--- - name: Additional config files ansible.builtin.copy: content: | {{ item.content }} dest: "{{ item.path }}/{{ item.name }}" mode: '740' owner: root group: root loop: "{{ k3s.files }}" when: item.when | default(false) | bool - name: Check if FW dir exists ansible.builtin.stat: name: /etc/iptables-reloader/rules.d register: firewall_rules_dir_metadata - name: Copy Templates ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root mode: '700' force: true notify: "{{ item.notify | default(omit) }}" loop: "{{ templates_to_apply }}" when: > item.when | default(true) | bool vars: templates_to_apply: - src: kubernetes-manifest-rbac.yaml.j2 dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}" - src: iptables-kubernetes.rules.j2 dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules" notify: firewall_reloader when: |- {%- if firewall_installed -%} {{ firewall_rules_dir_metadata.stat.exists }} {%- else -%} false {%- endif %} - name: Add Kubernetes Node Labels ansible.builtin.copy: content: |- apiVersion: v1 kind: Node metadata: name: "{{ inventory_hostname }}" {% if kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0 -%} labels: {{ kubernetes_config.hosts[inventory_hostname].labels | to_nice_yaml | indent(4) }} {%- endif +%} {% if kubernetes_config.hosts[inventory_hostname].taints | default([]) | list | length > 0 -%} spec: taints: {{ kubernetes_config.hosts[inventory_hostname].taints | to_nice_yaml(indent=0) | indent(4) }} {% endif %} dest: /var/lib/rancher/k3s/server/manifests/node-manifest-{{ inventory_hostname }}.yaml owner: root group: root mode: '700' delegate_to: "{{ kubernetes_config.cluster.prime.name }}" when: kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0 or kubernetes_config.hosts[inventory_hostname].taints | default([]) | list | length > 0