Skip to content
Snippets Groups Projects
Commit e68324dd authored by Benguria Elguezabal, Gorka's avatar Benguria Elguezabal, Gorka
Browse files

first attemp with firewall

parent be611059
No related branches found
No related tags found
No related merge requests found
Showing with 125 additions and 9 deletions
...@@ -33,6 +33,7 @@ vms_hash = Psych.load <<-EOF ...@@ -33,6 +33,7 @@ vms_hash = Psych.load <<-EOF
accelerate_3d: false accelerate_3d: false
hdd: hdd:
ip: 192.168.56.10 ip: 192.168.56.10
box: centos/8
nodes: nodes:
- name: kubernetes01 - name: kubernetes01
gui: true gui: true
...@@ -41,6 +42,7 @@ vms_hash = Psych.load <<-EOF ...@@ -41,6 +42,7 @@ vms_hash = Psych.load <<-EOF
accelerate_3d: false accelerate_3d: false
hdd: hdd:
ip: 192.168.56.11 ip: 192.168.56.11
box: centos/8
- name: kubernetes02 - name: kubernetes02
gui: true gui: true
memory: 2048 memory: 2048
...@@ -48,6 +50,7 @@ vms_hash = Psych.load <<-EOF ...@@ -48,6 +50,7 @@ vms_hash = Psych.load <<-EOF
accelerate_3d: false accelerate_3d: false
hdd: hdd:
ip: 192.168.56.12 ip: 192.168.56.12
box: centos/8
- name: kubernetes03 - name: kubernetes03
gui: true gui: true
memory: 2048 memory: 2048
...@@ -55,13 +58,23 @@ vms_hash = Psych.load <<-EOF ...@@ -55,13 +58,23 @@ vms_hash = Psych.load <<-EOF
accelerate_3d: false accelerate_3d: false
hdd: hdd:
ip: 192.168.56.13 ip: 192.168.56.13
- name: kubernetes04 box: centos/8
gui: true # - name: kubernetes04
memory: 2048 # gui: true
cores: 2 # memory: 2048
accelerate_3d: false # cores: 2
hdd: # accelerate_3d: false
ip: 192.168.56.14 # hdd:
# ip: 192.168.56.14
# box: centos/8
# - name: ubuntu
# gui: true
# memory: 2048
# cores: 2
# accelerate_3d: false
# hdd:
# ip: 192.168.56.15
# box: ubuntu/focal64
EOF EOF
#we can also load this from and external file #we can also load this from and external file
...@@ -84,7 +97,7 @@ Vagrant.configure("2") do |config| ...@@ -84,7 +97,7 @@ Vagrant.configure("2") do |config|
config.vm.define vms.management.name, primary: true do |subconfig| config.vm.define vms.management.name, primary: true do |subconfig|
subconfig.vagrant.plugins = ["vagrant-disksize","vagrant-vbguest"] subconfig.vagrant.plugins = ["vagrant-disksize","vagrant-vbguest"]
subconfig.vm.box = "centos/8" subconfig.vm.box = vms.management.box
# http://cloud.centos.org/centos/8/x86_64/images/ # http://cloud.centos.org/centos/8/x86_64/images/
# subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.1.1911-20200113.3.x86_64.vagrant-virtualbox.box" # subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.1.1911-20200113.3.x86_64.vagrant-virtualbox.box"
subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.3.2011-20201204.2.x86_64.vagrant-virtualbox.box" subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.3.2011-20201204.2.x86_64.vagrant-virtualbox.box"
...@@ -192,7 +205,7 @@ Vagrant.configure("2") do |config| ...@@ -192,7 +205,7 @@ Vagrant.configure("2") do |config|
config.vm.define node.name do |subconfig| config.vm.define node.name do |subconfig|
subconfig.vagrant.plugins = ["vagrant-disksize","vagrant-vbguest"] subconfig.vagrant.plugins = ["vagrant-disksize","vagrant-vbguest"]
subconfig.vm.box = "centos/8" subconfig.vm.box = node.box
# http://cloud.centos.org/centos/8/x86_64/images/ # http://cloud.centos.org/centos/8/x86_64/images/
# subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.1.1911-20200113.3.x86_64.vagrant-virtualbox.box" # subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.1.1911-20200113.3.x86_64.vagrant-virtualbox.box"
subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.3.2011-20201204.2.x86_64.vagrant-virtualbox.box" subconfig.vm.box_url = "http://cloud.centos.org/centos/8/x86_64/images/CentOS-8-Vagrant-8.3.2011-20201204.2.x86_64.vagrant-virtualbox.box"
......
#!/bin/bash
set -e
# check if docker-compose is available if it is installed exist
echo Cleaning Kubernetes...
ansible-playbook firewall_enable/site.yaml
#!/bin/bash
set -e
# check if docker-compose is available if it is installed exist
echo Cleaning Kubernetes...
ansible-playbook firewall_kubernetes/site.yaml
#!/bin/bash
set -e
# check if docker-compose is available if it is installed exist
echo Cleaning Kubernetes...
ansible-playbook firewall_disable/site.yaml
- block:
- name: 'Populate service facts'
service_facts:
- name: 'Disable firewalld Services'
service:
name: "{{item}}"
state: stopped
enabled: no
loop:
- firewalld.service
when: ansible_facts.services[item] is defined
ignore_errors: yes
become: yes
# modified from https://github.com/danpilch/easy-kubeadm
---
- hosts: all
# become: yes
roles:
- name: firewall_disable
\ No newline at end of file
- block:
- name: 'Populate service facts'
service_facts:
# - name: 'print services'
# debug:
# var: ansible_facts.services
- name: 'Disable firewalld Services'
service:
name: "{{item}}"
state: started
enabled: yes
loop:
- firewalld.service
when: ansible_facts.services[item] is defined
ignore_errors: yes
become: yes
# modified from https://github.com/danpilch/easy-kubeadm
---
- hosts: all
# become: yes
roles:
- name: firewall_enable
# https://dzone.com/articles/kubespray-10-simple-steps-for-installing-a-product
---
- block:
- name: 'activate common kubernetes ports'
firewalld:
port: "{{item}}"
permanent: yes
state: enabled
loop:
- 10251/tcp
- 10252/tcp
- 2379-2380/tcp
- 6443/tcp
become: yes
# https://dzone.com/articles/kubespray-10-simple-steps-for-installing-a-product
---
- block:
- name: 'activate master kubernetes ports'
firewalld:
port: "{{item}}"
permanent: yes
state: enabled
loop:
- 10250/tcp
- 10255/tcp
- 30000-32767/tcp
- 6783/tcp
become: yes
# modified from https://github.com/danpilch/easy-kubeadm
---
- hosts: all_kubernetes_servers
roles:
- name: firewall_kubernetes
- hosts: kubernetes_masters
roles:
- name: firewall_kubernetes_master
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment