feat(ansible): add k3s role and update with monitoring k3s cluster

jon77p · Sep 22, 2024 · fd92244 · fd92244
1 parent 8090aa3
commit fd92244
Show file tree

Hide file tree

Showing 10 changed files with 90 additions and 21 deletions.
diff --git a/.envrc b/.envrc
@@ -2,7 +2,7 @@ source .venv/bin/activate
 unset PS1
 export PATH=$PWD/node_modules/.bin:$PATH
 
-export KUBECONFIG=$(expand_path ./ansible/kubeconfig)
+export KUBECONFIG="$(expand_path ./ansible/kubeconfigs/*):$HOME/.kube/config:$KUBECONFIG"
 export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg)
 export GPG_TTY=$(tty)
 export NODE_OPTIONS="$NODE_OPTIONS --max-old-space-size=4096"

diff --git a/ansible/.gitignore b/ansible/.gitignore
@@ -1,4 +1,4 @@
 files/*
 **secret**
 venv
-kubeconfig
+kubeconfigs/*
diff --git a/ansible/group_vars/cluster/cluster.yml b/ansible/group_vars/cluster/cluster.yml
@@ -0,0 +1,3 @@
+---
+kubeconfig_path: "../kubeconfigs"
+k3s_version: v1.29.3+k3s1
diff --git a/ansible/group_vars/controlplane/cluster.yml b/ansible/group_vars/controlplane/cluster.yml
@@ -0,0 +1,3 @@
+---
+k3s_server_args: "--disable traefik --embedded-registry --node-name controlplane"
+k3s_taint_controlplane: false
diff --git a/ansible/hosts.yaml b/ansible/hosts.yaml
@@ -2,30 +2,18 @@
 all:
   vars:
     ansible_become_pass: "{{ user_password }}"
+    ansible_ssh_user: ubuntu
   children:
     cluster:
       children:
-        k8s:
+        controlplane:
           hosts:
-            pi1:
-              ansible_host: pi1
-            pi2:
-              ansible_host: pi2
-          vars:
-            ansible_ssh_user: pi
-          children:
-            manager:
-              hosts:
-                pi1:
-            nodes:
-              hosts:
-                pi2:
+            monitoring:
+              ansible_host: monitoring
     oci:
       children:
         services:
           hosts:
-            monitoring:
-              ansible_host: monitoring
             vault:
               ansible_host: vault
             authentik:
@@ -34,10 +22,7 @@ all:
               ansible_host: healthchecks
             cicd:
               ansible_host: cicd
-      vars:
-        ansible_ssh_user: ubuntu
     deployments:
       hosts:
-        pihole:
         gaps:
         nodered:
diff --git a/ansible/playbooks/k3s.yml b/ansible/playbooks/k3s.yml
@@ -0,0 +1,5 @@
+---
+- name: Setup k3s
+  hosts: controlplane
+  roles:
+    - k3s
diff --git a/ansible/playbooks/roles/k3s/tasks/main.yml b/ansible/playbooks/roles/k3s/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: Install k3s server
+  ansible.builtin.import_tasks:
+    file: server.yml
+  vars:
+    hostname: "{{ inventory_hostname }}"
+  when: inventory_hostname in groups['controlplane']
+- name: Install k3s worker
+  ansible.builtin.import_tasks:
+    file: worker.yml
+  vars:
+    hostname: "{{ inventory_hostname }}-k3s"
+  when: inventory_hostname in groups['workers']
diff --git a/ansible/playbooks/roles/k3s/tasks/server.yml b/ansible/playbooks/roles/k3s/tasks/server.yml
@@ -0,0 +1,28 @@
+---
+- name: Fetch tailscale ip for {{ hostname }}
+  delegate_to: localhost
+  delegate_facts: true
+  ansible.builtin.command: "tailscale ip -4 {{ hostname }}"
+  register: tailscale_ip
+  changed_when: false
+- name: Install k3s server
+  delegate_to: localhost
+  delegate_facts: true
+  vandot.k3sup.k3sup:
+    k3sup_bin: /opt/homebrew/bin/k3sup
+    action: server
+    user: "{{ ansible_ssh_user }}"
+    ip: "{{ tailscale_ip.stdout | trim }}"
+    ssh_key: "~/.ssh/terraform"
+    local_path: "{{ kubeconfig_path }}/kubeconfig-{{ inventory_hostname }}"
+    context: "{{ inventory_hostname }}"
+    k3s_extra_args: "{{ k3s_server_args | quote }}"
+    k3s_version: "{{ k3s_version }}"
+- name: Taint the controlplane node
+  when: "k3s_taint_controlplane"
+  ansible.builtin.shell: "kubectl taint nodes controlplane node-role.kubernetes.io/control-plane:NoSchedule"
+  delegate_to: localhost
+  delegate_facts: true
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  changed_when: false
diff --git a/ansible/playbooks/roles/k3s/tasks/worker.yml b/ansible/playbooks/roles/k3s/tasks/worker.yml
@@ -0,0 +1,25 @@
+---
+- name: Fetch tailscale ip for "controlplane-k3s"
+  ansible.builtin.command: "tailscale ip -4 controlplane-k3s"
+  register: k3s_server_ip
+  changed_when: false
+  delegate_to: localhost
+  delegate_facts: true
+
+- name: Fetch tailscale ip for {{ hostname }}
+  ansible.builtin.command: "tailscale ip -4 {{ hostname }}"
+  register: tailscale_ip
+  changed_when: false
+  delegate_to: localhost
+  delegate_facts: true
+
+- name: Join k3s worker {{ hostname }}
+  delegate_to: localhost
+  delegate_facts: true
+  vandot.k3sup.k3sup:
+    k3sup_bin: /opt/homebrew/bin/k3sup
+    action: agent
+    ip: "{{ tailscale_ip.stdout | trim }}"
+    server_ip: "{{ k3s_server_ip.stdout | trim }}"
+    ssh_key: "~/.ssh/proxmox"
+    k3s_version: "{{ k3s_version }}"
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
@@ -7,5 +7,12 @@ collections:
   - name: kubernetes.core
   - name: onepassword.connect
   - name: oracle.oci
+  - name: vandot.k3sup
+  - name: https://github.com/techno-tim/k3s-ansible.git
+    type: git
+    version: master
 roles:
+  - name: artis3n.tailscale
+  - name: geerlingguy.security
+  - name: robertdebock.update
   - name: stefangweichinger.ansible_rclone