@ -17,16 +17,3 @@
|
|||||||
install_kubernetes | default(true) | bool
|
install_kubernetes | default(true) | bool
|
||||||
and
|
and
|
||||||
kubernetes_installed | default(false) | bool
|
kubernetes_installed | default(false) | bool
|
||||||
|
|
||||||
|
|
||||||
- name: Wireguard Cluster Encryption
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: k3s/wireguard.yaml
|
|
||||||
when: >
|
|
||||||
install_kubernetes | default(true) | bool
|
|
||||||
and
|
|
||||||
kubernetes_installed | default(false) | bool
|
|
||||||
and
|
|
||||||
not kubernetes_installed_encryption | default(false) | bool
|
|
||||||
and
|
|
||||||
kubernetes_config.cluster.networking.encrypt | default(false) | bool
|
|
||||||
|
|||||||
@ -1,4 +1,11 @@
|
|||||||
---
|
---
|
||||||
|
- name: Wireguard Cluster Encryption
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: k3s/wireguard.yaml
|
||||||
|
when: >
|
||||||
|
not kubernetes_installed_encryption | default(false) | bool
|
||||||
|
|
||||||
|
|
||||||
- name: Install Software
|
- name: Install Software
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: nfc_common
|
name: nfc_common
|
||||||
@ -8,6 +15,7 @@
|
|||||||
- name: curl
|
- name: curl
|
||||||
- name: iptables
|
- name: iptables
|
||||||
- name: jq
|
- name: jq
|
||||||
|
- name: wireguard
|
||||||
|
|
||||||
|
|
||||||
- name: Create Required directories
|
- name: Create Required directories
|
||||||
@ -169,9 +177,6 @@
|
|||||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||||
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
||||||
/tmp/install.sh
|
/tmp/install.sh
|
||||||
# curl -sfL https://get.k3s.io | \
|
|
||||||
# INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
|
||||||
# sh -
|
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: kubernetes_config.cluster.prime.name == inventory_hostname
|
when: kubernetes_config.cluster.prime.name == inventory_hostname
|
||||||
|
|
||||||
@ -200,6 +205,16 @@
|
|||||||
failed_when: kubernetes_ready_check.rc != 0
|
failed_when: kubernetes_ready_check.rc != 0
|
||||||
|
|
||||||
|
|
||||||
|
- name: Enable Cluster Encryption
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
|
||||||
|
changed_when: false
|
||||||
|
when: >
|
||||||
|
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||||
|
and
|
||||||
|
kubernetes.networking.encrypt | default(false) | bool
|
||||||
|
|
||||||
|
|
||||||
- name: Fetch Join Token
|
- name: Fetch Join Token
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: /var/lib/rancher/k3s/server/token
|
src: /var/lib/rancher/k3s/server/token
|
||||||
|
|||||||
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install Wireguard
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- wireguard
|
|
||||||
update_cache: false
|
|
||||||
when: >
|
|
||||||
ansible_os_family == 'Debian'
|
|
||||||
# and
|
|
||||||
# kubernetes.networking.encrypt | default(false) | bool
|
|
||||||
|
|
||||||
|
|
||||||
- name: Enable Cluster Encryption
|
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
|
|
||||||
changed_when: false
|
|
||||||
when: >
|
|
||||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
|
||||||
|
|
||||||
- name: Set Kubernetes Encryption Final Install Fact
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
kubernetes_installed_encryption: true
|
|
||||||
Reference in New Issue
Block a user