-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Kubernetes Installation and Configuration #20
Draft
Searge
wants to merge
18
commits into
develop
Choose a base branch
from
feat/k8s_install
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Added `service_cidr` variable with value "10.96.0.0/24" to `vagrant.yml` group_vars. - Added `certs_path` variable with value "{{ ansible_user_dir }}/certs" to `vagrant.yml` group_vars.
- Added task to install latest stable version of kubectl using the ARCH variable from /etc/environment. - Retrieved stable release version of kubectl from https://dl.k8s.io/release/stable.txt. - Installed kubectl binary with appropriate permissions and mode. - Printed the kubectl version.
- Added tasks to generate Certificate Authority (CA) and various client and server certificates. - Generated private keys and CSR for admin user, kube-controller-manager, kube-proxy, kube-scheduler, kube-apiserver, kube-apiserver-kubelet-client, etcd-server, and service-account. - Signed the certificates using the CA private key. - Verified the PKI with cert_verify.sh.
- Moved certificate verification scripts cert_verify.sh and approve_csr.sh to the 'certs' directory for better organization. - Renamed approve-csr.sh to approve_csr.sh for consistency.
Searge
force-pushed
the
feat/k8s_install
branch
from
April 15, 2024 17:14
5c25a06
to
b80f07e
Compare
Searge
force-pushed
the
feat/k8s_install
branch
from
April 16, 2024 06:51
89eb7fb
to
4ca2715
Compare
- Updated the SSH configurations in ssh.cfg to use specific IP addresses instead of localhost for better clarity and consistency. - Commented out the Port directives in ssh.cfg since the default ports are used. - Modified the 'up' task in Taskfile.dist.yml to include the '--parallel' flag for faster provisioning of VMs. - Updated the 'destroy' task in Taskfile.dist.yml to remove the sed command and replaced it with a command to clear known_hosts file for improved reliability.
- Added "netaddr" to pyproject.toml as a new dependency. - Added "netaddr" version 1.2.1 to requirements.txt to ensure consistency across environments.
- Updated the `certs_path` variable in the `vagrant.yml` group_vars file to point to the root directory instead of a subdirectory.
- Refactored TLS certificate provisioning tasks to use a centralized CA key and certificate. - Updated the tasks to generate the CA private key and CSR with appropriate subject details. - Adjusted the tasks to sign certificates with the CA key and certificate. - Removed redundant tasks for creating directories for certificates. - Updated references to the CA key, CSR, and certificate files accordingly.
- Corrected the destination path for the `approve-csr.sh` script in the Vagrantfile. - Updated the file path to match the actual location of the script.
Searge
force-pushed
the
feat/k8s_install
branch
from
April 16, 2024 16:50
4ca2715
to
e2d1cfe
Compare
This commit introduces changes to generate Certificate Authority (CA) and TLS certificates using Ansible. It includes tasks to create private keys, certificate signing requests (CSRs), and sign certificates for various components: - Admin user - Kube-controller-manager - Kube-proxy - Kube-scheduler - Kubernetes API Server - API Server Kubelet Client - ETCD Server - Service Account The certificates are generated successfully and can be found in the specified location. A command `cert_verify.sh` is provided to verify the certificates.
This commit introduces a task to generate an encryption key and configuration for Kubernetes. The encryption key is generated using a shell command and set as a fact. Then, the encryption configuration file is created with the key injected. This enhances Kubernetes secrets security.
This commit adds tasks to generate kubeconfig files for the kube-proxy, kube-controller-manager, kube-scheduler services, and the admin user. The tasks set up the necessary configurations using kubectl commands and include embedding certificates, setting cluster information, server URLs, client credentials, and context details.
Searge
force-pushed
the
feat/k8s_install
branch
from
April 17, 2024 06:07
c292a6e
to
ca80d8c
Compare
Searge
changed the title
Update Dependencies, SSH Configurations, and Certificate Provisioning Tasks
Enable Kubernetes Installation and Configuration
Apr 21, 2024
- Uses delegate_to and block for better organization - Defines CA certificate location as a fact - Generates kubeconfig files with templated cert paths
…, generating/distributing kubeconfig - Creates playbooks for provisioning CA, generating TLS certificates, installing kubectl, and generating kubeconfig files - Distributes certificates and kubeconfig files to control plane and worker nodes Refs: https://github.com/kelseyhightower/kubernetes-the-hard-way
- Update `stop` task in Taskfile.dist.yml to halt Virtualbox VM without parallel option. - Correct the command in `destroy` task of Taskfile.dist.yml to clear known_hosts file. - Amend the sed commands in bump.sh to properly update version strings in project files. - Provide instructions for reviewing and editing the generated CHANGELOG.md file before committing. - Adjust commit message to reflect the changes made.
- Add variables for etcd configuration in ansible/inventory/group_vars/all.yml. - Include tasks in ansible/k8s_install.yml for bootstrapping the etcd cluster. - Add tasks in ansible/tasks/bootstrap_etcd.yml to set up etcd binaries, directories, certificates, and services. - Provide a template for the etcd service file in ansible/templates/db/etcd.service.j2.
Quality Gate passedIssues Measures |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
kube-proxy
,kube-controller-manager
,kube-scheduler
, and theadmin
user.pyproject.toml
andrequirements.txt
files to ensure compatibility and security.ssh.cfg
file to use specific IP addresses instead of localhost for better clarity and consistency.These changes collectively aim to enhance the project's compatibility, security, and maintainability.