homeserver/group_vars/k3s.yml

---
### Allgemein
kubeconfig: /etc/rancher/k3s/k3s.yaml

### mgrote.restic
restic_folders_to_backup: "/ /var" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files

### oefenweb.ufw
ufw_rules:
  - rule: allow
    comment: 'k3s - alles offen'
    from_ip: 0.0.0.0/0

### pyratlabs.k3s
k3s_state: installed
k3s_release_version: v1.25.11+k3s1
k3s_airgap: false
k3s_config_file: /etc/rancher/k3s/config.yaml
k3s_build_cluster: true
k3s_install_dir: /usr/local/bin
k3s_etcd_datastore: true
k3s_become: true
k3s_use_experimental: true
k3s_debug: false
k3s_server:
  # siehe https://docs.k3s.io/reference/server-config
  # cli parameter OHNE -- am anfang
  write-kubeconfig-mode: '644'
  cluster-cidr: "10.42.0.0/16"
  service-cidr: "10.43.0.0/16"
  disable:
    - traefik
    - local-storage # disables local-path-provisioner
    - disable-helm-controller # https://fluxcd.io/flux/cheatsheets/troubleshooting/

### mgrote.fluxcd
flux_repo_host: gitea.grote.lan
flux_repo_host_port: 2222
flux_repo_branch: master
flux_repo_url_complete: "ssh://gitea@{{ flux_repo_host }}:{{ flux_repo_host_port }}/mg/manifests.git"
flux_install_host: k3s4.grote.lan
flux_homedir: /home/flux
flux_path_ssh_dir: /home/flux/.ssh
flux_user_group: flux
flux_user: flux
flux_download_url: https://github.com/fluxcd/flux2/releases/download/v2.0.1/flux_2.0.1_linux_amd64.tar.gz # updaten
flux_path_bin: /usr/local/sbin
flux_path_ssh_id_file: id_rsa
flux_ssh_key_format: ed25519
flux_sync_interval: 1m

### mgrote.apt_manage_packages
apt_packages_extra:
  - nfs-common # für nfs-subdir-external-provisioner

### mgrote.sealed-secrets
sealed_secrets_homedir: /home/sealed_secrets
sealed_secrets_user_group: sealed_secrets
sealed_secrets_user: sealed_secrets
kubeseal_download_url: "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.1/kubeseal-0.19.1-linux-amd64.tar.gz" #updaten
kubeseal_path_bin: /usr/local/sbin
sealed_secrets_keepass_entry_name: "{{ lookup('keepass', 'k3s-sealed-secrets-private-key', 'notes') }}"
add new k8s-cluster (#559) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/559 2023-08-23 23:20:26 +02:00			`---`
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`### Allgemein`
			`kubeconfig: /etc/rancher/k3s/k3s.yaml`
add new k8s-cluster (#559) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/559 2023-08-23 23:20:26 +02:00
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`### mgrote.restic`
			`restic_folders_to_backup: "/ /var" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files`
add new k8s-cluster (#559) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/559 2023-08-23 23:20:26 +02:00
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`### oefenweb.ufw`
			`ufw_rules:`
			`- rule: allow`
			`comment: 'k3s - alles offen'`
			`from_ip: 0.0.0.0/0`
add new k8s-cluster (#559) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/559 2023-08-23 23:20:26 +02:00
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`### pyratlabs.k3s`
			`k3s_state: installed`
			`k3s_release_version: v1.25.11+k3s1`
			`k3s_airgap: false`
			`k3s_config_file: /etc/rancher/k3s/config.yaml`
			`k3s_build_cluster: true`
			`k3s_install_dir: /usr/local/bin`
			`k3s_etcd_datastore: true`
			`k3s_become: true`
			`k3s_use_experimental: true`
			`k3s_debug: false`
			`k3s_server:`
			`# siehe https://docs.k3s.io/reference/server-config`
			`# cli parameter OHNE -- am anfang`
			`write-kubeconfig-mode: '644'`
			`cluster-cidr: "10.42.0.0/16"`
			`service-cidr: "10.43.0.0/16"`
			`disable:`
			`- traefik`
			`- local-storage # disables local-path-provisioner`
			`- disable-helm-controller # https://fluxcd.io/flux/cheatsheets/troubleshooting/`
add new k8s-cluster (#559) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/559 2023-08-23 23:20:26 +02:00
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`### mgrote.fluxcd`
			`flux_repo_host: gitea.grote.lan`
			`flux_repo_host_port: 2222`
			`flux_repo_branch: master`
			`flux_repo_url_complete: "ssh://gitea@{{ flux_repo_host }}:{{ flux_repo_host_port }}/mg/manifests.git"`
			`flux_install_host: k3s4.grote.lan`
			`flux_homedir: /home/flux`
			`flux_path_ssh_dir: /home/flux/.ssh`
			`flux_user_group: flux`
			`flux_user: flux`
			`flux_download_url: https://github.com/fluxcd/flux2/releases/download/v2.0.1/flux_2.0.1_linux_amd64.tar.gz # updaten`
			`flux_path_bin: /usr/local/sbin`
			`flux_path_ssh_id_file: id_rsa`
			`flux_ssh_key_format: ed25519`
			`flux_sync_interval: 1m`
add new k8s-cluster (#559) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/559 2023-08-23 23:20:26 +02:00
fix linter errors (#584) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-25 22:26:17 +02:00			`### mgrote.apt_manage_packages`
			`apt_packages_extra:`
			`- nfs-common # für nfs-subdir-external-provisioner`

			`### mgrote.sealed-secrets`
			`sealed_secrets_homedir: /home/sealed_secrets`
			`sealed_secrets_user_group: sealed_secrets`
			`sealed_secrets_user: sealed_secrets`
			`kubeseal_download_url: "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.1/kubeseal-0.19.1-linux-amd64.tar.gz" #updaten`
			`kubeseal_path_bin: /usr/local/sbin`
			`sealed_secrets_keepass_entry_name: "{{ lookup('keepass', 'k3s-sealed-secrets-private-key', 'notes') }}"`