From 8efad362a00370bc80c48441c239599ba2511ef7 Mon Sep 17 00:00:00 2001 From: Sergei Bobkov Date: Sat, 23 Aug 2025 13:39:33 +0300 Subject: [PATCH] Added playbook and role for k8s-ha-api --- ansible/README.md | 1 + ansible/playbooks/k8s-ha-api.yaml | 7 ++++ ansible/roles/k8s-ha-api/defaults/main.yml | 1 + ansible/roles/k8s-ha-api/files/.gitkeep | 0 ansible/roles/k8s-ha-api/handlers/main.yml | 14 ++++++++ ansible/roles/k8s-ha-api/tasks/main.yml | 36 +++++++++++++++++++ ansible/roles/k8s-ha-api/tasks/ping.yml | 4 +++ .../roles/k8s-ha-api/templates/haproxy.cfg.j2 | 26 ++++++++++++++ .../k8s-ha-api/templates/keepalived.conf.j2 | 14 ++++++++ ansible/roles/k8s-ha-api/vars/main.yml | 15 ++++++++ 10 files changed, 118 insertions(+) create mode 100644 ansible/README.md create mode 100644 ansible/playbooks/k8s-ha-api.yaml create mode 100644 ansible/roles/k8s-ha-api/defaults/main.yml create mode 100644 ansible/roles/k8s-ha-api/files/.gitkeep create mode 100644 ansible/roles/k8s-ha-api/handlers/main.yml create mode 100644 ansible/roles/k8s-ha-api/tasks/main.yml create mode 100644 ansible/roles/k8s-ha-api/tasks/ping.yml create mode 100644 ansible/roles/k8s-ha-api/templates/haproxy.cfg.j2 create mode 100644 ansible/roles/k8s-ha-api/templates/keepalived.conf.j2 create mode 100644 ansible/roles/k8s-ha-api/vars/main.yml diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..b102805 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1 @@ +# Ansible playbooks and roles. diff --git a/ansible/playbooks/k8s-ha-api.yaml b/ansible/playbooks/k8s-ha-api.yaml new file mode 100644 index 0000000..641b12e --- /dev/null +++ b/ansible/playbooks/k8s-ha-api.yaml @@ -0,0 +1,7 @@ +--- + +- hosts: "{{ hosts_target }}" + become: true + gather_facts: true + roles: + - k8s-ha-api diff --git a/ansible/roles/k8s-ha-api/defaults/main.yml b/ansible/roles/k8s-ha-api/defaults/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/k8s-ha-api/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/k8s-ha-api/files/.gitkeep b/ansible/roles/k8s-ha-api/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/k8s-ha-api/handlers/main.yml b/ansible/roles/k8s-ha-api/handlers/main.yml new file mode 100644 index 0000000..d9c7b21 --- /dev/null +++ b/ansible/roles/k8s-ha-api/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: Restart_haproxy + systemd_service: + name: haproxy + state: restarted + enabled: true + +- name: Restart_keepalived + systemd_service: + name: keepalived + state: restarted + enabled: true + + diff --git a/ansible/roles/k8s-ha-api/tasks/main.yml b/ansible/roles/k8s-ha-api/tasks/main.yml new file mode 100644 index 0000000..451a749 --- /dev/null +++ b/ansible/roles/k8s-ha-api/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- block: + - name: Run "apt update / upgrade" + apt: + upgrade: yes + update_cache: yes + retries: 10 + delay: 30 + + - name: Install haproxy keepalived etc + apt: + state: latest + pkg: "{{ pkg_list }}" + + - name: Create /etc/haproxy/haproxy.cfg + template: + src: haproxy.cfg.j2 + dest: "/etc/haproxy/haproxy.cfg" + owner: root + group: root + mode: '0644' + notify: Restart_haproxy + + - name: Create /etc/keepalived/keepalived.conf + template: + src: keepalived.conf.j2 + dest: "/etc/keepalived/keepalived.conf" + owner: root + group: root + mode: '0644' + notify: Restart_keepalived + when: ansible_distribution == "Debian" and ansible_distribution_major_version == "12" + + + diff --git a/ansible/roles/k8s-ha-api/tasks/ping.yml b/ansible/roles/k8s-ha-api/tasks/ping.yml new file mode 100644 index 0000000..6529d9b --- /dev/null +++ b/ansible/roles/k8s-ha-api/tasks/ping.yml @@ -0,0 +1,4 @@ +--- + +- name: ping + ping: diff --git a/ansible/roles/k8s-ha-api/templates/haproxy.cfg.j2 b/ansible/roles/k8s-ha-api/templates/haproxy.cfg.j2 new file mode 100644 index 0000000..f04e74a --- /dev/null +++ b/ansible/roles/k8s-ha-api/templates/haproxy.cfg.j2 @@ -0,0 +1,26 @@ +global + log /dev/log local0 + log /dev/log local1 notice + daemon + maxconn 2000 + +defaults + log global + mode tcp + option tcplog + option dontlognull + timeout connect 10s + timeout client 1m + timeout server 1m + retries 3 + +frontend kubernetes_api + bind *:6443 + default_backend k8s_masters + +backend k8s_masters + option tcp-check + balance roundrobin +{% for srv in haproxy_backend_server %} + server {{ srv.backend_name }} {{ srv.backend_ip }}:{{ srv.backend_port }} check fall 3 rise 2 +{% endfor %} diff --git a/ansible/roles/k8s-ha-api/templates/keepalived.conf.j2 b/ansible/roles/k8s-ha-api/templates/keepalived.conf.j2 new file mode 100644 index 0000000..765e497 --- /dev/null +++ b/ansible/roles/k8s-ha-api/templates/keepalived.conf.j2 @@ -0,0 +1,14 @@ +vrrp_instance VI_1 { + state {{ hostvars[inventory_hostname].state }} + interface {{ ansible_default_ipv4.interface }} + virtual_router_id 51 + priority {{ hostvars[inventory_hostname].priority }} + advert_int 1 + authentication { + auth_type PASS + auth_pass {{ keepalived_auth_pass }} + } + virtual_ipaddress { + {{ keepalived_vip }} + } +} diff --git a/ansible/roles/k8s-ha-api/vars/main.yml b/ansible/roles/k8s-ha-api/vars/main.yml new file mode 100644 index 0000000..6918138 --- /dev/null +++ b/ansible/roles/k8s-ha-api/vars/main.yml @@ -0,0 +1,15 @@ +--- + +pkg_list: + - haproxy + - keepalived + +haproxy_bind_port: "8443" +haproxy_backend_server: + - { backend_name: "k8s-cr01", backend_ip: "192.168.111.191", backend_port: "6443"} + - { backend_name: "k8s-cr02", backend_ip: "192.168.111.192", backend_port: "6443"} + - { backend_name: "k8s-cr03", backend_ip: "192.168.111.193", backend_port: "6443"} + +keepalived_vip: "192.168.111.100/24" +keepalived_auth_pass: "1q2w3e4r" +