-
Notifications
You must be signed in to change notification settings - Fork 5
/
deploy.yml
83 lines (64 loc) · 3.05 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
- hosts: proxmox_servers:proxmox_vms
gather_facts: no # because the nodes aren't up yet
tasks:
- { import_role: { name: proxmox }, tags: [ proxmox ] }
- { import_role: { name: proxmox-controller }, tags: [ proxmox-controller ] }
- hosts: k3s_servers
gather_facts: yes
become: yes
vars:
local_home: "{{ lookup('env','HOME') }}"
haproxy_k8s_backends: |
{% for master in groups["k3s_servers"] %}
server k8s-api-{{ hostvars[master]["inventory_hostname_short"]}} {{ cluster_nic_class_c }}.{{ hostvars[master]["ansible_host"].split(".")[3] }}:6443 check
{% endfor %}
# roles:
# - role: artis3n.tailscale
# vars:
# # Example pulling the API key from the env vars on the host running Ansible
# tailscale_authkey: "{{ tailscale_key }}"
# tailscale_args: "--accept-dns=false" # don't want tailscale messing up our kube dns
tasks:
- { import_role: { name: node }, tags: [ node ] }
- { import_role: { name: haproxy }, tags: [ haproxy ], when: "inventory_hostname in groups['haproxy_servers']" }
- { import_role: { name: keepalived }, tags: [ keepalived ], when: "inventory_hostname in groups['haproxy_servers']" }
- { import_role: { name: k3s-server }, tags: [ k3s-server ] }
- { import_role: { name: oidc }, tags: [ oidc], when: "groups['k3s_servers'][0] == inventory_hostname" }
- { import_role: { name: backup }, tags: [ backup ] }
# We need this to get flux in before k3s-agent
- hosts: controllers
gather_facts: yes
tasks:
- name: set host architecture
set_fact:
host_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else 'arm64' if ansible_architecture == 'aarch64' else ansible_architecture }}"
tags: always
- { import_role: { name: controller }, tags: [ controller ] }
- { import_role: { name: cilium-pre-flux }, tags: [ cilium-pre-flux ] }
# Now install workers
- hosts: k3s_agents,k3s_contended,k3s_dedicated
gather_facts: yes
become: yes
# roles:
# - role: artis3n.tailscale
# vars:
# # Example pulling the API key from the env vars on the host running Ansible
# tailscale_authkey: "{{ tailscale_key }}"
# tailscale_args: "--accept-dns=false" # don't want tailscale messing up our kube dns
tasks:
- { import_role: { name: node }, tags: [ node ] }
- { import_role: { name: k3s-agent }, tags: [ k3s-agent ] }
# - { import_role: { name: kata-containers }, tags: [ kata-containers ] }
- hosts: controllers
gather_facts: yes
tasks:
- name: set host architecture
set_fact:
host_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else 'arm64' if ansible_architecture == 'aarch64' else ansible_architecture }}"
tags: always
- { import_role: { name: sealed-secrets }, tags: [ sealed-secrets ] }
- { import_role: { name: velero }, tags: [ velero ] }
- { import_role: { name: flux }, tags: [ flux ] }
- { import_role: { name: grafana-dashboards }, tags: [ grafana-dashboards ] }
- { import_role: { name: authentik }, tags: [ authentik ] }
- { import_role: { name: tetragon }, tags: [ tetragon ] }