john/vsphere-k8s
1
0
Fork 0
mirror of https://github.com/jbowdre/vsphere-k8s.git synced 2024-11-22 08:02:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: john:b5bbc4e7a8d8ce1b78e0bfc272b2f63163aa9e1a
Branches Tags
john:main
john:ldap
..
compare: john:2d14363967050033fbf067f718c4e2d076719411
Branches Tags
john:ldap
john:main

No commits in common. "b5bbc4e7a8d8ce1b78e0bfc272b2f63163aa9e1a" and "2d14363967050033fbf067f718c4e2d076719411" have entirely different histories.
b5bbc4e7a8 ... 2d14363967

9 changed files with 97 additions and 101 deletions
Show stats Expand all files Collapse all files

3
packer/data/user-data.pkrtpl.hcl
View file

@ -178,6 +178,7 @@ autoinstall:
hostname: ${ vm_guest_os_hostname } hostname: ${ vm_guest_os_hostname }
users: users:
- name: ${ build_username } - name: ${ build_username }
passwd: "${ build_password }"
groups: [adm, cdrom, dip, plugdev, lxd, sudo] groups: [adm, cdrom, dip, plugdev, lxd, sudo]
lock-passwd: false lock-passwd: false
sudo: ALL=(ALL) NOPASSWD:ALL sudo: ALL=(ALL) NOPASSWD:ALL
@ -186,5 +187,5 @@ autoinstall:
ssh_authorized_keys: ssh_authorized_keys:
%{ for ssh_key in ssh_keys ~} %{ for ssh_key in ssh_keys ~}
- ${ ssh_key } - ${ ssh_key }
%{ endfor ~} %{ endfor ~}
%{ endif ~} %{ endif ~}

3
packer/packer_cache/ssh_private_key_packer.example.pem
View file

@ -1,3 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----

6
packer/scripts/generalize.sh
View file

@ -2,10 +2,10 @@
# Prepare a VM to become a template. # Prepare a VM to become a template.
echo '>> Clearing audit logs...' echo '>> Clearing audit logs...'
sudo sh -c 'if [ -f /var/log/audit/audit.log ]; then sudo sh -c 'if [ -f /var/log/audit/audit.log ]; then
cat /dev/null > /var/log/audit/audit.log cat /dev/null > /var/log/audit/audit.log
fi' fi'
sudo sh -c 'if [ -f /var/log/wtmp ]; then sudo sh -c 'if [ -f /var/log/wtmp ]; then
cat /dev/null > /var/log/wtmp cat /dev/null > /var/log/wtmp
fi' fi'
sudo sh -c 'if [ -f /var/log/lastlog ]; then sudo sh -c 'if [ -f /var/log/lastlog ]; then

111
packer/ubuntu-k8s.example.pkrvars.hcl
View file

@ -1,67 +1,67 @@
/* /*
DESCRIPTION : DESCRIPTION:
Ubuntu Server 20.04 LTS Kubernetes node variables used by the Packer Plugin for VMware vSphere (vsphere-iso). Ubuntu Server 20.04 LTS Kubernetes node variables used by the Packer Plugin for VMware vSphere (vsphere-iso).
*/ */
// vSphere Credentials // vSphere Credentials
vsphere_endpoint = "vcenter.lab.local" vsphere_endpoint = "vcenter.lab.local"
vsphere_username = "packer" vsphere_username = "packer"
vsphere_password = "VMware1!" vsphere_password = "VMware1!"
vsphere_insecure_connection = true vsphere_insecure_connection = true
// vSphere Settings // vSphere Settings
vsphere_datacenter = "Datacenter 01" vsphere_datacenter = "Datacenter 01"
vsphere_cluster = "cluster-01" vsphere_cluster = "cluster-01"
vsphere_datastore = "datastore-01" vsphere_datastore = "datastore-01"
vsphere_network = "network-01" vsphere_network = "network-01"
vsphere_folder = "_Templates" vsphere_folder = "_Templates"
// Guest Operating System Settings // Guest Operating System Settings
vm_guest_os_language = "en_US" vm_guest_os_language = "en_US"
vm_guest_os_keyboard = "us" vm_guest_os_keyboard = "us"
vm_guest_os_timezone = "America/Chicago" vm_guest_os_timezone = "America/Chicago"
vm_guest_os_type = "ubuntu64Guest" vm_guest_os_type = "ubuntu64Guest"
// Virtual Machine Hardware Settings // Virtual Machine Hardware Settings
vm_name = "k8s-u2004" vm_name = "k8s-u2004"
vm_firmware = "efi-secure" vm_firmware = "efi-secure"
vm_cdrom_type = "sata" vm_cdrom_type = "sata"
vm_cpu_count = 2 vm_cpu_count = 2
vm_cpu_cores = 1 vm_cpu_cores = 1
vm_cpu_hot_add = true vm_cpu_hot_add = true
vm_mem_size = 2048 vm_mem_size = 2048
vm_mem_hot_add = true vm_mem_hot_add = true
vm_disk_size = 30720 vm_disk_size = 30720
vm_disk_controller_type = ["pvscsi"] vm_disk_controller_type = ["pvscsi"]
vm_disk_thin_provisioned = true vm_disk_thin_provisioned = true
vm_network_card = "vmxnet3" vm_network_card = "vmxnet3"
common_vm_version = 19 common_vm_version = 19
common_tools_upgrade_policy = true common_tools_upgrade_policy = true
common_remove_cdrom = true common_remove_cdrom = true
// Template and Content Library Settings // Template and Content Library Settings
common_template_conversion = true common_template_conversion = true
common_content_library_name = null common_content_library_name = null
common_content_library_ovf = false common_content_library_ovf = false
common_content_library_destroy = true common_content_library_destroy = true
common_content_library_skip_export = true common_content_library_skip_export = true
// OVF Export Settings // OVF Export Settings
common_ovf_export_enabled = false common_ovf_export_enabled = false
common_ovf_export_overwrite = true common_ovf_export_overwrite = true
common_ovf_export_path = "" common_ovf_export_path = ""
// Removable Media Settings // Removable Media Settings
common_iso_datastore = "datastore-01" common_iso_datastore = "datastore-01"
iso_url = null iso_url = null
iso_path = "_ISO" iso_path = "_ISO"
iso_file = "ubuntu-20.04.5-live-server-amd64.iso" iso_file = "ubuntu-20.04.5-live-server-amd64.iso"
iso_checksum_type = "sha256" iso_checksum_type = "sha256"
iso_checksum_value = "5035be37a7e9abbdc09f0d257f3e33416c1a0fb322ba860d42d74aa75c3468d4" iso_checksum_value = "5035be37a7e9abbdc09f0d257f3e33416c1a0fb322ba860d42d74aa75c3468d4"
// Boot Settings // Boot Settings
vm_boot_order = "disk,cdrom" vm_boot_order = "disk,cdrom"
vm_boot_wait = "4s" vm_boot_wait = "4s"
vm_boot_command = [ vm_boot_command = [
"<esc><wait>", "<esc><wait>",
"linux /casper/vmlinuz --- autoinstall ds=\"nocloud\"", "linux /casper/vmlinuz --- autoinstall ds=\"nocloud\"",
@ -73,15 +73,16 @@ vm_boot_command = [
] ]
// Communicator Settings // Communicator Settings
communicator_port = 22 communicator_port = 22
communicator_timeout = "20m" communicator_timeout = "20m"
common_ip_wait_timeout = "20m" common_ip_wait_timeout = "20m"
common_shutdown_timeout = "15m" common_shutdown_timeout = "15m"
build_remove_keys = true vm_shutdown_command = "sudo /usr/sbin/shutdown -P now"
build_username = "admin" build_remove_keys = true
build_password = "VMware1!" build_username = "admin"
ssh_keys = [ build_password = "VMware1!"
"ssh-ed25519 blahblahblah builder" ssh_keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
] ]
// Provisioner Settings // Provisioner Settings
@ -105,4 +106,4 @@ pre_final_scripts = [
] ]
// Kubernetes Settings // Kubernetes Settings
k8s_version = "1.25.3" k8s_version = "1.25.3"

6
packer/ubuntu-k8s.pkr.hcl
View file

@ -34,13 +34,13 @@ locals {
build_tool = "HashiCorp Packer ${packer.version}" build_tool = "HashiCorp Packer ${packer.version}"
build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp()) build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
build_description = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}" build_description = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}"
shutdown_command = "sudo /usr/sbin/shutdown -P now"
iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"] iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"]
iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}" iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}"
data_source_content = { data_source_content = {
"/meta-data" = file("data/meta-data") "/meta-data" = file("data/meta-data")
"/user-data" = templatefile("data/user-data.pkrtpl.hcl", { "/user-data" = templatefile("data/user-data.pkrtpl.hcl", {
build_username = var.build_username build_username = var.build_username
build_password = bcrypt(var.build_password)
ssh_keys = concat([local.ssh_public_key], var.ssh_keys) ssh_keys = concat([local.ssh_public_key], var.ssh_keys)
vm_guest_os_language = var.vm_guest_os_language vm_guest_os_language = var.vm_guest_os_language
vm_guest_os_keyboard = var.vm_guest_os_keyboard vm_guest_os_keyboard = var.vm_guest_os_keyboard
@ -102,7 +102,7 @@ source "vsphere-iso" "ubuntu-k8s" {
cd_content = local.data_source_content cd_content = local.data_source_content
cd_label = var.cd_label cd_label = var.cd_label
// Boot and Provisioning Settings // Boot and Provisioning Settings
boot_order = var.vm_boot_order boot_order = var.vm_boot_order
boot_wait = var.vm_boot_wait boot_wait = var.vm_boot_wait
boot_command = var.vm_boot_command boot_command = var.vm_boot_command
@ -138,7 +138,7 @@ source "vsphere-iso" "ubuntu-k8s" {
// OVF Export Settings // OVF Export Settings
dynamic "export" { dynamic "export" {
for_each = var.common_ovf_export_enabled == true ? [1] : [] for_each = var.common_ovf_export_enabled == true ? [1] : []
content { content {
name = var.vm_name name = var.vm_name
force = var.common_ovf_export_overwrite force = var.common_ovf_export_overwrite
options = [ options = [

1
packer/variables.pkr.hcl
View file

@ -15,6 +15,7 @@ variable "vsphere_endpoint" {
variable "vsphere_username" { variable "vsphere_username" {
type = string type = string
description = "The username to login to the vCenter Server instance. ('packer')" description = "The username to login to the vCenter Server instance. ('packer')"
sensitive = true
} }
variable "vsphere_password" { variable "vsphere_password" {

4
terraform/main.tf
View file

@ -99,7 +99,7 @@ resource "vsphere_virtual_machine" "control" {
template_uuid = data.vsphere_virtual_machine.template.id template_uuid = data.vsphere_virtual_machine.template.id
customize { customize {
timeout = 0 timeout = 0
linux_options { linux_options {
host_name = "${var.vm-control-name}-${count.index +1}" host_name = "${var.vm-control-name}-${count.index +1}"
domain = var.vm-domain domain = var.vm-domain
@ -180,7 +180,7 @@ resource "vsphere_virtual_machine" "worker" {
template_uuid = data.vsphere_virtual_machine.template.id template_uuid = data.vsphere_virtual_machine.template.id
customize { customize {
timeout = 0 timeout = 0
linux_options { linux_options {
host_name = "${var.vm-worker-name}-${count.index +1}" host_name = "${var.vm-worker-name}-${count.index +1}"
domain = var.vm-domain domain = var.vm-domain

40
terraform/scripts/initialize-controlplane.sh
View file

@ -52,7 +52,7 @@ EOF
sudo chown "$(id -u):$(id -g)" "${HOME}"/.kube/config sudo chown "$(id -u):$(id -g)" "${HOME}"/.kube/config
echo ">> Applying Calico networking..." echo ">> Applying Calico networking..."
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/master/manifests/calico.yaml kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
echo ">> Creating discovery config..." echo ">> Creating discovery config..."
kubectl -n kube-public get configmap cluster-info -o jsonpath='{.data.kubeconfig}' > discovery.yaml kubectl -n kube-public get configmap cluster-info -o jsonpath='{.data.kubeconfig}' > discovery.yaml
@ -63,7 +63,7 @@ EOF
fi fi
fi fi
echo ">> Waiting up to 10 minutes for all control-plane nodes to be Ready..." echo ">> Waiting up to 10 minutes for all control-plane nodes to be Ready..."
python3 -m http.server &>/dev/null & python3 -m http.server 2>/dev/null &
PROC_ID=$! PROC_ID=$!
attempts_max=60 attempts_max=60
attempt=0 attempt=0
@ -382,25 +382,20 @@ else
sleep 10 sleep 10
done done
echo ">> Continuing after $((attempt*10)) seconds." echo ">> Continuing after $((attempt*10)) seconds."
echo ">> Retrieving cluster discovery config..." echo ">> Joining cluster..."
attempts_max=6 attempts_max=6
attempt=0 attempt=0
until [ -f ~/discovery.yaml ] || [ ${attempt} -eq ${attempts_max} ]; do until [ -f /etc/kubernetes/discovery.yaml ]; do
wget "http://${K8S_CONTROLPLANE_VIP}:8000/discovery.yaml" wget "http://${K8S_CONTROLPLANE_VIP}:8000/discovery.yaml" 2>/dev/null
sleep 2 if ! sudo install -m 600 discovery.yaml /etc/kubernetes/discovery.yaml 2>/dev/null; then
if ! [ -f ~/discovery.yaml ]; then if [ ${attempt} -eq ${attempts_max} ]; then
echo ">> Unable to retrieve config..." echo ">> [ERROR] Timeout waiting for discovery.yaml! <<"
exit 1
fi
attempt=$((attempt+1)) attempt=$((attempt+1))
sleep 8 sleep 10
fi fi
done done
if ! [ -f ~/discovery.yaml ]; then
echo ">> Timeout reached while retrieving config!"
echo "Exiting."
exit 1
fi
sudo install -o root -g root -m 600 discovery.yaml /etc/kubernetes/discovery.yaml
echo ">> Successfully discovered cluster!"
cat << EOF > kubeadmjoin.yaml cat << EOF > kubeadmjoin.yaml
apiVersion: kubeadm.k8s.io/v1beta3 apiVersion: kubeadm.k8s.io/v1beta3
caCertPath: /etc/kubernetes/pki/ca.crt caCertPath: /etc/kubernetes/pki/ca.crt
@ -416,8 +411,17 @@ nodeRegistration:
controlPlane: controlPlane:
certificateKey: ${KUBEADM_CERTKEY} certificateKey: ${KUBEADM_CERTKEY}
EOF EOF
echo ">> Joining cluster..." if sudo kubeadm join "${K8S_CONTROLPLANE_VIP}:6443" --config kubeadmjoin.yaml; then
if sudo kubeadm join "${K8S_CONTROLPLANE_VIP}":6443 --config kubeadmjoin.yaml; then if [ ! -f /etc/kubernetes/manifests/kube-vip.yaml ]; then
echo ">> Configuring kube-vip..."
sudo ctr image pull ghcr.io/kube-vip/kube-vip:"${KUBEVIP_VER}"
sudo ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:"${KUBEVIP_VER}" vip /kube-vip manifest pod \
--interface ens192 \
--vip "${K8S_CONTROLPLANE_VIP}" \
--controlplane \
--arp \
--leaderElection | sudo tee /etc/kubernetes/manifests/kube-vip.yaml
fi
echo ">> Node ${HOSTNAME} successfully initialized!" echo ">> Node ${HOSTNAME} successfully initialized!"
touch .k8s-node-success touch .k8s-node-success
mkdir -p "${HOME}"/.kube mkdir -p "${HOME}"/.kube

24
terraform/scripts/join-workers.sh
View file

@ -17,7 +17,7 @@ echo ">> Continuing after $((attempt*10)) seconds."
echo ">> Waiting up to 10 minutes for all control-plane nodes..." echo ">> Waiting up to 10 minutes for all control-plane nodes..."
attempts_max=60 attempts_max=60
attempt=0 attempt=0
until curl --fail "http://${K8S_CONTROLPLANE_VIP}:8000/.k8s-controlplane-success" 2>/dev/null; do until wget "http://${K8S_CONTROLPLANE_VIP}:8000/.k8s-controlplane-success" 2>/dev/null; do
if [ ${attempt} -eq ${attempts_max} ]; then if [ ${attempt} -eq ${attempts_max} ]; then
echo ">> [ERROR] Timeout waiting for control-plane nodes! <<" echo ">> [ERROR] Timeout waiting for control-plane nodes! <<"
exit 1 exit 1
@ -26,26 +26,18 @@ until curl --fail "http://${K8S_CONTROLPLANE_VIP}:8000/.k8s-controlplane-success
sleep 10 sleep 10
done done
echo ">> Continuing after $((attempt*10)) seconds." echo ">> Continuing after $((attempt*10)) seconds."
echo ">> Retrieving cluster discovery config..." echo ">> Joining cluster..."
attempts_max=6 attempts_max=6
attempt=0 attempt=0
until [ -f ~/discovery.yaml ] || [ ${attempt} -eq ${attempts_max} ]; do until [ -f /etc/kubernetes/discovery.yaml ]; do
wget "http://${K8S_CONTROLPLANE_VIP}:8000/discovery.yaml" wget "http://${K8S_CONTROLPLANE_VIP}:8000/discovery.yaml" 2>/dev/null
sleep 2 sudo install -m 600 discovery.yaml /etc/kubernetes/discovery.yaml 2>/dev/null
if ! [ -f ~/discovery.yaml ]; then if [ ! -f /etc/kubernetes/discovery.yaml ]; then
echo ">> Unable to retrieve config..."
attempt=$((attempt+1)) attempt=$((attempt+1))
sleep 8 sleep 10
fi fi
done done
if ! [ -f ~/discovery.yaml ]; then
echo ">> Timeout reached while retrieving config!"
echo "Exiting."
exit 1
fi
sudo install -o root -g root -m 600 discovery.yaml /etc/kubernetes/discovery.yaml
echo ">> Successfully discovered cluster!"
echo ">> Discovered cluster!"
cat << EOF > kubeadmjoin.yaml cat << EOF > kubeadmjoin.yaml
apiVersion: kubeadm.k8s.io/v1beta3 apiVersion: kubeadm.k8s.io/v1beta3
caCertPath: /etc/kubernetes/pki/ca.crt caCertPath: /etc/kubernetes/pki/ca.crt