feat(k3s): Added 2 nodes (2/2)

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

.pre-commit-config.yaml

@@ -10,7 +10,7 @@ repos:
     hooks:
       - id: ansible-galaxy-install
         name: Install ansible-galaxy collections
-        entry: ansible-galaxy collection install -r requirements.yml
+        entry: ansible-galaxy collection install -r requirements.yaml
         language: system
         pass_filenames: false
         always_run: true
@@ -18,6 +18,6 @@ repos:
     rev: v6.22.2
     hooks:
       - id: ansible-lint
-        files: \.(yaml|yml)$
+        files: \.(yaml)$
         additional_dependencies:
           - ansible-core==2.15.8

ansible.cfg

@@ -14,7 +14,7 @@ vault_password_file=/media/veracrypt1/scripts/ansible_vault.sh
 
 # (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these.
 # This affects vars_files, include_vars, inventory and vars plugins among others.
-yaml_valid_extensions=.yml
+yaml_valid_extensions=.yaml
 
 # (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
 host_key_checking=False

playbooks/docker.yaml

@@ -0,0 +1,5 @@
+---
+- name: Setup Docker Hosts
+  ansible.builtin.import_playbook: docker-host.yaml
+- name: Setup Docker load balancer
+  ansible.builtin.import_playbook: docker-lb.yaml

playbooks/docker.yml

@@ -1,5 +0,0 @@
----
-- name: Setup Docker Hosts
-  ansible.builtin.import_playbook: docker-host.yml
-- name: Setup Docker load balancer
-  ansible.builtin.import_playbook: docker-lb.yml

playbooks/proxmox-k3s-add-agent.yaml

@@ -0,0 +1,6 @@
+---
+- name: Create new VM(s)
+  ansible.builtin.import_playbook: proxmox.yaml
+
+- name: Provision VM
+  ansible.builtin.import_playbook: k3s-agents.yaml

roles/common/tasks/main.yaml

@@ -0,0 +1,13 @@
+---
+- name: Configure Time
+  ansible.builtin.include_tasks: time.yaml
+- name: Configure Packages
+  ansible.builtin.include_tasks: packages.yaml
+- name: Configure Hostname
+  ansible.builtin.include_tasks: hostname.yaml
+- name: Configure Extra-Packages
+  ansible.builtin.include_tasks: extra_packages.yaml
+- name: Configure Bash
+  ansible.builtin.include_tasks: bash.yaml
+- name: Configure SSH
+  ansible.builtin.include_tasks: sshd.yaml

roles/common/tasks/main.yml

@@ -1,13 +0,0 @@
----
-- name: Configure Time
-  ansible.builtin.include_tasks: time.yml
-- name: Configure Packages
-  ansible.builtin.include_tasks: packages.yml
-- name: Configure Hostname
-  ansible.builtin.include_tasks: hostname.yml
-- name: Configure Extra-Packages
-  ansible.builtin.include_tasks: extra_packages.yml
-- name: Configure Bash
-  ansible.builtin.include_tasks: bash.yml
-- name: Configure SSH
-  ansible.builtin.include_tasks: sshd.yml

roles/common/vars/main.yaml

@@ -15,3 +15,4 @@ common_packages:
   - ripgrep
   - nfs-common
   - open-iscsi
+  - parted

roles/docker_host/tasks/main.yaml

@@ -0,0 +1,21 @@
+---
+- name: Setup VM
+  ansible.builtin.include_tasks: 10_setup.yaml
+
+- name: Install docker
+  ansible.builtin.include_tasks: 20_installation.yaml
+
+- name: Setup user and group for docker
+  ansible.builtin.include_tasks: 30_user_group_setup.yaml
+
+- name: Setup directory structure for docker
+  ansible.builtin.include_tasks: 40_directory_setup.yaml
+
+# - name: Deploy configs
+#   ansible.builtin.include_tasks: 50_provision.yaml
+
+- name: Deploy docker compose
+  ansible.builtin.include_tasks: 60_deploy_compose.yaml
+
+- name: Publish metrics
+  ansible.builtin.include_tasks: 70_export.yaml

roles/docker_host/tasks/main.yml

@@ -1,21 +0,0 @@
----
-- name: Setup VM
-  ansible.builtin.include_tasks: 10_setup.yml
-
-- name: Install docker
-  ansible.builtin.include_tasks: 20_installation.yml
-
-- name: Setup user and group for docker
-  ansible.builtin.include_tasks: 30_user_group_setup.yml
-
-- name: Setup directory structure for docker
-  ansible.builtin.include_tasks: 40_directory_setup.yml
-
-# - name: Deploy configs
-#   ansible.builtin.include_tasks: 50_provision.yml
-
-- name: Deploy docker compose
-  ansible.builtin.include_tasks: 60_deploy_compose.yml
-
-- name: Publish metrics
-  ansible.builtin.include_tasks: 70_export.yml

roles/k3s_agent/tasks/main.yaml

@@ -0,0 +1,3 @@
+---
+- name: Install k3s agent
+  include_tasks: installation.yaml

roles/k3s_agent/tasks/main.yml

@@ -1,3 +0,0 @@
----
-- name: Install k3s agent
-  include_tasks: installation.yml

roles/k3s_loadbalancer/tasks/main.yaml

@@ -1,9 +1,9 @@
 ---
 - name: Installation
-  ansible.builtin.include_tasks: installation.yml
+  ansible.builtin.include_tasks: installation.yaml
 
 - name: Configure
-  ansible.builtin.include_tasks: configuration.yml
+  ansible.builtin.include_tasks: configuration.yaml
 
 - name: Setup DNS on Netcup
   community.general.netcup_dns:

roles/k3s_server/tasks/main.yaml

@@ -14,16 +14,16 @@
   register: k3s_status
 
 - name: Install primary k3s server
-  include_tasks: primary_installation.yml
+  include_tasks: primary_installation.yaml
   when: ansible_default_ipv4.address == k3s_primary_server_ip
 
 - name: Get token from primary k3s server
-  include_tasks: pull_token.yml
+  include_tasks: pull_token.yaml
 
 - name: Install seconary k3s servers
-  include_tasks: secondary_installation.yml
+  include_tasks: secondary_installation.yaml
   when: ansible_default_ipv4.address != k3s_primary_server_ip
 
 - name: Set kubeconfig on localhost
-  include_tasks: create_kubeconfig.yml
+  include_tasks: create_kubeconfig.yaml
   when: ansible_default_ipv4.address == k3s_primary_server_ip

roles/k3s_server/vars/main.yaml

@@ -1 +1 @@
-k3s_server_token_vault_file: ../vars/group_vars/k3s/secrets_token.yml
+k3s_server_token_vault_file: ../vars/group_vars/k3s/secrets_token.yaml

roles/k3s_storage/tasks/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: Install dependencies
+  ansible.builtin.include_tasks: requirements.yaml
+- name: Install k3s
+  ansible.builtin.include_tasks: installation.yaml

roles/k3s_storage/tasks/main.yml

@@ -1,5 +0,0 @@
----
-- name: Install dependencies
-  ansible.builtin.include_tasks: requirements.yml
-- name: Install k3s
-  ansible.builtin.include_tasks: installation.yml

roles/kubernetes_argocd/tasks/main.yaml

@@ -33,7 +33,7 @@
 
 - name: Apply ArgoCD Ingress
   kubernetes.core.k8s:
-    definition: "{{ lookup('ansible.builtin.template', 'ingress.yml.j2') | from_yaml }}"
+    definition: "{{ lookup('ansible.builtin.template', 'ingress.yaml.j2') | from_yaml }}"
     state: present
     namespace: "{{ argocd_namespace }}"
   register: apply_manifests
@@ -53,7 +53,7 @@
 
 - name: Apply ArgoCD repository
   kubernetes.core.k8s:
-    definition: "{{ lookup('ansible.builtin.template', 'repository.yml.j2') | from_yaml }}"
+    definition: "{{ lookup('ansible.builtin.template', 'repository.yaml.j2') | from_yaml }}"
     state: present
     namespace: "{{ argocd_namespace }}"
   register: apply_manifests
@@ -63,7 +63,7 @@
 
 - name: Apply ArgoCD Root Application
   kubernetes.core.k8s:
-    definition: "{{ lookup('ansible.builtin.template', 'root_application.yml.j2') | from_yaml }}"
+    definition: "{{ lookup('ansible.builtin.template', 'root_application.yaml.j2') | from_yaml }}"
     state: present
     namespace: "{{ argocd_namespace }}"
   register: apply_manifests

roles/node_exporter/tasks/main.yaml

@@ -0,0 +1,6 @@
+- name: Get Version
+  ansible.builtin.include_tasks: get_version.yaml
+- name: Install
+  ansible.builtin.include_tasks: install.yaml
+- name: Setup Service
+  ansible.builtin.include_tasks: systemd.yaml

roles/node_exporter/tasks/main.yml

@@ -1,6 +0,0 @@
-- name: Get Version
-  ansible.builtin.include_tasks: get_version.yml
-- name: Install
-  ansible.builtin.include_tasks: install.yml
-- name: Setup Service
-  ansible.builtin.include_tasks: systemd.yml

roles/proxmox/tasks/00_setup_machines.yaml

@@ -0,0 +1,8 @@
+---
+- name: Prepare Localhost
+  ansible.builtin.include_tasks: ./01_setup_localhost.yaml
+  when: is_localhost
+
+- name: Prepare Localhost
+  ansible.builtin.include_tasks: ./05_setup_node.yaml
+  when: is_proxmox_node

roles/proxmox/tasks/00_setup_machines.yml

@@ -1,8 +0,0 @@
----
-- name: Prepare Localhost
-  ansible.builtin.include_tasks: ./01_setup_localhost.yml
-  when: is_localhost
-
-- name: Prepare Localhost
-  ansible.builtin.include_tasks: ./05_setup_node.yml
-  when: is_proxmox_node

roles/proxmox/tasks/05_setup_node.yaml

@@ -7,4 +7,4 @@
   loop: "{{ proxmox_node_dependencies }}"
 
 - name: Ensure Harware Acceleration on node
-  ansible.builtin.include_tasks: 06_hardware_acceleration.yml
+  ansible.builtin.include_tasks: 06_hardware_acceleration.yaml

roles/proxmox/tasks/10_create_secrets.yaml

@@ -6,7 +6,7 @@
     mode: "0600"
 
 - name: Update Vault data
-  ansible.builtin.include_tasks: 15_create_secret.yml
+  ansible.builtin.include_tasks: 15_create_secret.yaml
   loop: "{{ vms | map(attribute='name') }}"
   loop_control:
     loop_var: "vm_name"

roles/proxmox/tasks/40_prepare_vm_creation.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Download Cloud Init Isos
-  ansible.builtin.include_tasks: 42_download_isos.yml
+  ansible.builtin.include_tasks: 42_download_isos.yaml
   loop: "{{ proxmox_cloud_init_images | dict2items | map(attribute='value') }}"
   loop_control:
     loop_var: distro

roles/proxmox/tasks/50_create_vms.yaml

@@ -5,13 +5,13 @@
     name: vm_secrets
 
 # - name: Destroy vms (Only during rapid testing)
-#   ansible.builtin.include_tasks: 54_destroy_vm.yml
+#   ansible.builtin.include_tasks: 54_destroy_vm.yaml
 #   loop: "{{ vms }}"
 #   loop_control:
 #     loop_var: "vm"
 
 - name: Create vms
-  ansible.builtin.include_tasks: 55_create_vm.yml
+  ansible.builtin.include_tasks: 55_create_vm.yaml
   loop: "{{ vms }}"
   loop_control:
     loop_var: "vm"

roles/proxmox/tasks/55_create_vm.yaml

@@ -27,5 +27,5 @@
   register: proxmox_deploy_info
 
 - name: Provision created VM
-  ansible.builtin.include_tasks: 56_provision_new_vm.yml
+  ansible.builtin.include_tasks: 56_provision_new_vm.yaml
   when: proxmox_deploy_info.changed

roles/proxmox/tasks/56_provision_new_vm.yaml

@@ -35,7 +35,7 @@
     state: started
 
 - name: Retry stopping VM
-  ansible.builtin.include_tasks: ./57_stop_and_verify_vm.yml
+  ansible.builtin.include_tasks: ./57_stop_and_verify_vm.yaml
 
 - name: Pause for 5 seconds for api
   ansible.builtin.pause:

roles/proxmox/tasks/57_stop_and_verify_vm.yaml

@@ -36,4 +36,4 @@
         seconds: 5
 
     - name: "Failed to stop VM - Retrying..."
-      include_tasks: ./57_stop_and_verify_vm.yml
+      include_tasks: ./57_stop_and_verify_vm.yaml

roles/proxmox/tasks/60_create_containers.yaml

@@ -5,7 +5,7 @@
     name: vm_secrets
 
 - name: Create vms
-  ansible.builtin.include_tasks: 65_create_container.yml
+  ansible.builtin.include_tasks: 65_create_container.yaml
   loop: "{{ lxcs }}"
   loop_control:
     loop_var: "container"

roles/proxmox/tasks/main.yaml

@@ -0,0 +1,19 @@
+---
+- name: Prepare Machines
+  ansible.builtin.include_tasks: 00_setup_machines.yaml
+
+- name: Create VM vault
+  ansible.builtin.include_tasks: 10_create_secrets.yaml
+  when: is_localhost
+
+- name: Prime node for VM
+  ansible.builtin.include_tasks: 40_prepare_vm_creation.yaml
+  when: is_proxmox_node
+
+- name: Create VMs
+  ansible.builtin.include_tasks: 50_create_vms.yaml
+  when: is_localhost
+
+- name: Create LXC containers
+  ansible.builtin.include_tasks: 60_create_containers.yaml
+  when: is_localhost

roles/proxmox/tasks/main.yml

@@ -1,19 +0,0 @@
----
-- name: Prepare Machines
-  ansible.builtin.include_tasks: 00_setup_machines.yml
-
-- name: Create VM vault
-  ansible.builtin.include_tasks: 10_create_secrets.yml
-  when: is_localhost
-
-- name: Prime node for VM
-  ansible.builtin.include_tasks: 40_prepare_vm_creation.yml
-  when: is_proxmox_node
-
-- name: Create VMs
-  ansible.builtin.include_tasks: 50_create_vms.yml
-  when: is_localhost
-
-- name: Create LXC containers
-  ansible.builtin.include_tasks: 60_create_containers.yml
-  when: is_localhost

roles/proxmox/vars/main.yaml

@@ -3,7 +3,7 @@ proxmox_creator: ansible
 
 proxmox_storage: proxmox
 
-proxmox_vault_file: ../vars/group_vars/proxmox/secrets_vm.yml
+proxmox_vault_file: ../vars/group_vars/proxmox/secrets_vm.yaml
 proxmox_secrets_prefix: secrets_vm
 proxmox_cloud_init_images:
   debian:

roles/reverse_proxy/tasks/20_xcaddy_install.yaml

@@ -25,7 +25,7 @@
   become: true
 
 - name: Build Custom Caddy with netcup
-  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/netcup
+  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/cloudflare
   environment:
     PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin"
   register: xcaddy_build

roles/reverse_proxy/tasks/main.yaml

@@ -0,0 +1,18 @@
+---
+- name: Install Go for Caddy
+  ansible.builtin.include_tasks: 00_go_install.yaml
+
+- name: Install Caddy
+  ansible.builtin.include_tasks: 10_caddy_install.yaml
+
+- name: Install xCaddy
+  ansible.builtin.include_tasks: 20_xcaddy_install.yaml
+
+- name: Setup Custom Caddy
+  ansible.builtin.include_tasks: 30_custom_caddy.yaml
+
+- name: Setup Netcup DNS
+  ansible.builtin.include_tasks: 50_netcup_dns.yaml
+
+- name: Configure Caddy
+  ansible.builtin.include_tasks: 80_configure.yaml

roles/reverse_proxy/tasks/main.yml

@@ -1,18 +0,0 @@
----
-- name: Install Go for Caddy
-  ansible.builtin.include_tasks: 00_go_install.yml
-
-- name: Install Caddy
-  ansible.builtin.include_tasks: 10_caddy_install.yml
-
-- name: Install xCaddy
-  ansible.builtin.include_tasks: 20_xcaddy_install.yml
-
-- name: Setup Custom Caddy
-  ansible.builtin.include_tasks: 30_custom_caddy.yml
-
-- name: Setup Netcup DNS
-  ansible.builtin.include_tasks: 50_netcup_dns.yml
-
-- name: Configure Caddy
-  ansible.builtin.include_tasks: 80_configure.yml

roles/reverse_proxy/templates/Caddyfile.j2

@@ -18,10 +18,8 @@
   }
 
 	tls {
-		dns netcup {
-			customer_number {{ netcup_customer_id }}
-			api_key {{ netcup_api_key }}
-			api_password {{ netcup_api_password }}
+		dns cloudflare {
+			api_token {{ cloudflare_api_token }}
 		}
     propagation_timeout 900s
 		propagation_delay 600s

vars/group_vars/all/secrets.yaml

@@ -0,0 +1,17 @@
+$ANSIBLE_VAULT;1.1;AES256
+33363962303935656231346162373837336438643137333034356635663030376130366335323236
+3862353265376234343163306664313435626237636235310a636230353765613937613265363934
+62653765613133363464343730353335303664343031613232373762666231636336353265663235
+3939393233363330390a323432336438633732653035373738303133633539623930613263316331
+38383366316434336638353066666266323964653864383762343361646132356363303035303931
+34313066336331356539333535303731393630386538336536646466653034663931343934626463
+36326534666362376363336135626466353335616235633961666463396665373862393464633731
+30376337346335333733656262663563303436323831663433363639363332383761326534323532
+34373762303638306531663934663564336565356664636566393537623633346639336263663134
+33633063633331376337376437356334623661616539653464323731613938643563333563353430
+35333431346530383262643031393265303630653337306162663032643764313339383833643363
+36393539336165373836313831663935626234326363646162396539383936623039376636326638
+33343435386332633561346161646338646133303365336630633665366139663634303131306663
+36653933643830303532343861666236613064663665643662663533316362653332343334356463
+39316239633139366633303235643334643135313739613532306265353938396165383735323436
+35646234636265633632