add files
This commit is contained in:
parent
1283a98c9d
commit
33e2774432
11 changed files with 152 additions and 0 deletions
5
ansible.cfg
Normal file
5
ansible.cfg
Normal file
|
@ -0,0 +1,5 @@
|
|||
[defaults]
|
||||
roles_path = ./roles
|
||||
inventory = ./inventory/master/hosts.ini
|
||||
become = True
|
||||
user = root
|
7
inventory/master/group_vars/all.yml
Normal file
7
inventory/master/group_vars/all.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
k3s_version: v1.31.1+k3s1
|
||||
helm_version: v3.16.2
|
||||
extra_server_args: "--disable traefik"
|
||||
ansible_user: root
|
||||
ingress_controller_version: v1.11.2
|
||||
cert_manager_version: v1.16.1
|
2
inventory/master/group_vars/hosts.ini
Normal file
2
inventory/master/group_vars/hosts.ini
Normal file
|
@ -0,0 +1,2 @@
|
|||
[master]
|
||||
your-host.tld
|
10
playbook.yml
Normal file
10
playbook.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Test
|
||||
hosts: master
|
||||
|
||||
roles:
|
||||
- role: debian_setup
|
||||
- role: k3s
|
||||
- role: helm
|
||||
- role: ingress
|
||||
- role: cert_manager
|
6
roles/cert_manager/tasks/main.yml
Normal file
6
roles/cert_manager/tasks/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Deploy cert-manager
|
||||
kubernetes.core.k8s:
|
||||
src: "https://github.com/cert-manager/cert-manager/releases/download/{{ cert_manager_version }}/cert-manager.yaml"
|
||||
wait: false
|
||||
state: present
|
14
roles/debian_setup/tasks/main.yml
Normal file
14
roles/debian_setup/tasks/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Get indexes
|
||||
apt:
|
||||
update_cache: true
|
||||
|
||||
- name: Update dist
|
||||
apt:
|
||||
upgrade: dist
|
||||
|
||||
- name: Install K8S python library
|
||||
apt:
|
||||
name:
|
||||
- python3-kubernetes
|
||||
state: present
|
19
roles/helm/tasks/main.yml
Normal file
19
roles/helm/tasks/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: Get Helm binary
|
||||
unarchive:
|
||||
src: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz"
|
||||
dest: /tmp
|
||||
remote_src: true
|
||||
|
||||
- name: Copy helm binary to /usr/local/bin
|
||||
copy:
|
||||
src: /tmp/linux-amd64/helm
|
||||
dest: /usr/local/bin/helm
|
||||
owner: root
|
||||
group: root
|
||||
mode: 755
|
||||
|
||||
- name: Cleanup
|
||||
file:
|
||||
path: /tmp/linux-amd64
|
||||
state: absent
|
11
roles/ingress/tasks/main.yml
Normal file
11
roles/ingress/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- name: Get Nginx Ingress manifest
|
||||
get_url:
|
||||
url: "https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-{{ ingress_controller_version }}/deploy/static/provider/baremetal/deploy.yaml"
|
||||
dest: /tmp/nginx_ingress.yml
|
||||
|
||||
- name: Deplroy Nginx Ingress
|
||||
kubernetes.core.k8s:
|
||||
src: /tmp/nginx_ingress.yml
|
||||
wait: false
|
||||
state: present
|
2
roles/k3s/defaults/main.yml
Normal file
2
roles/k3s/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
k3s_server_location: /var/lib/rancher/k3s
|
52
roles/k3s/tasks/main.yml
Normal file
52
roles/k3s/tasks/main.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
|
||||
- name: Enable IPv4 forwarding
|
||||
sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: "1"
|
||||
state: present
|
||||
reload: true
|
||||
|
||||
- name: Download k3s binary
|
||||
get_url:
|
||||
url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
|
||||
checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
|
||||
dest: /usr/local/bin/k3s
|
||||
owner: root
|
||||
group: root
|
||||
mode: 755
|
||||
|
||||
- name: Copy SystemD service
|
||||
template:
|
||||
src: k3s.service.j2
|
||||
dest: /usr/lib/systemd/system/k3s.service
|
||||
owner: root
|
||||
mode: 644
|
||||
|
||||
- name: Enable k3s service
|
||||
systemd:
|
||||
name: k3s
|
||||
daemon_reload: true
|
||||
state: restarted
|
||||
enabled: true
|
||||
|
||||
- name: Create kubectl symlink
|
||||
file:
|
||||
src: /usr/local/bin/k3s
|
||||
dest: /usr/local/bin/kubectl
|
||||
state: link
|
||||
|
||||
- name: Create directory .kube
|
||||
file:
|
||||
path: ~{{ ansible_user }}/.kube
|
||||
state: directory
|
||||
owner: "{{ ansible_user }}"
|
||||
mode: "750"
|
||||
|
||||
- name: Copy config file to user home directory
|
||||
copy:
|
||||
src: /etc/rancher/k3s/k3s.yaml
|
||||
dest: ~{{ ansible_user }}/.kube/config
|
||||
remote_src: true
|
||||
owner: "{{ ansible_user }}"
|
||||
mode: "600"
|
24
roles/k3s/templates/k3s.service.j2
Normal file
24
roles/k3s/templates/k3s.service.j2
Normal file
|
@ -0,0 +1,24 @@
|
|||
[Unit]
|
||||
Description=Lightweight Kubernetes
|
||||
Documentation=https://k3s.io
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStartPre=-/sbin/modprobe br_netfilter
|
||||
ExecStartPre=-/sbin/modprobe overlay
|
||||
ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {{ extra_server_args | default("") }}
|
||||
KillMode=process
|
||||
Delegate=yes
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
TasksMax=infinity
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
RestartSec=5s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue