add files
This commit is contained in:
parent
1283a98c9d
commit
33e2774432
11 changed files with 152 additions and 0 deletions
5
ansible.cfg
Normal file
5
ansible.cfg
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
[defaults]
|
||||||
|
roles_path = ./roles
|
||||||
|
inventory = ./inventory/master/hosts.ini
|
||||||
|
become = True
|
||||||
|
user = root
|
7
inventory/master/group_vars/all.yml
Normal file
7
inventory/master/group_vars/all.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
k3s_version: v1.31.1+k3s1
|
||||||
|
helm_version: v3.16.2
|
||||||
|
extra_server_args: "--disable traefik"
|
||||||
|
ansible_user: root
|
||||||
|
ingress_controller_version: v1.11.2
|
||||||
|
cert_manager_version: v1.16.1
|
2
inventory/master/group_vars/hosts.ini
Normal file
2
inventory/master/group_vars/hosts.ini
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
[master]
|
||||||
|
your-host.tld
|
10
playbook.yml
Normal file
10
playbook.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Test
|
||||||
|
hosts: master
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: debian_setup
|
||||||
|
- role: k3s
|
||||||
|
- role: helm
|
||||||
|
- role: ingress
|
||||||
|
- role: cert_manager
|
6
roles/cert_manager/tasks/main.yml
Normal file
6
roles/cert_manager/tasks/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Deploy cert-manager
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
src: "https://github.com/cert-manager/cert-manager/releases/download/{{ cert_manager_version }}/cert-manager.yaml"
|
||||||
|
wait: false
|
||||||
|
state: present
|
14
roles/debian_setup/tasks/main.yml
Normal file
14
roles/debian_setup/tasks/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
- name: Get indexes
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Update dist
|
||||||
|
apt:
|
||||||
|
upgrade: dist
|
||||||
|
|
||||||
|
- name: Install K8S python library
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- python3-kubernetes
|
||||||
|
state: present
|
19
roles/helm/tasks/main.yml
Normal file
19
roles/helm/tasks/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: Get Helm binary
|
||||||
|
unarchive:
|
||||||
|
src: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz"
|
||||||
|
dest: /tmp
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: Copy helm binary to /usr/local/bin
|
||||||
|
copy:
|
||||||
|
src: /tmp/linux-amd64/helm
|
||||||
|
dest: /usr/local/bin/helm
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 755
|
||||||
|
|
||||||
|
- name: Cleanup
|
||||||
|
file:
|
||||||
|
path: /tmp/linux-amd64
|
||||||
|
state: absent
|
11
roles/ingress/tasks/main.yml
Normal file
11
roles/ingress/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: Get Nginx Ingress manifest
|
||||||
|
get_url:
|
||||||
|
url: "https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-{{ ingress_controller_version }}/deploy/static/provider/baremetal/deploy.yaml"
|
||||||
|
dest: /tmp/nginx_ingress.yml
|
||||||
|
|
||||||
|
- name: Deplroy Nginx Ingress
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
src: /tmp/nginx_ingress.yml
|
||||||
|
wait: false
|
||||||
|
state: present
|
2
roles/k3s/defaults/main.yml
Normal file
2
roles/k3s/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
k3s_server_location: /var/lib/rancher/k3s
|
52
roles/k3s/tasks/main.yml
Normal file
52
roles/k3s/tasks/main.yml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Enable IPv4 forwarding
|
||||||
|
sysctl:
|
||||||
|
name: net.ipv4.ip_forward
|
||||||
|
value: "1"
|
||||||
|
state: present
|
||||||
|
reload: true
|
||||||
|
|
||||||
|
- name: Download k3s binary
|
||||||
|
get_url:
|
||||||
|
url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
|
||||||
|
checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
|
||||||
|
dest: /usr/local/bin/k3s
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 755
|
||||||
|
|
||||||
|
- name: Copy SystemD service
|
||||||
|
template:
|
||||||
|
src: k3s.service.j2
|
||||||
|
dest: /usr/lib/systemd/system/k3s.service
|
||||||
|
owner: root
|
||||||
|
mode: 644
|
||||||
|
|
||||||
|
- name: Enable k3s service
|
||||||
|
systemd:
|
||||||
|
name: k3s
|
||||||
|
daemon_reload: true
|
||||||
|
state: restarted
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Create kubectl symlink
|
||||||
|
file:
|
||||||
|
src: /usr/local/bin/k3s
|
||||||
|
dest: /usr/local/bin/kubectl
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: Create directory .kube
|
||||||
|
file:
|
||||||
|
path: ~{{ ansible_user }}/.kube
|
||||||
|
state: directory
|
||||||
|
owner: "{{ ansible_user }}"
|
||||||
|
mode: "750"
|
||||||
|
|
||||||
|
- name: Copy config file to user home directory
|
||||||
|
copy:
|
||||||
|
src: /etc/rancher/k3s/k3s.yaml
|
||||||
|
dest: ~{{ ansible_user }}/.kube/config
|
||||||
|
remote_src: true
|
||||||
|
owner: "{{ ansible_user }}"
|
||||||
|
mode: "600"
|
24
roles/k3s/templates/k3s.service.j2
Normal file
24
roles/k3s/templates/k3s.service.j2
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Lightweight Kubernetes
|
||||||
|
Documentation=https://k3s.io
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
ExecStartPre=-/sbin/modprobe br_netfilter
|
||||||
|
ExecStartPre=-/sbin/modprobe overlay
|
||||||
|
ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {{ extra_server_args | default("") }}
|
||||||
|
KillMode=process
|
||||||
|
Delegate=yes
|
||||||
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||||
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||||
|
LimitNOFILE=1048576
|
||||||
|
LimitNPROC=infinity
|
||||||
|
LimitCORE=infinity
|
||||||
|
TasksMax=infinity
|
||||||
|
TimeoutStartSec=0
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in a new issue