feat: Commit initial

2025-11-07 09:33:38 +01:00 · 2025-11-07 09:33:38 +01:00 · 40dc0f4184
commit 40dc0f4184
43 changed files with 1990 additions and 0 deletions
--- a/ansible/roles/k3s-server/tasks/flux.yml
+++ b/ansible/roles/k3s-server/tasks/flux.yml
@ -0,0 +1,47 @@
+---
+# Install and configure FluxCD
+
+- name: Check if flux is already installed
+  command: k3s kubectl get namespace {{ flux_namespace }}
+  register: flux_installed
+  changed_when: false
+  failed_when: false
+
+- name: Download Flux CLI
+  get_url:
+    url: "https://github.com/fluxcd/flux2/releases/download/{{ flux_version }}/flux_{{ flux_version | replace('v', '') }}_linux_amd64.tar.gz"
+    dest: /tmp/flux.tar.gz
+    mode: '0644'
+  when: flux_installed.rc != 0
+
+- name: Extract Flux CLI
+  unarchive:
+    src: /tmp/flux.tar.gz
+    dest: /usr/local/bin
+    remote_src: yes
+    creates: /usr/local/bin/flux
+  when: flux_installed.rc != 0
+
+- name: Install FluxCD in cluster
+  shell: |
+    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+    /usr/local/bin/flux install --namespace={{ flux_namespace }}
+  when: flux_installed.rc != 0
+  register: flux_install_result
+  changed_when: "'installed' in flux_install_result.stdout"
+
+- name: Wait for FluxCD to be ready
+  shell: |
+    export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+    /usr/local/bin/flux check
+  register: flux_check
+  until: flux_check.rc == 0
+  retries: 30
+  delay: 10
+  changed_when: false
+  when: flux_installed.rc != 0
+
+- name: Display FluxCD installation status
+  debug:
+    msg: "FluxCD installed successfully. Configure GitRepository in kubernetes/flux-system/"
+  when: flux_installed.rc != 0
--- a/ansible/roles/k3s-server/tasks/main.yml
+++ b/ansible/roles/k3s-server/tasks/main.yml
@ -0,0 +1,117 @@
+---
+# K3s server installation and configuration
+
+- name: Check if K3s is already installed
+  stat:
+    path: /usr/local/bin/k3s
+  register: k3s_binary
+
+- name: Get installed K3s version
+  command: k3s --version
+  register: installed_version
+  changed_when: false
+  failed_when: false
+  when: k3s_binary.stat.exists
+
+- name: Determine if this is the first server
+  set_fact:
+    is_first_server: "{{ ansible_default_ipv4.address == k3s_server_1_ip }}"
+
+- name: Install K3s on first server (cluster-init)
+  shell: |
+    curl -sfL {{ k3s_install_url }} | INSTALL_K3S_VERSION="{{ k3s_version }}" sh -s - server \
+      --cluster-init \
+      --tls-san {{ k3s_server_1_ip }} \
+      --tls-san {{ k3s_server_2_ip }} \
+      --write-kubeconfig-mode 644 \
+      --disable traefik \
+      --node-ip {{ ansible_default_ipv4.address }}
+  when:
+    - is_first_server
+    - not k3s_binary.stat.exists or (k3s_version not in installed_version.stdout)
+  environment:
+    INSTALL_K3S_SKIP_START: "false"
+
+- name: Wait for first server to be ready
+  wait_for:
+    host: "{{ k3s_server_1_ip }}"
+    port: 6443
+    delay: 10
+    timeout: 300
+  when: is_first_server
+
+- name: Get K3s token from first server
+  slurp:
+    src: /var/lib/rancher/k3s/server/node-token
+  register: k3s_token_encoded
+  when: is_first_server
+  run_once: true
+
+- name: Save K3s token
+  set_fact:
+    k3s_token: "{{ k3s_token_encoded.content | b64decode | trim }}"
+  when: is_first_server
+
+- name: Install K3s on second server (join cluster)
+  shell: |
+    curl -sfL {{ k3s_install_url }} | INSTALL_K3S_VERSION="{{ k3s_version }}" sh -s - server \
+      --server https://{{ k3s_server_1_ip }}:6443 \
+      --token {{ k3s_token | default('PLACEHOLDER') }} \
+      --tls-san {{ k3s_server_2_ip }} \
+      --write-kubeconfig-mode 644 \
+      --disable traefik \
+      --node-ip {{ ansible_default_ipv4.address }}
+  when:
+    - not is_first_server
+    - not k3s_binary.stat.exists or (k3s_version not in installed_version.stdout)
+
+- name: Enable and start k3s service
+  systemd:
+    name: k3s
+    state: started
+    enabled: yes
+
+- name: Wait for K3s to be ready
+  command: k3s kubectl get nodes
+  register: kubectl_result
+  until: kubectl_result.rc == 0
+  retries: 30
+  delay: 10
+  changed_when: false
+
+- name: Create pre-reboot script
+  copy:
+    src: k3s-pre-reboot.sh
+    dest: /usr/local/bin/k3s-pre-reboot.sh
+    mode: '0755'
+
+- name: Create systemd service for pre-reboot drain
+  copy:
+    dest: /etc/systemd/system/k3s-pre-reboot.service
+    content: |
+      [Unit]
+      Description=Drain k3s node before reboot
+      Before=reboot.target
+      Before=shutdown.target
+      DefaultDependencies=no
+
+      [Service]
+      Type=oneshot
+      ExecStart=/usr/local/bin/k3s-pre-reboot.sh
+      TimeoutStartSec=300
+
+      [Install]
+      WantedBy=reboot.target
+      WantedBy=shutdown.target
+    mode: '0644'
+  notify: reload systemd
+
+- name: Enable pre-reboot service
+  systemd:
+    name: k3s-pre-reboot
+    enabled: yes
+    daemon_reload: yes
+
+- name: Install FluxCD (only on first server)
+  include_tasks: flux.yml
+  when: is_first_server