Ansible Collection for Kubernetes.

This Ansible collection provides Ansible playbooks and roles for the deployment and configuration of a Certified Kubernetes environment.

This collection require Ansible community package 4.10 or higher.

This collection was designed for:

• Ubuntu 20.04, 22.04, 23.04
• CentOS 7, 8 Stream, 9 Stream
• openSUSE Leap 15.4, Leap 15.5, Tumbleweed
• Debian 11, 12, Testing
• Fedora 37, 38, Rawhide
• RHEL 7, 8, 9

Start by cloning the repository, checkout the corresponding branch, and init with git submodule, then install Ansible (see https://software.opensuse.org/download/package?package=ansible&project=home%3Aalvistack):

# GIT checkout development branch
mkdir -p /opt/ansible-collection-kubernetes
cd /opt/ansible-collection-kubernetes
git init
git remote add upstream https://github.com/alvistack/ansible-collection-kubernetes.git
git fetch --all --prune
git checkout upstream/develop -- .
git submodule sync --recursive
git submodule update --init --recursive

# Bootstrap Ansible
echo 'deb http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_22.04/ /' | tee /etc/apt/sources.list.d/home:alvistack.list
curl -fsSL https://downloadcontent.opensuse.org/repositories/home:alvistack/xUbuntu_22.04/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_alvistack.gpg > /dev/null
apt update
apt install ansible

# Confirm the version of Ansible
ansible --version

All-in-one (AIO) build is a great way to perform an Kubernetes build for:

• A development environment
• An overview of how all the Kubernetes services fit together
• A simple lab deployment

Simply execule our default Molecule test case and it will deploy all default components into your localhost:

# Run Molecule test case
molecule test -s default

# Confirm the version and status of Kubernetes
kubectl version --output=yaml
kubectl get node --output=yaml
kubectl get pod --all-namespaces

In order to avoid Single Point of Failure, at least 3 instances for Kubernetes is recommended.

For production environment we should backed with Ceph File System for Kubernetes Persistent Volumes with ReadWriteMany support. Corresponding dynamic provisioning could be handled by using CSI CephFS.

Traditionally we could use Docker or containerd as Kubernetes container runtime (CRI). Now a day, this collection is default with the modern CRI-O implementation.

Moreover, we are using Cilium as Kubernetes network plugin (CNI) so we could support Kubernetes Network Policies.

This deployment will setup the follow components:

• Kubernetes
  • CRI: CRI-O
  • CNI: Cilium
  • CSI: CSI CephFS
  • Addons:
    • Kubernetes Dashboard
    • NGINX Ingress Controller
    • Cert Manager

Start by copying the default inventory for customization:

# Copy default inventory
mkdir -p /etc/ansible
rsync -av /opt/ansible-collection-kubernetes/inventory/default/ /etc/ansible

You should update the following files as per your production environment:

• /etc/ansible/hosts
  • Update with your inventory hostnames and IPs
• /etc/ansible/group_vars/all/*.yml
  • Update *_release and *_version if you hope to pin the deployment into any legacy supported version

Once update now run the playbooks:

# Run playbooks
cd /opt/ansible-collection-kubernetes
ansible-playbook playbooks/converge.yml
ansible-playbook playbooks/50-kube-verify.yml
ansible-playbook playbooks/60-kube_cilium-install.yml
ansible-playbook playbooks/70-kube_csi_cephfs-install.yml
ansible-playbook playbooks/70-kube_csi_cephfs-verify.yml
ansible-playbook playbooks/80-kube_dashboard-install.yml
ansible-playbook playbooks/80-kube_ingress_nginx-install.yml
ansible-playbook playbooks/80-kube_cert_manager-install.yml

# Confirm the version and status of Kubernetes
kubectl version --output=yaml
kubectl get node --output=yaml
kubectl get pod --all-namespaces

You could also run our Molecule test cases if you have Vagrant and Libvirt installed, e.g.

# Run Molecule on Ubuntu 22.04
molecule converge -s ubuntu-22.04

Please refer to .gitlab-ci.yml for more information on running Molecule.

Release tags could be find from GitHub Release of this repository. Thus using these tags will ensure you are running the most up to date stable version of this image.

Version tags ended with .0.0 are rolling release rebuild by GitLab pipeline in weekly basis. Thus using these tags will ensure you are running the latest packages provided by the base image project.

• Code released under Apache License 2.0
• Docs released under CC BY 4.0

• Wong Hoi Sing Edison
  • https://twitter.com/hswong3i
  • https://github.com/hswong3i