refactor(k3s): enhance cluster setup and enable ArgoCD apps
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
@@ -1,26 +0,0 @@
|
||||
---
|
||||
- name: Download K3s install script to /tmp/
|
||||
ansible.builtin.get_url:
|
||||
url: https://get.k3s.io
|
||||
dest: /tmp/k3s_install.sh
|
||||
mode: "0755"
|
||||
|
||||
- name: Install K3s server with node taint and TLS SAN
|
||||
when: (ansible_default_ipv4.address == k3s_primary_server_ip)
|
||||
ansible.builtin.command: |
|
||||
/tmp/k3s_install.sh server \
|
||||
--node-taint CriticalAddonsOnly=true:NoExecute \
|
||||
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}
|
||||
--tls-san {{ k3s_server_name }}
|
||||
become: true
|
||||
register: k3s_primary_install
|
||||
|
||||
- name: Install K3s on the secondary servers
|
||||
when: (ansible_default_ipv4.address != k3s_primary_server_ip)
|
||||
ansible.builtin.command: |
|
||||
/tmp/k3s_install.sh server \
|
||||
--node-taint CriticalAddonsOnly=true:NoExecute \
|
||||
--tls-san {{ k3s.loadbalancer.ip }}
|
||||
environment:
|
||||
K3S_TOKEN: "{{ k3s_token }}"
|
||||
become: true
|
||||
@@ -1,21 +1,29 @@
|
||||
---
|
||||
- name: Install dependencies for apt to use repositories over HTTPS
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
loop:
|
||||
- qemu-guest-agent
|
||||
become: true
|
||||
|
||||
- name: See if k3s file exists
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/k3s
|
||||
register: k3s_status
|
||||
|
||||
- include_tasks: installation.yml
|
||||
when: not k3s_status.stat.exists
|
||||
|
||||
- include_tasks: create_kubeconfig.yml
|
||||
- name: Install primary k3s server
|
||||
include_tasks: primary_installation.yml
|
||||
when: ansible_default_ipv4.address == k3s_primary_server_ip
|
||||
|
||||
- name: Check if k3s token vault file already exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ playbook_dir }}/{{ k3s_server_token_vault_file }}"
|
||||
register: k3s_vault_file_stat
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
- name: Get token from primary k3s server
|
||||
include_tasks: pull_token.yml
|
||||
|
||||
- include_tasks: pull_token.yml
|
||||
when: not k3s_vault_file_stat.stat.exists
|
||||
- name: Install seconary k3s servers
|
||||
include_tasks: secondary_installation.yml
|
||||
when: ansible_default_ipv4.address != k3s_primary_server_ip
|
||||
|
||||
- name: Set kubeconfig on localhost
|
||||
include_tasks: create_kubeconfig.yml
|
||||
when: ansible_default_ipv4.address == k3s_primary_server_ip
|
||||
|
||||
14
roles/k3s_server/tasks/primary_installation.yml
Normal file
14
roles/k3s_server/tasks/primary_installation.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Download K3s install script to /tmp/
|
||||
ansible.builtin.get_url:
|
||||
url: https://get.k3s.io
|
||||
dest: /tmp/k3s_install.sh
|
||||
mode: "0755"
|
||||
|
||||
- name: Install K3s server with and TLS SAN
|
||||
ansible.builtin.command: |
|
||||
/tmp/k3s_install.sh server \
|
||||
--cluster-init
|
||||
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }} \
|
||||
--tls-san {{ k3s_server_name }}
|
||||
become: true
|
||||
@@ -1,6 +1,5 @@
|
||||
- name: Get K3s token from the first server
|
||||
when:
|
||||
- ansible_default_ipv4.address == k3s_primary_server_ip
|
||||
when: ansible_default_ipv4.address == k3s_primary_server_ip
|
||||
ansible.builtin.slurp:
|
||||
src: /var/lib/rancher/k3s/server/node-token
|
||||
register: k3s_token
|
||||
@@ -9,6 +8,8 @@
|
||||
- name: Set fact on k3s_primary_server_ip
|
||||
ansible.builtin.set_fact:
|
||||
k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
|
||||
when:
|
||||
- ansible_default_ipv4.address == k3s_primary_server_ip
|
||||
|
||||
- name: Write K3s token to local file for encryption
|
||||
ansible.builtin.copy:
|
||||
@@ -22,3 +23,4 @@
|
||||
- name: Encrypt k3s token
|
||||
ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{k3s_server_token_vault_file}}"
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
|
||||
21
roles/k3s_server/tasks/secondary_installation.yml
Normal file
21
roles/k3s_server/tasks/secondary_installation.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: Add token vault
|
||||
ansible.builtin.include_vars:
|
||||
file: "{{ playbook_dir }}/{{ k3s_server_token_vault_file }}"
|
||||
name: k3s_token_vault
|
||||
|
||||
- name: Download K3s install script to /tmp/
|
||||
ansible.builtin.get_url:
|
||||
url: https://get.k3s.io
|
||||
dest: /tmp/k3s_install.sh
|
||||
mode: "0755"
|
||||
|
||||
- name: Install K3s on the secondary servers
|
||||
ansible.builtin.command: |
|
||||
/tmp/k3s_install.sh \
|
||||
--server "https://{{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}:{{ k3s.loadbalancer.default_port }}" \
|
||||
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }} \
|
||||
--tls-san {{ k3s_server_name }}
|
||||
environment:
|
||||
K3S_TOKEN: "{{ k3s_token_vault.k3s_token }}"
|
||||
become: true
|
||||
Reference in New Issue
Block a user