hosts that want to do deploys drewp@bigasterisk.com parents: 12 diff changeset	121 user='root',
0c1496e11b8f get skaffold on hosts that want to do deploys drewp@bigasterisk.com parents: 12 diff changeset	122 group='root',
21 948d9d72267d k3s update and some config refactoring drewp@bigasterisk.com parents: 19 diff changeset	123 mode='755',
948d9d72267d k3s update and some config refactoring drewp@bigasterisk.com parents: 19 diff changeset	124 cache_time=1000)

Mercurial > code > home > repos > infra

annotate kube.py @ 80:bc909bf8b80e