Undercloud/undercloud-infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
root
2025-08-01 14:48:56 +00:00
parent d676962a6e
commit 6dd4e122bc
6 changed files with 297 additions and 1549 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
terraform/.terraform.lock.hcl generated
View File

@@ -24,6 +24,25 @@ provider "registry.terraform.io/bpg/proxmox" {
]
}
provider "registry.terraform.io/hashicorp/null" {
version = "3.2.4"
hashes = [
"h1:hkf5w5B6q8e2A42ND2CjAvgvSN3puAosDmOJb3zCVQM=",
"zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43",
"zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a",
"zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991",
"zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f",
"zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e",
"zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615",
"zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442",
"zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5",
"zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f",
"zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f",
]
}
provider "registry.terraform.io/poseidon/ct" {
version = "0.13.0"
constraints = ">= 0.13.0"

99
terraform/control-plane1.bu
View File

@@ -7,23 +7,14 @@ passwd:
ssh_authorized_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud"
networkd:
units:
- name: eth0.network
contents: |
[Match]
Name=eth0
[Network]
Address=fd00:0:0:2::91/64
Gateway=fd00:0:0:2::3
DNS=fd00:0:0:3::1
Address=10.0.2.91/24
Gateway=10.0.2.3
DNS=10.0.3.1
Domains=undercloud.local
storage:
directories:
- path: /opt/bin
overwrite: true
mode: 0755
- path: /opt/cni/bin
overwrite: true
mode: 755
files:
- path: /etc/hostname
mode: 0644
@@ -31,6 +22,22 @@ storage:
inline: |
control-plane1
- path: /etc/systemd/network/00-eth.network
mode: 0644
contents:
inline: |
[Match]
Name=eth*
[Network]
Address=fd00:0:0:2::91/64
Gateway=fd00:0:0:2::3
DNS=fd00:0:0:3::1
Address=10.0.2.91/24
Gateway=10.0.2.3
DNS=10.0.3.1
Domains=undercloud.local
- path: /etc/hosts
mode: 0644
overwrite: true
@@ -81,35 +88,45 @@ storage:
kernel.panic=10
kernel.panic_on_oops=1
- path: /opt/kubernetes/bin/kubeadm
- path: /opt/bin/kubeadm
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm"
- path: /opt/kubernetes/bin/kubelet
- path: /opt/bin/kubelet
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet"
- path: /opt/kubernetes/bin/kubectl
- path: /opt/bin/kubectl
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl"
- path: /opt/kubernetes/bin/calicoctl
- path: /opt/bin/calicoctl
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/calicoctl"
- path: /etc/kubernetes/kubeadm-init.yaml
mode: 0644
contents:
inline: |
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: "fd00:0:0:2::91"
bindPort: 6443
nodeRegistration:
name: control-plane1
criSocket: /run/containerd/containerd.sock
criSocket: unix:///run/containerd/containerd.sock
kubeletExtraArgs:
node-ip: "fd00:0:0:2::91"
certificateKey: "fee7c3e5cfcac7e4774c6efca0464a42d897f30f7300340d6578b5cfb4a3d34b"
bootstrapTokens:
- token: "abcdef.0123456789abcdef"
description: "default kubeadm bootstrap token"
ttl: 0
ttl: "0"
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
@@ -122,7 +139,11 @@ storage:
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "::"
healthzBindAddress: "::"
clusterDomain: "k8s.undercloud.local"
volumePluginDir: /opt/libexec/kubernetes/kubelet-plugins/volume/exec
cgroupDriver: "systemd"
- path: /etc/kubernetes/calico.yaml
mode: 0644
@@ -168,22 +189,46 @@ systemd:
[Install]
WantedBy=multi-user.target
- name: kubelet.service
enabled: true
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home
Wants=network-online.target
After=network-online.target containerd.service
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
- name: kubeadm-init.service
enabled: true
contents: |
[Unit]
Description=Kubeadm Init Cluster
After=network-online.target containerd.service
After=network-online.target containerd.service kubelet.service
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/opt/kubernetes/bin/kubeadm init --config=/etc/kubernetes/kubeadm-init.yaml
Environment="PATH=/opt/bin:/usr/bin:/bin:/usr/sbin:/sbin"
ExecStartPre=/bin/sleep 30s
ExecStart=/opt/bin/kubeadm init --upload-certs --config=/etc/kubernetes/kubeadm-init.yaml
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
ExecStartPost=/opt/kubernetes/bin/kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/calico.yaml
RemainAfterExit=yes
#ExecStartPost=/opt/bin/kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/calico.yaml
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target

141
terraform/control-plane2.bu
View File

@@ -8,99 +8,136 @@ passwd:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud"
storage:
directories:
- path: /opt/bin
overwrite: true
mode: 0755
- path: /opt/cni/bin
overwrite: true
mode: 0755
files:
# --- Hostname
- path: /etc/hostname
mode: 0644
contents:
inline: "control-plane2"
# --- Kubernetes sysctl tweaks ---
- path: /etc/sysctl.d/99-kubernetes-cri.conf
mode: 0644
contents:
inline: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
control-plane2
# --- Netzwerkkonfiguration eth0 ---
- path: /etc/systemd/network/10-eth0.network
- path: /etc/systemd/network/00-eth.network
mode: 0644
contents:
inline: |
[Match]
Name=eth0
Name=eth*
[Network]
Address=10.0.2.92/24
Gateway=10.0.2.3
Address=fd00:0:0:2::92/64
Gateway=fd00:0:0:2::3
DNS=10.0.3.1
DNS=fd00:0:0:3::1
Address=10.0.2.92/24
Gateway=10.0.2.3
DNS=10.0.3.1
Domains=undercloud.local
# --- Kubernetes Binaries (aus deinem Gitea) ---
- path: /opt/bin/kubelet
mode: 0755
- path: /etc/hosts
mode: 0644
overwrite: true
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet
inline: |
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fd00:0:0:2::91 control-plane1.undercloud.local control-plane1
fd00:0:0:2::92 control-plane2.undercloud.local control-plane2
fd00:0:0:2::93 control-plane3.undercloud.local control-plane3
fd00:0:0:2::101 worker1.undercloud.local worker1
fd00:0:0:2::102 worker2.undercloud.local worker2
fd00:0:0:2::103 worker3.undercloud.local worker3
10.0.2.91 control-plane1.undercloud.local control-plane1
10.0.2.92 control-plane2.undercloud.local control-plane2
10.0.2.93 control-plane3.undercloud.local control-plane3
10.0.2.101 worker1.undercloud.local worker1
10.0.2.102 worker2.undercloud.local worker2
10.0.2.103 worker3.undercloud.local worker3
- path: /opt/bin/kubeadm
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm"
- path: /opt/bin/kubelet
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet"
- path: /opt/bin/kubectl
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl"
# --- Containerd Config (Minimal) ---
- path: /etc/containerd/config.toml
- path: /opt/bin/calicoctl
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/calicoctl"
- path: /etc/kubernetes/kubeadm-join.yaml
mode: 0644
contents:
inline: |
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
controlPlane:
localAPIEndpoint:
advertiseAddress: "fd00:0:0:2::92"
bindPort: 6443
certificateKey: "fee7c3e5cfcac7e4774c6efca0464a42d897f30f7300340d6578b5cfb4a3d34b"
nodeRegistration:
name: control-plane2
criSocket: unix:///run/containerd/containerd.sock
kubeletExtraArgs:
node-ip: "fd00:0:0:2::92"
discovery:
bootstrapToken:
apiServerEndpoint: "[fd00:0:0:2::100]:6443"
token: "abcdef.0123456789abcdef"
unsafeSkipCAVerification: true
systemd:
units:
# --- containerd service aktivieren ---
- name: containerd.service
- name: kubelet.service
enabled: true
contents: |
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home
Wants=network-online.target
After=network-online.target containerd.service
[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStartPre=/sbin/modprobe br_netfilter
ExecStart=/usr/bin/containerd
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
RestartSec=5
Delegate=yes
KillMode=process
OOMScoreAdjust=-999
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
# --- sysctl Settings aktivieren ---
- name: systemd-sysctl.service
- name: kubeadm-join.service
enabled: true
contents: |
[Unit]
Description=Join node to Kubernetes cluster
After=network-online.target containerd.service kubelet.service
Wants=network-online.target
# --- networkd & resolved aktivieren ---
- name: systemd-networkd.service
enabled: true
- name: systemd-resolved.service
enabled: true
[Service]
Type=oneshot
Environment="PATH=/opt/bin:/usr/bin:/bin:/usr/sbin:/sbin"
ExecStart=/opt/bin/kubeadm join --config=/etc/kubernetes/kubeadm-join.yaml
ExecStartPost=/usr/bin/systemctl disable kubeadm-join.service
Restart=on-failure
RestartSec=120s
# kubelet wird erst nach kubeadm init gestartet
- name: kubelet.service
enabled: false
[Install]
WantedBy=multi-user.target

33
terraform/main.tf
View File

@@ -39,27 +39,27 @@ data "ct_config" "control_plane1_ignition" {
}
data "ct_config" "control_plane2_ignition" {
content = file("${path.module}/control-plane2.bu")
strict = true
strict = false
pretty_print = true
}
data "ct_config" "control_plane3_ignition" {
content = file("${path.module}/control-plane3.bu")
strict = true
strict = false
pretty_print = true
}
data "ct_config" "worker1_ignition" {
content = file("${path.module}/worker1.bu")
strict = true
strict = false
pretty_print = true
}
data "ct_config" "worker2_ignition" {
content = file("${path.module}/worker2.bu")
strict = true
strict = false
pretty_print = true
}
data "ct_config" "worker3_ignition" {
content = file("${path.module}/worker3.bu")
strict = true
strict = false
pretty_print = true
}
@@ -200,6 +200,14 @@ resource "proxmox_virtual_environment_vm" "control_plane1" {
tags = ["control-plane","flatcar","kubernetes","terraform"]
depends_on = [proxmox_virtual_environment_file.control_plane1_ignition]
}
resource "null_resource" "wait_for_cp1" {
depends_on = [proxmox_virtual_environment_vm.control_plane1]
provisioner "local-exec" {
command = "sleep 240" # Warte 2 Minuten
}
}
resource "proxmox_virtual_environment_vm" "control_plane2" {
name = "control-plane2"
node_name = "hyper2"
@@ -232,7 +240,10 @@ resource "proxmox_virtual_environment_vm" "control_plane2" {
user_data_file_id = "${proxmox_virtual_environment_file.control_plane2_ignition.id}"
}
tags = ["control-plane","flatcar","kubernetes","terraform"]
depends_on = [proxmox_virtual_environment_file.control_plane2_ignition]
depends_on = [
proxmox_virtual_environment_file.control_plane2_ignition,
null_resource.wait_for_cp1
]
}
resource "proxmox_virtual_environment_vm" "control_plane3" {
name = "control-plane3"
@@ -266,7 +277,10 @@ resource "proxmox_virtual_environment_vm" "control_plane3" {
user_data_file_id = "${proxmox_virtual_environment_file.control_plane3_ignition.id}"
}
tags = ["control-plane","flatcar","kubernetes","terraform"]
depends_on = [proxmox_virtual_environment_file.control_plane3_ignition]
depends_on = [
proxmox_virtual_environment_file.control_plane3_ignition,
null_resource.wait_for_cp1
]
}
resource "proxmox_virtual_environment_vm" "worker1" {
name = "worker1"
@@ -300,7 +314,10 @@ resource "proxmox_virtual_environment_vm" "worker1" {
user_data_file_id = "${proxmox_virtual_environment_file.worker1_ignition.id}"
}
tags = ["worker","flatcar","kubernetes","terraform"]
depends_on = [proxmox_virtual_environment_file.worker1_ignition]
depends_on = [
proxmox_virtual_environment_file.worker1_ignition,
proxmox_virtual_environment_vm.control_plane1
]
}
resource "proxmox_virtual_environment_vm" "worker2" {
name = "worker2"

147
terraform/terraform.tfstate
View File

File diff suppressed because one or more lines are too long

1407
terraform/terraform.tfstate.backup
View File

File diff suppressed because one or more lines are too long