Abbau: k3s (#483)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #483

docker-compose/munin/docker-compose.yml.j2

@@ -21,9 +21,7 @@ services:
       acng2.grote.lan:acng2.grote.lan
       ansible2.grote.lan:ansible2.grote.lan
       pve5.grote.lan:pve5.grote.lan
-      k3s-nfs2.grote.lan:k3s-nfs2.grote.lan
       dokuwiki2.grote.lan:dokuwiki2.grote.lan
-      k3s1.grote.lan:k3s1.grote.lan
       gitea.grote.lan:gitea.grote.lan
       docker10.grote.lan:docker10.grote.lan
       dnsmasq.grote.lan:dnsmasq.grote.lan'

group_vars/k3s.yml

@@ -1,104 +0,0 @@
----
-  ### mgrote.restic
-  restic_folders_to_backup: "/ /var" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
-
-  ### pandemonium1986.ansible-role-k9s
-  k9s_version: "v0.27.3"
-
-  ### mrlesmithjr.ansible-manage-lvm
-  #lvm_groups:
-  # - vgname: vg_gitea_data
-  #   disks:
-  #     - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1
-  #   create: true
-  #   lvnames:
-  #     - lvname: lv_gitea_data
-  #       size: +100%FREE
-  #       create: true
-  #       filesystem: xfs
-  #       mount: true
-  #       mntp: /var/lib/gitea
-  #manage_lvm: true
-  #pvresize_to_max: true
-
-  ### oefenweb.ufw
-  ufw_rules:
-#     - rule: allow
-#       to_port: 22
-#       protocol: tcp
-#       comment: 'ssh'
-#       from_ip: 0.0.0.0/0
-#     - rule: allow
-#       to_port: 4949
-#       protocol: tcp
-#       comment: 'munin'
-#       from_ip: 192.168.2.0/24
-#     # https://rancher.com/docs/k3s/latest/en/installation/installation-requirements/
-#     - rule: allow
-#       to_port: 6443
-#       protocol: tcp
-#       comment: 'k8s-api-server'
-#       from_ip: 192.168.2.0/24
-#     - rule: allow
-#       to_port: 2379
-#       protocol: tcp
-#       comment: 'k8s-embedded-etcd'
-#       from_ip: 192.168.2.0/24
-#     - rule: allow
-#       to_port: 2380
-#       protocol: tcp
-#       comment: 'k8s-embedded-etcd'
-#       from_ip: 192.168.2.0/24
-#     - rule: allow
-#       to_port: 10250
-#       protocol: tcp
-#       comment: 'k8s-kubelet-metrics'
-#       from_ip: 192.168.2.0/24
-      - rule: allow
-        comment: 'k3s - alles offen'
-        from_ip: 0.0.0.0/0
-
-  ### xanmanning.k3s
-  k3s_state: installed
-  k3s_airgap: false
-  k3s_config_file: /etc/rancher/k3s/config.yaml
-  k3s_build_cluster: true
-  k3s_install_dir: /usr/local/bin
-  k3s_etcd_datastore: true
-  k3s_become: true
-  k3s_use_experimental: true
-  k3s_server:
-    # siehe https://docs.k3s.io/reference/server-config
-    # cli parameter OHNE -- am anfang
-    write-kubeconfig-mode: '644'
-    cluster-cidr: "10.42.0.0/16"
-    service-cidr: "10.43.0.0/16"
-    disable:
-      - traefik
-      - local-storage # disables local-path-provisioner
-      - disable-helm-controller # https://fluxcd.io/flux/cheatsheets/troubleshooting/
-
-  ### mgrote.fluxcd
-  flux_repo_url:
-  flux_repo_host: git.mgrote.net
-  flux_repo_host_port: 2222
-  flux_repo_branch: master
-  flux_repo_url_complete: ssh://gitea@git.mgrote.net:2222/mg/k3s-fluxcd.git
-  flux_install_host: k3s1.grote.lan
-  flux_homedir: /home/flux
-  flux_path_ssh_dir: /home/flux/.ssh
-  flux_user_group: flux
-  flux_user: flux
-  flux_download_url: https://github.com/fluxcd/flux2/releases/download/v0.35.0/flux_0.35.0_linux_amd64.tar.gz
-  flux_path_bin: /usr/local/sbin
-  flux_path_ssh_id_file: id_rsa
-  flux_ssh_key_format: ed25519
-  kubeconfig: /etc/rancher/k3s/k3s.yaml
-  flux_sync_interval: 1m
-
-  ### mgrote.apt_manage_packages
-  apt_packages_extra:
-    - nfs-common # für nfs-subdir-external-provisioner
-
-  ### githubixxansible.cilium
-  cilium_chart_version: "1.12.3"

host_vars/k3s-nfs2.grote.lan.yaml

@@ -1,60 +0,0 @@
----
-  ### geerlingguy.nfs
-  nfs_exports:
-    - /srv/nfs 192.168.2.42(rw,no_subtree_check,no_root_squash) #k3s1
-  nfs_port: 33333
-
-
-  ### mgrote.munin-node
-  munin_node_plugins:
-    - name: timesync
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status
-    - name: systemd_status
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status
-    - name: systemd_mem
-      src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
-      config: |
-        [systemd_mem]
-        env.all_services true
-    - name: fail2ban
-      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
-      config: |
-        [fail2ban]
-        env.client /usr/bin/fail2ban-client
-        env.config_dir /etc/fail2ban
-        user root
-    - name: nfsd4
-      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nsfd4
-    - name: nfsd
-      src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nfsd
-  munin_node_disabled_plugins:
-    - name: lvm_
-  ### mgrote.restic
-  restic_folders_to_backup: "/ /srv/nfs" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
-
-
-  ### oefenweb.ufw
-  ufw_rules:
-    - rule: allow
-      to_port: 22
-      protocol: tcp
-      comment: 'ssh'
-      from_ip: 0.0.0.0/0
-    - rule: allow
-      to_port: 4949
-      protocol: tcp
-      comment: 'munin'
-      from_ip: 192.168.2.144/24
-      # k3s1
-    - rule: allow
-      from_ip: 192.168.2.42
-      comment: 'nfs'
-      to_port: 2049
-    - rule: allow
-      from_ip: 192.168.2.42
-      comment: 'nfs'
-      to_port: 111
-    - rule: allow
-      from_ip: 192.168.2.42
-      comment: 'nfs'
-      to_port: "{{ nfs_port }}"

host_vars/k3s1.grote.lan.yml

@@ -1,3 +0,0 @@
----
-  ### xanmanning.k3s
-  k3s_control_node: true

host_vars/pve5.grote.lan.yml

@@ -42,7 +42,7 @@
     - dataset: rpool/data
       state: present
     - dataset: rpool/data/k3s
-      state: present
+      state: absent #  noch löschen
     # hdd_data_raidz
     - dataset: hdd_data_raidz
       state: present
@@ -169,15 +169,11 @@
       recursive: 'no'
       snapshots: true
       template: '3tage'
-    - path: rpool/data/k3s
-      recursive: 'no'
-      snapshots: true
-      template: '14tage'
 
   ### mgrote.cv4pve-autosnap
   cv4pve_api_user: root@pam!cv4pve-autosnap
   cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
-  cv4pve_vmid: all,-106,-112,-115
+  cv4pve_vmid: all,-106,-115
   cv4pve_keep_snapshots: 5
   cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip"
 
@@ -249,11 +245,6 @@
       mp_nr: 1
       mp_path_host: /rpool/data/acng
       mp_path_guest: /var/cache/apt-cacher-ng
-      ### k3s-nfs2
-    - vmid: 112
-      mp_nr: 1
-      mp_path_host: /rpool/data/k3s
-      mp_path_guest: /srv/nfs
 
   ### mgrote.munin-node
   munin_node_plugins:

inventory

@@ -18,12 +18,6 @@ all:
     docker:
       hosts:
         docker10.grote.lan:
-    k3s:
-      hosts:
-        k3s1.grote.lan:
-    nfs:
-      hosts:
-        k3s-nfs2.grote.lan:
     vmtest:
       hosts:
         vm-test-2204.grote.lan:
@@ -48,8 +42,6 @@ all:
         gitea.grote.lan:
         dnsmasq.grote.lan:
         docker10.grote.lan:
-        k3s1.grote.lan:
-        k3s-nfs2.grote.lan:
     test:
       hosts:
         vm-test-2204.grote.lan:

playbooks/3_service/k3s.yml

@@ -1,10 +0,0 @@
----
-- hosts: k3s
-  roles:
-    - { role: PyratLabs.k3s, tags: "k3s" }
-    - { role: mgrote.k8s_autocompletion, tags: "autocomp" }
-    - { role: pandemonium1986.ansible-role-k9s, tags: "k9s", become: true }
-    - { role: mgrote.fluxcd, tags: "flux", become: true }
-    - { role: mgrote.k8s_misc, tags: "misc", become: true }
-    - { role: mgrote.sealed-secrets, tags: "sealed-secrets", become: true }
-    - { role: geerlingguy.helm, tags: "helm", become: true }

playbooks/3_service/nfs.yml

@@ -1,4 +0,0 @@
----
-- hosts: nfs
-  roles:
-    - { role: geerlingguy.nfs_server, tags: "nfs", become: true }