core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity
2ede262abe
oc-deploy/ansible/notes.md

154 lines
5.0 KiB
Markdown
Raw Normal View History

All the Ansible playbooks used to deploy k3s, argo server, admiralty and minio
2025-09-26 14:12:01 +02:00
Login : admrescue/admrescue
# Deploy VM with ansible
TODO : check with yves or benjamin how to create a qcow2 image with azerty layout and ssh ready
# Deploy k3s
Two password are asked via the prompt :
- First the user that you are connecting to on the host via ssh
- Second the root password
`ansible-playbook -i my_hosts.yaml deploy_k3s.yml --extra-vars " user_prompt=<YOUR_USER>" --ask-pass --ask-become-pass`
# Deploy Argo
password to provide is the one to the user you are connecting to on the host via ssh
`ansible-playbook -i my_hosts.yaml deploy_argo.yml --extra-vars " user_prompt=<YOUR_USER>" --ask-pass --ask-become-pass`
# Deploy Admirality
Install the kubernetes.core collection : `ansible-galaxy collection install kubernetes.core` for ansible to be able to use some kubectl tools.
## Install and prepare Admiralty
This play prepare your machine to use Admiralty in kubernetes. It installs helm, cert-manager and admiralty, then configure your clusters to be an admiralty source or target.
/!\ TODO : declare the list of target and source in a play's vars
`ansible-playbook -i my_hosts.yaml deploy_admiralty.yml --extra-vars "host_prompt=HOSTNAME user_prompt=<YOUR_USER>" --ask-pass --ask-become-pass`
## Share kubeconfig for the control cluster
`ansible-playbook -i ../my_hosts.yaml create_secrets.yml --extra-vars "host_prompt=WORKLOAD_HOST user_prompt=<YOUR_USER> control_host=CONTROL_HOST" --ask-pass --ask-become-pass`
# MinIO
- Limit the Memory
- Limit the replica
- Limit volumeClaimTemplates.spec.resources.requests
- Add LoadBalancer for WebUI
- Corrected command :
> kubectl get secret argo-artifacts --namespace default -o jsonpath="{.data.rootUser}" | base64 --decode
> kubectl get secret argo-artifacts --namespace default -o jsonpath="{.data.rootPassword}" | base64 --decode
- With the output of the last tasks, create a secret in argo namespace to give access to the minio API
```
apiVersion: v1
kind: Secret
metadata:
name: argo-minio-secret
type: Opaque
data:
accessKeySecret: [base64 ENCODED VALUE]
secretKeySecret: [base64 ENCODED VALUE]
```
- Create a ConfigMap, which will be used by argo to create the S3 artifact, the content can match the one from the previously created secret
```
apiVersion: v1
kind: ConfigMap
metadata:
# If you want to use this config map by default, name it "artifact-repositories". Otherwise, you can provide a reference to a
# different config map in `artifactRepositoryRef.configMap`.
name: artifact-repositories
# annotations:
# # v3.0 and after - if you want to use a specific key, put that key into this annotation.
# workflows.argoproj.io/default-artifact-repository: oc-s3-artifact-repository
data:
oc-s3-artifact-repository: |
s3:
bucket: oc-bucket
endpoint: [ retrieve cluster with kubectl get service argo-artifacts -o jsonpath="{.spec.clusterIP}" ]:9000
insecure: true
accessKeySecret:
name: argo-minio-secret
key: accessKeySecret
secretKeySecret:
name: argo-minio-secret
key: secretKeySecret
```
# Use custom container image : local registry
# Mosquitto
`sudo apt update && apt install -y mosquitto mosquitto-clients`
need to add a conf file in `/etc/mosquitto/conf.d/mosquitto.conf` containing :
```
allow_anonymous true
listener 1883 0.0.0.0
```
`sudo systemctl restart mosquitto`
Launch the mosquitto client to receive message on the machine that hosts the mosquitto server : `sudo mosquitto_sub -h 127.0.0.1 -t argo/alpr`
# Argo
## Execute/submite a workflow
```
argo submit PATH_TO_YAML --watch --serviceaccount=argo -n argo
```
# Troubleshoot
## k3s bind to local port
On certain distro you might already have an other mini k8s. A sign of this is k3s being able to install, start but never being stable, restarting non stop.
You should try to see if the port used by k3s are arlready binded :
> sudo netstat -tuln | grep -E '6443|10250'
If those ports are already in use then you should identify which service run behidn them and then stop them and preferably uninstall them.
We have already encountered an instance of `Ubuntu Server` with minikube already installed.
### Remove minikube
```bash
sudo systemctl stop snap.microk8s.daemon-kubelite
sudo systemctl disable snap.microk8s.daemon-kubelite
sudo systemctl restart k3s
```
## Use local container images
We have encountered difficulties declaring container images that correspond to local images (stored in docker.io/library/)
We used a docker hub repository to pull our customized image. For this we need to create a secret holding the login informations to a docker account that has access to this repository, which we then link to the serviceAccount running the workflow :
Create the secret in the argo namespace
```
kubectl create secret docker-registry regcred --docker-username=[DOCKER HUB USERNAME] --docker-password=[DOCKER HUB PASSWORD] -n argo
```
Patch the `argo` serviceAccount to use the secret when pulling image
```
kubectl patch serviceaccount argo -n argo -p '{"imagePullSecrets": [{"name": "regcred"}]}'
```
Reference in New Issue Copy Permalink