Commit Graph

24 Commits

Author SHA1 Message Date
anon-software
040d37878b
Prevent multiple tokens in k3s.service.env (#364)
* Prevent multiple tokens in k3s.service.env

If site.yml playbook is executed multiple times with different tokens,
they will all accumulate in k3s.service.env. They won't do any harm
because the last one wins, however it is a matter of good housekeeping
to delete the old before inserting a new one.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Selectively remove existing token from the environment file

If the existing token in the environment file is the same as the token
used for the playbook run, leave it in the file to avoid false changed
status from the task.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

---------

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
2024-10-07 09:44:28 -07:00
Derek Nola
19f99f71ed
Don't require a bogus k3s_version for airgap installs (#363)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-16 09:15:05 -07:00
anon-software
2d98982809
Security exposure related to the token (#356)
* Security exposure related to the token

The installation playbook saves the token into the systemd unit
configuration file /etc/systemd/system/k3s.service. The problem is that
according to K3s' documentation "the server token should be guarded
carefully" (https://docs.k3s.io/cli/token), yet the configuration file
is readable by anybody. A better solution is to save the token into its
corresponding environment file /etc/systemd/system/k3s.service.env which
is readable by the super user only. This is what the standard K3s'
installation script (https://get.k3s.io) does.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Restore the server URL into systemd configuration file

There aren't any security implications in keeping it there.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

---------

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
2024-09-04 14:02:52 -07:00
Lihai Tu
61ba8b57a3
Cleanup redundant conditions (#355)
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-08-22 14:13:06 -07:00
Peter Klijn
e53d895428
Introduce copy of k3s.yaml file to detect changes and skip control node changes (#347)
Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-15 13:55:31 -07:00
Peter Klijn
4f769544b3
Add a handler to restart the K3s Server when the service file changes (#344)
* Add a handler to restart the K3s Server when the service file changes

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-15 10:00:25 -07:00
Peter Klijn
31b8b1edcf
POC: Supporting k3s-ansible with external database (#339)
* POC: Supporting k3s-ansible with external database

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>
2024-07-02 13:34:34 -07:00
Meagan Harris
006653f3ff
Make agent and server groups configurable (#331)
* Make agent and server groups configurable

Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>

* Fix typo in upgrade role

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>

---------

Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-06-04 10:06:14 -07:00
Derek Nola
af29159231
Implement compatible yamllint, make octals explicit (#332)
* Implement compatible yamllint, make octals explicit

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Replace yum with dnf, yum is deprecated

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-06-04 09:56:07 -07:00
Derek Nola
ddc664a7f6
Apply noqa and fix line lenght limit. ansible-lint production profile (#326)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-05-03 09:38:01 -07:00
Mykyta Orlov
5dd8c3f5a3
Fix typo in main.yml (#317)
Signed-off-by: Mykyta Orlov <orlovmyk@gmail.com>
2024-04-01 11:15:20 -07:00
Vivek Sarin
c84c1ce5b1
Added custom context name (#315)
* Added custom context name

Signed-off-by: Vivek Sarin <vivek@sarin.info>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Vivek Sarin <vivek@sarin.info>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-04-01 09:35:55 -07:00
LawiK974
a2916230ba
Check K3s installed version before download tasks (#297)
- [Agent : Download artefact only if needed](roles/k3s_agent/tasks/main.yml#L13)
- [Server : Download artefact only if needed](roles/k3s_server/tasks/main.yml#L13)
- [Upgrade : Upgrade node only if needed](roles/k3s_upgrade/tasks/main.yml#L14)

Linked issue #264 k3s_server and k3s_agent tasks are not idempotent

Signed-off-by: Loïc Dubard <loic97429@gmail.com>
2024-03-07 16:05:07 -08:00
Nick To
060362178d
Fix unexpected behaviour when kubeconfig is set (#296)
As detailed in https://github.com/k3s-io/k3s-ansible/issues/295, this
commit fixes the issue that if `kubeconfig` is set to anything other
than the defaults value, then:

- `~/.kube/config` is modified.
- No file at `{{ kubeconfig }}` is created.
- Any existing file and `{{ kubeconfig }}` is deleted.

Signed-off-by: Nick To <nick@nickto.net>
2024-02-05 12:10:45 -08:00
Dmitriy Safronov
fe3df5c836
[#287] fix control node tasks logic to properly change server address on control node (#288)
Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
2024-01-17 16:06:20 -08:00
Dmitriy Safronov
502d93bc02
[289] Add K3s autocomplete to user bashrc on any server node, not only on first (#290)
Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
2024-01-16 10:33:02 -08:00
Derek Nola
7df05a755b
Completely setup kubectl for ansible_user, with option to disable it (#278)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-13 12:59:04 -08:00
Xiangkun Liu
1527df5631
Use inventory_hostname instead of ansible_hostname (#274)
Signed-off-by: Xiangkun Liu <git@lxk.sh>
Co-authored-by: Xiangkun Liu <git@lxk.sh>
2023-12-11 14:44:02 -08:00
Dani Hodovic
fdaba90bb0
fix: yaml conditional logic (#273)
Running the playbook with version 2.16.1
Replace `&&` with `and`
Signed-off-by: Dani Hodovic <dani.hodovic@gmail.com>
2023-12-11 14:31:13 -08:00
Derek Nola
1c11767619
Only setup/cleanup yaml config for servers (#272)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-06 13:55:32 -08:00
Derek Nola
9998f503b4
Support user defined kubeconfig, fix merging context (#266)
* Support user defined kubeconfig, fix merging context

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-06 09:13:05 -08:00
Roman Ivanov
ec02f1cafd
do not blindly overwrite kube config (#263)
* do not blindly overwrite kube config

Signed-off-by: Roman Ivanov <me@roivanov.com>

* don't need to check if an existing config exists

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Roman Ivanov <me@roivanov.com>
2023-12-01 09:00:30 -08:00
Jon S. Stumpf
34bf054f94
Fixed #260: k3s autocompletion is added to .bashrc only when necessary; (#262)
* Fixed #260: k3s autocompletion is added to .bashrc only when necessary;

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

* Remove Jinja template from name:

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>

---------

Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-12-01 08:58:12 -08:00
Derek Nola
1e633c5ad1
Rework Role Structure (#254)
* Add more defaults
* Rename roles, covert download to airgap role
* Remove unnecessary gather_facts

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-11-16 12:03:07 -08:00