tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(k3s): enhance cluster setup and enable ArgoCD apps

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-07-22 07:23:09 +02:00
parent e1a2248154
commit 976cad51e2
38 changed files with 401 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
playbooks/k3s-loadbalancer.yml
View File

@@ -11,7 +11,7 @@
tags: tags:
- k3s_loadbalancer - k3s_loadbalancer
when: inventory_hostname in groups["k3s_loadbalancer"] when: inventory_hostname in groups["k3s_loadbalancer"]
- role: node_exporter # - role: node_exporter
tags: # tags:
- node_exporter # - node_exporter
when: inventory_hostname in groups["k3s_loadbalancer"] # when: inventory_hostname in groups["k3s_loadbalancer"]

8
playbooks/k3s-servers.yml
View File

@@ -3,10 +3,10 @@
hosts: k3s hosts: k3s
gather_facts: true gather_facts: true
roles: roles:
- role: common # - role: common
tags: # tags:
- common # - common
when: inventory_hostname in groups["k3s_server"] # when: inventory_hostname in groups["k3s_server"]
- role: k3s_server - role: k3s_server
tags: tags:
- k3s_server - k3s_server

8
playbooks/k3s-storage.yml
View File

@@ -10,7 +10,7 @@
when: inventory_hostname in groups["k3s_storage"] when: inventory_hostname in groups["k3s_storage"]
tags: tags:
- k3s_storage - k3s_storage
- role: node_exporter # - role: node_exporter
when: inventory_hostname in groups["k3s_storage"] # when: inventory_hostname in groups["k3s_storage"]
tags: # tags:
- node_exporter # - node_exporter

2
playbooks/kubernetes_setup.yml
View File

@@ -16,3 +16,5 @@
when: is_localhost when: is_localhost
- role: kubernetes_cert_manager - role: kubernetes_cert_manager
when: is_localhost when: is_localhost
# - role: kubernetes_argo_apps
# when: is_localhost

1
roles/docker_host/tasks/20_installation.yml
View File

@@ -26,6 +26,7 @@
- curl - curl
- gnupg - gnupg
- lsb-release - lsb-release
- qemu-guest-agent
become: true become: true
- name: Add Docker apt key. - name: Add Docker apt key.

1
roles/docker_host/tasks/main.yml
View File

@@ -1,6 +1,7 @@
--- ---
- name: Setup VM - name: Setup VM
ansible.builtin.include_tasks: 10_setup.yml ansible.builtin.include_tasks: 10_setup.yml
- name: Install docker - name: Install docker
ansible.builtin.include_tasks: 20_installation.yml ansible.builtin.include_tasks: 20_installation.yml

8
roles/k3s_agent/tasks/installation.yml
View File

@@ -1,4 +1,12 @@
--- ---
- name: Install dependencies for apt to use repositories over HTTPS
ansible.builtin.apt:
name: "{{ item }}"
state: present
loop:
- qemu-guest-agent
become: true
- name: See if k3s file exists - name: See if k3s file exists
ansible.builtin.stat: ansible.builtin.stat:
path: /usr/local/bin/k3s path: /usr/local/bin/k3s

2
roles/k3s_loadbalancer/tasks/configuration.yml
View File

@@ -9,8 +9,6 @@
become: true become: true
notify: notify:
- Restart nginx - Restart nginx
vars:
k3s_server_ips: "{{ k3s_primary_server_ip }}"
- name: Enable nginx - name: Enable nginx
ansible.builtin.systemd: ansible.builtin.systemd:

8
roles/k3s_loadbalancer/tasks/installation.yml
View File

@@ -4,6 +4,14 @@
update_cache: true update_cache: true
become: true become: true
- name: Install dependencies for apt to use repositories over HTTPS
ansible.builtin.apt:
name: "{{ item }}"
state: present
loop:
- qemu-guest-agent
become: true
- name: Install Nginx - name: Install Nginx
ansible.builtin.apt: ansible.builtin.apt:
name: name:

1
roles/k3s_loadbalancer/tasks/main.yml
View File

@@ -1,6 +1,7 @@
--- ---
- name: Installation - name: Installation
ansible.builtin.include_tasks: installation.yml ansible.builtin.include_tasks: installation.yml
- name: Configure - name: Configure
ansible.builtin.include_tasks: configuration.yml ansible.builtin.include_tasks: configuration.yml

13
roles/k3s_loadbalancer/templates/nginx.conf.j2
View File

@@ -3,7 +3,6 @@ include /etc/nginx/modules-enabled/*.conf;
events {} events {}
stream { stream {
# TCP Load Balancing for the K3s API
upstream k3s_servers { upstream k3s_servers {
{% for ip in k3s_server_ips %} {% for ip in k3s_server_ips %}
server {{ ip }}:{{ k3s.loadbalancer.default_port }}; server {{ ip }}:{{ k3s.loadbalancer.default_port }};
@@ -15,6 +14,18 @@ stream {
proxy_pass k3s_servers; proxy_pass k3s_servers;
} }
upstream etcd_servers {
{% for ip in k3s_server_ips %}
server {{ ip }}:2379;
{% endfor %}
}
server {
listen 2379;
proxy_pass etcd_servers;
}
upstream dns_servers { upstream dns_servers {
{% for ip in k3s_server_ips %} {% for ip in k3s_server_ips %}
server {{ ip }}:53; server {{ ip }}:53;

26
roles/k3s_server/tasks/installation.yml
View File

@@ -1,26 +0,0 @@
---
- name: Download K3s install script to /tmp/
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /tmp/k3s_install.sh
mode: "0755"
- name: Install K3s server with node taint and TLS SAN
when: (ansible_default_ipv4.address == k3s_primary_server_ip)
ansible.builtin.command: |
/tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}
--tls-san {{ k3s_server_name }}
become: true
register: k3s_primary_install
- name: Install K3s on the secondary servers
when: (ansible_default_ipv4.address != k3s_primary_server_ip)
ansible.builtin.command: |
/tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ k3s.loadbalancer.ip }}
environment:
K3S_TOKEN: "{{ k3s_token }}"
become: true

32
roles/k3s_server/tasks/main.yml
View File

@@ -1,21 +1,29 @@
--- ---
- name: Install dependencies for apt to use repositories over HTTPS
ansible.builtin.apt:
name: "{{ item }}"
state: present
update_cache: true
loop:
- qemu-guest-agent
become: true
- name: See if k3s file exists - name: See if k3s file exists
ansible.builtin.stat: ansible.builtin.stat:
path: /usr/local/bin/k3s path: /usr/local/bin/k3s
register: k3s_status register: k3s_status
- include_tasks: installation.yml - name: Install primary k3s server
when: not k3s_status.stat.exists include_tasks: primary_installation.yml
- include_tasks: create_kubeconfig.yml
when: ansible_default_ipv4.address == k3s_primary_server_ip when: ansible_default_ipv4.address == k3s_primary_server_ip
- name: Check if k3s token vault file already exists - name: Get token from primary k3s server
ansible.builtin.stat: include_tasks: pull_token.yml
path: "{{ playbook_dir }}/{{ k3s_server_token_vault_file }}"
register: k3s_vault_file_stat
delegate_to: localhost
run_once: true
- include_tasks: pull_token.yml - name: Install seconary k3s servers
when: not k3s_vault_file_stat.stat.exists include_tasks: secondary_installation.yml
when: ansible_default_ipv4.address != k3s_primary_server_ip
- name: Set kubeconfig on localhost
include_tasks: create_kubeconfig.yml
when: ansible_default_ipv4.address == k3s_primary_server_ip

14
roles/k3s_server/tasks/primary_installation.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: Download K3s install script to /tmp/
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /tmp/k3s_install.sh
mode: "0755"
- name: Install K3s server with and TLS SAN
ansible.builtin.command: |
/tmp/k3s_install.sh server \
--cluster-init
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }} \
--tls-san {{ k3s_server_name }}
become: true

6
roles/k3s_server/tasks/pull_token.yml
View File

@@ -1,6 +1,5 @@
- name: Get K3s token from the first server - name: Get K3s token from the first server
when: when: ansible_default_ipv4.address == k3s_primary_server_ip
- ansible_default_ipv4.address == k3s_primary_server_ip
ansible.builtin.slurp: ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/node-token src: /var/lib/rancher/k3s/server/node-token
register: k3s_token register: k3s_token
@@ -9,6 +8,8 @@
- name: Set fact on k3s_primary_server_ip - name: Set fact on k3s_primary_server_ip
ansible.builtin.set_fact: ansible.builtin.set_fact:
k3s_token: "{{ k3s_token['content'] | b64decode | trim }}" k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
when:
- ansible_default_ipv4.address == k3s_primary_server_ip
- name: Write K3s token to local file for encryption - name: Write K3s token to local file for encryption
ansible.builtin.copy: ansible.builtin.copy:
@@ -22,3 +23,4 @@
- name: Encrypt k3s token - name: Encrypt k3s token
ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{k3s_server_token_vault_file}}" ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{k3s_server_token_vault_file}}"
delegate_to: localhost delegate_to: localhost
run_once: true

21
roles/k3s_server/tasks/secondary_installation.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Add token vault
ansible.builtin.include_vars:
file: "{{ playbook_dir }}/{{ k3s_server_token_vault_file }}"
name: k3s_token_vault
- name: Download K3s install script to /tmp/
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /tmp/k3s_install.sh
mode: "0755"
- name: Install K3s on the secondary servers
ansible.builtin.command: |
/tmp/k3s_install.sh \
--server "https://{{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}:{{ k3s.loadbalancer.default_port }}" \
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }} \
--tls-san {{ k3s_server_name }}
environment:
K3S_TOKEN: "{{ k3s_token_vault.k3s_token }}"
become: true

14
roles/kubernetes_cert_manager/tasks/main.yml
View File

@@ -19,13 +19,6 @@
name: cert-manager-webhook-netcup name: cert-manager-webhook-netcup
repo_url: https://aellwein.github.io/cert-manager-webhook-netcup/charts/ repo_url: https://aellwein.github.io/cert-manager-webhook-netcup/charts/
- name: Install NetCup Webhook
kubernetes.core.helm:
name: my-cert-manager-webhook-netcup
chart_ref: cert-manager-webhook-netcup/cert-manager-webhook-netcup
release_namespace: cert-manager
create_namespace: true
- name: Download cert-manager manifest - name: Download cert-manager manifest
ansible.builtin.get_url: ansible.builtin.get_url:
url: "{{ cert_manager_manifest }}" url: "{{ cert_manager_manifest }}"
@@ -75,3 +68,10 @@
tags: tags:
- cert_manager - cert_manager
- certificate - certificate
- name: Install NetCup Webhook
kubernetes.core.helm:
name: my-cert-manager-webhook-netcup
chart_ref: cert-manager-webhook-netcup/cert-manager-webhook-netcup
release_namespace: cert-manager
create_namespace: true

2
roles/kubernets_argo_apps/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
argocd_apps_repo_url: ssh://git@git.tudattr.dev/tudattr/argocd.git
argocd_apps_target_revision: main

10
roles/kubernets_argo_apps/tasks/install_argo_app.yml Normal file
View File

@@ -0,0 +1,10 @@
- name: Render Argo CD Application YAML to a variable
ansible.builtin.set_fact:
argo_app_manifest: "{{ lookup('ansible.builtin.template', '../templates/argo_app.yaml.j2') }}"
- name: Apply Argo CD Application to Kubernetes using k8s module
kubernetes.core.k8s:
state: present
definition: "{{ argo_app_manifest }}"
register: k8s_apply_result
delegate_to: localhost

5
roles/kubernets_argo_apps/tasks/main.yml Normal file
View File

@@ -0,0 +1,5 @@
- name: Install Argo Application
ansible.builtin.include_tasks: ./install_argo_app.yml
loop: argo_apps
loop_control:
loop_var: app

24
roles/kubernets_argo_apps/templates/argo-app.yaml.j2 Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ app.name }}
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ argocd_apps_repo_url }}
targetRevision: {{ argocd_apps_target_revision | default("HEAD") }}
path: argocd/{{ app.name }}
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: {{ argocd_apps_target_namespace | default(app.name) }}
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

11
roles/kubernets_argo_apps/templates/argo_repo.yaml.j2 Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: argoproj.io/v1alpha1
kind: Repository
metadata:
name: {{ argocd_apps_repo_name }}
namespace: argocd
spec:
url: {{ argocd_apps_repo_url }}
type: git
sshPrivateKeySecret:
name: {{ argocd_apps_ssh_private_key_secret_name }}
key: {{ argocd_apps_ssh_private_key_secret_key }}

2
roles/proxmox/vars/main.yml
View File

@@ -19,8 +19,6 @@ proxmox_tags:
- "{{ proxmox_creator }}" - "{{ proxmox_creator }}"
proxmox_node_dependencies: proxmox_node_dependencies:
- libguestfs-tools
- qemu-guest-agent
- nmap - nmap
proxmox_localhost_dependencies: [] proxmox_localhost_dependencies: []

2
roles/reverse_proxy/tasks/20_xcaddy_install.yml
View File

@@ -25,7 +25,7 @@
become: true become: true
- name: Build Custom Caddy with netcup - name: Build Custom Caddy with netcup
ansible.builtin.command: xcaddy build --with github.com/caddy-dns/netcup {{ reverse_proxy_caddy_version}} ansible.builtin.command: xcaddy build --with github.com/caddy-dns/netcup
environment: environment:
PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin" PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin"
register: xcaddy_build register: xcaddy_build

19
roles/reverse_proxy/templates/Caddyfile.j2
View File

@@ -1,8 +1,16 @@
{ {
acme_dns netcup {
customer_number {{ netcup_customer_id }}
api_key {{ netcup_api_key }}
api_password {{ netcup_api_password }}
}
email {{ caddy.admin_email | default('admin@example.com') }} email {{ caddy.admin_email | default('admin@example.com') }}
acme_ca {{ caddy.acme_ca | default('https://acme-v02.api.letsencrypt.org/directory') }} acme_ca {{ caddy.acme_ca | default('https://acme-v02.api.letsencrypt.org/directory') }}
} }
*.{{ domain }} {
}
{% for service in services %} {% for service in services %}
{% if service.ports is defined %} {% if service.ports is defined %}
{% if service.ports is iterable %} {% if service.ports is iterable %}
@@ -16,17 +24,6 @@
output file /var/log/caddy/{{ service.name }}.log output file /var/log/caddy/{{ service.name }}.log
format json format json
} }
tls {
dns netcup {
customer_number {{ vault_netcup.customer_number }}
api_key {{ vault_netcup.api_key }}
api_password {{ vault_netcup.api_password }}
}
propagation_timeout 900s
propagation_delay 600s
resolvers 1.1.1.1
}
} }
{% endif %} {% endif %}

2
roles/reverse_proxy/vars/main.yml
View File

@@ -1,4 +1,4 @@
reverse_proxy_caddy_version: v2.9.1 reverse_proxy_caddy_version: v1.0.0
reverse_proxy_custom_caddy_source_path: "{{ ansible_env.HOME }}/caddy" reverse_proxy_custom_caddy_source_path: "{{ ansible_env.HOME }}/caddy"
reverse_proxy_default_caddy_path: "/usr/bin/caddy" reverse_proxy_default_caddy_path: "/usr/bin/caddy"

4
vars/docker.ini
View File

@@ -1,10 +1,10 @@
[docker_host] [docker_host]
docker-host01 ansible_become_pass="{{ vault_docker.host01.sudo }}" docker-host11
docker-host10 docker-host10
docker-host12 docker-host12
[docker_lb] [docker_lb]
docker-lb ansible_become_pass="{{ vault_docker.lb.sudo }}" docker-lb
[docker] [docker]

92
vars/group_vars/docker/docker.yml
View File

@@ -78,7 +78,7 @@ services:
- VERSION=docker - VERSION=docker
- name: jellyfin - name: jellyfin
vm: vm:
- docker-host01 - docker-host11
container_name: jellyfin container_name: jellyfin
image: jellyfin/jellyfin:10.10 image: jellyfin/jellyfin:10.10
volumes: volumes:
@@ -108,7 +108,7 @@ services:
environment: environment:
- name: hass - name: hass
vm: vm:
- docker-host01 - docker-host11
container_name: homeassistant container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable" image: "ghcr.io/home-assistant/home-assistant:stable"
privileged: true privileged: true
@@ -284,7 +284,7 @@ services:
external: "{{ services_external_http.pdf }}" external: "{{ services_external_http.pdf }}"
- name: git - name: git
vm: vm:
- docker-host01 - docker-host11
container_name: gitea container_name: gitea
image: gitea/gitea:1.23-rootless image: gitea/gitea:1.23-rootless
volumes: volumes:
@@ -408,9 +408,9 @@ services:
- QBT_WEBUI_PORT="8082" - QBT_WEBUI_PORT="8082"
- name: cadvisor - name: cadvisor
vm: vm:
- docker-host12
- docker-host10 - docker-host10
- docker-host01 - docker-host11
- docker-host12
container_name: cadvisor container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.52.1 image: gcr.io/cadvisor/cadvisor:v0.52.1
ports: ports:
@@ -432,7 +432,7 @@ services:
external: /var/lib/docker external: /var/lib/docker
- name: karakeep - name: karakeep
vm: vm:
- docker-host01 - docker-host11
container_name: karakeep container_name: karakeep
image: ghcr.io/karakeep-app/karakeep:0.23.2 image: ghcr.io/karakeep-app/karakeep:0.23.2
ports: ports:
@@ -460,43 +460,43 @@ services:
openai_key: "{{ vault_docker.karakeep.openai_key }}" openai_key: "{{ vault_docker.karakeep.openai_key }}"
- name: chrome - name: chrome
version: 123 version: 123
- name: keycloak # - name: keycloak
vm: # vm:
- docker-host01 # - docker-host11
container_name: keycloak # container_name: keycloak
image: quay.io/keycloak/keycloak:26.2 # image: quay.io/keycloak/keycloak:26.2
depends_on: # depends_on:
- keycloak-postgres # - keycloak-postgres
ports: # ports:
- name: "http" # - name: "http"
internal: 8080 # internal: 8080
external: "{{ services_external_http.keycloak }}" # external: "{{ services_external_http.keycloak }}"
volumes: # volumes:
- name: "config" # - name: "config"
internal: /opt/keycloak/data/import/homelab-realm.json # internal: /opt/keycloak/data/import/homelab-realm.json
external: "{{ docker.directories.local }}/keycloak/homelab-realm.json" # external: "{{ docker.directories.local }}/keycloak/homelab-realm.json"
- name: "config" # - name: "config"
internal: /opt/keycloak/data/import/master-realm.json # internal: /opt/keycloak/data/import/master-realm.json
external: "{{ docker.directories.local }}/keycloak/master-realm.json" # external: "{{ docker.directories.local }}/keycloak/master-realm.json"
command: # command:
- "start" # - "start"
- "--import-realm" # - "--import-realm"
environment: # environment:
- KC_DB=postgres # - KC_DB=postgres
- KC_DB_URL=jdbc:postgresql://keycloak-postgres:5432/keycloak # - KC_DB_URL=jdbc:postgresql://keycloak-postgres:5432/keycloak
- KC_DB_USERNAME={{ keycloak_config.database.username }} # - KC_DB_USERNAME={{ keycloak_config.database.username }}
- KC_DB_PASSWORD={{ keycloak_config.database.password }} # - KC_DB_PASSWORD={{ keycloak_config.database.password }}
- KC_HOSTNAME=keycloak.{{ internal_domain }} # - KC_HOSTNAME=keycloak.{{ internal_domain }}
- KC_HTTP_ENABLED=true # - KC_HTTP_ENABLED=true
- KC_HTTP_RELATIVE_PATH=/ # - KC_HTTP_RELATIVE_PATH=/
- KC_PROXY=edge # - KC_PROXY=edge
- KC_PROXY_HEADERS=xforwarded # - KC_PROXY_HEADERS=xforwarded
- KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }} # - KC_HOSTNAME_URL=https://keycloak.{{ internal_domain }}
- KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }} # - KC_HOSTNAME_ADMIN_URL=https://keycloak.{{ internal_domain }}
- KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }} # - KC_BOOTSTRAP_ADMIN_USERNAME=serviceadmin-{{ keycloak_admin_hash }}
- KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault_docker.keycloak.admin.password }} # - KC_BOOTSTRAP_ADMIN_PASSWORD={{ vault_docker.keycloak.admin.password }}
sub_service: # sub_service:
- name: postgres # - name: postgres
version: 17 # version: 17
username: "{{ keycloak_config.database.username }}" # username: "{{ keycloak_config.database.username }}"
password: "{{ keycloak_config.database.password }}" # password: "{{ keycloak_config.database.password }}"

97
vars/group_vars/docker/secrets.yml
View File

@@ -1,53 +1,46 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30306666383965373266313366653831386438333732386238623261356631383664323462663135 33323936633431613435363163396538366265336666373735376432383064393361353562623864
6163663162383431623931393831376163636262363766350a316463646662343161366531316531 3366666130666163613234623164333164383565373366390a623932383934366239663765646633
36323665366263616565633064646664383065346166343536313633613034353030303062383637 32393336653165386135613432656363386438343862633735653938666364386365313563376464
3139393833316232610a383031363839393463336461653963363131303664663765656234363531 6435363766383361310a303739323866623532363765343730336339616464373435636431356463
62666665333730623463663134386232383534353334333336363434653838353762323063383562 66613830636261653135396437663433636435363033666162313739666237393939313039376537
36316533303333313565646139306238316534383235336432346364633265316435373763313861 32393033326365376235623437663436373532333231656334653161623865666361663166663431
62353566623665306137643934333534653730386138383462623864613433303633386339643461 31353966323134646563393731376261663235366263643435303330383431643635656161396332
33373330656431336434353965303133363237393864333634383463663065303633646239656665 31623266656330393666636539366364376634373230646264646563326334653261623964326631
64623562373864353865656664323064343535303931363635376233666339656236363133643536 61323463376131663239313439656361363430313062623432363264626239336336316138643064
37653831396538366466663830376665386231633438316437396331323534386433313634383137 64383065353965373431643665626332666330323961393764393237383635306666346336613435
32356435383965616635373432633563653630326334303165316166383165353734393966363861 61346231336263346465383333336365336436336631343633303131356633626131333165613637
32333534386634633561356538626536383838653461353664303264333737326237383234373561 39303764333036353365666366376161386561386339616131383333333833343131653464623335
35333234643461303961646430343334306332663039326237353836656531363262633661366138 63363837633565646264393833313934366664326130393961666136373966386432663065376465
32386635343738383732663538313164316531386564653939373032653631396566386638316464 62383632393033633935373635613739613463616133653734393139666138306366383362623733
38313731653234343037633066393134346136636637616666653038383464623065386635623031 32323537623163636262303566353133646532653834653934326533313466396165373135316565
34363064333036336263613964396433303538353134623130303032356438323237366664336238 63636330616638343537393332376638363563393833303333376465393130643933373261653832
36333335363261363038346264633263636461376538613866313935623762623234393763356638 34663163663064646235393736366331313933396431626634323764343439633139316535666662
32313363653739376333646235306136616132366566356530613362313436306361306633643262 61646663626530626431636436626164303838336464346366323938306266333864333638633832
65373039393636303164383736643631323662613637316565313938616436643137343065353261 61663239656238656532303264613365653036626330653561393633666533613663643933646366
63313661356633623266353233346436323230623966373262353336333935383938356462643637 38313736396236646263353432393936623266333566366538613863393264343235643539663566
39373232643035396533353063376234316330353764313930363435303932656464396265303035 62396133613331393630373239643536653739643065343239613231333437616266333632646531
35313463393664326438346161633735333639303930396166663730303033663836663232363733 61633464356564353032663231363639363163376330376532326538386238623637626633336431
65323839376638306133393161363864623365623238646165383765646139366535323631346437 35313165363638393536346335366664656462616363393239623064363932393033623436333565
64356465623366666439626463636261616439323230393938386231653837393738363532313962 61636565323862633162326330383937393231326462356662356634643735306137356136363365
33636635653862363962393966336235383361646366386365656338613064303133313364346532 39653632636138393866376135616164303265613738333137393331303032313237613162663237
36643566326564316335393534323836623963633638326531623030666334313665666636633639 63343432643432396164343531626131336438306336626332303534303638353631383964383736
64393139343637633036303236333861386135303235343735613431643734356338336537663138 37383437396464306537643433366364653065653538343866656334366336373263636135373637
35313063363966353837633130313739643630623263653064656530343131616465303664656536 32633937623765623163363832396165646561396431333765323663616632633434663364663532
37616534353033343235663665396437326338336661303566376361386665373930616130396136 65653430313436396539613530306564613334646133326564373261346237313862623761326636
37666338336538626663363639333532636566323634663135376239336339393838383837346239 33383037323736636532393064363137353633386439373065373166363161373863363635333963
63383636333038633264396463353739313234336338383639396531626534393764626235636338 62363939333961653837313838366362626638333966326135386333323637343830623034643331
31663865666530336666333137343835393739623732633630303833396539363131343663626235 35323865663536663761653730666438376664636435656331393166653334313366343038623937
31313563366264333737363036316136336138616134656232626438313033333136663731376531 61653262383161353866366433386365646431663738663131643161376634643039663231336565
32613237393463346161613334386135633661386666633135323133376335336631356437613261 65343336306230316430663231643166663366643431396530646465653363643462303430653264
63393132623863336461386431666263376265393138316162356239363037653065623633333632 62393164643664366439336435386435653932613733656662653737373238343734376165666634
62376131303532373031626431323030666165306336343764343363366661626333396233636231 66653561383633376233396232656465386461656431323565333039363638663431656437393062
31333836353731363062663334333736316265653130333836623236373263316639316437343537 61663662343763643635306331323566366234386634386430383837356661346236376536363834
39353233663965666564626632343263646339383934323564303730396166303362363736383838 62393634333337313362326232636235326231663963356262643531316434376138646462303732
35616561646531386338303936373565396465383839323830636539653934663039663938373738 33646135326232663862613239376165306537613330613637393136336261376137616631356664
32346361383135633365366634643139636431336436623330373931643233313134356364366638 39613931346564323730373364346635326665326632306432636361356634646636643566326330
63386138653331376638376663323736383734623463373439313962393661333539323737666633 62663037623232383964376261323232646330323939333263313139336532383965643163303632
36313639663864663564646166333033356163656339373063353338653634353538653736356134 35323265653266353161636463363830646466343464313439356466616432633532343838613038
64373435346136396461303733373134343735323663613561303062353330303734316333346331 38626137353130343831613939393563343837663439393061663735666533316439336333386266
35353835396661663932643432303433636230616232633032303137366232333239313463336231 61643161653463636531373334363439303636373636323465336137663366653936663831323430
66376261356564343064393531333066663562646165383737373632393261313638323862373936 6535
34333234323261363830643332393338396338326432623736313836626462303839313732333730
36623863383364396366363065306334653837353837623437386465346463386166643939666161
38353136353037663834613162396139653164326536313734633664613233316665626661383661
32323263616164653334306231663439626134626535393630653639666261356537303135323934
64356263633635313336643531616639346565303938333334636263623633353764613232313165
35616235333364353339373562333938643731613031356638376439326533633236363335306138
31316436663536353861

20
vars/group_vars/k3s/secrets_token.yml
View File

@@ -1,11 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62386434633264613939616264613563656365363664343761333233393933323264646330323637 36666266313661333466623135393337366266366135643630663632653035383365393137386636
6565323739323834626331373539323730376538323635620a356338616537393835613834633036 3462613661396661643733383663386239353238333066650a346334616636376137373866383431
65333533646465383964363664616338316565613131336339643432656564363034663662376137 34633734306565333463343230333561633435306564353833613632653531376435363465323237
6366633766366234360a643138396636616362383364666166323965643831363563343164343164 3462343537373362320a386434633737373535313866393334353239373661393837646637336638
38633165323935643463613939363633623131306234333863366538376363346563656263616263 30373364666661373864613136623632333961633134633163333464656131333464323039653432
33333533376534663561303733613364376266366634616361363330333230626364653035353834 64383866663935396231356265396334663532376439663335363563326637313730323437363836
38343033633130393166353965646635303738666562643138653435316230613131323862623264 65383930646266636261383037613266613238623964633063666266386134313165396336373934
32393462363738666538613539393162613061343062643036643937336133663132303162323331 30376433663332316537373466643130656536356439323261643839636537383539646434646665
38623530393531333037376535623133656238656339666361646230353438343961353333343064 64376530383832343263303333383435663133363562626638373331663037306462656233316431
3261306235386331333063346433393534626362323731366362 6334663737316633613438623762333038663230626133393239

1
vars/group_vars/k3s/vars.yml
View File

@@ -3,6 +3,7 @@ k3s:
default_port: 6443 default_port: 6443
k3s_primary_server_ip: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list | first }}" k3s_primary_server_ip: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list | first }}"
k3s_server_ips: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list }}"
k3s_server_name: "k3s.{{ internal_domain }}" k3s_server_name: "k3s.{{ internal_domain }}"
k3s_cluster_name: homelab k3s_cluster_name: homelab

30
vars/group_vars/kubernetes/secrets.yml Normal file
View File

@@ -0,0 +1,30 @@
$ANSIBLE_VAULT;1.1;AES256
36633030306535356337326461613132636632356364633463643133333534626261653034373737
6335626664363163316164396432613935353633333635370a323537346261643962336636386163
64306635366538663736316361663564366636366261336130346563623138323739373230346134
3931373064323063630a656261373630343361613939623163313833663762313833356463356432
64366364363862343466623139346132363361373762363934383731393637653333343036396562
38373336616237323237643730373963663561346430373132313865393662306664306133323163
35633035323339363563323131393130643537323439323138376366386634363566626238613166
32386434333534376166356565646235353533633163643937393337613766616137343463373636
36333637376434383633366166666661373332303266306235376666313562663463613761363637
66653630313934353566663362376633306564313239393433383565653064643632356235386237
32633435336564353130633466373264643765376164663231636232623739326136353439393135
38623461636531653264363732633832343537653833373564366363633032653332346162393137
31333738373965323131623336356136313863616363356130363930653166373034386161343763
31363466643531323865303637333436366636633166666334653934613763393635623563636462
37306337623933313136663665343864643363383839333266303436636435666262336330346337
37663664353066333065666662636663386537366631366465653861633862643733386438653932
30343537343265626430653361396366663565306536343232366138346132343232663831323665
35356233373766333862613235656533623166303033623135373166386564333736393235366662
36623463383135636266396333666134623766616437666538313633316531326565623735396132
64323037636637353633653563333466363432383935346366346631306637323538663062393935
38376363363630653964666637623836666239623638333438383261613038303233363666356266
62613464326265666133323534326339326235376134313530636132303764346331663466323933
30366330663039653662323831393363373236616364366233376232313365383838616331383834
33636165303735376262653137396635373633333735396433633235396264643761336634373637
61386432653565616263613637386431333634346165356637333232393862353234623134363631
34343032313032386136646232633532626137386264653539373361656436663465653535373339
61373539663635623239663137313337373535396535633532363338323930386661366536626533
32623862353233633962313364666537336539643737613734616261313634666533316564323561
3061

3
vars/group_vars/kubernetes/services.yml
View File

@@ -3,3 +3,6 @@ services:
ip: 192.168.20.240 ip: 192.168.20.240
- name: traefik - name: traefik
ip: 192.168.20.240 ip: 192.168.20.240
argo_apps:
- name:

6
vars/group_vars/kubernetes/vars.yml
View File

@@ -12,7 +12,9 @@ argocd_hostname: "argocd.k3s.{{ domain }}"
metallb_ip_range: "192.168.20.240-192.168.20.250" metallb_ip_range: "192.168.20.240-192.168.20.250"
traefik_password: "{{ vault_kubernetes.traefik_password }}"
kubernetes_nfs_server_host: "{{ nfs_server }}" kubernetes_nfs_server_host: "{{ nfs_server }}"
kubernetes_nfs_server_path: /media/kubernetes kubernetes_nfs_server_path: /media/kubernetes
argocd_apps_repo_url: ssh://git.seyshiro.de:2222/tudattr/ansible.git
argocd_apps_ssh_private_key_secret_name: argocd
argocd_apps_ssh_private_key_secret_key: "{{ vault_kubernetes.argocd_repo_ssh_key }}"

69
vars/group_vars/proxmox/secrets_vm.yml
View File

@@ -1,34 +1,37 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
64336139336538333337376465316164383766643666336666643166333134636338323562303364 35623165396364393163336632343430303264653631656638663633363139643231643764663864
6235613337366634613532373933396230666137373562650a643633306165643331643464633762 6632636634616537643630666264666331396363396132620a663665353138383637653037653762
35336433626161393735353133343739353738653061613733393135313061643663616665316463 32653366396562386366323634363938613232323335663339643938626139386430303131383739
6238376435633435650a306636303934383739656439383632313964356434353536373961646531 6134356662316433630a613663653061643363656239623361323162623661633762363039333537
35303533666633346363663936366535613039356164383362393736306338613236373138663731 63383834396662653561303039336663616437633333656266383261323833623166333562636461
65666635353734353261333332393962636664653332313062336239313834653536363539306630 38653130393064326539663463633862353937386562623766323863666539323038613461613766
61316431313631643637616434376334323232306232363936613139373762613862653938373461 39616263666432616432373432633966353332643161343939326436353037346130636534303464
34366363643337326439633963303430613935323866343764326639663531303931396235643231 65366434633862363438626664326333323739336538336630373034643162353362373038363665
36346463653866653137653931303439326433366231303530316632613033333761326536326335 34323066353433313462633930343266636461313331303938306531386237383836323836366637
30343233333232333434303562396166386133313633323732636532376539633336613532633765 37333438313236656339643839376639663562366539633663656663336536613736666462636665
66656663353964316364636236623133306533656465303833346563376461396639626262333133 32346339373831383432343039313332656538373837336263363665366338666630336561326431
33663966393030653762636164653534363338613536636432663938393033313933323830336538 63366537636433386237653336396532363463613031393138323636366362343736626131313365
61663865353466393836333539636466613137396430636566303135326565383764373831336532 37323761383861303731343133366331633661623131643465303962646162663735633937646264
66626332383065643636663638616337316136623131333630613861353730646339366239633861 33653433366335383661323766633536353530626363356632666237356532366634623661306263
31343133346138343637373039633930653731396537323438623237393436303063623862663965 66326430323332303161643463643065373632386638396334663165366439323864356661346635
65353332393331623933323138633231363539323834333631643337613863643737306363323135 66666337346461616565306335613632666264663633313137663932383731666336636465633734
61353663643563393539373839643462616339333762353962653065653134653063336466343431 66323662663933356566326335633439383531633831653130383964383537373633643838373265
61313262616631343265386530653431356632616230633032363165656666333662636339306539 33323731343662373535633730623662616136373161633663303435636466383264663036633035
37646634353961346165356565313038303333303564333862323766366238366434643562306262 61663635353932333435306437373264333134333837376136326462343764633833653061626162
38656532333339643335386130356637353434393037636530363233393162663330663566663962 35633163363665336433643765333764366236626433366535626430613239326339313535383833
34343333383631343330663962343639633464353961343933653764643666626631346434366365 33333739373436336436663662323134393438323633656236623134353833366263613466346565
37303433626330346630353064613766303634386238636230346531663038653865393939663732 37326233303036383337303832633166663866353431636139353833363263383766613838336663
37613461313738313766306663653264616563633966316362356539373239663464386430636464 65303537633336636137316635653638396334313463363536623261646336343166656233303930
61373864313064626133623332643139336163643465376234373530666630656361616236336130 32346365316435393362393639623636376465623031613562336239666665303739353631623737
37623962393237623135656534613839363831613165356563333039366462306230636432653636 66363038666264373931613635366464356435663032313436653339373334373236373930653866
64333633393532313635323830333432666134373630666561626231666433303132663939633965 35613533643134393164633338663862613737343866623436316263656433633062333436343163
61373137633865323564343661623039616331323164396133343165656263383865383861616262 35616263323933633962346139663438333436613161646166396435613939613264353030323334
64636230336130356364333964336335656664303334326537303033613331353038353666646463 30333062633462383332323135623430323431326366663766323966646166336631333835373538
63363631613238633831666136363833363964356432373434643131653531666166666233613861 63653962366536353830313836666637343139356539616564656265613332396234306661646639
30306435306563303333343364333065616438383331383437353234323633393733653965313165 62306638623632646633393364383739656435613266633632306537666166663330353431633532
30643539663330356630363833643136643265623966636466336539353738373136616265393265 34363964633232623464643131613131363963656233383661333436363531306361306230376236
36613564653634313438666334313636653435336263393635656138343534336232346332356264 31376663623664653966633535646565356163656363663134376263323536383430666264376633
33366232613832643862386532663264353735393033303864356230333864363366 32626433626335613034336362636566633063383163393633613432326237653361323331373530
32383232363266633539396232353534646162393730653561346333313832623932363831353666
31363532613830343636663533333737313739303637613164303033363965666634323838373733
39333862393566363036

43
vars/group_vars/proxmox/vms.yml
View File

@@ -11,18 +11,20 @@ vms:
sshkeys: "{{ pubkey }}" sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb disk_size: 128 # in Gb
hostpci: hostpci:
hostpci0: "0000:00:02.0" hostpci0: "mapping=quicksync-lulu"
- name: "docker-host11" - name: "docker-host11"
node: "lulu" node: "inko01"
vmid: 411 vmid: 411
cores: 2 cores: 2
memory: 4096 # in MiB memory: 4096 # in MiB
net: net:
net0: "virtio,bridge=vmbr0,firewall=1" net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}" boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}" ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}" sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb disk_size: 128 # in Gb
hostpci:
hostpci0: "mapping=quicksync-inko01"
- name: "docker-host12" - name: "docker-host12"
node: "naruto01" node: "naruto01"
vmid: 412 vmid: 412
@@ -68,7 +70,7 @@ vms:
sshkeys: "{{ pubkey }}" sshkeys: "{{ pubkey }}"
disk_size: 64 # in Gb disk_size: 64 # in Gb
- name: "k3s-agent12" - name: "k3s-agent12"
node: "inko" node: "naruto01"
vmid: 212 vmid: 212
cores: 2 cores: 2
memory: 4096 # in MiB memory: 4096 # in MiB
@@ -89,3 +91,36 @@ vms:
ciuser: "{{ user }}" ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}" sshkeys: "{{ pubkey }}"
disk_size: 32 # in Gb disk_size: 32 # in Gb
- name: "k3s-server11"
node: "inko01"
vmid: 111
cores: 2
memory: 4096 # in MiB
net:
net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 64 # in Gb
- name: "docker-lb"
node: "naruto01"
vmid: 350
cores: 1
memory: 2048 # in MiB
net:
net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 32 # in Gb
- name: "k3s-server12"
node: "naruto01"
vmid: 112
cores: 2
memory: 4096 # in MiB
net:
net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 64 # in Gb

6
vars/k3s.ini
View File

@@ -8,9 +8,13 @@ k3s_loadbalancer
[k3s_server] [k3s_server]
k3s-server10 k3s-server10
k3s-server11
k3s-server12
[k3s_agent] [k3s_agent]
k3s-agent[10:12] k3s-agent10
k3s-agent11
k3s-agent12
[k3s_loadbalancer] [k3s_loadbalancer]
k3s-loadbalancer k3s-loadbalancer

2
vars/proxmox.ini
View File

@@ -7,5 +7,5 @@ proxmox_nodes
[proxmox_nodes] [proxmox_nodes]
aya01 aya01
lulu lulu
inko inko01
naruto01 naruto01