ansible-collections/kubernetes
2
0
Fork 0
Code Issues 8 Pull Requests 1 Actions Projects Releases 28 Wiki Activity

fix(wireguard): install before k3s

Browse Source 
!5
This commit is contained in:
Jon Lockwood
2023-11-02 13:44:27 +09:30
parent fd547a4c0f
commit 4a9d98394e
3 changed files with 18 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tasks/k3s/install.yaml
View File

@ -1,4 +1,11 @@
---
- name: Wireguard Cluster Encryption
ansible.builtin.include_tasks:
file: k3s/wireguard.yaml
when: >
not kubernetes_installed_encryption | default(false) | bool
- name: Install Software
ansible.builtin.include_role:
name: nfc_common
@ -8,6 +15,7 @@
- name: curl
- name: iptables
- name: jq
- name: wireguard
- name: Create Required directories
@ -169,9 +177,6 @@
INSTALL_K3S_SKIP_DOWNLOAD=true \
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
/tmp/install.sh
# curl -sfL https://get.k3s.io | \
# INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
# sh -
changed_when: false
when: kubernetes_config.cluster.prime.name == inventory_hostname
@ -200,6 +205,16 @@
failed_when: kubernetes_ready_check.rc != 0
- name: Enable Cluster Encryption
ansible.builtin.command:
cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
changed_when: false
when: >
kubernetes_config.cluster.prime.name == inventory_hostname
and
kubernetes.networking.encrypt | default(false) | bool
- name: Fetch Join Token
ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/token

22
tasks/k3s/wireguard.yaml
View File

@ -1,22 +0,0 @@
---
- name: Install Wireguard
ansible.builtin.apt:
name:
- wireguard
update_cache: false
when: >
ansible_os_family == 'Debian'
# and
# kubernetes.networking.encrypt | default(false) | bool
- name: Enable Cluster Encryption
ansible.builtin.command:
cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
changed_when: false
when: >
kubernetes_config.cluster.prime.name == inventory_hostname
- name: Set Kubernetes Encryption Final Install Fact
ansible.builtin.set_fact:
kubernetes_installed_encryption: true