Author: https://github.com/jon-stumpf
I came across k3s-ansible looking for an easy why to create a highly-available cluster on my Turing Pi 1. I saw k3s-ansible could easily configure my hosts but was missing the HA component. Further research led me to the k3s-ha branch but found that it still was incomplete for my needs. In developing the needed additions, I discovered issues in the master branch and spent a month reviewing the yaml files of k3s-ansible and the shell scripts from https://get.k3s.io. In the end, I brought k3s-ansible to be at near parity with https://get.k3s.io and I believe I have addressed some open issues as referenced in my pull requests.
Once I completed my changes to the master branch, I got back to work on k3s-ha. Building on the work of St0rmingBr4in, I implemented the HA embedded database using etcd and three cluster VIP methods:
- external: uses an externally provided cluster VIP
- kube-vip: uses kube-vip with arp arbitration
- keepalived: uses keepalived to implement VRRP
I have reached out to itwars and St0rmingBr4in to get their feedback on this work and to collaborate on closing the open issues and pull requests. In the meantime, I would like others to provide feedback on my k3s-ha branch. This is now stable and incorporates all my previous work on k3s-ansible except for a few commits. Please, try it out.
- Make all roles idempotent and not report changes when none, in fact, are needed or material.
- Add keepalived' label to servers when using keepalived; Add the following annotations:
keepalived/vrrp_instance=<name>keepalived/master=[true|false]keepalived/version=<version>keepalived/vip=<ipaddr>/<cidr>
- Add the ability to download the latest version of kube-vip
- Currently, uses a static version (v0.4.0) that can be manually changed
- Make sure all roles have defaults defined
- Make HA not require
k3s_tokento be defined- i.e., use the
node-tokenfrom the first server
- i.e., use the
- Replace
commandandshelltasks with ansible equivalents (where appropriate)ipkubectl- etc.
- Is the
raspberrypirole a NO-OP?- It does not appear to execute any tasks that induce change
- Should it be deleted?
- From where does k3s-selinux get installed?
- The
reset/downloadrole deletes it.
- The
- Document lesser switches to control behavior of roles (e.g., remove_packages)
- Create playbooks for other common operations beyond install/uninstall
| Role | Role Type | Idempotent | Only Real Changes | Defaults | commands | TODOs | BUGs |
|---|---|---|---|---|---|---|---|
| cluster-config | install | ✔️ | ✔️ | - | - | - | |
| config-check | install | ✔️ | ✔️ | under review | - | - | - |
| prereq | install | ✔️ | ✔️ | n/a | - | - | - |
| download | install | ✔️ | ✔️ | under review | - | - | - |
| raspberrypi | install | ✔️ | ✔️ | n/a | 2 | 1 | - |
| ha/etcd | HA-only | unknown | under review | 3 | 1 | - | |
| ha/keepalived | HA-only | ✔️ | ✔️ | under review | 1 | 1 | - |
| ha/kube-vip | HA-only | ✔️ | ✔️ | under review | 2 | 3 | - |
| k3s/server | install | ✔️ | ✔️ | under review | - | - | - |
| k3s/agent | install | ✔️ | ✔️ | - | - | - | |
| reset/download | uninstall | ✔️ | ✔️ | under review | 2 | 1 | - |
| reset/ha/keepalived | uninstall | ✔️ | ✔️ | by reference | - | - | - |
| reset/ha/kube-vip | uninstall | ✔️ | ✔️ | by reference | 3 | 1 | - |
| reset/k3s | uninstall | ✔️ | ✔️ | under review | 9 | 1 | 2 |