update
This commit is contained in:
@@ -4,7 +4,7 @@ roles_path = ./roles
|
||||
become = True
|
||||
host_key_checking = False
|
||||
host_key_check = False
|
||||
remote_user = administrator
|
||||
remote_user = user
|
||||
pipelining = True
|
||||
nocows = True
|
||||
remote_tmp = ~/.ansible/tmp
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
- hosts: master[0]
|
||||
roles:
|
||||
- cloudflare
|
||||
vars:
|
||||
dns:
|
||||
- {record: 'bitwarden', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'nextcloud', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'grafana', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'kong', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: '@', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'whoogle', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'kuma', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'kasm', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'nexus', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'docker', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'authentik', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'plex', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
- {record: 'vault', zone: 'durp.info', proxied: 'yes', state: 'present'}
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
k3s_version: v1.24.4+k3s1
|
||||
ansible_user: administrator
|
||||
k3s_version: v1.29.2+k3s1
|
||||
ansible_user: user
|
||||
systemd_dir: /etc/systemd/system
|
||||
|
||||
# Set your timezone
|
||||
@@ -10,7 +10,7 @@ system_timezone: "America/Chicago"
|
||||
flannel_iface: "eth0"
|
||||
|
||||
# apiserver_endpoint is virtual ip-address which will be configured on each master
|
||||
apiserver_endpoint: "192.168.20.120"
|
||||
apiserver_endpoint: "192.168.10.10"
|
||||
|
||||
# k3s_token is required masters can talk together securely
|
||||
k3s_token: "{{ lookup('env','k3s_token') }}"
|
||||
@@ -45,14 +45,12 @@ extra_agent_args: >-
|
||||
--kubelet-arg node-status-update-frequency=5s
|
||||
|
||||
# image tag for kube-vip
|
||||
kube_vip_tag_version: "v0.5.0"
|
||||
kube_vip_tag_version: "v0.7.2"
|
||||
|
||||
# image tag for metal lb
|
||||
metal_lb_speaker_tag_version: "v0.13.5"
|
||||
metal_lb_controller_tag_version: "v0.13.5"
|
||||
|
||||
metal_lb_speaker_tag_version: "v0.14.3"
|
||||
metal_lb_controller_tag_version: "v0.14.3"
|
||||
# metallb ip range for load balancer
|
||||
metal_lb_ip_range: "192.168.20.130-192.168.20.140"
|
||||
metal_lb_ip_range: "192.168.10.130-192.168.10.140"
|
||||
|
||||
username: "user"
|
||||
userpassword: '$6$ml9etuD2RAvybIAl$xGbh95q5PIrZQxhXBRR8oHQZcb510vhDxBsdwkBBxSo6IzOfS0WkbYDUgyuu4cvczJes19c.EJjfjO2ROoRsx1'
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
[master]
|
||||
192.168.20.10
|
||||
192.168.10.10
|
||||
|
||||
[node]
|
||||
192.168.20.20
|
||||
192.168.10.20
|
||||
192.168.10.21
|
||||
|
||||
[k3s_cluster:children]
|
||||
master
|
||||
|
||||
@@ -26,8 +26,8 @@
|
||||
roles:
|
||||
- role: k3s/post
|
||||
|
||||
- hosts: master[0]
|
||||
become: yes
|
||||
roles:
|
||||
- k3s/argocd
|
||||
|
||||
#- hosts: master[0]
|
||||
# become: yes
|
||||
# roles:
|
||||
# - k3s/argocd
|
||||
#
|
||||
|
||||
@@ -13,25 +13,25 @@
|
||||
include_tasks:
|
||||
file: ./templates/packages.yml
|
||||
|
||||
- name: Create user account
|
||||
user:
|
||||
name: "{{ username }}"
|
||||
password: "{{ userpassword }}"
|
||||
groups: sudo
|
||||
shell: /bin/bash
|
||||
state: present
|
||||
createhome: yes
|
||||
when: ansible_os_family == "Debian"
|
||||
#- name: Create user account
|
||||
# user:
|
||||
# name: "{{ username }}"
|
||||
# password: "{{ userpassword }}"
|
||||
# groups: sudo
|
||||
# shell: /bin/bash
|
||||
# state: present
|
||||
# createhome: yes
|
||||
# when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Create user account
|
||||
user:
|
||||
name: "{{ username }}"
|
||||
password: "{{ userpassword }}"
|
||||
shell: /bin/bash
|
||||
groups: wheel
|
||||
state: present
|
||||
createhome: yes
|
||||
when: ansible_os_family == "RedHat"
|
||||
#- name: Create user account
|
||||
# user:
|
||||
# name: "{{ username }}"
|
||||
# password: "{{ userpassword }}"
|
||||
# shell: /bin/bash
|
||||
# groups: wheel
|
||||
# state: present
|
||||
# createhome: yes
|
||||
# when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Run SSH tasks
|
||||
include_tasks:
|
||||
|
||||
@@ -1,25 +1,25 @@
|
||||
- name: Deploy SSH Key (administrator)
|
||||
copy:
|
||||
dest: /home/administrator/.ssh/authorized_keys
|
||||
src: files/authorized_keys_administrator
|
||||
force: true
|
||||
|
||||
- name: ensure ssh folder exists for user
|
||||
file:
|
||||
path: /home/user/.ssh
|
||||
owner: user
|
||||
group: user
|
||||
mode: "0600"
|
||||
state: directory
|
||||
|
||||
- name: Deploy SSH Key (user)
|
||||
copy:
|
||||
dest: /home/user/.ssh/authorized_keys
|
||||
src: files/authorized_keys_user
|
||||
owner: user
|
||||
group: user
|
||||
mode: "0600"
|
||||
force: true
|
||||
#- name: Deploy SSH Key (administrator)
|
||||
# copy:
|
||||
# dest: /home/administrator/.ssh/authorized_keys
|
||||
# src: files/authorized_keys_administrator
|
||||
# force: true
|
||||
#
|
||||
#- name: ensure ssh folder exists for user
|
||||
# file:
|
||||
# path: /home/user/.ssh
|
||||
# owner: user
|
||||
# group: user
|
||||
# mode: "0600"
|
||||
# state: directory
|
||||
#
|
||||
#- name: Deploy SSH Key (user)
|
||||
# copy:
|
||||
# dest: /home/user/.ssh/authorized_keys
|
||||
# src: files/authorized_keys_user
|
||||
# owner: user
|
||||
# group: user
|
||||
# mode: "0600"
|
||||
# force: true
|
||||
|
||||
- name: Remove Root SSH Configuration
|
||||
file:
|
||||
|
||||
@@ -52,8 +52,8 @@
|
||||
--unit=k3s-init \
|
||||
k3s server {{ server_init_args }}"
|
||||
creates: "{{ systemd_dir }}/k3s.service"
|
||||
args:
|
||||
warn: false # The ansible systemd module does not support transient units
|
||||
#args:
|
||||
# warn: false # The ansible systemd module does not support transient units
|
||||
|
||||
- name: Verification
|
||||
block:
|
||||
|
||||
3
argocd/commands.sh
Normal file
3
argocd/commands.sh
Normal file
@@ -0,0 +1,3 @@
|
||||
ca=$(kubectl get -n kube-system secret/argo-cd-manager-token -o jsonpath='{.data.ca\.crt}')
|
||||
|
||||
token=$(kubectl get -n kube-system secret/argo-cd-manager-token -o jsonpath='{.data.token}' | base64 --decode)
|
||||
8
argocd/secret.yaml
Normal file
8
argocd/secret.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: argocd-manager-token
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: argocd-manager-token
|
||||
type: kubernetes.io/service-account-token
|
||||
34
argocd/serviceaccount.yaml
Normal file
34
argocd/serviceaccount.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: argocd-manager
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: argocd-manager-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- nonResourceURLs:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: argocd-manager-role-binding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: argocd-manager-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: argocd-manager
|
||||
namespace: kube-system
|
||||
1
k3s-ansible
Submodule
1
k3s-ansible
Submodule
Submodule k3s-ansible added at d6597150c7
Reference in New Issue
Block a user