Install a Multi-Master Kubernetes Cluster with Ansible

We are going to build a highly available Kubernetes homelab cluster with three control plane nodes and three worker nodes using Ansible.

Disclaimer

Ansible playbooks are based on the Kubernetes homelab deployment that has been covered in this article.

Tested with Ansible 2.9.

Download Files from GitHub

Ansible configuration files used in this article are hosted on GitHub. Clone the following repository:

$ git clone https://github.com/lisenet/kubernetes-homelab.git

Note that this homelab project is under development, therefore please refer to GitHub for any source code changes.

Configure SSH Access to Ansible Managed Hosts

Add your public SSH key to the following file ./roles/hl.users/files/id_rsa_root.pub.

Configure passwordless root SSH authentication from some device where Ansible is installed (e.g. your laptop) to all managed nodes:

$ for i in $(seq 1 6);do ssh-copy-id -f -i ./roles/hl.users/files/id_rsa_root.pub [email protected]${i};done

Create Ansible Vault to Store User Password

Create a file vault.key to store your Ansible vault secret. See ansible.cfg for vault_password_file. Use Ansible vault to create an encrypted file ./roles/hl.users/defaults/secure.yml to store your user password:

$ ansible-vault create ./roles/hl.users/defaults/secure.yml

The variable for user password is “user_password”.

Use Ansible to Install Kubernetes

Run the main playbook:

$ ansible-playbook ./playbooks/main-k8s-hosts.yml

4 thoughts on “Install a Multi-Master Kubernetes Cluster with Ansible

  1. i keep getting this erro :/(

    tried everything just about
    failed: [192.168.10.76] (item={‘name’: ‘ansible’, ‘password’: ‘defined in secure.yml as user_password’}) => changed=false
    ansible_loop_var: item
    item:
    name: ansible
    password: defined in secure.yml as user_password
    msg: |-
    useradd: Permission denied.
    useradd: cannot lock /etc/passwd; try again later.
    name: ansible

Leave a Reply to ronny Cancel reply

Your email address will not be published.