Merge branch 'random-items' into 'development'

chore: small fixes and feat

See merge request nofusscomputing/projects/ansible/kubernetes!4

defaults/main.yml

@@ -13,6 +13,9 @@ KubernetesVersion_k3s_prefix: '+k3s1'
 
 kubernetes_private_container_registry: []                  # Optional, Array. if none use `[]`
 
+kubernetes_etcd_snapshot_cron_schedule: '0 */12 * * *'
+kubernetes_etcd_snapshot_retention: 5
+
 # host_external_ip: ''                                     # Optional, String. External IP Address for host.
 
 # Optional, Dict. Used to configure Kubernetes with OIDC Authentication.
@@ -79,7 +82,7 @@ k3s:
     - name: psa.yaml
       path: /var/lib/rancher/k3s/server
       content: ""
-        # apiVersion: apiserver.config.k8s.io/v1
+        # apiVersion: apiserver.conf0 */12 * * *ig.k8s.io/v1
         # kind: AdmissionConfiguration
         # plugins:
         # - name: PodSecurity

docs/projects/ansible/roles/kubernetes/index.md

@@ -15,7 +15,13 @@ This role deploys a K3s cluster. In addition it has the following features:
 
 - CNI Setup
 
-- Configurable Container Registries
+- Configurable:
+
+    - Container Registries
+
+    - etcd snapshot cron schedule
+
+    - etcd snapshot retention
 
 - _[ToDo-#3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/3)_ Encryption between nodes (Wireguard)
 
@@ -40,10 +46,12 @@ The roles workflow is as follows
 
 1. Create required config files needed for installation
 
-1. _(kubernetes prime only)_ Add install required config files
+1. _(kubernetes prime master only)_ Add install required config files
 
 1. Install kubernetes
 
+1. _(kubernetes prime master only)_ Wait for kubernetes to be ready. Playbook is paused until `true`
+
 1. Configure Kubernetes
 
 If the playbook is setup as per [our recommendation](ansible.md) step 2 onwards is first done on master nodes then worker nodes.

tasks/k3s/install.yaml

@@ -7,6 +7,7 @@
     aptInstall:
       - name: curl
       - name: iptables
+      - name: jq
 
 
 - name: Create Required directories
@@ -183,6 +184,26 @@
       and
     not Kubernetes_Master | default(false) | bool
 
+
+- name: Wait for kubernets to be ready
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      if [ `which jq` ]; then echo $(kubectl get no $(hostname) -o json | jq .status.conditions[4].status | tr -d '"'); else echo jq command not found; exit 127; fi
+    executable: /bin/bash
+  register: kubernetes_ready_check
+  retries: 30
+  delay: 10
+  until: >
+    kubernetes_ready_check.stdout | default(false) | bool
+      or
+    kubernetes_ready_check.rc != 0
+  changed_when: false
+  failed_when: kubernetes_ready_check.rc != 0
+  when: >
+    kubernetes_config.cluster.prime.name == inventory_hostname
+
+
 - name: Set Kubernetes Final Install Fact
   ansible.builtin.set_fact:
     kubernetes_installed: true

templates/k3s-config.yaml.j2

@@ -14,6 +14,8 @@ service-cidr: "{{ KubernetesServiceSubnet }}"
 disable-network-policy: true
 disable:
   - traefik
+etcd-snapshot-retention: {{ kubernetes_etcd_snapshot_retention | int }}
+etcd-snapshot-schedule-cron: "{{ kubernetes_etcd_snapshot_cron_schedule }}"
 kube-apiserver-arg:
   - audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
   - audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml