Merge pull request #14 from sudoix/dev

Dev
sudoix · Nov 1, 2024 · 5ac9d82 · 5ac9d82
2 parents e056975 + 01433c8
commit 5ac9d82
Show file tree

Hide file tree

Showing 15 changed files with 87 additions and 37 deletions.
diff --git a/.github/workflows/telegram-notification.yml b/.github/workflows/telegram-notification.yml
@@ -0,0 +1,29 @@
+name: Telegram Notification on Commit
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Telegram Message
+        run: |
+          MESSAGE="🚀 *GitHub Action Triggered!*\n"
+          MESSAGE+="🔖 *Event:* ${{ github.event_name }}\n"
+          MESSAGE+="🌐 *Repository:* [${{ github.repository }}](${{ github.server_url }}/${{ github.repository }})\n"
+          MESSAGE+="🔗 *Branch:* ${{ github.ref }}\n"
+          MESSAGE+="👤 *Actor:* [${{ github.actor }}](${{ github.server_url }}/${{ github.actor }})\n"
+          MESSAGE+="💬 *Commit Message:* '${{ github.event.head_commit.message }}'\n"
+          curl -X POST \
+            https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage \
+            -H 'Content-Type: application/json' \
+            -d "{\"message_thread_id\": \"519\", \"chat_id\": \"${{ secrets.TELEGRAM_CHAT_ID }}\", \"text\": \"$MESSAGE\", \"parse_mode\": \"Markdown\"}"
+        env:
+          TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+          TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
diff --git a/.gitignore b/.gitignore
@@ -1 +1,3 @@
-kubeconfig
+kubeconfig
+roles/join_master/files/join-command
+roles/join_worker/files/join-command
diff --git a/README.md b/README.md
@@ -58,13 +58,14 @@ For join worker(s) node to cluster, follow these steps:
 ```bash
 ansible-playbook -i inventory/k8s-servers.ini kubernetes.yml  --become --become-method=sudo -t join_worker
 ```
+
 #### If you like to use haproxy for loadbalancing in your kubernetes you can use these bellow step.
 
-```basb
+```bash
 ansible-playbook -i inventory/k8s-servers.ini kubernetes.yml --become --become-method=sudo -t lb
 ```
 
-and for finilize use
+and for finilize use (If you use lb tag you MUST run the postinstall task)
 
 ```bash
 ansible-playbook -i inventory/k8s-servers.ini kubernetes.yml --become --become-method=sudo -t postinstall

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
@@ -6,40 +6,35 @@ setup_interface: "false"
 #SSH
 ssh_port: 2222
 
-# Network Calico
-
-calico_operator_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml"
-calico_crd_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml"
+# Network Calico see here for more details https://github.com/projectcalico/calico/releases
+calico_operator_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.29.0/manifests/tigera-operator.yaml"
+calico_crd_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.29.0/manifests/custom-resources.yaml"
 pod_network_cidr: "192.168.0.0/16"
 
 # DNS
-
-resolv_nameservers: [178.22.122.100, 185.51.200.2] # 403.online
+resolv_nameservers: [8.8.8.8, 4.2.2.4] # 403.online
 
 # Sanction shekan
-
 use_iran: "true" # change it to "false" if you are outside of iran
 
 # Docker
-
 docker_gpg_key_url: "https://download.docker.com/linux/ubuntu/gpg"
 docker_gpg_key_path: "/etc/apt/keyrings/docker.gpg"
 docker_apt_repo: "https://download.docker.com/linux/ubuntu"
 
 # Kubernetes
-
 kubernetes_gpg_keyring_path: "/etc/apt/keyrings/kubernetes-apt-keyring.gpg"
-kubernetes_gpg_key_url: "https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key"
-kubernetes_apt_repo: "https://pkgs.k8s.io/core:/stable:/v1.28/deb/"
-k8s_version: "1.28.5"
+kubernetes_gpg_key_url: "https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key"
+kubernetes_apt_repo: "https://pkgs.k8s.io/core:/stable:/v1.31/deb/"
+k8s_version: "1.31.2" # see here https://kubernetes.io/releases/patch-releases/ and https://github.com/kubernetes/kubernetes/releases
 
 # CRI
-
 cri_socket: unix:///var/run/containerd/containerd.sock
 
-# lb
-
-virtual_ip: "172.16.100.100"
+# VRRP and HAProxy
+interface_name: "enp0s8"
+virtual_ip: "192.168.178.100"
+haproxy_frontend_password: "121password121"
 
 
 # Disk

diff --git a/inventory/k8s-servers.ini b/inventory/k8s-servers.ini
@@ -1,16 +1,16 @@
 [all]
 # the first node is the first master node (k8s-test-master1)
 
-k8s-test-master1 ansible_host=37.152.178.226 private_ip=172.16.100.11
-k8s-test-master2 ansible_host=185.97.118.58 private_ip=172.16.100.21
-k8s-test-master3 ansible_host=37.152.182.216 private_ip=172.16.100.31
+k8s-test-master1 ansible_host=192.168.178.11 private_ip=192.168.178.11
+k8s-test-master2 ansible_host=192.168.178.12 private_ip=192.168.178.12
+k8s-test-master3 ansible_host=192.168.178.13 private_ip=192.168.178.13
 
-k8s-test-worker1 ansible_host=37.32.21.250 private_ip=172.16.100.41
-; k8s-test-worker2 ansible_host=172.24.96.6 private_ip=172.16.100.22
+k8s-test-worker1 ansible_host=192.168.178.21 private_ip=192.168.178.21
+; k8s-test-worker2 ansible_host=192.168.178.22 private_ip=192.168.178.22
 ; k8s-test-worker3 ansible_host=172.24.96.7 private_ip=172.16.100.23
 
-lb1-test ansible_host=185.206.92.135 private_ip=172.16.100.81
-lb2-test ansible_host=185.206.92.220 private_ip=172.16.100.91
+lb1-test ansible_host=192.168.178.50 private_ip=192.168.178.50
+lb2-test ansible_host=192.168.178.60 private_ip=192.168.178.60
 
 [k8s]
 k8s-test-master1
@@ -27,8 +27,8 @@ k8s-test-master3
 
 [k8s_workers]
 k8s-test-worker1
-# k8s-test-worker2
-# k8s-test-worker3
+; k8s-test-worker2
+; k8s-test-worker3
 
 
 [lb]

diff --git a/kubernetes.yml b/kubernetes.yml
@@ -14,21 +14,25 @@
 
 - hosts: k8s
   roles:
-    - role: k8s
+    - role: init_k8s
   gather_facts: yes
   any_errors_fatal: true
   tags: [init_k8s]
 
 
 - hosts: k8s_masters
   roles:
+    - role: preinstall
+    - role: k8s
     - role: join_master
   gather_facts: yes
   any_errors_fatal: true
   tags: [join_master]
 
 - hosts: k8s_workers
   roles:
+    - role: preinstall
+    - role: k8s
     - role: join_worker
   gather_facts: yes
   any_errors_fatal: true

diff --git a/roles/init_k8s/tasks/initk8s.yaml b/roles/init_k8s/tasks/initk8s.yaml
@@ -41,7 +41,7 @@
   when: inventory_hostname == groups['k8s_masters'][0]
   delegate_to: "{{ groups['k8s_masters'][0] }}"
 
-- name: Sleep for 300 seconds and reboot the Master1 server
+- name: Sleep for 300 seconds and reboot the Master1 server | because we live in Iran :D
   wait_for:
     timeout: 300
   delegate_to: localhost
@@ -50,13 +50,14 @@
   command: reboot
   async: 1
   poll: 0
-  ignore_errors: yes
+  # ignore_errors: yes
   delegate_to: "{{ groups['k8s_masters'][0] }}"
 
-- name: Sleep for 300 seconds to Master1 up and running
+- name: Sleep for 300 seconds to Master1 up and running | because we live in Iran :D
   wait_for:
     timeout: 300
   delegate_to: localhost
+  # when: use_iran == "true"
 
 - name: Example Task After Reboot
   debug:

diff --git a/roles/join_master/files/join-command b/roles/join_master/files/join-command
diff --git a/roles/join_worker/files/join-command b/roles/join_worker/files/join-command
diff --git a/roles/k8s/tasks/k8s.yaml b/roles/k8s/tasks/k8s.yaml
@@ -8,9 +8,14 @@
     regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
     replace: '# \1'
 
+- name: Check if ufw is installed
+  package_facts:
+    manager: "auto"
+
 - name: Disable ufw # just in Ubuntu
   ufw:
     state: disabled
+  when: "'ufw' in ansible_facts.packages"
 
 - name: Ensure kernel modules for containerd are enabled
   lineinfile:

diff --git a/roles/lb/tasks/basic.yaml b/roles/lb/tasks/basic.yaml
@@ -18,7 +18,7 @@
     src: keepalived.conf.j2
     dest: /etc/keepalived/keepalived.conf
 
-- name: Start and enable the keepalived service
+- name: Retart and enable the keepalived service
   ansible.builtin.service:
     name: keepalived
     state: restarted

diff --git a/roles/lb/templates/haproxy.cfg.j2 b/roles/lb/templates/haproxy.cfg.j2
@@ -1,3 +1,16 @@
+# HAProxy Statistics Report Page
+frontend stats-frontend
+  bind *:8080
+  mode http
+  stats enable
+  stats hide-version
+  stats uri /stats
+  stats realm Haproxy\ Statistics
+  stats auth admin:{{ haproxy_frontend_password }}  # Change 'admin:password' to your desired strong username and password
+
+# No backend is required for exporting stats in HAProxy.
+
+
 frontend kubernetes-frontend
   bind *:6443
   mode tcp

diff --git a/roles/lb/templates/keepalived.conf.j2 b/roles/lb/templates/keepalived.conf.j2
@@ -9,7 +9,7 @@ vrrp_script check_apiserver {
 
 vrrp_instance VI_1 {
     state BACKUP
-    interface eth1 # set your interface
+    interface {{ interface_name }} # set your interface
     virtual_router_id 1
     priority 100
     advert_int 5

diff --git a/roles/preinstall/handlers/main.yml b/roles/preinstall/handlers/main.yml
@@ -3,5 +3,5 @@
 
 - name: restart sshd
   service:
-    name: sshd
+    name: ssh
     state: restarted
diff --git a/roles/preinstall/tasks/basic.yaml b/roles/preinstall/tasks/basic.yaml
@@ -10,6 +10,7 @@
     path: "/etc/resolv.conf"
     state: absent
   ignore_errors: true
+  when: use_iran == "true"
 
 - name: Configure resolv.conf | Comment this task if you live in outside of Iran :)
   template:
@@ -82,6 +83,7 @@
       - open-iscsi
       - nfs-common
       - tzdata
+      - tree
       # - bpytop
     state: latest
     update_cache: true