refactor(k3s): manage token securely and install guest agent

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-07-13 02:15:01 +02:00
parent 97a5d6c41d
commit 9cce71f73b
7 changed files with 48 additions and 36 deletions
--- a/playbooks/k3s-agents.yml
+++ b/playbooks/k3s-agents.yml
@@ -1,19 +1,6 @@
 - name: Set up Agents
  hosts: k3s
  gather_facts: true
-  pre_tasks:
-    - name: Get K3s token from the first server
-      when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"]
-      slurp:
-        src: /var/lib/rancher/k3s/server/node-token
-      register: k3s_token
-      become: true
-
-    - name: Set fact on k3s_primary_server_ip
-      when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"]
-      set_fact:
-        k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
-
  roles:
    - role: common
      when: inventory_hostname in groups["k3s_agent"]
@@ -21,10 +8,9 @@
        - common
    - role: k3s_agent
      when: inventory_hostname in groups["k3s_agent"]
-      k3s_token: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s_primary_server_ip ) | select() | first | items2dict).host.hostname].k3s_token }}"
      tags:
        - k3s_agent
-    - role: node_exporter
-      when: inventory_hostname in groups["k3s_agent"]
-      tags:
-        - node_exporter
+    # - role: node_exporter
+    #   when: inventory_hostname in groups["k3s_agent"]
+    #   tags:
+    #     - node_exporter
--- a/playbooks/k3s-storage.yml
+++ b/playbooks/k3s-storage.yml
@@ -1,19 +1,6 @@
 - name: Set up storage
  hosts: k3s_nodes
  gather_facts: true
-  pre_tasks:
-    - name: Get K3s token from the first server
-      when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"]
-      slurp:
-        src: /var/lib/rancher/k3s/server/node-token
-      register: k3s_token
-      become: true
-
-    - name: Set fact on k3s_primary_server_ip
-      when: host.ip == k3s_primary_server_ip and inventory_hostname in groups["k3s_server"]
-      set_fact:
-        k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
-
  roles:
    - role: common
      when: inventory_hostname in groups["k3s_storage"]
@@ -21,7 +8,6 @@
        - common
    - role: k3s_storage
      when: inventory_hostname in groups["k3s_storage"]
-      k3s_token: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s_primary_server_ip ) | select() | first | items2dict).host.hostname].k3s_token }}"
      tags:
        - k3s_storage
    - role: node_exporter