DeveloperDurp/k3s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2024-06-29 07:39:28 -05:00
parent 3ac7c44776
commit a7a282da02
12 changed files with 104 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/ansible.cfg
View File

@@ -4,7 +4,7 @@ roles_path = ./roles
become = True become = True
host_key_checking = False host_key_checking = False
host_key_check = False host_key_check = False
remote_user = administrator remote_user = user
pipelining = True pipelining = True
nocows = True nocows = True
remote_tmp = ~/.ansible/tmp remote_tmp = ~/.ansible/tmp

18
ansible/dns.yml
View File

@@ -1,18 +0,0 @@
- hosts: master[0]
roles:
- cloudflare
vars:
dns:
- {record: 'bitwarden', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'nextcloud', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'grafana', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'kong', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: '@', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'whoogle', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'kuma', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'kasm', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'nexus', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'docker', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'authentik', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'plex', zone: 'durp.info', proxied: 'yes', state: 'present'}
- {record: 'vault', zone: 'durp.info', proxied: 'yes', state: 'present'}

16
ansible/group_vars/all.yml
View File

@@ -1,6 +1,6 @@
--- ---
k3s_version: v1.24.4+k3s1 k3s_version: v1.29.2+k3s1
ansible_user: administrator ansible_user: user
systemd_dir: /etc/systemd/system systemd_dir: /etc/systemd/system
# Set your timezone # Set your timezone
@@ -10,7 +10,7 @@ system_timezone: "America/Chicago"
flannel_iface: "eth0" flannel_iface: "eth0"
# apiserver_endpoint is virtual ip-address which will be configured on each master # apiserver_endpoint is virtual ip-address which will be configured on each master
apiserver_endpoint: "192.168.20.120" apiserver_endpoint: "192.168.10.10"
# k3s_token is required masters can talk together securely # k3s_token is required masters can talk together securely
k3s_token: "{{ lookup('env','k3s_token') }}" k3s_token: "{{ lookup('env','k3s_token') }}"
@@ -45,14 +45,12 @@ extra_agent_args: >-
--kubelet-arg node-status-update-frequency=5s --kubelet-arg node-status-update-frequency=5s
# image tag for kube-vip # image tag for kube-vip
kube_vip_tag_version: "v0.5.0" kube_vip_tag_version: "v0.7.2"
# image tag for metal lb # image tag for metal lb
metal_lb_speaker_tag_version: "v0.13.5" metal_lb_speaker_tag_version: "v0.14.3"
metal_lb_controller_tag_version: "v0.13.5" metal_lb_controller_tag_version: "v0.14.3"
# metallb ip range for load balancer # metallb ip range for load balancer
metal_lb_ip_range: "192.168.20.130-192.168.20.140" metal_lb_ip_range: "192.168.10.130-192.168.10.140"
username: "user" username: "user"
userpassword: '$6$ml9etuD2RAvybIAl$xGbh95q5PIrZQxhXBRR8oHQZcb510vhDxBsdwkBBxSo6IzOfS0WkbYDUgyuu4cvczJes19c.EJjfjO2ROoRsx1'

5
ansible/hosts.ini
View File

@@ -1,8 +1,9 @@
[master] [master]
192.168.20.10 192.168.10.10
[node] [node]
192.168.20.20 192.168.10.20
192.168.10.21
[k3s_cluster:children] [k3s_cluster:children]
master master

10
ansible/main.yml
View File

@@ -26,8 +26,8 @@
roles: roles:
- role: k3s/post - role: k3s/post
- hosts: master[0] #- hosts: master[0]
become: yes # become: yes
roles: # roles:
- k3s/argocd # - k3s/argocd
#

36
ansible/roles/base/tasks/main.yml
View File

@@ -13,25 +13,25 @@
include_tasks: include_tasks:
file: ./templates/packages.yml file: ./templates/packages.yml
- name: Create user account #- name: Create user account
user: # user:
name: "{{ username }}" # name: "{{ username }}"
password: "{{ userpassword }}" # password: "{{ userpassword }}"
groups: sudo # groups: sudo
shell: /bin/bash # shell: /bin/bash
state: present # state: present
createhome: yes # createhome: yes
when: ansible_os_family == "Debian" # when: ansible_os_family == "Debian"
- name: Create user account #- name: Create user account
user: # user:
name: "{{ username }}" # name: "{{ username }}"
password: "{{ userpassword }}" # password: "{{ userpassword }}"
shell: /bin/bash # shell: /bin/bash
groups: wheel # groups: wheel
state: present # state: present
createhome: yes # createhome: yes
when: ansible_os_family == "RedHat" # when: ansible_os_family == "RedHat"
- name: Run SSH tasks - name: Run SSH tasks
include_tasks: include_tasks:

44
ansible/roles/base/tasks/ssh.yml
View File

@@ -1,25 +1,25 @@
- name: Deploy SSH Key (administrator) #- name: Deploy SSH Key (administrator)
copy: # copy:
dest: /home/administrator/.ssh/authorized_keys # dest: /home/administrator/.ssh/authorized_keys
src: files/authorized_keys_administrator # src: files/authorized_keys_administrator
force: true # force: true
#
- name: ensure ssh folder exists for user #- name: ensure ssh folder exists for user
file: # file:
path: /home/user/.ssh # path: /home/user/.ssh
owner: user # owner: user
group: user # group: user
mode: "0600" # mode: "0600"
state: directory # state: directory
#
- name: Deploy SSH Key (user) #- name: Deploy SSH Key (user)
copy: # copy:
dest: /home/user/.ssh/authorized_keys # dest: /home/user/.ssh/authorized_keys
src: files/authorized_keys_user # src: files/authorized_keys_user
owner: user # owner: user
group: user # group: user
mode: "0600" # mode: "0600"
force: true # force: true
- name: Remove Root SSH Configuration - name: Remove Root SSH Configuration
file: file:

4
ansible/roles/k3s/master/tasks/main.yml
View File

@@ -52,8 +52,8 @@
--unit=k3s-init \ --unit=k3s-init \
k3s server {{ server_init_args }}" k3s server {{ server_init_args }}"
creates: "{{ systemd_dir }}/k3s.service" creates: "{{ systemd_dir }}/k3s.service"
args: #args:
warn: false # The ansible systemd module does not support transient units # warn: false # The ansible systemd module does not support transient units
- name: Verification - name: Verification
block: block:

3
argocd/commands.sh Normal file
View File

@@ -0,0 +1,3 @@
ca=$(kubectl get -n kube-system secret/argo-cd-manager-token -o jsonpath='{.data.ca\.crt}')
token=$(kubectl get -n kube-system secret/argo-cd-manager-token -o jsonpath='{.data.token}' | base64 --decode)

8
argocd/secret.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: argocd-manager-token
namespace: kube-system
annotations:
kubernetes.io/service-account.name: argocd-manager-token
type: kubernetes.io/service-account-token

34
argocd/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argocd-manager-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argocd-manager-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argocd-manager-role
subjects:
- kind: ServiceAccount
name: argocd-manager
namespace: kube-system

1
k3s-ansible Submodule

Submodule k3s-ansible added at d6597150c7