Add Kube VIP to cluster

.ansible-lint

@@ -56,7 +56,6 @@ exclude_paths:
 # ---
 # parseable: true
 # quiet: true
-# strict: true
 # verbosity: 1
 # List of additional kind:pattern to be added at the top of the default
 # match list, first match determines the file kind.
@@ -91,6 +90,7 @@ mock_modules:
   - zuul_return
   - fake_namespace.fake_collection.fake_module
   - fake_namespace.fake_collection.fake_module.fake_submodule
+  - community.general.pacman
 ###
 # role within a collection
 # old standalone galaxy role
@@ -131,11 +131,13 @@ profile: null
 # :end-before: "###\n"
 # ```
 skip_list:
+  - command-instead-of-module
   - command-instead-of-shell
   - loop-var-prefix[missing]
   - no-changed-when
   - risky-shell-pipe
   - skip_this_tag
+strict: false
 ###
 # Define required Ansible's variables to satisfy syntax check
 # extra_vars:

.github/workflows/ansible.yml

@@ -35,6 +35,7 @@ jobs:
           .venv/bin/pipenv requirements --dev > reqs
           python3 -m pip install -r reqs
           ansible-galaxy collection install community.crypto
+          ansible-galaxy collection install community.general
       - name: Make ansible directory
         run: |
           sudo mkdir -pv /etc/ansible

index.md

@@ -34,6 +34,12 @@ roles/index
 ```{index} ansible; roles
 ```
 
+```{graphviz}
+digraph roles {
+   reset -> init -> join -> kv
+}
+```
+
 ## Readme
 
 ```{toctree}
@@ -77,6 +83,10 @@ kube-vip
    on a bare metal {term}`K8S` cluster. More information is available
    [here](https://kube-vip.io/docs/installation/static/).
 
+kubie
+   A handy tool for switching k8s contexts and namespaces. More information is
+   available [here](https://github.com/sbstp/kubie).
+
 K8S
    Kubernetes; Ancient Greek for navigator or guide, in modern English usage
    it is a container orchestration system designed by Google and documented

roles/index.md

@@ -39,14 +39,20 @@ the way to use these roles is this.
    ansible-playbook -t join site.yml
    ```
 
-4. Copy your updated {term}`kubeconfig` from the init role's file folder to
+4. Enable Kube-VIP on the control planes.
+
+   ```{code-block} shell
+   ansible-playbook -t kv site.yml
+   ```
+
+5. Copy your updated {term}`kubeconfig` from the init role's file folder to
    the appropriate directory.
 
    ```{code-block} shell
    cp roles/init/files/admin.conf $HOME/.kube/config
    ```
 
-5. Verify that your connection works and the cluster is up.
+6. Verify that your connection works and the cluster is up.
 
    ```{code-block} shell
    kubectl get nodes

roles/init/index.md

@@ -10,18 +10,12 @@ title: K8S HA Control Plane Init
 ---
 
 {term}`HA` Clusters with Kubeadm is helped with use of the tool
-[kube-vip](https://kube-vip.io/docs/installation/static/).
-
-More information about the process for HA setup is available
-[here](https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#kube-vip).
-
-A handy tool for switching k8s contexts is called
-[kubie](https://github.com/sbstp/kubie).
+{term}`kube-vip`.
 
 ## Tasks
 
 The role uses {term}`kubeadm` to handle the initialization of the primary
-control plane.
+control plane. It should be run after the reset role and before the join role.
 
 ```{literalinclude} /roles/init/tasks/main.yml
 :language: yaml

roles/join/index.md

@@ -9,18 +9,11 @@ date: 2024-07-24
 title: HA K8S Join Control Planes
 ---
 
-[HA Clusters with Kubeadm](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/)
-is helped with use of the tool
-[kube-vip](https://kube-vip.io/docs/installation/static/).
-
-More information about the process for HA setup is available
-[here](https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#kube-vip).
-
-A handy tool for switching k8s contexts is called
-[kubie](https://github.com/sbstp/kubie).
-
 ## Tasks
 
+This role joins remaining control planes to the new cluster. It should be run
+after the init role and before the kv role.
+
 ```{literalinclude} /roles/join/tasks/main.yml
 :language: yaml
 ```

roles/kv/index.md

@@ -0,0 +1,25 @@
+---
+abstract: >-
+    This role creates and installs a Kube-VIP manifest onto all control planes.
+authors:
+    - name: Xander Harris
+      email: [email protected]
+date: 2024-07-24
+title: HA K8S Kube-VIP
+---
+
+Deployment of HA K8S Clusters with Kubeadm is helped with use of the tool
+{term}`kube-vip`. This role uses the static pods version of the network,
+which is best for bare metal deployments.
+
+## Tasks
+
+This role enables {term}`kube-vip` for cluster networking. This role should
+be run after the join role.
+
+```{literalinclude} /roles/kv/tasks/main.yml
+:language: yaml
+```
+
+```{sectionauthor} Xander Harris <[email protected]>
+```

roles/kv/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+- name: Ensure manifests directory
+  ansible.builtin.file:
+    state: directory
+    recurse: true
+    dest: /etc/kubernetes/manifests
+    owner: kube
+    group: kube
+    mode: ug+rw,o+r
+- name: Install prerequisites for creating the manifest
+  community.general.pacman:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - curl
+    - jq
+- name: Update the bash rc file
+  ansible.builtin.template:
+    src: bashrc.j2
+    dest: /root/.bashrc
+    owner: root
+    group: root
+    mode: ug+rw,o-rwx
+- name: Deploy the manifest
+  ansible.builtin.shell:
+    cmd: |-
+      source /root/.bashrc
+      kube-vip
+      kube-vip manifest pod \
+        --interface "{{ kv_interface }}" \
+        --address "{{ kv_aa }}" \
+        --controlplane \
+        --services \
+        --arp \
+        --leaderElection | tee /etc/kubernetes/manifests/kube-vip.yaml
+  register: kv_manifest
+- name: Output kube-vip
+  ansible.builtin.debug:
+    var: kv_manifest

roles/kv/templates/bashrc.j2

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+CLICOLOR=1
+INTERFACE=enp0s20f0u4
+KVVERSION=$(curl -sL https://api.github.com/repos/kube-vip/kube-vip/releases | jq -r ".[0].name")
+# shellcheck disable=SC2016
+LESS='-R --use-color -Dd+r$Du+b$'
+LSCOLORS="Ea"
+PS1='[\[\e[38;5;196;1m\]\u\[\e[0m\]@\[\e[38;5;213;1m\]\H\[\e[0m\]:\w]{$?}\$ '
+PATH="$PATH:/root/.local/bin"
+VIP=192.168.5.30
+
+# shellcheck disable=SC1091
+if [ -f /usr/share/bash-completion/bash_completion ]; then
+  source /usr/share/bash-completion/bash_completion
+fi
+
+export CLICOLOR
+export INTERFACE
+export KVVERSION
+export LESS
+export LSCOLORS
+export PATH
+export PS1
+export VIP
+
+
+if [ ! -f "$HOME/.vim/autoload/plug.vim" ]; then
+  if [ -f /usr/bin/pacman ]; then
+    if [ ! -f /usr/bin/node ]; then
+      pacman -S npm
+    fi
+    if [ ! -f /usr/bin/xsel ]; then
+      pacman -Sy --noconfirm xsel
+    fi
+
+    if [ -f /usr/bin/xsel ]; then
+      alias pbcopy='xsel --clipboard --input'
+      alias pbpaste='xsel --clipboard --output'
+    fi
+  fi
+  if [ -f /usr/bin/apt-get ]; then
+    sudo apt-get -y update
+    sudo apt-get -y install curl git npm
+  fi
+  git clone [email protected]:bryant/neovim.git "$HOME/Documents/src/github.com/bryant/neovim"
+  curl -fLo ~/.vim/autoload/plug.vim --create-dirs \
+    https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
+  vim +PlugInstall +qall
+fi
+
+eval "$(direnv hook bash)"
+
+alias diff='diff --color=auto'
+alias grep='grep --color=auto'
+alias h='helm'
+alias ip='ip -color=auto'
+alias k='kubectl'
+# shellcheck disable=SC2139
+alias kube-vip="ctr image pull ghcr.io/kube-vip/kube-vip:${KVVERSION}; ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:${KVVERSION} vip /kube-vip"
+alias ls='ls --color'
+

roles/reset/index.md

@@ -9,6 +9,9 @@ title: Reset Cluster
 
 ## Reset Role Usage
 
+This role should generally be executed first to attempt to create a fresh
+environment.
+
 ```{literalinclude} /roles/reset/tasks/main.yml
 :language: yaml
 ```

roles/reset/tasks/main.yml

@@ -33,3 +33,11 @@
   ansible.builtin.file:
     dest: /root/reset.md
     state: absent
+- name: Stop containerd
+  ansible.builtin.service:
+    state: stopped
+    name: containerd
+- name: Start containerd
+  ansible.builtin.service:
+    state: started
+    name: containerd

site.yml

@@ -29,3 +29,10 @@
     - role: join
       tags:
         - join
+- name: Kube VIP
+  hosts: kcp01_init
+  become: true
+  roles:
+    - role: kv
+      tags:
+        - kv