.renovaterc.json

@@ -4,18 +4,6 @@
     "local>infrastructure/renovate-config"
   ],
   "customManagers": [
-    {
-      "customType": "regex",
-      "description": "k3s",
-      "fileMatch": [
-        "playbook\\.yml"
-      ],
-      "matchStrings": [
-        "\\s+k3s_version:\\s(?<currentValue>.*)"
-      ],
-      "depNameTemplate": "k3s-io/k3s",
-      "datasourceTemplate": "github-releases"
-    },
     {
       "customType": "regex",
       "description": "ArgoCD",

README.md

@@ -1,4 +1,4 @@
-# k3s Kubernetes + ArgoCD + Baseline
+# k3s Kubernetes + Baseline
 
 * [k3s](https://docs.k3s.io/)
 * [ArgoCD](https://argoproj.github.io/cd/)
@@ -10,13 +10,13 @@
   * [keel](https://keel.sh)
   * [reloader](https://github.com/stakater/Reloader)
 
-## Run (Deploy k3s + ArgoCD + Baseline)
+## Run (k3s + baseline)
 
-`ansible-playbook k3s_boostrap.yml -i <host|ip>,`
+`docker compose up`
 
 ### Get kubeconfig
 
-`cat /etc/rancher/k3s/k3s.yml`
+`docker compose exec -it k3s kubectl config view --flatten`
 
 ### Add Agents
 
@@ -24,7 +24,7 @@
 
 > The secure token format (occasionally referred to as a "full" token) contains the following parts:
 > 
-> \<prefix\>\<cluster CA hash\>::\<credentials\>
+> <prefix><cluster CA hash>::<credentials>
 
 Get existing server token:
 `cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token`

docker-compose.yml

@@ -0,0 +1,20 @@
+services:
+  k3s:
+    image: rancher/k3s:v1.30.4-k3s1
+    command:
+      - server
+      - --disable=traefik
+      - --tls-san=k8s.smsvc.net
+    hostname: k8s.smsvc.net
+    restart: always
+    privileged: true
+    cgroup: host
+    network_mode: host
+    volumes:
+      - k3s-data:/var/lib/rancher/k3s/
+      - k3s-run:/run/
+      - ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
+
+volumes:
+  k3s-data:
+  k3s-run:

manifests/cert-manager/letsencrypt-issuers.yml

@@ -6,7 +6,6 @@ metadata:
   namespace: cert-manager
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-    argocd.argoproj.io/sync-wave: "2"
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
@@ -24,7 +23,6 @@ metadata:
   namespace: cert-manager
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-    argocd.argoproj.io/sync-wave: "2"
 spec:
   acme:
     server: https://acme-staging-v02.api.letsencrypt.org/directory

manifests/cert-manager/selfsigned-issuer.yaml

@@ -6,6 +6,5 @@ metadata:
   namespace: cert-manager
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-    argocd.argoproj.io/sync-wave: "2"
 spec:
   selfSigned: {}

playbook.yml

@@ -1,61 +0,0 @@
-# vim: set ft=yaml.ansible:
----
-- name: Install k3s server
-  hosts: all
-  gather_facts: false
-  tags: k3s-server
-
-  vars:
-    k3s_version: v1.30.4+k3s1
-
-  tasks:
-    - name: Get k3s installed version
-      ansible.builtin.command: k3s --version
-      register: k3s_version_output
-      check_mode: false
-      changed_when: false
-      ignore_errors: true
-
-    - name: Set k3s installed version
-      when: k3s_version_output.rc == 0
-      ansible.builtin.set_fact:
-        installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
-
-    - name: Download and install/update k3s
-      when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version)
-      block:
-        - name: Download K3s install script
-          ansible.builtin.get_url:
-            url: https://get.k3s.io
-            dest: /usr/local/bin/k3s_install.sh
-            mode: "755"
-        - name: Install k3s server
-          ansible.builtin.command: "k3s_install.sh"
-          environment:
-            K3S_NODE_NAME: "{{ inventory_hostname }}"
-            INSTALL_K3S_CHANNEL: "{{ k3s_version }}"
-            INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}"
-          changed_when: false
-
-    - name: Start and enable k3s server
-      ansible.builtin.service:
-        name: k3s.service
-        state: started
-        enabled: true
-
-    - name: Add restart cronjob
-      ansible.builtin.cron:
-        name: "restart k3s (and regenerate certs if necessary)"
-        special_time: monthly
-        job: "systemctl restart k3s"
-
-- name: Deploy ArgoCD
-  hosts: all
-  gather_facts: false
-  tags: baseline
-  tasks:
-    - name: Copy manifest
-      ansible.builtin.copy:
-        src: argocd-bootstrap/
-        dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
-        mode: "0755"