Mercurial > code > home > repos > infra
comparison kube.py @ 204:ad6e997fd323
prepare for k8s server host and registry host to change
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 30 Jun 2023 22:40:27 -0700 |
| parents | 3fd439ae1380 |
| children | 416aa647efd9 |
comparison
equal
deleted
inserted
replaced
| 203:3fd439ae1380 | 204:ad6e997fd323 |
|---|---|
| 5 from pyinfra.facts.server import Arch, LinuxDistribution | 5 from pyinfra.facts.server import Arch, LinuxDistribution |
| 6 from pyinfra.operations import files, server, systemd | 6 from pyinfra.operations import files, server, systemd |
| 7 | 7 |
| 8 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] | 8 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] |
| 9 | 9 |
| 10 server_ip = "10.5.0.1" | |
| 11 server_node = 'bang' | |
| 12 nodes = ['slash', 'dash', 'ditto'] #, 'frontbed', 'garage'] | |
| 13 admin_from = ['bang', 'slash', 'dash', 'ditto'] | |
| 14 # https://github.com/k3s-io/k3s/releases | |
| 15 # 1.23.6 per https://github.com/cilium/cilium/issues/20331 | |
| 16 k3s_version = 'v1.24.3+k3s1' | |
| 17 | |
| 18 # https://github.com/GoogleContainerTools/skaffold/releases | 10 # https://github.com/GoogleContainerTools/skaffold/releases |
| 19 skaffold_version = 'v2.6.0' | 11 skaffold_version = 'v2.6.0' |
| 20 | 12 |
| 21 | 13 |
| 22 def download_k3s(): | 14 def download_k3s(k3s_version): |
| 23 tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' | 15 tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' |
| 24 files.download( | 16 files.download( |
| 25 src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}', | 17 src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}', |
| 26 dest='/usr/local/bin/k3s', | 18 dest='/usr/local/bin/k3s', |
| 27 user='root', | 19 user='root', |
| 62 server.sysctl(key='net.ipv4.conf.default.rp_filter', value=loose, persist=True) | 54 server.sysctl(key='net.ipv4.conf.default.rp_filter', value=loose, persist=True) |
| 63 | 55 |
| 64 if is_pi: | 56 if is_pi: |
| 65 pi_cgroup_setup() | 57 pi_cgroup_setup() |
| 66 | 58 |
| 59 # don't try to get aufs-dkms on rpi-- https://github.com/docker/for-linux/issues/709 | |
| 60 def podman_insecure_registry(reg): | |
| 61 files.template(src='templates/kube/podman_registries.conf.j2', dest='/etc/containers/registries.conf.d/bang.conf', reg=reg) | |
| 67 | 62 |
| 68 def config_and_run_service(): | 63 def config_and_run_service(k3s_version, server_node, server_ip): |
| 69 download_k3s() | 64 download_k3s(k3s_version) |
| 70 service_name = 'k3s.service' if host.name == server_node else 'k3s-node.service' | 65 service_name = 'k3s.service' if host.name == server_node else 'k3s-node.service' |
| 71 role = 'server' if host.name == server_node else 'agent' | 66 role = 'server' if host.name == server_node else 'agent' |
| 72 which_conf = 'config-server.yaml.j2' if host.name == server_node else 'config-agent.yaml.j2' | 67 which_conf = 'config-server.yaml.j2' if host.name == server_node else 'config-agent.yaml.j2' |
| 73 | 68 |
| 74 # /var/lib/rancher/k3s/server/node-token is the source of the string in secrets/k3s_token, | 69 # /var/lib/rancher/k3s/server/node-token is the source of the string in secrets/k3s_token, |
| 93 role=role, | 88 role=role, |
| 94 ) | 89 ) |
| 95 systemd.service(service=service_name, daemon_reload=True, enabled=True, restarted=True) | 90 systemd.service(service=service_name, daemon_reload=True, enabled=True, restarted=True) |
| 96 | 91 |
| 97 | 92 |
| 98 if host.name in nodes + [server_node]: | 93 def make_cluster( |
| 99 host_prep() | 94 server_ip = "10.5.0.1", |
| 100 files.directory(path='/etc/rancher/k3s') | 95 server_node = 'bang', |
| 96 nodes = ['slash', 'dash', 'ditto'], | |
| 97 admin_from = ['bang', 'slash', 'dash', 'ditto'], | |
| 98 # https://github.com/k3s-io/k3s/releases | |
| 99 # 1.23.6 per https://github.com/cilium/cilium/issues/20331 | |
| 100 k3s_version = 'v1.24.3+k3s1', | |
| 101 ): | |
| 102 if not is_pi: | |
| 103 podman_insecure_registry(reg='bang5:5000') | |
| 101 | 104 |
| 102 # docs: https://rancher.com/docs/k3s/latest/en/installation/private-registry/ | 105 if host.name in nodes + [server_node]: |
| 103 # user confusions: https://github.com/rancher/k3s/issues/1802 | 106 host_prep() |
| 104 files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml') | 107 files.directory(path='/etc/rancher/k3s') |
| 105 # also note that podman dropped the default `docker.io/` prefix on image names (see https://unix.stackexchange.com/a/701785/419418) | |
| 106 config_and_run_service() | |
| 107 | 108 |
| 108 if host.name in admin_from: | 109 # docs: https://rancher.com/docs/k3s/latest/en/installation/private-registry/ |
| 109 files.directory(path='/etc/rancher/k3s') | 110 # user confusions: https://github.com/rancher/k3s/issues/1802 |
| 110 install_skaffold() | 111 files.template(src='templates/kube/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml', reg='bang5:5000') |
| 111 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s') | 112 # also note that podman dropped the default `docker.io/` prefix on image names (see https://unix.stackexchange.com/a/701785/419418) |
| 112 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp') | 113 config_and_run_service(k3s_version, server_node, server_ip) |
| 113 | 114 |
| 114 # assumes our pyinfra process is running on server_node | 115 if host.name in admin_from: |
| 115 files.put( | 116 files.directory(path='/etc/rancher/k3s') |
| 116 src='/etc/rancher/k3s/k3s.yaml', | 117 install_skaffold() |
| 117 dest='/etc/rancher/k3s/k3s.yaml', # | 118 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s') |
| 118 user='root', | 119 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp') |
| 119 group='drewp', | 120 |
| 120 mode='640') | 121 # assumes our pyinfra process is running on server_node |
| 121 server.shell(f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml") | 122 files.put( |
| 123 src='/etc/rancher/k3s/k3s.yaml', | |
| 124 dest='/etc/rancher/k3s/k3s.yaml', # | |
| 125 user='root', | |
| 126 group='drewp', | |
| 127 mode='640') | |
| 128 server.shell(f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml") | |
| 129 | |
| 130 | |
| 131 make_cluster( server_ip = "10.5.0.1", server_node = 'bang', nodes = ['slash', 'dash', 'ditto'], admin_from = ['bang', 'slash', 'dash', 'ditto'], k3s_version = 'v1.24.3+k3s1') | |
| 132 #make_cluster( server_ip = "10.5.0.7", server_node = 'ditto', nodes = ['slash', 'dash', 'bang'], admin_from = ['bang', 'slash', 'dash', 'ditto'], k3s_version = 'v1.25.11+k3s1') |