Ansible Role For Provisioning K8s Cluster on AWS

We have discussed how we can use K8s for managing our containers. But setting up the k8s cluster is a very long and complicated task. So, In this article, we will discuss how we can create ansible roles to provision k8s cluster on AWS.

As we are provisioning the k8s cluster, we may need more slave nodes. So, entering the IP of every new slave can be a very tough task. So, we will be using dynamic inventory.

If you don’t have much idea about Kubernetes, then you can read the above article.

Pre-requisites

  • Install boto and boto3 Python Library
#pip3 install boto3

Configuration File

As we are configuring ec2-instance, so we need to provide a key location and use become to log in as root.

Creating Roles

Roles are like an empty skeleton of an architecture you have to add steps by typing code into the modules present inside these roles.

  • Ansible playbooks can be very similar: code used in one playbook can be useful in other playbooks also
  • To make it easy to re-use the code, roles can be used.
  • An Ansible role is composed of multiple folders, each of which contains several YAML files.
  • By default, they have a main.yml file, but they can have more than one when needed.
  • This is a standardized structure for all Ansible roles, which allows Ansible playbooks to automatically load predefined variables, tasks, handlers, templates, and default values located in separate YAML files.
  • Each Ansible role should contain at least one of the following directories, if not all of them.
roles
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml

Here we will be creating four roles: one is for launching ec2, one for common configuration, one for master configuration, and another for slave configuration.

As roles are successfully configured, we will create tasks for each respective role.

ec2_provisioning

After creating the role we create the task for launching the ec2 instance.

./tasks/main.yml

We launch 3 instances: 1 as master and 2 as slaves. Tags are very important as they will be used in dynamic Inventory.

We use variables here for security.

./vars/main.yml

We have vars folder for storing the variables, from there ansible picks all the variable values by default. We also need to encrypt the variable file as it contains sensitive information.

common_setup

After creating the role we create the task for installing common software for master and slave.

./tasks/main.yml

./handlers/main.yml

./files/docker_daemon.json

master_setup

After creating the role we create the task to provision the master node.

./tasks/main.yml

slave_setup

After creating the role we create the task to provision the slave node.

./tasks/main.yml

inventory

wget https://raw.githubusercontent.com/Rajnish-TheGreat/Ansible_playbook_for_haproxy_loadserver/master/inventory/ec2.py
wget https://raw.githubusercontent.com/Rajnish-TheGreat/Ansible_playbook_for_haproxy_loadserver/master/inventory/ec2.ini

To create a dynamic inventory, we need a python script. The script will go to AWS and retrieve the IP from there.

Here we need 2 files one is ec2.py and another one is ec2.ini.

Before running the file we have to export the AWS access key and AWS secret key so that authentication will be done successfully

export AWS_REGION='ap-south-1'
export AWS_ACCESS_KEY_ID='IAM User Access Key Here'
export AWS_SECRET_ACCESS_KEY='IAM User Secret Key Here'

then we are capable of getting the IP of the instance or os running on the cloud (AWS CLOUD).

After This will need to make these files executable. So, that we can use them

chmod +x ec2.py
chmod +x ec2.ini

You may face these errors while executing the file. So, you can solve the error by the method shown in the image.

The structure of roles and playbooks will be like this:

.
├── ansible.cfg
├── common_setup
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ └── docker_daemon.json
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
├── config.yml
├── ec2_provisioning
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
├── ec2.yml
├── inventory
│ ├── ec2.ini
│ └── ec2.py
├── master_setup
│ ├── defaults
│ │ └── main.yml
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
├── README.md
└── slave_setup
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml

Now, we just need to run the playbook and see the magic.

First, we will run the playbook of ec2. As we have stored variables inside the ansible vault, we have to provide passwords also.

Now, we will run the playbook to provision the master and slave node.

output

Playbook has been successfully run. Now, we have to check if it has configured everything properly or not.

slave_node

First, we will check if services are running in slave or not

As we can see all the services running successfully, we will log in to the master node for further confirmation.

master_node

As we can see all the nodes are connected and up. So, let’s try to launch a pod for further confirmation.

We can see all the pods are running and the pod launched by us is also running. So, let’s expose it using svc and check the result.

website

As we can see everything is working perfectly. Hence, we can say the configuration was successful. The playbooks can be downloaded from the GitHub link below.

I hope the article was able to solve your manual configuration issues. If you have any feedback or suggestion, you can comment below.

You can appreciate the article by giving it a like and posting comments about your feedback here or on LinkedIn.