diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 5d2d5f4..81bb047 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -4,7 +4,7 @@ roles_path = ./roles become = True host_key_checking = False host_key_check = False -remote_user = administrator +remote_user = user pipelining = True nocows = True remote_tmp = ~/.ansible/tmp diff --git a/ansible/dns.yml b/ansible/dns.yml deleted file mode 100644 index 953b17a..0000000 --- a/ansible/dns.yml +++ /dev/null @@ -1,18 +0,0 @@ -- hosts: master[0] - roles: - - cloudflare - vars: - dns: - - {record: 'bitwarden', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'nextcloud', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'grafana', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'kong', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: '@', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'whoogle', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'kuma', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'kasm', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'nexus', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'docker', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'authentik', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'plex', zone: 'durp.info', proxied: 'yes', state: 'present'} - - {record: 'vault', zone: 'durp.info', proxied: 'yes', state: 'present'} diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index dc70bd2..7ffcdc6 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,6 +1,6 @@ --- -k3s_version: v1.24.4+k3s1 -ansible_user: administrator +k3s_version: v1.29.2+k3s1 +ansible_user: user systemd_dir: /etc/systemd/system # Set your timezone @@ -10,7 +10,7 @@ system_timezone: "America/Chicago" flannel_iface: "eth0" # apiserver_endpoint is virtual ip-address which will be configured on each master -apiserver_endpoint: "192.168.20.120" +apiserver_endpoint: "192.168.10.10" # k3s_token is required masters can talk together securely k3s_token: "{{ lookup('env','k3s_token') }}" @@ -45,14 +45,12 @@ extra_agent_args: >- --kubelet-arg node-status-update-frequency=5s # image tag for kube-vip -kube_vip_tag_version: "v0.5.0" +kube_vip_tag_version: "v0.7.2" # image tag for metal lb -metal_lb_speaker_tag_version: "v0.13.5" -metal_lb_controller_tag_version: "v0.13.5" - +metal_lb_speaker_tag_version: "v0.14.3" +metal_lb_controller_tag_version: "v0.14.3" # metallb ip range for load balancer -metal_lb_ip_range: "192.168.20.130-192.168.20.140" +metal_lb_ip_range: "192.168.10.130-192.168.10.140" username: "user" -userpassword: '$6$ml9etuD2RAvybIAl$xGbh95q5PIrZQxhXBRR8oHQZcb510vhDxBsdwkBBxSo6IzOfS0WkbYDUgyuu4cvczJes19c.EJjfjO2ROoRsx1' diff --git a/ansible/hosts.ini b/ansible/hosts.ini index fd7ebc5..e32491d 100644 --- a/ansible/hosts.ini +++ b/ansible/hosts.ini @@ -1,8 +1,9 @@ [master] -192.168.20.10 +192.168.10.10 [node] -192.168.20.20 +192.168.10.20 +192.168.10.21 [k3s_cluster:children] master diff --git a/ansible/main.yml b/ansible/main.yml index e85f436..bf4a099 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -26,8 +26,8 @@ roles: - role: k3s/post -- hosts: master[0] - become: yes - roles: - - k3s/argocd - + #- hosts: master[0] + # become: yes + # roles: + # - k3s/argocd + # diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml index 0090a5a..d0768d8 100644 --- a/ansible/roles/base/tasks/main.yml +++ b/ansible/roles/base/tasks/main.yml @@ -13,25 +13,25 @@ include_tasks: file: ./templates/packages.yml -- name: Create user account - user: - name: "{{ username }}" - password: "{{ userpassword }}" - groups: sudo - shell: /bin/bash - state: present - createhome: yes - when: ansible_os_family == "Debian" + #- name: Create user account + # user: + # name: "{{ username }}" + # password: "{{ userpassword }}" + # groups: sudo + # shell: /bin/bash + # state: present + # createhome: yes + # when: ansible_os_family == "Debian" -- name: Create user account - user: - name: "{{ username }}" - password: "{{ userpassword }}" - shell: /bin/bash - groups: wheel - state: present - createhome: yes - when: ansible_os_family == "RedHat" + #- name: Create user account + # user: + # name: "{{ username }}" + # password: "{{ userpassword }}" + # shell: /bin/bash + # groups: wheel + # state: present + # createhome: yes + # when: ansible_os_family == "RedHat" - name: Run SSH tasks include_tasks: diff --git a/ansible/roles/base/tasks/ssh.yml b/ansible/roles/base/tasks/ssh.yml index 6e68d0c..1d4d84e 100644 --- a/ansible/roles/base/tasks/ssh.yml +++ b/ansible/roles/base/tasks/ssh.yml @@ -1,25 +1,25 @@ -- name: Deploy SSH Key (administrator) - copy: - dest: /home/administrator/.ssh/authorized_keys - src: files/authorized_keys_administrator - force: true - -- name: ensure ssh folder exists for user - file: - path: /home/user/.ssh - owner: user - group: user - mode: "0600" - state: directory - -- name: Deploy SSH Key (user) - copy: - dest: /home/user/.ssh/authorized_keys - src: files/authorized_keys_user - owner: user - group: user - mode: "0600" - force: true +#- name: Deploy SSH Key (administrator) +# copy: +# dest: /home/administrator/.ssh/authorized_keys +# src: files/authorized_keys_administrator +# force: true +# +#- name: ensure ssh folder exists for user +# file: +# path: /home/user/.ssh +# owner: user +# group: user +# mode: "0600" +# state: directory +# +#- name: Deploy SSH Key (user) +# copy: +# dest: /home/user/.ssh/authorized_keys +# src: files/authorized_keys_user +# owner: user +# group: user +# mode: "0600" +# force: true - name: Remove Root SSH Configuration file: diff --git a/ansible/roles/k3s/master/tasks/main.yml b/ansible/roles/k3s/master/tasks/main.yml index 528db63..574066c 100644 --- a/ansible/roles/k3s/master/tasks/main.yml +++ b/ansible/roles/k3s/master/tasks/main.yml @@ -52,8 +52,8 @@ --unit=k3s-init \ k3s server {{ server_init_args }}" creates: "{{ systemd_dir }}/k3s.service" - args: - warn: false # The ansible systemd module does not support transient units + #args: + # warn: false # The ansible systemd module does not support transient units - name: Verification block: diff --git a/argocd/commands.sh b/argocd/commands.sh new file mode 100644 index 0000000..86e357c --- /dev/null +++ b/argocd/commands.sh @@ -0,0 +1,3 @@ +ca=$(kubectl get -n kube-system secret/argo-cd-manager-token -o jsonpath='{.data.ca\.crt}') + +token=$(kubectl get -n kube-system secret/argo-cd-manager-token -o jsonpath='{.data.token}' | base64 --decode) diff --git a/argocd/secret.yaml b/argocd/secret.yaml new file mode 100644 index 0000000..752d8a6 --- /dev/null +++ b/argocd/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: argocd-manager-token + namespace: kube-system + annotations: + kubernetes.io/service-account.name: argocd-manager-token +type: kubernetes.io/service-account-token diff --git a/argocd/serviceaccount.yaml b/argocd/serviceaccount.yaml new file mode 100644 index 0000000..df92a37 --- /dev/null +++ b/argocd/serviceaccount.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argocd-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argocd-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argocd-manager-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-manager-role +subjects: +- kind: ServiceAccount + name: argocd-manager + namespace: kube-system diff --git a/k3s-ansible b/k3s-ansible new file mode 160000 index 0000000..d659715 --- /dev/null +++ b/k3s-ansible @@ -0,0 +1 @@ +Subproject commit d6597150c756a919009a88d2fafc249e960e01db