Merge pull request #228 from k3s-io/default_k3s_script

---

warn_list:

 - var-naming[no-role-prefix]

 - yaml[comments-indentation]

 - yaml[line-length]

## System requirements

Deployment environment must have Ansible 2.4.0+

Master and nodes must have passwordless SSH access

Server and agent nodes must have passwordless SSH access

## Usage

If needed, you can also edit `vars` section at the bottom to match your environment.

If multiple hosts are in the server group the playbook will automatically setup k3s in HA mode with embedded etcd.

An odd number of server nodes is recommended (3,5,7). Read the offical documentation below for more information and options.

An odd number of server nodes is required (3,5,7). Read the offical documentation below for more information and options.

https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/

Using a loadbalancer or VIP as the API endpoint is preferred but not covered here.

## Kubeconfig

To confirm access to your **Kubernetes** cluster use the following:

After successful bringup, the kubeconfig of the cluster is copied to the control-node and set as default (`~/.kube/config`).

Assuming you have [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) installed, you to confirm access to your **Kubernetes** cluster use the following:

```bash

kubectl get nodes

```

## Local Testing

A Vagrantfile is provided that provision a 5 nodes cluster using LibVirt or Virtualbox and Vagrant. To use it:

```bash

vagrant up

```

By default, each node is given 2 cores and 2GB of RAM and runs Ubuntu 20.04. You can customize these settings by editing the `Vagrantfile`.

 No newline at end of file

# ENV['VAGRANT_NO_PARALLEL'] = 'no'

NODE_ROLES = ["server-0", "server-1", "server-2", "agent-0", "agent-1"]

NODE_BOXES = ['generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004']

NODE_CPUS = 2

NODE_MEMORY = 2048

# Virtualbox >= 6.1.28 require `/etc/vbox/network.conf` for expanded private networks 

NETWORK_PREFIX = "10.10.10"

def provision(vm, role, node_num)

  vm.box = NODE_BOXES[node_num]

  vm.hostname = role

  # We use a private network because the default IPs are dynamicly assigned 

  # during provisioning. This makes it impossible to know the server-0 IP when 

  # provisioning subsequent servers and agents. A private network allows us to

  # assign static IPs to each node, and thus provide a known IP for the API endpoint.

  node_ip = "#{NETWORK_PREFIX}.#{100+node_num}"

  # An expanded netmask is required to allow VM<-->VM communication, virtualbox defaults to /32

  vm.network "private_network", ip: node_ip, netmask: "255.255.255.0"

  vm.provision "ansible", run: 'once' do |ansible|

    ansible.compatibility_mode = "2.0"

    ansible.playbook = "playbook/site.yml"

    ansible.groups = {

      "server" => NODE_ROLES.grep(/^server/),

      "agent" => NODE_ROLES.grep(/^agent/),

      "k3s_cluster:children" => ["server", "agent"],

    }

    ansible.extra_vars = {

      k3s_version: "v1.26.5+k3s1",

      api_endpoint: "#{NETWORK_PREFIX}.100",

      token: "myvagrant",

      # Required to use the private network configured above

      extra_server_args: "--node-external-ip #{node_ip} --flannel-iface eth1", 

      extra_agent_args: "--node-external-ip #{node_ip} --flannel-iface eth1",

    }

  end

end

Vagrant.configure("2") do |config|

  # Default provider is libvirt, virtualbox is only provided as a backup

  config.vm.provider "libvirt" do |v|

    v.cpus = NODE_CPUS

    v.memory = NODE_MEMORY

  end

  config.vm.provider "virtualbox" do |v|

    v.cpus = NODE_CPUS

    v.memory = NODE_MEMORY

  end

  NODE_ROLES.each_with_index do |name, i|

    config.vm.define name do |node|

      provision(node.vm, name, i)

    end

  end

end

        192.16.35.12

        192.16.35.13

  # Required Vars

  vars:

    ansible_port: 22

    ansible_user: debian

    k3s_version: v1.25.5+k3s2

    k3s_server_location: /var/lib/rancher/k3s

    systemd_dir: /etc/systemd/system

    token: "mytoken"  # Use ansible vault if you want to keep it secret

    api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"

    api_port: 6443

    extra_server_args: ""

    extra_server_init_args: ""

    extra_agent_args: ""

  # Optional vars

    # api_port: 6443

    # k3s_server_location: /var/lib/rancher/k3s

    # systemd_dir: /etc/systemd/system

---

- name: Download k3s binary x64

- name: Download k3s install script

  ansible.builtin.get_url:

    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s

    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt

    url: https://get.k3s.io/

    timeout: 120

    dest: /usr/local/bin/k3s

    dest: /usr/local/bin/k3s-install.sh

    owner: root

    group: root

    mode: 0755

  when: ansible_facts.architecture == "x86_64"

- name: Download k3s binary arm64

  ansible.builtin.get_url:

    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-arm64

    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm64.txt

    timeout: 120

    dest: /usr/local/bin/k3s

    owner: root

    group: root

    mode: 0755

  when:

    - ( ansible_facts.architecture is search("arm") and

        ansible_facts.userspace_bits == "64" ) or

      ansible_facts.architecture is search("aarch64")

- name: Download k3s binary armhf

  ansible.builtin.get_url:

    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-armhf

    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm.txt

    timeout: 120

    dest: /usr/local/bin/k3s

    owner: root

    group: root

    mode: 0755

  when:

    - ansible_facts.architecture is search("arm")

    - ansible_facts.userspace_bits == "32"

- name: Download k3s binary

  ansible.builtin.command:

    cmd: /usr/local/bin/k3s-install.sh

  environment:

    INSTALL_K3S_SKIP_START: "true"

    INSTALL_K3S_VERSION: "{{ k3s_version }}"

  changed_when: true