From 52a8de84bcd8fe9e3f04bfdebbc1d883c4ac4bdd Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Wed, 27 Jan 2021 00:08:51 +0100
Subject: [PATCH] Fix k3s deployment

---
 tasks/cluster_k3s.yml                         | 90 +++++++++++++++----
 .../etc/firewalld/services/kubernetes.xml.j2  |  7 ++
 templates/etc/systemd/system/k3s.service.j2   |  6 +-
 3 files changed, 87 insertions(+), 16 deletions(-)

diff --git a/tasks/cluster_k3s.yml b/tasks/cluster_k3s.yml
index 9727eb0..1814932 100644
--- a/tasks/cluster_k3s.yml
+++ b/tasks/cluster_k3s.yml
@@ -56,21 +56,6 @@
     - "crictl"
     - "ctr"
 
-# Manque kubernetes_server_token, kubernetes_master url
-
-- name: Deploy systemd service
-  template:
-    src: "etc/systemd/system/{{ item }}.j2"
-    dest: "/etc/systemd/system/{{ item }}"
-    owner: root
-    group: root
-    mode: 0600
-  with_items:
-    - "k3s.service"
-    - "k3s.service.env"
-  when:
-    - ansible_service_mgr == "systemd"
-
 - name: Create thin volumes for k3s
   lvol:
     vg: "{{ item.vg }}"
@@ -97,6 +82,81 @@
   with_items:
     - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}
 
+
+# Check controlers
+- name: Check if /etc/rancher/k3s/k3s.yaml already existe
+  stat:
+    path: /etc/rancher/k3s/k3s.yaml
+  register: st
+  changed_when: False
+  when:
+    - kubernetes_master|bool
+
+- name: Create KubernetesMasterConfigured group
+  group_by:
+    key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
+  when:
+    - kubernetes_master|bool
+    - st.stat.exists
+
+# First controler
+- name: Configure first controler
+#  run_once: true
+  block:
+  - name: Deploy systemd service
+    template:
+      src: "etc/systemd/system/{{ item }}.j2"
+      dest: "/etc/systemd/system/{{ item }}"
+      owner: root
+      group: root
+      mode: 0600
+    with_items:
+      - "k3s.service"
+      - "k3s.service.env"
+    when:
+      - ansible_service_mgr == "systemd"
+
+  - name: Enable k3s on boot
+    service:
+      name: k3s
+      state: started
+      enabled: yes
+
+  - name: Wait for k3s.yaml
+    wait_for:
+      path: /etc/rancher/k3s/k3s.yaml
+
+  - name: Wait for node-token
+    wait_for:
+      path: /var/lib/rancher/k3s/server/node-token
+
+  - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
+    group_by:
+      key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
+
+  when:
+    - kubernetes_master|bool
+    - vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined
+
+
+
+# Manque kubernetes_server_token, kubernetes_master url
+
+#- name: Deploy systemd service
+#  template:
+#    src: "etc/systemd/system/{{ item }}.j2"
+#    dest: "/etc/systemd/system/{{ item }}"
+#    owner: root
+#    group: root
+#    mode: 0600
+#  with_items:
+#    - "k3s.service"
+#    - "k3s.service.env"
+#  when:
+#    - ansible_service_mgr == "systemd"
+
+
+
 - name: Enable k3s on boot
   service:
     name: k3s
diff --git a/templates/etc/firewalld/services/kubernetes.xml.j2 b/templates/etc/firewalld/services/kubernetes.xml.j2
index d4d0a53..4cd8035 100644
--- a/templates/etc/firewalld/services/kubernetes.xml.j2
+++ b/templates/etc/firewalld/services/kubernetes.xml.j2
@@ -9,6 +9,12 @@
 {% if kubernetes_master == true %}
 # Kubernetes API server, used by all
   <port protocol="tcp" port="6443"/>
+{% endif %}
+{% if kubernetes_cri == "k3s" %}
+# K3S with flannel and wireguard
+  <port protocol="udp" port="51820"/>
+{% else %}
+{% if kubernetes_master == true %}
 # etcd server client API, used by kube-apiserver and etcd
   <port protocol="tcp" port="2379"/>
   <port protocol="tcp" port="2380"/>
@@ -35,4 +41,5 @@
   <port protocol="udp" port="6783-6784"/>
   <port protocol="tcp" port="6783"/>
 {% endif %}
+{% endif %}
 </service>
diff --git a/templates/etc/systemd/system/k3s.service.j2 b/templates/etc/systemd/system/k3s.service.j2
index 95ac5ae..0ac1a83 100644
--- a/templates/etc/systemd/system/k3s.service.j2
+++ b/templates/etc/systemd/system/k3s.service.j2
@@ -7,7 +7,11 @@ After=network-online.target
 Type=notify
 EnvironmentFile=/etc/systemd/system/k3s.service.env
 {% if kubernetes_master|bool %}
-ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption
+{% if vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined %}
+ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption --cluster-init
+{% else %}
+ExecStart=/usr/local/bin/k3s server --flannel-backend=wireguard --disable traefik --secrets-encryption --server https://{{ kubernetes_master }}:6443 --token ${NODE_TOKEN}
+{% endif %}
 {% else %}
 ExecStart=/usr/local/bin/k3s agent --server https://{{ kubernetes_master }}:6443 --token ${NODE_TOKEN}
 {% endif %}