Nik Afiq
83f46c9748
feat(gitea): create PersistentVolume and PersistentVolumeClaim for Gitea feat(gitea): add script to create Gitea runner registration token secret feat(gitea): deploy Gitea Actions runner with Docker socket access feat(media): deploy JDownloader with Ingress configuration feat(media): set up Jellyfin media server with NFS and Ingress feat(media): configure qBittorrent deployment with Ingress feat(monitoring): add Grafana Loki datasource ConfigMap feat(monitoring): create Grafana admin credentials secret feat(monitoring): define PersistentVolumes for monitoring stack feat(network): implement DDNS CronJob for Porkbun DNS updates feat(network): create secret for Porkbun DDNS API credentials feat(network): set up Glances service and Ingress for Debian node fix(network): patch Pi-hole DNS services with external IPs feat(network): configure Traefik dashboard Ingress with Authentik auth feat(network): set up Watch Party service and Ingress for Mac Mini refactor(values): update Helm values files for various services
73 lines
1.9 KiB
YAML
73 lines
1.9 KiB
YAML
---
|
|
# Part of role: k3s-server
|
|
# Called by: ansible/playbooks/setup-k3s.yaml
|
|
# Description: Installs K3s server, fetches kubeconfig, installs Helm, and labels the node as primary.
|
|
|
|
- name: Create K3s config directory
|
|
ansible.builtin.file:
|
|
path: /etc/rancher/k3s
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Write K3s server config
|
|
ansible.builtin.copy:
|
|
dest: /etc/rancher/k3s/config.yaml
|
|
content: "{{ k3s_server_config | to_nice_yaml }}"
|
|
mode: "0644"
|
|
|
|
- name: Download and install K3s
|
|
ansible.builtin.shell:
|
|
cmd: >
|
|
curl -sfL https://get.k3s.io |
|
|
INSTALL_K3S_VERSION={{ k3s_version }}
|
|
sh -
|
|
creates: /usr/local/bin/k3s
|
|
|
|
- name: Wait for K3s to be ready
|
|
ansible.builtin.wait_for:
|
|
path: /etc/rancher/k3s/k3s.yaml
|
|
timeout: 60
|
|
|
|
- name: Ensure K3s service is running
|
|
ansible.builtin.service:
|
|
name: k3s
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Read node token
|
|
ansible.builtin.slurp:
|
|
src: /var/lib/rancher/k3s/server/node-token
|
|
register: k3s_token_raw
|
|
|
|
- name: Save node token as fact
|
|
ansible.builtin.set_fact:
|
|
k3s_node_token: "{{ k3s_token_raw['content'] | b64decode | trim }}"
|
|
|
|
- name: Print node token
|
|
ansible.builtin.debug:
|
|
msg: "K3s node token: {{ k3s_node_token }}"
|
|
|
|
- name: Fetch kubeconfig to workstation
|
|
ansible.builtin.fetch:
|
|
src: /etc/rancher/k3s/k3s.yaml
|
|
dest: ~/.kube/config
|
|
flat: true
|
|
|
|
- name: Fix kubeconfig server address
|
|
ansible.builtin.replace:
|
|
path: /tmp/k3s-minisforum.yaml
|
|
regexp: 'https://127\.0\.0\.1:6443'
|
|
replace: "https://{{ k3s_server_ip }}:6443"
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Install Helm
|
|
ansible.builtin.shell:
|
|
cmd: curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
|
|
creates: /usr/local/bin/helm
|
|
|
|
- name: Label server node as primary
|
|
ansible.builtin.shell:
|
|
cmd: k3s kubectl label node minisforum node-role=primary --overwrite
|
|
changed_when: false
|