Tobias Wüst
01fd12d75c
Adds k3s and ess_pro roles to replace the planned Nextcloud Talk stack. Integrates with existing Keycloak (OIDC), Garage (S3 media) and OpenBao (secrets). Hostnames under digitalboard.ch.
86 lines
2.3 KiB
YAML
86 lines
2.3 KiB
YAML
---
|
|
# Install K3s as a single-node Kubernetes cluster.
|
|
# This role is intentionally minimal: it installs K3s, waits for the API,
|
|
# and makes kubectl + the kubeconfig usable for the downstream ess-pro role.
|
|
|
|
- name: Check whether K3s is already installed
|
|
ansible.builtin.stat:
|
|
path: /usr/local/bin/k3s
|
|
register: k3s_binary
|
|
|
|
- name: Ensure curl is installed
|
|
ansible.builtin.apt:
|
|
name: curl
|
|
state: present
|
|
update_cache: true
|
|
when: not k3s_binary.stat.exists
|
|
|
|
- name: Download K3s install script
|
|
ansible.builtin.get_url:
|
|
url: "{{ k3s_install_script_url }}"
|
|
dest: /tmp/k3s-install.sh
|
|
mode: "0755"
|
|
when: not k3s_binary.stat.exists
|
|
|
|
- name: Build INSTALL_K3S_EXEC string
|
|
ansible.builtin.set_fact:
|
|
k3s_exec_args: >-
|
|
{{
|
|
(['--write-kubeconfig-mode=' ~ k3s_write_kubeconfig_mode]
|
|
+ (k3s_disable_components | map('regex_replace', '^(.*)$', '--disable=\\1') | list)
|
|
+ ['--cluster-cidr=' ~ k3s_cluster_cidr,
|
|
'--service-cidr=' ~ k3s_service_cidr]
|
|
+ k3s_extra_args) | join(' ')
|
|
}}
|
|
|
|
- name: Install K3s
|
|
ansible.builtin.command:
|
|
cmd: /tmp/k3s-install.sh
|
|
environment:
|
|
INSTALL_K3S_VERSION: "{{ k3s_version }}"
|
|
INSTALL_K3S_CHANNEL: "{{ k3s_channel }}"
|
|
INSTALL_K3S_EXEC: "{{ k3s_exec_args }}"
|
|
args:
|
|
creates: /usr/local/bin/k3s
|
|
notify: Restart k3s
|
|
|
|
- name: Ensure k3s service is started and enabled
|
|
ansible.builtin.systemd:
|
|
name: k3s
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Wait for kubeconfig to appear
|
|
ansible.builtin.wait_for:
|
|
path: /etc/rancher/k3s/k3s.yaml
|
|
state: present
|
|
timeout: 60
|
|
|
|
- name: Wait for Kubernetes API to respond
|
|
ansible.builtin.command: kubectl --kubeconfig /etc/rancher/k3s/k3s.yaml get --raw=/readyz
|
|
register: k3s_ready
|
|
retries: 30
|
|
delay: 5
|
|
until: k3s_ready.rc == 0
|
|
changed_when: false
|
|
|
|
- name: Create symlink for kubectl
|
|
ansible.builtin.file:
|
|
src: /usr/local/bin/k3s
|
|
dest: /usr/local/bin/kubectl
|
|
state: link
|
|
force: false
|
|
failed_when: false
|
|
|
|
- name: Ensure ~/.kube exists for root
|
|
ansible.builtin.file:
|
|
path: /root/.kube
|
|
state: directory
|
|
mode: "0700"
|
|
|
|
- name: Provide kubeconfig at /root/.kube/config
|
|
ansible.builtin.copy:
|
|
src: /etc/rancher/k3s/k3s.yaml
|
|
dest: /root/.kube/config
|
|
remote_src: true
|
|
mode: "0600"
|