search

techno-tim / k3s-ansible

The easiest way to bootstrap a self-hosted High Availability Kubernetes cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, and more. Build. Destroy. Repeat.
https://technotim.live/posts/k3s-etcd-ansible/
Apache License 2.0
2.41k stars 1.05k forks source link

Change to push the vip-enabled kube config to each node #101

Closed jurlwin closed 2 years ago

jurlwin commented 2 years ago

Proposed Changes

Copies the updated master kube config file with the VIP to each node. It pulls the file locally into /tmp/kube_config.IP_OF_FIRST_MASTER to copy. It leaves a copy in /tmp for you to use in your local ~/.kube/config or your method.

This is to allow scripts to use k3s kubectl get node to see status, e.g. during patching. You can locally get information, drain the node, reboot, and uncordon using ansible with all the actions running on the node. Without this, it's hard to see when the node returns to working status and is ready to take activities and move on to the next node.

Checklist

timothystewart6 commented 2 years ago

While this is convenient when remoting into k3s nodes, generally speaking you shouldn't ever need to do that. You should copy the config back to your machine and run kubectl from there. I have this step in my docs:

https://docs.technotim.live/posts/k3s-etcd-ansible/#kube-config

scp ansibleuser@192.168.30.38:~/.kube/config ~/.kube/config

This will copy it back to your machine and then you can run your commands remotely.

That being said I don't think I will merge this PR because it shouldn't really be needed.

jurlwin commented 2 years ago

While this is convenient when remoting into k3s nodes, generally speaking you shouldn't ever need to do that. You should copy the config back to your machine and run kubectl from there. I have this step in my docs:

https://docs.technotim.live/posts/k3s-etcd-ansible/#kube-config

scp ansibleuser@192.168.30.38:~/.kube/config ~/.kube/config

This will copy it back to your machine and then you can run your commands remotely.

That being said I don't think I will merge this PR because it shouldn't really be needed.

So - challenge accepted -- I understand what you are saying and because of that, I found a way to rewrite my patch script -- but it's not ideal for a few reasons i'll get to...and maybe the answer is to keep the old way but i manually copy the files myself for my use case...but BTW, it was a bit of a pain to make this work :)

The short version is - i needed to do a few things to get this to work from my ansible control host, even with the kube config local.

1) delegate the task to localhost so that my kubectl works 2) turn off become for the command - otherwise, I'd need root/local sudo and have to setup ROOT to have kube config.
3) change to using inventory_hostname - which also changed how I track my inventory to not use fqdn... which has a downside too ;)

However, the real downside of this -- it will be at least difficult, if not nearly impossible to run this way on an automation controller -- I think...e.g. AWX/Ansible Tower...to setup and maintain the environment for that will be truly awful...

but the changes to the script are along these lines...

- name: Drain host if reboot is required
  command:
    cmd: kubectl drain {{ inventory_hostname }}  --ignore-daemonsets # --delete-empty-dir-data
  vars:
    ansible_become: false
  delegate_to: localhost
  when: reboot_required_file.stat.exists

- name: Reboot Host if required
  reboot:
    connect_timeout: "{{ reboot_connect_timeout }}"
    post_reboot_delay: "{{ reboot_post_reboot_delay }}"
    reboot_timeout: "{{ reboot_timeout }}"
  when: reboot_required_file.stat.exists

- name: Verification
  block:
    - name: Verify that node is running and status is ready
      command:
        cmd: kubectl get nodes -l 'kubernetes.io/hostname={{ inventory_hostname }}' #-o=jsonpath="{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}"'
      vars:
        ansible_become: false
      delegate_to: localhost
      register: nodes
      until: nodes.rc == 0 and (' Ready' in nodes.stdout)
      retries: "{{ retry_count | default(20) }}"
      delay: 10
      changed_when: false

- name: Uncordon host if reboot was required
  command:
    cmd: kubectl uncordon {{ inventory_hostname }}
  vars:
    ansible_become: false
  delegate_to: localhost
  when: reboot_required_file.stat.exists
timothystewart6 commented 2 years ago

I am closing this because although it might be a feature you want, it isn't something I want to include in the core offering of this repo. People using this playbook should copy the kube config to their local machine, thus no reason to duplicate this file on other servers in the cluster. If you would like this feature you may need to maintain a fork. Thank you!

jurlwin commented 2 years ago

I don’t disagree… it was a lazy way to start my patching, but there’s a better way…

On Sep 26, 2022, at 6:31 PM, Techno Tim @.***> wrote:

I am closing this because although it might be a feature you want, it isn't something I wan to include in the core offering. People using this should copy the kube config to their local machine, thus no reason to duplicate this file on other servers in the cluster. If you would like this feature you may need to maintain a fork. Thank you!

— Reply to this email directly, view it on GitHub https://github.com/techno-tim/k3s-ansible/pull/101#issuecomment-1258712720, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIXTKQ3FMIITD7ODRQFYBX3WAIP5VANCNFSM6AAAAAAQUEPXL4. You are receiving this because you authored the thread.