finalize role

defaults/main.yml

@@ -1,2 +1,18 @@
 ---
 # defaults file for ansible-k3s
+k3s_cluster_group: "cluster"
+k3s_token_file: "/etc/rancher/node/password"
+k3s_control_plane_endpoint: k3s.service.consul
+k3s_consul_service: false
+k3s_server_config:
+  tls-san:
+    - "{{ k3s_control_plane_endpoint }}"
+  disable:
+    #    - local-storage
+    # - servicelb
+    # - traefik
+  # disable-helm-controller: true
+  # disable-kube-proxy: true
+  # disable-network-policy: true
+  # flannel-backend: none
+  # secrets-encryption: true

handlers/main.yml

@@ -1,2 +1,5 @@
 ---
 # handlers file for ansible-k3s
+- name: Reload consul configuration on Linux
+  ansible.builtin.command: "consul reload"
+  listen: "reload consul configuration"

tasks/main.yml

@@ -1,2 +1,85 @@
 ---
 # tasks file for ansible-k3s
+
+- name: K3s aur instalation (Archlinux)
+  aur:
+    name: k3s-bin
+    state: present
+  become: true
+  become_user: aur_builder
+
+- name: create config directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    mode: 733
+  become: true
+  loop:
+    - "/etc/rancher/node/"
+    - "/etc/rancher/k3s/"
+
+- name: Check if k3s token file exists on the first node
+  run_once: true
+  ansible.builtin.stat:
+    path: "{{ k3s_token_file }}"
+  register: k3s_token_file_stat
+  become: true
+
+
+- name: Generate k3s token file on the first node if not exist yet
+  run_once: true
+  when: not k3s_token_file_stat.stat.exists
+  ansible.builtin.copy:
+    content: "{{ lookup('community.general.random_string', length=32) }}"
+    dest: "{{ k3s_token_file }}"
+    mode: 0600
+  become: true
+
+- name: Get k3s token from the first node
+  run_once: true
+  ansible.builtin.slurp:
+    src: "{{ k3s_token_file }}"
+  register: k3s_token_base64
+  become: true
+
+- name: Ensure all nodes has the same token
+  ansible.builtin.copy:
+    content: "{{ k3s_token_base64.content | b64decode }}"
+    dest: "{{ k3s_token_file }}"
+    mode: 0600
+  become: true
+
+- name: Copy k3s config files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0644
+  loop:
+    - src: config.yaml.j2
+      dest: "/etc/rancher/k3s/config.yaml"
+    - src: k3s.service.j2
+      dest: "/etc/systemd/system/k3s.service"
+  become: true
+
+
+- name: Template consul service
+  ansible.builtin.template:
+    src: consul.d/k3s.hcl.j2
+    dest: /etc/consul.d/k3s.hcl
+    owner: consul
+    mode: "0644"
+  notify: Reload consul configuration on Linux
+  when: k3s_consul_service
+  become: true
+
+
+- name: Enable k3s service
+  ansible.builtin.systemd:
+    name: k3s
+    enabled: true
+    state: started
+  register: k3s_service
+  until: k3s_service is succeeded
+  retries: 5
+  become: true

templates/config.yaml.j2

@@ -0,0 +1,10 @@
+{% if inventory_hostname == groups[k3s_cluster_group][0]%}
+cluster-init: true
+{% else %}
+server: https://{{ k3s_control_plane_endpoint }}:6443
+{% endif %}
+token-file: {{ k3s_token_file }}
+{% if  k3s_cluster_group in group_names %}
+{{ k3s_server_config | to_nice_yaml }}
+{% endif %}
+snapshotter: stargz

templates/consul.d/k3s.hcl.j2

@@ -0,0 +1,16 @@
+service {
+  name = "k3s"
+  id   = "k3s"
+  port = 6443
+  tags = []
+  check
+  {
+     id =  "check-k3s",
+     name = "k3s status check",
+     service_id = "k3s",
+     tcp  = "localhost:6443",
+     interval = "5s",
+     timeout = "5s"
+  }
+}
+

templates/k3s.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+After=network-online.target
+
+[Service]
+Type=notify
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/bin/k3s {{ 'server' if  k3s_cluster_group in group_names else 'agent' }}
+KillMode=process
+Delegate=yes
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+TimeoutStartSec=0
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target