ansible-role-kubernetes/tasks/cluster_k3s.yml

---
- name: Install Wireguard
  ansible.builtin.include_role:
    name: wireguard
#  when:
#    - kubernetes_cni == "wireguard"

- name: Import Rancher key
  ansible.builtin.rpm_key:
    state: present
    key: https://rpm.rancher.io/public.key
  when:
    - ansible_os_family == "RedHat"

- name: Install the k3s-selinux rpm from a remote repo for yum distro
  ansible.builtin.yum:
    name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.3.stable.1/k3s-selinux-1.3-1.el7.noarch.rpm"
    state: present
  when:
    - ansible_pkg_mgr == "yum"
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == '7'

- name: Install the k3s-selinux rpm from a remote repo for dnf distro
  ansible.builtin.dnf:
    name: "https://github.com/k3s-io/k3s-selinux/releases/download/v1.3.stable.1/k3s-selinux-1.3-1.el{{ ansible_distribution_major_version }}.noarch.rpm"
    state: present
  when:
    - ansible_pkg_mgr == "dnf"
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version >= '8'

- name: Check if /usr/local/bin/k3s already existe
  ansible.builtin.stat:
    path: /usr/local/bin/k3s
  register: k3s_bin
  check_mode: false
  changed_when: False

- name: Retreive k3s binary for x86_64
  ansible.builtin.get_url:
    url: "https://github.com/rancher/k3s/releases/download/v{{ kubernetes_k3s_version | urlencode }}/k3s"
    dest: "/usr/local/bin/k3s"
    group: root
    owner: root
    mode: 0755
  when:
    - not k3s_bin.stat.exists
    - ansible_machine == "x86_64"

- name: Retreive k3s binary for arm64
  ansible.builtin.get_url:
    url: "https://github.com/rancher/k3s/releases/download/v{{ kubernetes_k3s_version | urlencode }}/k3s-arm64"
    dest: "/usr/local/bin/k3s"
    group: root
    owner: root
    mode: 0755
  when:
    - not k3s_bin.stat.exists
    - ansible_machine == "arm64"

- name: Retreive k3s binary for armv6/armv7
  ansible.builtin.get_url:
    url: "https://github.com/rancher/k3s/releases/download/v{{ kubernetes_k3s_version | urlencode }}/k3s-armhf"
    dest: "/usr/local/bin/k3s"
    group: root
    owner: root
    mode: 0755
  when:
    - not k3s_bin.stat.exists
    - (ansible_machine == "armv7l") or (ansible_machine == "armv6l")

- name: Create tools link
  ansible.builtin.file:
    src: "k3s"
    dest: "/usr/local/bin/{{ item }}"
    owner: root
    group: root
    state: link
  with_items:
    - "kubectl"
    - "crictl"
    - "ctr"

- name: Create thin volumes for k3s
  community.general.lvol:
    vg: "{{ item.vg }}"
    lv: "{{ item.name }}"
    thinpool: kubernetes
    size: "{{ item.size }}"
  with_items:
    - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}

- name: Create file system on containerd lv
  community.general.filesystem:
    fstype: ext4
    dev: "/dev/{{ item.vg }}/{{ item.name }}"
  with_items:
    - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}

- name: Mount logical volumes
  ansible.posix.mount:
    name: "{{ item.mount_point }}"
    src: "/dev/{{ item.vg }}/{{ item.name }}"
    fstype: ext4
    opts: "{{ item.mount_opts }}"
    state: mounted
  with_items:
    - { name: var_lib_k3s, vg: vg_sys, size: 10g, mount_point: /var/lib/rancher/k3s, mount_opts: "discard"}

- name: Audit policies directory
  ansible.builtin.file:
    path: "/etc/kubernetes/policies"
    state: directory
    owner: root
    group: root
    mode: 0700
  when:
    - kubernetes_master|bool

- name: Configure audit policy
  ansible.builtin.copy:
    src: "etc/kubernetes/policies/audit-policy.yaml"
    dest: "/etc/kubernetes/policies/audit-policy.yaml"
    group: root
    owner: root
    mode: 0644
  when:
    - kubernetes_master|bool

# Check controlers
- name: Check if /etc/rancher/k3s/k3s.yaml already existe
  ansible.builtin.stat:
    path: /etc/rancher/k3s/k3s.yaml
  register: st
  check_mode: false
  changed_when: False
  when:
    - kubernetes_master|bool

- name: Create KubernetesMasterConfigured group
  ansible.builtin.group_by:
    key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
  check_mode: false
  when:
    - kubernetes_master|bool
    - st.stat.exists

# First controler
- name: Configure first controler
#  run_once: true
  block:
  - name: Deploy systemd service
    ansible.builtin.template:
      src: "{{ item }}.j2"
      dest: "{{ item }}"
      owner: root
      group: root
      mode: 0600
    with_items:
      - "etc/systemd/system/k3s.service"
      - "etc/systemd/system/k3s.service.env"
      - "etc/rancher/k3s/config.yaml"
    when:
      - ansible_service_mgr == "systemd"

  - name: Reload systemd
    ansible.builtin.systemd:
      daemon_reload: true

  - name: Enable k3s on boot
    ansible.builtin.service:
      name: k3s
      state: started
      enabled: true

  - name: Wait for k3s.yaml
    wait_for:
      path: /etc/rancher/k3s/k3s.yaml

  - name: Wait for token
    wait_for:
      path: /var/lib/rancher/k3s/server/token

  - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group
    ansible.builtin.group_by:
      key: KubernetesMasterConfigured_{{ kubernetes_cluster_name }}
    check_mode: false

  when:
    - kubernetes_master|bool
    - vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined



# Manque kubernetes_server_token, kubernetes_master url

# - name: Deploy systemd service
#   ansible.builtin.template:
#     src: "etc/systemd/system/{{ item }}.j2"
#     dest: "/etc/systemd/system/{{ item }}"
#     owner: root
#     group: root
#     mode: 0600
#   with_items:
#     - "k3s.service"
#     - "k3s.service.env"
#   when:
#     - ansible_service_mgr == "systemd"



- name: Enable k3s on boot
  ansible.builtin.service:
    name: k3s
    state: started
    enabled: true