SC/124: added LB for apiserver + related properties for kubepsray

3 years ago · 633e3f4b57
parent 98dd03416e
commit 633e3f4b57
7 changed files with 118 additions and 2 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -6,3 +6,8 @@ callbacks_enabled = profile_tasks
 interpreter_python = auto_silent
 log_path=last_ansible_run
 forks = 30
+# https://issues.arxes-tolina.de/browse/DEV-499?focusedCommentId=93615&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-93615
+# https://github.com/ansible/ansible/issues/30411#issuecomment-766488342
+[ssh_connection]
+ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ServerAliveInterval=30
+retries = 3
--- a/galaxy-requirements.yml
+++ b/galaxy-requirements.yml
@ -25,7 +25,7 @@ roles:

 collections:
 - name: hetzner.hcloud
-  version: 1.6.0
+  version: 1.8.1
 - name: community.general
 - name: community.docker
  version: 2.1.1
--- a/group_vars/stage_devscr/hetzner_loadbalancer.yml
+++ b/group_vars/stage_devscr/hetzner_loadbalancer.yml
@ -0,0 +1,23 @@
+---
+hcloud_lb_objects:
+  -
+    name: &devscr_apiserver '{{ stage }}-k8s-apiserver'
+    hcloud_lb_type: lb11
+    labels:
+      stage: '{{ stage }}'
+      service: kube_control_plane
+      managed_by: ansible
+    network: '{{ stage }}'
+    location: nbg1
+    services:
+    -
+      load_balancer: *devscr_apiserver
+      protocol: tcp
+      listen_port: 443
+      destination_port: 6443
+    targets:
+    -
+      load_balancer: *devscr_apiserver
+      type: label_selector
+      label_selector: stage={{ stage }},service=kube_control_plane
+      use_private_ip: yes
--- a/group_vars/stage_devscr/kubespray.yml
+++ b/group_vars/stage_devscr/kubespray.yml
@ -1,2 +1,7 @@
 ---
 helm_enabled: true
+
+apiserver_loadbalancer_domain_name: "apiserver.devscr.smardigo.digital"
+loadbalancer_apiserver:
+  address: "{{ lookup('community.general.dig', 'apiserver.devscr' + domain ) }}"
+  port: 443
--- a/hcloud_firewall.yml
+++ b/hcloud_firewall.yml
@ -38,7 +38,6 @@
  serial: "{{ serial_number | default(1) }}"
  gather_facts: false
  connection: local
-
  tasks:
    - name: "Setup base hcloud firewall rules"
      include_role:
--- a/hcloud_loadbalancer.yml
+++ b/hcloud_loadbalancer.yml
@ -0,0 +1,58 @@
+---
+
+# updates loadbalancer config
+
+# Parameters:
+#   playbook inventory
+#     stage := the name of the stage (e.g. dev, int, qa, prod)
+
+#############################################################
+#   Creating inventory dynamically for given parameters
+#############################################################
+
+- hosts: localhost
+  gather_facts: false
+  connection: local
+
+  pre_tasks:
+    - name: "Check if ansible version is at least 2.10.x"
+      assert:
+        that:
+          - ansible_version.major >= 2
+          - ansible_version.minor >= 10
+        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+
+#     add virtual server to load stage specific variables as context
+    - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
+      add_host:
+        name: "{{ stage }}-virtual-host-to-read-groups-vars"
+        groups:
+        - "stage_{{ stage }}"
+      changed_when: False
+
+#############################################################
+#   Creating inventory dynamically for given parameters
+#############################################################
+
+- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
+  serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  connection: local
+  module_defaults:
+    hetzner.hcloud.hcloud_load_balancer:
+      api_token: "{{ hetzner_authentication_ansible }}" 
+    hetzner.hcloud.hcloud_load_balancer_network:
+      api_token: "{{ hetzner_authentication_ansible }}" 
+    hetzner.hcloud.hcloud_load_balancer_service:
+      api_token: "{{ hetzner_authentication_ansible }}" 
+    hetzner.hcloud.hcloud_load_balancer_target:
+      api_token: "{{ hetzner_authentication_ansible }}" 
+
+  tasks:
+    - name: "Setup base hcloud firewall rules"
+      include_role:
+        name: hcloud
+        tasks_from: _create_loadbalancer.yml 
+      loop: "{{ hcloud_lb_objects }}"
+      loop_control:
+        loop_var: lb_object
--- a/roles/hcloud/tasks/_create_loadbalancer.yml
+++ b/roles/hcloud/tasks/_create_loadbalancer.yml
@ -0,0 +1,26 @@
+---
+- name: "Create a hetzner LB"
+  hetzner.hcloud.hcloud_load_balancer:
+    name: '{{ lb_object.name }}' 
+    load_balancer_type: '{{ lb_object.lb_type | default("lb11") }}'
+    delete_protection: '{{ lb_object.delete_protection | default("no") }}'
+    disable_public_interface: '{{ lb_object.disable_public_interface | default("no") }}'
+    labels: '{{ lb_object.labels | default({}) }}'
+    location: '{{ lb_object.location | default("nbg1") }}'
+    state: '{{ lb_object.status | default("present") }}'
+
+- name: Create a basic Load Balancer network
+  hetzner.hcloud.hcloud_load_balancer_network:
+    load_balancer: '{{ lb_object.name }}'
+    state: '{{ lb_object.status | default("present") }}'
+    network: '{{ lb_object.network }}'
+    
+- name: "Add Services to LB"
+  hetzner.hcloud.hcloud_load_balancer_service:
+  args: '{{ item }}'
+  loop: '{{ lb_object.services }}'
+
+- name: "Add servers by label|server to LB"
+  hetzner.hcloud.hcloud_load_balancer_target:
+  args: '{{ item }}'
+  loop: '{{ lb_object.targets }}'