Develop

.gitignore

@@ -0,0 +1,3 @@
+.log/*
+.cache/*
+.cp/*

README.md

@@ -0,0 +1,31 @@
+# rak8s (pronounced rackets - /ˈrækɪts/)
+
+## Stand up a Raspberry Pi based Kubernetes cluster with Ansible
+
+### Why?
+
+Because Raspberry Pis are rad, Ansible is awesome, and Kubernetes is a killer app! Also, it's cheaper than a year of GKE.
+
+### Prerequisites
+
+* Raspberry Pi 3 (3 or more)
+* [Raspbian Lite](https://www.raspberrypi.org/downloads/raspbian/)
+* Raspberry Pis should have static IPs (requirement for Kubernetes and Ansible inventory)
+* Ability to SSH into all Raspberry Pis and escalate privileges with sudo
+  * The pi user is fine just change its password
+* [Ansible](http://docs.ansible.com/ansible/latest/intro_installation.html) 2.2 or higher
+
+### Recommendations
+
+* Since Raspbian Lite is being used it's recommended that the video memory of the Raspberry Pi 3s be set to its lowest setting (16 MB).
+
+### References & Credits
+
+These playbooks were assembled using a handful of very helpful guides:
+
+* [K8s on (vanilla) Raspbian Lite](https://gist.github.com/alexellis/fdbc90de7691a1b9edb545c17da2d975) by [Alex Ellis](https://www.alexellis.io/)
+* [Installing kubeadm](https://kubernetes.io/docs/setup/independent/install-kubeadm/)
+* [kubernetes/dashboard - Access control - Admin privileges](https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges)
+* [Install using the convenience script](https://docs.docker.com/engine/installation/linux/docker-ce/debian/#install-using-the-convenience-script)
+
+A very special thanks to [**Alex Ellis**](https://www.alexellis.io/) and the [OpenFaaS](https://www.openfaas.com/) community for their assitance in answering questions and making sense of some errors.

ansible.cfg

@@ -0,0 +1,24 @@
+# http://docs.ansible.com/intro_configuration.html
+
+[defaults]
+callback_plugins = callback_plugins
+fact_caching = jsonfile
+fact_caching_connection = .cache/
+fact_caching_timeout = 14400
+force_color = 1
+gathering = smart
+host_key_checking = False
+http_user_agent = ansible-agent
+inventory = inventory
+log_path = .log/ansible.log
+remote_user = pi
+retry_files_enabled = False
+
+[privilege_escalation]
+become = True
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s
+control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
+control_path_dir = .cp
+pipelining = True

cluster.yml

@@ -0,0 +1,13 @@
+- hosts: all
+  roles:
+    - common
+    - kubeadm
+
+- hosts: master
+  roles:
+    - master
+    - dashboard
+
+- hosts: all:!master
+  roles:
+    - workers

group_vars/all.yml

@@ -0,0 +1,2 @@
+token: udy29x.ugyyk3tumg27atmr
+podnet: 10.244.0.0/16

inventory

@@ -0,0 +1,9 @@
+pik8s000    ansible_host=192.168.86.200
+pik8s001    ansible_host=192.168.86.201
+pik8s002    ansible_host=192.168.86.202
+pik8s003    ansible_host=192.168.86.203
+pik8s004    ansible_host=192.168.86.204
+pik8s005    ansible_host=192.168.86.205
+
+[master]
+pik8s000

roles/common/files/cmdline.txt

@@ -0,0 +1 @@
+dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait cgroup_enable=cpuset cgroup_enable=memory

roles/common/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+# tasks file for common
+- name: Enabling cgroup options at boot
+  copy:
+    src: cmdline.txt
+    dest: /boot/cmdline.txt
+    owner: root
+    group: root
+    mode: 0755
+  register: cmdline
+  tags:
+    - boot
+
+- name: Pass bridged IPv4 traffic to iptables' chains
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: 1
+    state: present
+
+- name: apt-get update
+  apt:
+    update_cache=yes
+    autoclean=yes
+    autoremove=yes
+    cache_valid_time=86400
+
+- name: apt-get upgrade
+  apt:
+    upgrade=full
+
+- name: Reboot
+  shell: sleep 2 && shutdown -r now "Ansible Reboot for /boot/cmdline.txt Change"
+  async: 1
+  poll: 0
+  ignore_errors: True
+  when: cmdline|changed
+  tags:
+    - boot
+    - shutdown
+
+- name: Wait for Reboot
+  local_action: wait_for
+  args:
+    host: "{{ inventory_hostname }}"
+    port: 22
+    delay: 15
+    timeout: 90
+  become: False
+  when: cmdline|changed
+  tags:
+    - boot
+    - shutdown

roles/dashboard/files/dashboard-admin.yaml

@@ -0,0 +1,15 @@
+# Doc: https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard
+  labels:
+    k8s-app: kubernetes-dashboard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: kubernetes-dashboard
+  namespace: kube-system

roles/dashboard/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+# tasks file for dashboard
+- name: Install k8s Dashboard
+  shell: kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard-arm.yaml
+
+- name: Configure Dashboard Access
+  shell: kubectl apply -f https://raw.githubusercontent.com/chris-short/pik8s/master/roles/dashboard/files/dashboard-admin.yaml
+
+- name: Fetch kubeconfig file
+  fetch:
+    src: /root/.kube/config
+    dest: ~/.kube/config
+    flat: yes