Merge pull request #1 from DmitriySafronov/k3s-ha

K3s ha

Merge pull request #1 from DmitriySafronov/k3s-ha
838afd2d · Dmitriy Safronov · GitHub · 8e708124 · 1e5e60bf · 838afd2d
Unverified Commit 838afd2d authored 2 years ago by Dmitriy Safronov Committed by GitHub 2 years ago
--- a/README.md
+++ b/README.md
@@ -43,6 +43,10 @@ master
 node
 ```

+If multiple hosts are in the master group, the playbook will automatically setup k3s in HA mode with etcd.
+https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/
+This requires at least k3s version 1.19.1
+
 If needed, you can also edit `inventory/my-cluster/group_vars/all.yml` to match your environment.

 Start provisioning of the cluster using the following command:

--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -2,6 +2,15 @@
 k3s_version: v1.22.3+k3s1
 ansible_user: debian
 systemd_dir: /etc/systemd/system
-master_ip: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
+
+# If you define multiple masters you should be providing a loadbalanced
+# apiserver endpoint to all masters here. This default value is only suitable
+# for a non-HA setup, if used in a HA setup, it will not protect you if the
+# first node fails.
+# Also you should define k3s_token so that masters can talk together securely
+
+apiserver_endpoint: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
+# k3s_token: "mysupersecuretoken"
+
 extra_server_args: ""
 extra_agent_args: ""
--- a/roles/k3s/master/defaults/main.yml
+++ b/roles/k3s/master/defaults/main.yml
 ---
-k3s_server_location: /var/lib/rancher/k3s
+server_init_args: >-
+  {% if groups['master'] | length > 1 %}
+    {% if ansible_host == hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) %}
+      --cluster-init --tls-san {{ apiserver_endpoint }}
+    {% else %}
+      --server https://{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}:6443
+    {% endif %}
+    --token {{ k3s_token }}
+  {% endif %}
+  {{ extra_server_args | default('') }}
--- a/roles/k3s/master/tasks/main.yml
+++ b/roles/k3s/master/tasks/main.yml
 ---
+- name: Clean previous runs of k3s-init
+  systemd:
+    name: k3s-init
+    state: stopped
+  failed_when: false
+
+- name: Clean previous runs of k3s-init
+  command: systemctl reset-failed k3s-init
+  failed_when: false
+  changed_when: false
+  args:
+    warn: false  # The ansible systemd module does not support reset-failed
+
+- name: Init cluster inside the transient k3s-init service
+  command:
+    cmd: "systemd-run -p RestartSec=2 \
+                      -p Restart=on-failure \
+                      --unit=k3s-init \
+                      k3s server {{ server_init_args }}"
+    creates: "{{ systemd_dir }}/k3s.service"
+  args:
+    warn: false  # The ansible systemd module does not support transient units
+
+- name: Verification
+  block:
+    - name: Verify that all nodes actually joined (check k3s-init.service if this fails)
+      command:
+        cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
+      register: nodes
+      until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
+      retries: 20
+      delay: 10
+      changed_when: false
+  always:
+    - name: Kill the temporary service used for initialization
+      systemd:
+        name: k3s-init
+        state: stopped
+      failed_when: false

 - name: Copy K3s service file
  register: k3s_service
@@ -59,10 +98,10 @@
    owner: "{{ ansible_user }}"
    mode: "u=rw,g=,o="

- name: Replace https://localhost:6443 by https://master-ip:6443
+- name: Configure kubectl cluster to https://{{ apiserver_endpoint }}:6443
  command: >-
    k3s kubectl config set-cluster default
-      --server=https://{{ master_ip }}:6443
+      --server=https://{{ apiserver_endpoint }}:6443
      --kubeconfig ~{{ ansible_user }}/.kube/config
  changed_when: true


--- a/roles/k3s/node/templates/k3s.service.j2
+++ b/roles/k3s/node/templates/k3s.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} {{ extra_agent_args | default("") }}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint }}:6443 --token {{ hostvars[groups['master'][0]]['token'] | default(k3s_token) }} {{ extra_agent_args | default("") }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead

--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -8,6 +8,7 @@
  with_items:
    - k3s
    - k3s-node
+    - k3s-init

 - name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc"
  register: pkill_containerd_shim_runc