Add k3s-server02

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

group_vars/k3s/vars.yml

@@ -12,6 +12,7 @@ k3s:
     ips:
       - 192.168.20.21
       - 192.168.20.24
+      - 192.168.20.30
   loadbalancer:
     ip: 192.168.20.22
     default_port: 6443
@@ -24,4 +25,4 @@ k3s:
       - 192.168.20.26
       - 192.168.20.27
 
-k3s_db_connection_string: "postgres://{{db.user}}:{{db.password}}@{{k3s.db.ip}}:{{k3s.db.default_port}}/{{db.name}}"
+k3s_db_connection_string: "postgres://{{ db.user }}:{{ db.password }}@{{ k3s.db.ip }}:{{ k3s.db.default_port }}/{{ db.name }}"

host_vars/k3s-server02.yml

@@ -0,0 +1,10 @@
+---
+ansible_user: "{{ user }}"
+ansible_host: 192.168.20.30
+ansible_port: 22
+ansible_ssh_private_key_file: "{{ pk_path }}"
+ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
+
+host:
+  hostname: "k3s-server02"
+  ip: "{{ ansible_host }}"

production

@@ -6,6 +6,7 @@ k3s-postgres
 k3s-loadbalancer
 k3s-server00
 k3s-server01
+k3s-server02
 k3s-agent00
 k3s-agent01
 k3s-agent02
@@ -13,6 +14,7 @@ k3s-agent02
 [k3s_server]
 k3s-server00
 k3s-server01
+k3s-server02
 
 [k3s_agent]
 k3s-agent00
@@ -25,12 +27,14 @@ k3s-agent01
 k3s-agent02
 k3s-server00
 k3s-server01
+k3s-server02
 k3s-postgres
 k3s-loadbalancer
 
 [k3s_nodes]
 k3s-server00
 k3s-server01
+k3s-server02
 k3s-agent00
 k3s-agent01
 k3s-agent02

roles/loadbalancer/templates/nginx.conf.j2

@@ -2,8 +2,8 @@ include /etc/nginx/modules-enabled/*.conf;
 
 events {}
 
-# TCP Load Balancing for the K3s API
 stream {
+# TCP Load Balancing for the K3s API
   upstream k3s_servers {
     {% for ip in k3s_server_ips %}
     server {{ ip }}:{{k3s.loadbalancer.default_port}};
@@ -14,6 +14,17 @@ stream {
     listen {{k3s.loadbalancer.default_port}};
     proxy_pass k3s_servers;
   }
+
+  upstream dns_servers {
+    {% for ip in k3s_server_ips %}
+    server {{ ip }}:53;
+    {% endfor %}
+  }
+
+  server {
+    listen 53 udp;
+    proxy_pass dns_servers;
+  }
 }
 
 http {
@@ -43,9 +54,9 @@ http {
   }
 
   server {
-    listen 443;
+    listen 443 ssl;
 
-    server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de
+    server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
 
     ssl_certificate /etc/nginx/ssl/staging_tls.crt;
     ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
@@ -59,9 +70,9 @@ http {
   }
 
   server {
-    listen 443;
+    listen 443 ssl;
 
-    server_name production.k3s.seyshiro.de *.production.k3s.seyshiro.de
+    server_name k3s.seyshiro.de *.k3s.seyshiro.de;
 
     ssl_certificate /etc/nginx/ssl/production_tls.crt;
     ssl_certificate_key /etc/nginx/ssl/production_tls.key;
@@ -74,3 +85,5 @@ http {
     }
   }
 }
+
+

scripts/get_tls.sh

@@ -1,13 +1,15 @@
 #!/bin/bash
 
-kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
-kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
+kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
+kubectl -n staging get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
 
 kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >production_tls.crt
 kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >production_tls.key
 
 scp ./{production,staging}_tls.{crt,key} k3s-loadbalancer:~
+rm ./{production,staging}_tls.{crt,key}
 
-# onsite
+# on k3s-loadbalancer
 # chmod 600 ./{production,staging}_tls.{crt,key}
+# sudo chown root:root ./{production,staging}_tls.{crt,key}
 # sudo mv ./{production,staging}_tls.{crt,key} /etc/nginx/ssl/