diff --git a/.renovaterc.json b/.renovaterc.json index 32db98d..6c37c70 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -4,18 +4,6 @@ "local>infrastructure/renovate-config" ], "customManagers": [ - { - "customType": "regex", - "description": "k3s", - "fileMatch": [ - "playbook\\.yml" - ], - "matchStrings": [ - "\\s+k3s_version:\\s(?.*)" - ], - "depNameTemplate": "k3s-io/k3s", - "datasourceTemplate": "github-releases" - }, { "customType": "regex", "description": "ArgoCD", diff --git a/README.md b/README.md index 97cd48c..c774bf3 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# k3s Kubernetes + ArgoCD + Baseline +# k3s Kubernetes + Baseline * [k3s](https://docs.k3s.io/) * [ArgoCD](https://argoproj.github.io/cd/) @@ -10,13 +10,13 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Run (Deploy k3s + ArgoCD + Baseline) +## Run (k3s + baseline) -`ansible-playbook k3s_boostrap.yml -i ,` +`docker compose up` ### Get kubeconfig -`cat /etc/rancher/k3s/k3s.yml` +`docker compose exec -it k3s kubectl config view --flatten` ### Add Agents @@ -24,7 +24,7 @@ > The secure token format (occasionally referred to as a "full" token) contains the following parts: > -> \\::\ +> :: Get existing server token: `cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6d22520 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,20 @@ +services: + k3s: + image: rancher/k3s:v1.30.4-k3s1 + command: + - server + - --disable=traefik + - --tls-san=k8s.smsvc.net + hostname: k8s.smsvc.net + restart: always + privileged: true + cgroup: host + network_mode: host + volumes: + - k3s-data:/var/lib/rancher/k3s/ + - k3s-run:/run/ + - ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ + +volumes: + k3s-data: + k3s-run: diff --git a/manifests/cert-manager/letsencrypt-issuers.yml b/manifests/cert-manager/letsencrypt-issuers.yml index bac1b8d..6b6c468 100644 --- a/manifests/cert-manager/letsencrypt-issuers.yml +++ b/manifests/cert-manager/letsencrypt-issuers.yml @@ -6,7 +6,6 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-v02.api.letsencrypt.org/directory @@ -24,7 +23,6 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory diff --git a/manifests/cert-manager/selfsigned-issuer.yaml b/manifests/cert-manager/selfsigned-issuer.yaml index 3909d3f..2cc7761 100644 --- a/manifests/cert-manager/selfsigned-issuer.yaml +++ b/manifests/cert-manager/selfsigned-issuer.yaml @@ -6,6 +6,5 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: "2" spec: selfSigned: {} diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index ea49cd1..0000000 --- a/playbook.yml +++ /dev/null @@ -1,61 +0,0 @@ -# vim: set ft=yaml.ansible: ---- -- name: Install k3s server - hosts: all - gather_facts: false - tags: k3s-server - - vars: - k3s_version: v1.30.4+k3s1 - - tasks: - - name: Get k3s installed version - ansible.builtin.command: k3s --version - register: k3s_version_output - check_mode: false - changed_when: false - ignore_errors: true - - - name: Set k3s installed version - when: k3s_version_output.rc == 0 - ansible.builtin.set_fact: - installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" - - - name: Download and install/update k3s - when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version) - block: - - name: Download K3s install script - ansible.builtin.get_url: - url: https://get.k3s.io - dest: /usr/local/bin/k3s_install.sh - mode: "755" - - name: Install k3s server - ansible.builtin.command: "k3s_install.sh" - environment: - K3S_NODE_NAME: "{{ inventory_hostname }}" - INSTALL_K3S_CHANNEL: "{{ k3s_version }}" - INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}" - changed_when: false - - - name: Start and enable k3s server - ansible.builtin.service: - name: k3s.service - state: started - enabled: true - - - name: Add restart cronjob - ansible.builtin.cron: - name: "restart k3s (and regenerate certs if necessary)" - special_time: monthly - job: "systemctl restart k3s" - -- name: Deploy ArgoCD - hosts: all - gather_facts: false - tags: baseline - tasks: - - name: Copy manifest - ansible.builtin.copy: - src: argocd-bootstrap/ - dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ - mode: "0755"