mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Abbau k3s4 (#607)

Browse source 
Reviewed-on: #607
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-11-21 21:20:53 +01:00 committed by mg
parent 9e0a06079e
commit e8d7c61ff2
23 changed files with 3 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docker-compose/traefik/docker-compose.yml.j2
View file

@ -24,6 +24,7 @@ services:
######## nforwardauth ########
nforwardauth:
restart: always
image: nosduco/nforwardauth:v1
container_name: traefik-nforwardauth
environment:

0
roles/mgrote_fluxcd/README.md → friedhof/mgrote_fluxcd/README.md
View file

0
roles/mgrote_fluxcd/defaults/main.yml → friedhof/mgrote_fluxcd/defaults/main.yml
View file

0
roles/mgrote_fluxcd/handlers/main.yml → friedhof/mgrote_fluxcd/handlers/main.yml
View file

0
roles/mgrote_fluxcd/tasks/main.yml → friedhof/mgrote_fluxcd/tasks/main.yml
View file

0
roles/mgrote_fluxcd/tasks/user.yml → friedhof/mgrote_fluxcd/tasks/user.yml
View file

0
roles/mgrote_fluxcd/templates/bootstrap.sh → friedhof/mgrote_fluxcd/templates/bootstrap.sh
View file

0
roles/mgrote_k8s_autocompletion/README.md → friedhof/mgrote_k8s_autocompletion/README.md
View file

0
roles/mgrote_k8s_autocompletion/tasks/main.yml → friedhof/mgrote_k8s_autocompletion/tasks/main.yml
View file

0
roles/mgrote_k8s_misc/README.md → friedhof/mgrote_k8s_misc/README.md
View file

0
roles/mgrote_k8s_misc/tasks/main.yml → friedhof/mgrote_k8s_misc/tasks/main.yml
View file

0
roles/mgrote_sealed_secrets/README.md → friedhof/mgrote_sealed_secrets/README.md
View file

0
roles/mgrote_sealed_secrets/defaults/main.yml → friedhof/mgrote_sealed_secrets/defaults/main.yml
View file

0
roles/mgrote_sealed_secrets/tasks/import.yml → friedhof/mgrote_sealed_secrets/tasks/import.yml
View file

0
roles/mgrote_sealed_secrets/tasks/main.yml → friedhof/mgrote_sealed_secrets/tasks/main.yml
View file

0
roles/mgrote_sealed_secrets/tasks/user.yml → friedhof/mgrote_sealed_secrets/tasks/user.yml
View file

0
roles/mgrote_sealed_secrets/templates/private.key.j2 → friedhof/mgrote_sealed_secrets/templates/private.key.j2
View file

62
group_vars/k3s.yml
View file

@ -1,62 +0,0 @@
---
### Allgemein
kubeconfig: /etc/rancher/k3s/k3s.yaml
### mgrote.restic
restic_folders_to_backup: "/ /var" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
### oefenweb.ufw
ufw_rules:
- rule: allow
comment: 'k3s - alles offen'
from_ip: 0.0.0.0/0
### pyratlabs.k3s
k3s_state: installed
k3s_release_version: v1.25.11+k3s1
k3s_airgap: false
k3s_config_file: /etc/rancher/k3s/config.yaml
k3s_build_cluster: true
k3s_install_dir: /usr/local/bin
k3s_etcd_datastore: true
k3s_become: true
k3s_use_experimental: true
k3s_debug: false
k3s_server:
# siehe https://docs.k3s.io/reference/server-config
# cli parameter OHNE -- am anfang
write-kubeconfig-mode: '644'
cluster-cidr: "10.42.0.0/16"
service-cidr: "10.43.0.0/16"
disable:
- traefik
- local-storage # disables local-path-provisioner
- disable-helm-controller # https://fluxcd.io/flux/cheatsheets/troubleshooting/
### mgrote.fluxcd
flux_repo_host: gitea.grote.lan
flux_repo_host_port: 2222
flux_repo_branch: master
flux_repo_url_complete: "ssh://gitea@{{ flux_repo_host }}:{{ flux_repo_host_port }}/mg/manifests.git"
flux_install_host: k3s4.grote.lan
flux_homedir: /home/flux
flux_path_ssh_dir: /home/flux/.ssh
flux_user_group: flux
flux_user: flux
flux_download_url: https://github.com/fluxcd/flux2/releases/download/v2.0.1/flux_2.0.1_linux_amd64.tar.gz # updaten
flux_path_bin: /usr/local/sbin
flux_path_ssh_id_file: id_rsa
flux_ssh_key_format: ed25519
flux_sync_interval: 1m
### mgrote.apt_manage_packages
apt_packages_extra:
- nfs-common # für nfs-subdir-external-provisioner
### mgrote.sealed-secrets
sealed_secrets_homedir: /home/sealed_secrets
sealed_secrets_user_group: sealed_secrets
sealed_secrets_user: sealed_secrets
kubeseal_download_url: "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.1/kubeseal-0.19.1-linux-amd64.tar.gz" #updaten
kubeseal_path_bin: /usr/local/sbin
sealed_secrets_keepass_entry_name: "{{ lookup('keepass', 'k3s-sealed-secrets-private-key', 'notes') }}"

3
host_vars/k3s4.grote.lan.yml
View file

@ -1,3 +0,0 @@
---
### pyratlabs.k3s
k3s_control_node: true

2
host_vars/pve5.grote.lan.yml
View file

@ -169,7 +169,7 @@ sanoid_datasets:
### mgrote.cv4pve-autosnap
cv4pve_api_user: root@pam!cv4pve-autosnap
cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}"
cv4pve_vmid: all,-106,-112,-115
cv4pve_vmid: all,-115
cv4pve_keep_snapshots: 5
cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip"

6
inventory
View file

@ -12,13 +12,10 @@ all:
docker:
hosts:
docker10.grote.lan:
k3s:
hosts:
k3s4.grote.lan:
vmtest:
hosts:
vm-test-2204.grote.lan:
#pbs-test.grote.lan:
pbs-test.grote.lan:
pve5-test.grote.lan:
pve:
hosts:
@ -44,7 +41,6 @@ all:
gitea.grote.lan:
docker10.grote.lan:
pbs.grote.lan:
k3s4.grote.lan:
test:
hosts:
vm-test-2204.grote.lan:

BIN
keepass_db.kdbx
View file

Binary file not shown.

10
playbooks/3_service/k3s.yml
View file

@ -1,10 +0,0 @@
---
- hosts: k3s
roles:
- { role: pyratlabs-ansible-role-k3s, tags: "k3s" }
- { role: mgrote_k8s_autocompletion, tags: "autocomp" }
- { role: pandemonium1986-ansible-role-k9s, tags: "k9s", become: true }
- { role: mgrote_fluxcd, tags: "flux", become: true }
- { role: mgrote_k8s_misc, tags: "misc", become: true }
- { role: mgrote_sealed_secrets, tags: "sealed-secrets", become: true }
- { role: geerlingguy-ansible-role-helm, tags: "helm", become: true }