k8s/baseline
k8s/baseline
3
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Compare commits

base: k8s:6e5423ffb40a0d1837770fa379a612330e396080
Branches Tags
k8s:main
..
compare: k8s:6694527236fec400709641650a71181c54cb74b9
Branches Tags
k8s:main

3 commits
6e5423ffb4 ... 6694527236

Author SHA1 Message Date
Sebastian Mark
6694527236 doc: fix markdown syntax 2024-09-05 20:24:16 +02:00
Sebastian Mark
4e81b3dc8f feat(cert-manager): move LE issuer to later sync wave 2024-09-05 20:24:08 +02:00
Sebastian Mark
caa10cc8fa break: migrate back to bare-metal (and ansible) 
- remove docker-compose.yml
- add ansible playbook for k3s and argocd deployment
- update renovate custom manager for k3s version
- update README.md with new instructions

🤖
 2024-09-05 20:24:01 +02:00
6 changed files with 81 additions and 25 deletions
Show stats Expand all files Collapse all files

12
.renovaterc.json
View file

@ -4,6 +4,18 @@
"local>infrastructure/renovate-config" "local>infrastructure/renovate-config"
], ],
"customManagers": [ "customManagers": [
{
"customType": "regex",
"description": "k3s",
"fileMatch": [
"playbook\\.yml"
],
"matchStrings": [
"\\s+k3s_version:\\s(?<currentValue>.*)"
],
"depNameTemplate": "k3s-io/k3s",
"datasourceTemplate": "github-releases"
},
{ {
"customType": "regex", "customType": "regex",
"description": "ArgoCD", "description": "ArgoCD",

10
README.md
View file

@ -1,4 +1,4 @@
# k3s Kubernetes + Baseline # k3s Kubernetes + ArgoCD + Baseline
* [k3s](https://docs.k3s.io/) * [k3s](https://docs.k3s.io/)
* [ArgoCD](https://argoproj.github.io/cd/) * [ArgoCD](https://argoproj.github.io/cd/)
@ -10,13 +10,13 @@
* [keel](https://keel.sh) * [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader) * [reloader](https://github.com/stakater/Reloader)
## Run (k3s + baseline) ## Run (Deploy k3s + ArgoCD + Baseline)
`docker compose up` `ansible-playbook k3s_boostrap.yml -i <host|ip>,`
### Get kubeconfig ### Get kubeconfig
`docker compose exec -it k3s kubectl config view --flatten` `cat /etc/rancher/k3s/k3s.yml`
### Add Agents ### Add Agents
@ -24,7 +24,7 @@
> The secure token format (occasionally referred to as a "full" token) contains the following parts: > The secure token format (occasionally referred to as a "full" token) contains the following parts:
> >
> <prefix><cluster CA hash>::<credentials> > \<prefix\>\<cluster CA hash\>::\<credentials\>
Get existing server token: Get existing server token:
`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` `cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token`

20
docker-compose.yml
View file

@ -1,20 +0,0 @@
services:
k3s:
image: rancher/k3s:v1.30.4-k3s1
command:
- server
- --disable=traefik
- --tls-san=k8s.smsvc.net
hostname: k8s.smsvc.net
restart: always
privileged: true
cgroup: host
network_mode: host
volumes:
- k3s-data:/var/lib/rancher/k3s/
- k3s-run:/run/
- ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
volumes:
k3s-data:
k3s-run:

2
manifests/cert-manager/letsencrypt-issuers.yml
View file

@ -6,6 +6,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
acme: acme:
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
@ -23,6 +24,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
acme: acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory

1
manifests/cert-manager/selfsigned-issuer.yaml
View file

@ -6,5 +6,6 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
selfSigned: {} selfSigned: {}

61
playbook.yml Normal file
View file

@ -0,0 +1,61 @@
# vim: set ft=yaml.ansible:
---
- name: Install k3s server
hosts: all
gather_facts: false
tags: k3s-server
vars:
k3s_version: v1.30.4+k3s1
tasks:
- name: Get k3s installed version
ansible.builtin.command: k3s --version
register: k3s_version_output
check_mode: false
changed_when: false
ignore_errors: true
- name: Set k3s installed version
when: k3s_version_output.rc == 0
ansible.builtin.set_fact:
installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
- name: Download and install/update k3s
when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version)
block:
- name: Download K3s install script
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /usr/local/bin/k3s_install.sh
mode: "755"
- name: Install k3s server
ansible.builtin.command: "k3s_install.sh"
environment:
K3S_NODE_NAME: "{{ inventory_hostname }}"
INSTALL_K3S_CHANNEL: "{{ k3s_version }}"
INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}"
changed_when: false
- name: Start and enable k3s server
ansible.builtin.service:
name: k3s.service
state: started
enabled: true
- name: Add restart cronjob
ansible.builtin.cron:
name: "restart k3s (and regenerate certs if necessary)"
special_time: monthly
job: "systemctl restart k3s"
- name: Deploy ArgoCD
hosts: all
gather_facts: false
tags: baseline
tasks:
- name: Copy manifest
ansible.builtin.copy:
src: argocd-bootstrap/
dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
mode: "0755"