--- - name: Install Wireguard ansible.builtin.include_role: name: wireguard # when: # - kubernetes_cni == "wireguard" - name: Import Rancher key ansible.builtin.rpm_key: state: present key: https://rpm.rancher.io/public.key when: - ansible_os_family == "RedHat" - name: Install the k3s-selinux rpm from a remote repo for yum distro ansible.builtin.yum: name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.5.stable.1/k3s-selinux-1.5-1.el7.noarch.rpm" state: present when: - ansible_pkg_mgr == "yum" - ansible_os_family == "RedHat" - ansible_distribution_major_version == '7' - name: Install the k3s-selinux rpm from a remote repo for dnf distro ansible.builtin.dnf: name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.5.stable.1/k3s-selinux-1.5-1.el{{ ansible_distribution_major_version }}.noarch.rpm" state: present when: - ansible_pkg_mgr == "dnf" - ansible_os_family == "RedHat" - ansible_distribution_major_version >= '8' - name: Check if /usr/local/bin/k3s already existe ansible.builtin.stat: path: /usr/local/bin/k3s register: k3s_bin check_mode: false changed_when: False - name: Retreive k3s binary for x86_64 ansible.builtin.get_url: url: "https://github.com/rancher/k3s/releases/download/v{{ kubernetes_k3s_version | urlencode }}/k3s" dest: "/usr/local/bin/k3s" group: root owner: root mode: 0755 when: - not k3s_bin.stat.exists - ansible_machine == "x86_64" - name: Retreive k3s binary for arm64 ansible.builtin.get_url: url: "https://github.com/rancher/k3s/releases/download/v{{ kubernetes_k3s_version | urlencode }}/k3s-arm64" dest: "/usr/local/bin/k3s" group: root owner: root mode: 0755 when: - not k3s_bin.stat.exists - ansible_machine == "arm64" - name: Retreive k3s binary for armv6/armv7 ansible.builtin.get_url: url: "https://github.com/rancher/k3s/releases/download/v{{ kubernetes_k3s_version | urlencode }}/k3s-armhf" dest: "/usr/local/bin/k3s" group: root owner: root mode: 0755 when: - not k3s_bin.stat.exists - (ansible_machine == "armv7l") or (ansible_machine == "armv6l") - name: Create tools link ansible.builtin.file: src: "k3s" dest: "/usr/local/bin/{{ item }}" owner: root group: root state: link with_items: - "kubectl" - "crictl" - "ctr" - name: Create thin volumes for k3s community.general.lvol: vg: "{{ item.vg }}" lv: "{{ item.name }}" thinpool: kubernetes size: "{{ item.size }}" with_items: - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} - name: Create file system on containerd lv community.general.filesystem: fstype: ext4 dev: "/dev/{{ item.vg }}/{{ item.name }}" with_items: - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} - name: Mount logical volumes ansible.posix.mount: name: "{{ item.mount_point }}" src: "/dev/{{ item.vg }}/{{ item.name }}" fstype: ext4 opts: "{{ item.mount_opts }}" state: mounted with_items: - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"} - name: Audit policies directory ansible.builtin.file: path: "/etc/kubernetes/policies" state: directory owner: root group: root mode: 0700 when: - kubernetes_master|bool - name: Configure audit policy ansible.builtin.copy: src: "etc/kubernetes/policies/audit-policy.yaml" dest: "/etc/kubernetes/policies/audit-policy.yaml" group: root owner: root mode: 0644 when: - kubernetes_master|bool # Check controlers - name: Check if /etc/rancher/k3s/k3s.yaml already existe ansible.builtin.stat: path: /etc/rancher/k3s/k3s.yaml register: st check_mode: false changed_when: False when: - kubernetes_master|bool - name: Create KubernetesMasterConfigured group ansible.builtin.group_by: key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} check_mode: false when: - kubernetes_master|bool - st.stat.exists # First controler - name: Configure first controler # run_once: true block: - name: Deploy systemd service ansible.builtin.template: src: "{{ item }}.j2" dest: "{{ item }}" owner: root group: root mode: 0600 with_items: - "etc/systemd/system/k3s.service" - "etc/systemd/system/k3s.service.env" - "etc/rancher/k3s/config.yaml" when: - ansible_service_mgr == "systemd" - name: Reload systemd ansible.builtin.systemd: daemon_reload: true - name: Enable k3s on boot ansible.builtin.service: name: k3s state: started enabled: true - name: Wait for k3s.yaml wait_for: path: /etc/rancher/k3s/k3s.yaml - name: Wait for token wait_for: path: /var/lib/rancher/k3s/server/token - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group ansible.builtin.group_by: key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }} check_mode: false when: - kubernetes_master|bool - vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined # Manque kubernetes_server_token, kubernetes_master url # - name: Deploy systemd service # ansible.builtin.template: # src: "etc/systemd/system/{{ item }}.j2" # dest: "/etc/systemd/system/{{ item }}" # owner: root # group: root # mode: 0600 # with_items: # - "k3s.service" # - "k3s.service.env" # when: # - ansible_service_mgr == "systemd" - name: Enable k3s on boot ansible.builtin.service: name: k3s state: started enabled: true