Compare commits
2 Commits
4830cb12b6
...
1e1b244af5
Author | SHA1 | Date |
---|---|---|
Przemysław Sztoch | 1e1b244af5 | |
Przemyslaw Sztoch | c5a5b9e0d8 |
|
@ -15,7 +15,7 @@
|
|||
url: https://get.k3s.io/
|
||||
timeout: 120
|
||||
dest: "{{ airgap_dir }}/k3s-install.sh"
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Distribute K3s install script
|
||||
ansible.builtin.copy:
|
||||
|
@ -23,7 +23,7 @@
|
|||
dest: /usr/local/bin/k3s-install.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Distribute K3s binary
|
||||
ansible.builtin.copy:
|
||||
|
@ -31,7 +31,7 @@
|
|||
dest: /usr/local/bin/k3s
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Distribute K3s SELinux RPM
|
||||
ansible.builtin.copy:
|
||||
|
@ -39,7 +39,7 @@
|
|||
dest: /tmp/
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
with_fileglob:
|
||||
- "{{ airgap_dir }}/k3s-selinux*.rpm"
|
||||
register: selinux_copy
|
||||
|
@ -57,7 +57,7 @@
|
|||
- name: Make images directory
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/rancher/k3s/agent/images/"
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
state: directory
|
||||
|
||||
- name: Determine Architecture
|
||||
|
@ -71,7 +71,7 @@
|
|||
dest: /var/lib/rancher/k3s/agent/images/{{ item | basename }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ airgap_dir }}/k3s-airgap-images-amd64.tar.zst"
|
||||
|
@ -86,7 +86,7 @@
|
|||
dest: /var/lib/rancher/k3s/agent/images/{{ item | basename }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ airgap_dir }}/k3s-airgap-images-arm64.tar.zst"
|
||||
|
@ -101,7 +101,7 @@
|
|||
dest: /var/lib/rancher/k3s/agent/images/{{ item | basename }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ airgap_dir }}/k3s-airgap-images-arm.tar.zst"
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
dest: /usr/local/bin/k3s-install.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Download K3s binary
|
||||
ansible.builtin.command:
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
dest: /usr/local/bin/k3s-install.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
|
||||
- name: Download K3s binary
|
||||
ansible.builtin.command:
|
||||
|
@ -46,13 +46,13 @@
|
|||
- name: Make config directory
|
||||
ansible.builtin.file:
|
||||
path: "/etc/rancher/k3s"
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
state: directory
|
||||
- name: Copy config values
|
||||
ansible.builtin.copy:
|
||||
content: "{{ server_config_yaml }}"
|
||||
dest: "/etc/rancher/k3s/config.yaml"
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
||||
- name: Init first server node
|
||||
when: inventory_hostname == groups['server'][0]
|
||||
|
@ -64,7 +64,7 @@
|
|||
dest: "{{ systemd_dir }}/k3s.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
||||
- name: Copy K3s service file [HA]
|
||||
when: groups['server'] | length > 1
|
||||
|
@ -73,7 +73,7 @@
|
|||
dest: "{{ systemd_dir }}/k3s.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
||||
- name: Add service environment variables
|
||||
when: extra_service_envs is defined
|
||||
|
@ -154,7 +154,7 @@
|
|||
dest: "{{ systemd_dir }}/k3s.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
||||
- name: Enable and check K3s service
|
||||
ansible.builtin.systemd:
|
||||
|
|
|
@ -1,2 +1,13 @@
|
|||
---
|
||||
# Zone for inter-node traffic
|
||||
k3s_firewalld_node_zone: internal
|
||||
|
||||
# List of IP addresses or cidr masks of your nodes
|
||||
k3s_firewalld_node_cidrs: []
|
||||
|
||||
# List of public services
|
||||
k3s_firewalld_public_ports:
|
||||
- 80/tcp
|
||||
- 443/tcp
|
||||
|
||||
api_port: 6443
|
||||
|
|
|
@ -73,7 +73,7 @@
|
|||
- name: If firewalld enabled, open api port
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ api_port }}/tcp"
|
||||
zone: internal
|
||||
zone: "{{ k3s_firewalld_node_zone }}"
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
|
@ -82,15 +82,15 @@
|
|||
when: groups['server'] | length > 1
|
||||
ansible.posix.firewalld:
|
||||
port: "2379-2381/tcp"
|
||||
zone: internal
|
||||
zone: "{{ k3s_firewalld_node_zone }}"
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
|
||||
- name: If firewalld enabled, open inbound ports
|
||||
- name: If firewalld enabled, open inter-node ports
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ item }}"
|
||||
zone: internal
|
||||
zone: "{{ k3s_firewalld_node_zone }}"
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
|
@ -100,7 +100,26 @@
|
|||
- 51820/udp
|
||||
- 51821/udp
|
||||
- 5001/tcp
|
||||
- 6443/tcp
|
||||
|
||||
- name: If firewalld enabled, allow node CIDRs
|
||||
ansible.posix.firewalld:
|
||||
source: "{{ item }}"
|
||||
zone: "{{ k3s_firewalld_node_zone }}"
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
when: k3s_firewalld_node_cidrs is defined
|
||||
loop: "{{ k3s_firewalld_node_cidrs }}"
|
||||
|
||||
- name: If firewalld enabled, open public ports
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ item }}"
|
||||
zone: "public"
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
when: k3s_firewalld_public_ports is defined
|
||||
loop: "{{ k3s_firewalld_public_ports }}"
|
||||
|
||||
- name: If firewalld enabled, allow default CIDRs
|
||||
ansible.posix.firewalld:
|
||||
|
@ -199,7 +218,7 @@
|
|||
- name: Make rancher directory
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/rancher"
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
state: directory
|
||||
- name: Create symlink
|
||||
ansible.builtin.file:
|
||||
|
@ -214,13 +233,13 @@
|
|||
- name: Make manifests directory
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/rancher/k3s/server/manifests"
|
||||
mode: 0700
|
||||
mode: "0700"
|
||||
state: directory
|
||||
- name: Copy manifests
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/var/lib/rancher/k3s/server/manifests"
|
||||
mode: 0600
|
||||
mode: "0600"
|
||||
loop: "{{ extra_manifests }}"
|
||||
|
||||
- name: Setup optional private registry configuration
|
||||
|
@ -229,10 +248,10 @@
|
|||
- name: Make k3s config directory
|
||||
ansible.builtin.file:
|
||||
path: "/etc/rancher/k3s"
|
||||
mode: 0755
|
||||
mode: "0755"
|
||||
state: directory
|
||||
- name: Copy config values
|
||||
ansible.builtin.copy:
|
||||
content: "{{ registries_config_yaml }}"
|
||||
dest: "/etc/rancher/k3s/registries.yaml"
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
|
Loading…
Reference in New Issue