---
- name: Ensure compute resources are present
hosts: localhost
connection: local
gather_facts: no
vars:
service_account_email: [email protected]
credentials_file: ../credentials/ansible-gce.json
project_id: otus-infra
machine_type: n1-standard-1
metadata_controller: '{"sshKeys":"appuser:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxJkxqGiytluhR7NhfEKOIuwcMGbE0HwZDkCWUBpfAzLv+bOuJMezY+PmqG2SPjzHoXhNVAXytW9Xrn2GlTfQJ5s88K+MTlM36I8sgy4OkcEppi8W//eHNkk1xbvKGBcD41EA2/kXXFaC4KZQwsNTxFQY2jNm7gWSIFFuLxTFLndBHFtQE2AHQQXXXUnei0MnFd0GA8IEv2BwTKOEN7G2fCC1a9d2Bzt3TotMHa1Th1quAhVSuwzE5F5SVLZsz//vuQqeHcKvZbCjtlK0mmPZEEnZ8WjFkgmfuBXmoH474QFPYBtFrksL8LpEtg44hv34M/u+5KYnW2RSUkjRYOgVF"}'
metadata_worker: '{"sshKeys":"appuser:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxJkxqGiytluhR7NhfEKOIuwcMGbE0HwZDkCWUBpfAzLv+bOuJMezY+PmqG2SPjzHoXhNVAXytW9Xrn2GlTfQJ5s88K+MTlM36I8sgy4OkcEppi8W//eHNkk1xbvKGBcD41EA2/kXXFaC4KZQwsNTxFQY2jNm7gWSIFFuLxTFLndBHFtQE2AHQQXXXUnei0MnFd0GA8IEv2BwTKOEN7G2fCC1a9d2Bzt3TotMHa1Th1quAhVSuwzE5F5SVLZsz//vuQqeHcKvZbCjtlK0mmPZEEnZ8WjFkgmfuBXmoH474QFPYBtFrksL8LpEtg44hv34M/u+5KYnW2RSUkjRYOgVF","pod-cidr":"10.200.{{ item }}.0/24"}'
image: ubuntu-1604-xenial-v20171011
tasks:
# Create a 'kubernetes-the-hard-way' Network
- name: Create kubernetes-the-hard-way network
gce_net:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
name: kubernetes-the-hard-way
mode: custom
subnet_region: us-west1
subnet_name: "kubernetes"
ipv4_range: '10.240.0.0/24'
state: "present"
- name: Ensure firewall rule for kubernetes-the-hard-way internal is present
gce_net:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
name: kubernetes-the-hard-way
fwname: "kubernetes-the-hard-way-allow-internal"
allowed: 'tcp;udp;icmp'
src_range: ['10.240.0.0/24', '10.200.0.0/16']
state: present
tags: fw
- name: Ensure firewall rule for kubernetes-the-hard-way external is present
gce_net:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
name: kubernetes-the-hard-way
fwname: "kubernetes-the-hard-way-allow-external"
allowed: 'tcp:22,6443;icmp'
src_range: ['0.0.0.0/0']
state: present
tags: fw
# Create a Regional external IP address
- name: Create address
gce_eip:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
name: kubernetes-the-hard-way
region: us-west1
state: present
- name: Ensure controllers are created
gce:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
instance_names: controller-0,controller-1,controller-2
machine_type: "{{ machine_type }}"
metadata: "{{ metadata_controller }}"
image: "{{ image }}"
disk_size: 200
ip_forward: true
service_account_permissions:
- compute-rw
- storage-ro
- service-management
- service-control
- logging-write
- monitoring
network: kubernetes-the-hard-way
subnetwork: kubernetes
zone: us-west1-a
tags:
- kubernetes-the-hard-way
- controller
- group-controller
state: present
- name: Ensure workers are created
gce:
service_account_email: "{{ service_account_email }}"
credentials_file: "{{ credentials_file }}"
project_id: "{{ project_id }}"
instance_names: worker-{{ item }}
machine_type: "{{ machine_type }}"
image: "{{ image }}"
disk_size: 200
ip_forward: true
metadata: "{{ metadata_worker }}"
service_account_permissions:
- compute-rw
- storage-ro
- service-management
- service-control
- logging-write
- monitoring
network: kubernetes-the-hard-way
subnetwork: kubernetes
zone: us-west1-a
tags:
- kubernetes-the-hard-way
- worker
- group-worker
state: present
with_items:
- 0
- 1
- 2
Created
November 23, 2017 14:19
-
-
Save jugatsu/71e77f70de7254aed1589e32b329b5be to your computer and use it in GitHub Desktop.
kubernates-the-hard-way-ansible-03-compute-resosurces.md
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment