Commit Graph

255 Commits

Author SHA1 Message Date
Derek Nola
c82a2f9b8e
Don't modify existing airgap k3s-install script (#372)
* Check for existing k3s install script during airgap deployment

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update vagrant file to newer OS

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-18 09:33:01 -07:00
Derek Nola
99fa632acb
Fix failure when not using airgap (#370)
* Fix failure when not using airgap

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-08 14:57:08 -07:00
Derek Nola
1cfe59728a
Handle multiple architectures when distributing airgap binary (#367)
* Handle multiple architectures when distributing airgap binary

Signed-off-by: Derek Nola <derek.nola@suse.com>

* yamllint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>

* ansiblelint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-08 14:10:05 -07:00
anon-software
040d37878b
Prevent multiple tokens in k3s.service.env (#364)
* Prevent multiple tokens in k3s.service.env

If site.yml playbook is executed multiple times with different tokens,
they will all accumulate in k3s.service.env. They won't do any harm
because the last one wins, however it is a matter of good housekeeping
to delete the old before inserting a new one.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Selectively remove existing token from the environment file

If the existing token in the environment file is the same as the token
used for the playbook run, leave it in the file to avoid false changed
status from the task.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

---------

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
2024-10-07 09:44:28 -07:00
Derek Nola
19f99f71ed
Don't require a bogus k3s_version for airgap installs (#363)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-16 09:15:05 -07:00
Derek Nola
848e22cb72
Handle both new and old cmdline.txt locations in Raspbian (#362)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-13 10:49:53 -07:00
james-otten
bc03d1c0d0
Fix adding token to existing cluster (#360)
Signed-off-by: James Otten <jamesotten1@gmail.com>
2024-09-12 09:54:11 -07:00
anon-software
2d98982809
Security exposure related to the token (#356)
* Security exposure related to the token

The installation playbook saves the token into the systemd unit
configuration file /etc/systemd/system/k3s.service. The problem is that
according to K3s' documentation "the server token should be guarded
carefully" (https://docs.k3s.io/cli/token), yet the configuration file
is readable by anybody. A better solution is to save the token into its
corresponding environment file /etc/systemd/system/k3s.service.env which
is readable by the super user only. This is what the standard K3s'
installation script (https://get.k3s.io) does.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Restore the server URL into systemd configuration file

There aren't any security implications in keeping it there.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

---------

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
2024-09-04 14:02:52 -07:00
anon-software
3e0c982a95
Better cleanup with reset playbook (#353)
* Better cleanup with reset playbook

The install playbook adds some convenience commands into the user's
.bashrc. If K3s is uninstalled, these commands produce errors. Since
they are eaily identifiable, it is trivial to remove them to improve
the user's experience.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
2024-08-22 14:13:28 -07:00
Lihai Tu
61ba8b57a3
Cleanup redundant conditions (#355)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-08-22 14:13:06 -07:00
anon-software
04c8ae9a57
More flexible cgroup settings (#352)
* More flexible cgroup settings

If there are already required cgroup boot parameters present but in a
different order than specified, the script will add them again. It is
better to test for the individual parameter in a loop and selectively
add them as necessary.

Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>

Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
2024-08-15 10:32:22 -07:00
Peter Klijn
b6e4c8b31e
Update K3s to latest 1.30 (#348)
Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-22 09:33:09 -07:00
Peter Klijn
e53d895428
Introduce copy of k3s.yaml file to detect changes and skip control node changes (#347)
Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-15 13:55:31 -07:00
Peter Klijn
4f769544b3
Add a handler to restart the K3s Server when the service file changes (#344)
* Add a handler to restart the K3s Server when the service file changes

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-15 10:00:25 -07:00
haseHH
71d6ba0580
Don't install linux-modules-extra-raspi on Ubuntu 24.04 and up (#346)
The extra modules were merged into the normal modules packet as of Kernel 6.8/Ubuntu 24.04

Signed-off-by: haseHH <christian@hase.hamburg>
2024-07-11 10:18:06 -07:00
Derek Nola
a4b5363318
Don't enable K3s service during airgap install (#345)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-07-08 10:58:08 -07:00
Peter Klijn
31b8b1edcf
POC: Supporting k3s-ansible with external database (#339)
* POC: Supporting k3s-ansible with external database

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-02 13:34:34 -07:00
Derek Nola
91ee70ee17
Fixed playbooks path in Vagrant and Readme (#341)
* fixed path to playbooks/site.yml

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update readme with playbooks

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Ethan Locke <13014836-Zie0@users.noreply.gitlab.com>
2024-06-20 10:26:01 -07:00
Derek Nola
5d047cbf33
Update required ansible to >=2.15 (oldest supported version) (#338)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-06-20 10:20:48 -07:00
laszlojau
1907e6fb79
Add group variables to the prereq role (#334)
Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
2024-06-10 09:58:06 -07:00
Derek Nola
5a12415b3c
Rename playbook to playbooks for ansible collection support (#333)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-06-04 10:36:35 -07:00
Meagan Harris
006653f3ff
Make agent and server groups configurable (#331)
* Make agent and server groups configurable

Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>

* Fix typo in upgrade role

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>

---------

Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-06-04 10:06:14 -07:00
Derek Nola
af29159231
Implement compatible yamllint, make octals explicit (#332)
* Implement compatible yamllint, make octals explicit

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Replace yum with dnf, yum is deprecated

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-06-04 09:56:07 -07:00
laszlojau
8120b7c0d1
Update firewall rules (#329)
Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
2024-05-30 10:05:43 -07:00
Frank Villaro-Dixon
64e38ee702
token: explain how to generate it (#328)
Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>
2024-05-17 09:58:57 -07:00
Derek Nola
ddc664a7f6
Apply noqa and fix line lenght limit. ansible-lint production profile (#326)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-05-03 09:38:01 -07:00
laszlojau
7ec16a8d53
Keep service backups under /etc/systemd/system (#324)
Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
2024-04-05 13:54:57 -07:00
dreamingdeer
33c15e7c2f
feat add custom registries_config_yaml for private-registry (#319)
* feat add custom registries_config_yaml for private-registry

Signed-off-by: dreamingdeer <dreamingdeer@yandex.ru>
Co-authored-by: dreamingdeer <dreamingdeer@yandex.ru>
2024-04-02 12:24:23 -07:00
dreamingdeer
485ee0f285
fix keep extension on uploaded file on airgap install (#311)
* fix keep extension on uploaded file on airgap install
* fix other tasks distribute K3s images

Signed-off-by: dreamingdeer <dreamingdeer@yandex.ru>
Co-authored-by: dreamingdeer <dreamingdeer@yandex.ru>
2024-04-01 11:31:44 -07:00
Mykyta Orlov
5dd8c3f5a3
Fix typo in main.yml (#317)
Signed-off-by: Mykyta Orlov <orlovmyk@gmail.com>
2024-04-01 11:15:20 -07:00
Jose Luis Pedrosa
91405dc517
fix: skip cgroups when cmdline.txt is not present (#320)
Signed-off-by: Jose Luis Pedrosa <jlpedrosa@gmail.com>
2024-04-01 11:08:05 -07:00
Vivek Sarin
c84c1ce5b1
Added custom context name (#315)
* Added custom context name

Signed-off-by: Vivek Sarin <vivek@sarin.info>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Vivek Sarin <vivek@sarin.info>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-04-01 09:35:55 -07:00
Derek Nola
6c14e5d923
Add a minimum ansible core check (#308)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-19 10:05:10 -07:00
LawiK974
a2916230ba
Check K3s installed version before download tasks (#297)
- [Agent : Download artefact only if needed](roles/k3s_agent/tasks/main.yml#L13)
- [Server : Download artefact only if needed](roles/k3s_server/tasks/main.yml#L13)
- [Upgrade : Upgrade node only if needed](roles/k3s_upgrade/tasks/main.yml#L14)

Linked issue #264 k3s_server and k3s_agent tasks are not idempotent

Signed-off-by: Loïc Dubard <loic97429@gmail.com>
2024-03-07 16:05:07 -08:00
Jose Luis Pedrosa
1e266a52f9
Enable skipping bootcmd verification in Raspberry PI (#300)
* Enable skipping bootcmd verification in Raspberry PI

Signed-off-by: Jose Luis Pedrosa <jlpedrosa@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-03-04 10:10:01 -08:00
laszlojau
9c8ba5c155
Set firewall rules for custom CIDR ranges (#293)
Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
2024-02-22 09:34:36 -08:00
Nick To
060362178d
Fix unexpected behaviour when kubeconfig is set (#296)
As detailed in https://github.com/k3s-io/k3s-ansible/issues/295, this
commit fixes the issue that if `kubeconfig` is set to anything other
than the defaults value, then:

- `~/.kube/config` is modified.
- No file at `{{ kubeconfig }}` is created.
- Any existing file and `{{ kubeconfig }}` is deleted.

Signed-off-by: Nick To <nick@nickto.net>
2024-02-05 12:10:45 -08:00
Dmitriy Safronov
fe3df5c836
[#287] fix control node tasks logic to properly change server address on control node (#288)
Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
2024-01-17 16:06:20 -08:00
Dmitriy Safronov
502d93bc02
[289] Add K3s autocomplete to user bashrc on any server node, not only on first (#290)
Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
2024-01-16 10:33:02 -08:00
shkuviak
d1d7864337
k3s agent - Fix bad reference to k3s-agent.service.env in k3s-agent.service (#283)
Signed-off-by: Nicolas JENDROWIAK <75165555+shkuviak@users.noreply.github.com>
2024-01-04 11:54:22 -08:00
Brian Lu
aa273f4b05
Ansible Galaxy support (#281)
Signed-off-by: Brian Lu <me@greencappuccino.net>
2024-01-03 10:00:08 -08:00
Daniel Clavijo Coca
5c79470d8f
Update minimum ansible version (#282)
Signed-off-by: Daniel Clavijo Coca <dann1telecom@gmail.com>
2023-12-26 11:12:48 -08:00
Derek Nola
7df05a755b
Completely setup kubectl for ansible_user, with option to disable it (#278)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-13 12:59:04 -08:00
Xiangkun Liu
1527df5631
Use inventory_hostname instead of ansible_hostname (#274)
Signed-off-by: Xiangkun Liu <git@lxk.sh>
Co-authored-by: Xiangkun Liu <git@lxk.sh>
2023-12-11 14:44:02 -08:00
Dani Hodovic
fdaba90bb0
fix: yaml conditional logic (#273)
Running the playbook with version 2.16.1
Replace `&&` with `and`
Signed-off-by: Dani Hodovic <dani.hodovic@gmail.com>
2023-12-11 14:31:13 -08:00
Derek Nola
1c11767619
Only setup/cleanup yaml config for servers (#272)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-06 13:55:32 -08:00
Derek Nola
9998f503b4
Support user defined kubeconfig, fix merging context (#266)
* Support user defined kubeconfig, fix merging context

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-06 09:13:05 -08:00
Jon S. Stumpf
4d6e60281e
Role tweaks (#268)
* Limited boolean values to true/false;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

* Moved ArchLinux prereq task to be a handler;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

* Standardized task name for adding cgroup support;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

* Have backrefs: follow path:;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

* Addressed ansible-lint errors;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

* Fixed #264, task 7: Copy K3s service file;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

---------

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
2023-12-04 09:46:45 -08:00
Gilberto Mautner
b4237ef24d
make reset work with alt k3s dir and root user (#265)
* make reset work with alt k3s dir and root user

Signed-off-by: gmautner <gilberto.mautner@locaweb.com.br>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>

* Added changed_when
Signed-off-by: gmautner <gilberto.mautner@locaweb.com.br>

Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>

* Checks if we removed alt dir contents

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>

---------

Signed-off-by: gmautner <gilberto.mautner@locaweb.com.br>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-12-01 14:34:44 -08:00
Roman Ivanov
ec02f1cafd
do not blindly overwrite kube config (#263)
* do not blindly overwrite kube config

Signed-off-by: Roman Ivanov <me@roivanov.com>

* don't need to check if an existing config exists

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Roman Ivanov <me@roivanov.com>
2023-12-01 09:00:30 -08:00