tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(k3s): centralize k3s primary server IP and integrate Netcup DNS

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-07-13 01:30:05 +02:00
parent f1b0cfad2c
commit 97a5d6c41d
18 changed files with 141 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/k3s_loadbalancer/tasks/configuration.yml
View File

@@ -10,7 +10,7 @@
notify:
- Restart nginx
vars:
k3s_server_ips: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list }}"
k3s_server_ips: "{{ k3s_primary_server_ip }}"
- name: Enable nginx
ansible.builtin.systemd:

11
roles/k3s_loadbalancer/tasks/main.yml
View File

@@ -3,3 +3,14 @@
ansible.builtin.include_tasks: installation.yml
- name: Configure
ansible.builtin.include_tasks: configuration.yml
- name: Setup DNS on Netcup
community.general.netcup_dns:
api_key: "{{ k3s_loadbalancer_netcup_api_key }}"
api_password: "{{ k3s_loadbalancer_netcup_api_password }}"
customer_id: "{{ k3s_loadbalancer_netcup_customer_id }}"
domain: "{{ domain }}"
name: "k3s"
type: "A"
value: "{{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}"
delegate_to: localhost

6
roles/k3s_loadbalancer/vars/main.yml
View File

@@ -1 +1,7 @@
k3s_loadbalancer_nginx_config_path: "/etc/nginx/nginx.conf"
k3s_loadbalancer_netcup_api_key: "{{ netcup_api_key }}"
k3s_loadbalancer_netcup_api_password: "{{ netcup_api_password }}"
k3s_loadbalancer_netcup_customer_id: "{{ netcup_customer_id }}"
domain: "{{ internal_domain }}"

15
roles/k3s_server/tasks/installation.yml
View File

@@ -12,18 +12,19 @@
mode: "0755"
- name: Install K3s server with node taint and TLS SAN
when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists))
when: (ansible_default_ipv4.address == k3s_primary_server_ip and (not k3s_status.stat.exists))
ansible.builtin.command: |
/tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}
--tls-san {{ k3s_server_name }}
become: true
async: 300
poll: 0
register: k3s_primary_install
- name: Wait for K3s to be installed
when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists))
when: (ansible_default_ipv4.address == k3s_primary_server_ip and (not k3s_status.stat.exists))
ansible.builtin.async_status:
jid: "{{ k3s_primary_install.ansible_job_id }}"
register: k3s_primary_install_status
@@ -33,23 +34,23 @@
become: true
- name: Get K3s token from the first server
when: host.ip == k3s.server.ips[0]
when: ansible_default_ipv4.address == k3s_primary_server_ip
ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/node-token
register: k3s_token
become: true
- name: Set fact on k3s.server.ips[0]
when: host.ip == k3s.server.ips[0]
- name: Set fact on k3s_primary_server_ip
when: ansible_default_ipv4.address == k3s_primary_server_ip
ansible.builtin.set_fact:
k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
- name: Install K3s on the secondary servers
when: (host.ip != k3s.server.ips[0] and (not k3s_status.stat.exists))
when: (ansible_default_ipv4.address != k3s_primary_server_ip and (not k3s_status.stat.exists))
ansible.builtin.command: |
/tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ k3s.loadbalancer.ip }}
environment:
K3S_TOKEN: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}"
K3S_TOKEN: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s_primary_server_ip ) | select() | first | items2dict).host.hostname].k3s_token }}"
become: true