refactor(k3s): streamline inventory and primary server IP handling
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
@@ -16,6 +16,6 @@
|
||||
ansible.builtin.command: |
|
||||
/tmp/k3s_install.sh
|
||||
environment:
|
||||
K3S_URL: "https://{{ k3s.loadbalancer.ip }}:{{ k3s.loadbalancer.default_port }}"
|
||||
K3S_URL: "https://{{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}:{{ k3s.loadbalancer.default_port }}"
|
||||
K3S_TOKEN: "{{ k3s_token }}"
|
||||
become: true
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
- name: Template the nginx config file with dynamic upstreams
|
||||
ansible.builtin.template:
|
||||
src: templates/nginx.conf.j2
|
||||
dest: "{{ nginx_config_path }}"
|
||||
dest: "{{ k3s_loadbalancer_nginx_config_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
@@ -10,7 +10,7 @@
|
||||
notify:
|
||||
- Restart nginx
|
||||
vars:
|
||||
k3s_server_ips: "{{ k3s.server.ips }}"
|
||||
k3s_server_ips: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list }}"
|
||||
|
||||
- name: Enable nginx
|
||||
ansible.builtin.systemd:
|
||||
87
roles/k3s_loadbalancer/templates/nginx.conf.j2
Normal file
87
roles/k3s_loadbalancer/templates/nginx.conf.j2
Normal file
@@ -0,0 +1,87 @@
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {}
|
||||
|
||||
stream {
|
||||
# TCP Load Balancing for the K3s API
|
||||
upstream k3s_servers {
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:{{ k3s.loadbalancer.default_port }};
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{k3s.loadbalancer.default_port}};
|
||||
proxy_pass k3s_servers;
|
||||
}
|
||||
|
||||
upstream dns_servers {
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:53;
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 53 udp;
|
||||
proxy_pass dns_servers;
|
||||
}
|
||||
}
|
||||
|
||||
# http {
|
||||
# upstream k3s_servers_http {
|
||||
# least_conn;
|
||||
# {% for ip in k3s_server_ips %}
|
||||
# server {{ ip }}:80;
|
||||
# {% endfor %}
|
||||
# }
|
||||
#
|
||||
# upstream k3s_servers_https {
|
||||
# least_conn;
|
||||
# {% for ip in k3s_server_ips %}
|
||||
# server {{ ip }}:443;
|
||||
# {% endfor %}
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen 80;
|
||||
#
|
||||
# location / {
|
||||
# proxy_pass http://k3s_servers_http;
|
||||
# proxy_set_header Host $http_host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto http;
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl;
|
||||
#
|
||||
# server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
|
||||
#
|
||||
# ssl_certificate /etc/nginx/ssl/staging_tls.crt;
|
||||
# ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
|
||||
#
|
||||
# location / {
|
||||
# proxy_pass https://k3s_servers_https;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto https;
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl;
|
||||
#
|
||||
# server_name k3s.seyshiro.de *.k3s.seyshiro.de;
|
||||
#
|
||||
# ssl_certificate /etc/nginx/ssl/production_tls.crt;
|
||||
# ssl_certificate_key /etc/nginx/ssl/production_tls.key;
|
||||
#
|
||||
# location / {
|
||||
# proxy_pass https://k3s_servers_https;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto https;
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
1
roles/k3s_loadbalancer/vars/main.yml
Normal file
1
roles/k3s_loadbalancer/vars/main.yml
Normal file
@@ -0,0 +1 @@
|
||||
k3s_loadbalancer_nginx_config_path: "/etc/nginx/nginx.conf"
|
||||
@@ -16,7 +16,7 @@
|
||||
ansible.builtin.command: |
|
||||
/tmp/k3s_install.sh server \
|
||||
--node-taint CriticalAddonsOnly=true:NoExecute \
|
||||
--tls-san {{ k3s.loadbalancer.ip }}
|
||||
--tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}
|
||||
become: true
|
||||
async: 300
|
||||
poll: 0
|
||||
|
||||
@@ -18,6 +18,6 @@
|
||||
--node-taint storage=true:NoExecute \
|
||||
--node-label longhorn=true
|
||||
environment:
|
||||
K3S_URL: "https://{{ k3s.loadbalancer.ip }}:{{ k3s.loadbalancer.default_port }}"
|
||||
K3S_URL: "https://{{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}:{{ k3s.loadbalancer.default_port }}"
|
||||
K3S_TOKEN: "{{ k3s_token }}"
|
||||
become: true
|
||||
|
||||
@@ -1,89 +0,0 @@
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {}
|
||||
|
||||
stream {
|
||||
# TCP Load Balancing for the K3s API
|
||||
upstream k3s_servers {
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:{{k3s.loadbalancer.default_port}};
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{k3s.loadbalancer.default_port}};
|
||||
proxy_pass k3s_servers;
|
||||
}
|
||||
|
||||
upstream dns_servers {
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:53;
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 53 udp;
|
||||
proxy_pass dns_servers;
|
||||
}
|
||||
}
|
||||
|
||||
http {
|
||||
upstream k3s_servers_http {
|
||||
least_conn;
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:80;
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
upstream k3s_servers_https {
|
||||
least_conn;
|
||||
{% for ip in k3s_server_ips %}
|
||||
server {{ ip }}:443;
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
location / {
|
||||
proxy_pass http://k3s_servers_http;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto http;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/staging_tls.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
|
||||
|
||||
location / {
|
||||
proxy_pass https://k3s_servers_https;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
|
||||
server_name k3s.seyshiro.de *.k3s.seyshiro.de;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/production_tls.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/production_tls.key;
|
||||
|
||||
location / {
|
||||
proxy_pass https://k3s_servers_https;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
nginx_config_path: "/etc/nginx/nginx.conf"
|
||||
@@ -78,11 +78,11 @@
|
||||
ProxyJump {{ vm.node }}
|
||||
StrictHostKeyChecking no
|
||||
|
||||
- name: Add VM to homelab_vms group in production.ini
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ inventory_file }}"
|
||||
line: "{{ vm.name }}"
|
||||
insertafter: '^\[vms\]'
|
||||
create: true
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
# - name: Add VM to homelab_vms group in production.ini
|
||||
# ansible.builtin.lineinfile:
|
||||
# path: "{{ inventory_file }}"
|
||||
# line: "{{ vm.name }}"
|
||||
# insertafter: '^\[vms\]'
|
||||
# create: true
|
||||
# state: present
|
||||
# delegate_to: localhost
|
||||
|
||||
Reference in New Issue
Block a user