Post

Ansible k3sup installation

Ansible k3sup installation

Posted Updated
Preview Image
By
3 min read
Ansible k3sup installation

Setup DD WRT /etc/hosts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

```bash
ssh root@192.168.1.1
~ vi /etc/hosts
...
192.168.1.111 ip-11-112-11-111.antik.sk
192.168.1.144 rancher.k3s
...
\:wq!
~ killall -1 dnsmasq

# Generate SSH keys
ssh-keygen -t rsa -C "k3s-ansible" -N '' -f ~/.ssh/k3s-ansible

# Provision EC2 instance in AWS via Ansible playbook
ansible-playbook -i inventory/hosts.ini ec2-playbook.yml --ask-vault-pass

# Provision VirtualBox machines at your local
# Kubernetes K3S master (192.168.1.111)
cd vms/ubuntu1
vagrant up
# Kubernetes K3S node (192.168.1.222)
cd vms/ubuntu2
vagrant up

# Setup port forwarding at DD WRT

# Adjust /etc/hosts file
vim /etc/hosts
...
192.168.1.108        k3s-rpi-1
192.168.1.111        k3s-ubuntu-1-20-04
192.168.1.222        k3s-ubuntu-2-20-04
aaa.bbb.ccc.ddd      k3s-ubuntu-3-20-04
\:wq!

# Adjust inventory/hosts.ini
cat inventory/hosts.ini
k3s-rpi-1            ansible_host=192.168.1.108
k3s-ubuntu-1-20-04   ansible_host=192.168.1.111
k3s-ubuntu-2-20-04   ansible_host=192.168.1.222
k3s-ubuntu-3-20-04   ansible_host=111.222.333.444   # AWS
...

# Adjust your ~/.zshrc file
alias u1='ssh -i ~/.ssh/k3s-ansible  ubuntu@k3s-ubuntu-1-20-04'
alias u2='ssh -i ~/.ssh/k3s-ansible  ubuntu@k3s-ubuntu-2-20-04'
alias r1='ssh -i ~/.ssh/k3s-ansible  ubuntu@k3s-rpi-1'
alias e1='ssh -i ~/.ssh/k3s-ansible  ubuntu@k3s-ubuntu-3-20-04'

# Distribute SSH public keys at VMs, Raspberry
# raspberry pi 3 (ubuntu/raspberry)
cat ~/.ssh/k3s-ansible.pub | ssh ubuntu@k3s-rpi-1 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
# ubuntu in Virtualbox
cat ~/.ssh/k3s-ansible.pub | ssh ubuntu@k3s-ubuntu-1-20-04 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
cat ~/.ssh/k3s-ansible.pub | ssh ubuntu@k3s-ubuntu-2-20-04 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
k3sup install --ip 88.212.33.167 --ssh-key ~/.ssh/k3s-ansible --k3s-version 'v1.18.8+k3s1' --user k3s --k3s-extra-args "--cluster-secret S8p3r53cr3t"
k3sup join --server-ip 88.212.33.167 --ip 192.168.1.222 --ssh-key ~/.ssh/k3s-ansible --k3s-version 'v1.18.8+k3s1' --user k3s

# Uninstall k3s-agents, k3s server
# Ubuntu Virtualbox (vagrant provisioned)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-ubuntu-1-20-04 /usr/local/bin/k3s-uninstall.sh        # (master)
# Ubuntu (vagrant)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-ubuntu-2-20-04 /usr/local/bin/k3s-agent-uninstall.sh # (node)
# Raspberry Pi3
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-rpi-1  /usr/local/bin/k3s-agent-uninstall.sh # (node)
# AWS EC2 instance (node)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-ubuntu-3-20-04  /usr/local/bin/k3s-agent-uninstall.sh # (node)

# Checks routes/iptables added by vagrant
# K3s master (192.169.1.111)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-ubuntu-1-20-04 sudo iptables-save | grep  -e "\-A INPUT" -e "\-A OUTPUT" && ip r
-A OUTPUT -s 192.168.1.0/24 -d 88.212.33.167/32 -j DNAT --to-destination 192.168.1.111
-A INPUT -s 10.235.0.0/16 -d 192.168.1.111/32 -j ACCEPT
# K3s node (192.169.1.222)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-ubuntu-2-20-04 sudo iptables-save | grep  -e "\-A INPUT" -e "\-A OUTPUT" && ip r
-A OUTPUT -s 192.168.1.0/24 -d 88.212.33.167/32 -j DNAT --to-destination 192.168.1.111
-A INPUT -s 10.235.0.0/16 -d 192.168.1.222/32 -j ACCEPT
# K3s node (AWS EC2)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-ubuntu-3-20-04 sudo iptables-save | grep  -e "\-A INPUT" -e "\-A OUTPUT" && ip r
# K3s node (192.168.1.108 - raspberry pi)
ssh -i ~/.ssh/k3s-ansible ubuntu@k3s-rpi-1 sudo iptables-save | grep  -e "\-A INPUT" -e "\-A OUTPUT" && ip r

# Troubleshooting K3s agents
sudo tcpdump port 6443 -i eth1 and src 54.148.135.105 -nnvvS
# at both VirtualBox machines
sudo ip r del default via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.15 metric 100
sudo ip r add default via 192.168.1.1 dev eth1 proto dhcp metric 600
sudo iptables -A INPUT -s 10.235.0.0/16 -d 192.168.1.111/32 -j ACCEPT
# at my laptop and Raspberry Pi
sudo iptables -t nat -A OUTPUT -d 88.212.33.167 -s 192.168.1.0/24 -j DNAT --to-destination 192.168.1.111
sudo iptables --table nat --list

# Check certificate
kubectl get secret -o json k3s-serving -n kube-system | jq -r '.data["tls.crt"]' | base64 --decode | openssl x509 -noout -text

# Setup prerouting (just an example)
sudo iptables --table nat --append PREROUTING --destination 88.212.33.167 --jump DNAT --to-destination 192.168.1.111
sudo iptables -t nat -v -L -n --line-number
sudo iptables -t nat -D PREROUTING 2

# Loadbalancer
sudo cat /var/lib/rancher/k3s/agent/etc/k3s-agent-load-balancer.json
{
  "ServerURL": "https://88.212.33.167:6443",
  "ServerAddresses": [
    "192.168.1.111:6443"
  ]
}

# Setup static routes
cat << 'EOF' > /etc/netplan/01-netcfg.yaml
---
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
      - 192.168.1.222/24
      routes:
        - to: 0.0.0.0/0
          via: 192.168.1.1
          metric: 100
EOF
tiddlywiki
ml ansible k3s k3sup wrt
This post is licensed under CC BY 4.0 by the author.