63 lines
1.8 KiB
YAML
63 lines
1.8 KiB
YAML
---
|
|
- hosts: ovh1
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Ensure curl is installed (dependency)
|
|
apt:
|
|
name: curl
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Install k3s
|
|
shell: |
|
|
curl -sfL https://get.k3s.io | sh -
|
|
args:
|
|
creates: /usr/local/bin/k3s
|
|
|
|
# Open port 22 on Traefik. This is the official k3s way to do it - deploy a
|
|
# HelmChartConfig resource - but it can't easily be provisioned with
|
|
# kustomize for the usual namePrefix reasons.
|
|
#
|
|
# If traefik upgrade fails because CRDs are missing, see:
|
|
# https://github.com/k3s-io/k3s/issues/9534#issuecomment-1958116409
|
|
- name: Deploy Traefik HelmChart manifest with SSH entrypoint for k3s
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: templates/helm-chart-traefik-gitea.yaml
|
|
dest: /var/lib/rancher/k3s/server/manifests/traefik-gitea.yaml
|
|
mode: 0644
|
|
|
|
- name: Get Traefik service
|
|
kubernetes.core.k8s_info:
|
|
api_version: v1
|
|
kind: Service
|
|
namespace: kube-system
|
|
name: traefik
|
|
kubeconfig: "~/.kube/config-ovh" # a bit brittle but ensures the correct cluster is used
|
|
delegate_to: localhost
|
|
become: false
|
|
register: traefik_service
|
|
|
|
- name: Expose SSH port 22 on Traefik service if not present
|
|
kubernetes.core.k8s_json_patch:
|
|
api_version: v1
|
|
kind: Service
|
|
name: traefik
|
|
namespace: kube-system
|
|
kubeconfig: "~/.kube/config-ovh" # see comment above
|
|
patch:
|
|
- op: add
|
|
path: /spec/ports/-
|
|
value:
|
|
name: ssh
|
|
port: 22
|
|
protocol: TCP
|
|
targetPort: 22
|
|
delegate_to: localhost
|
|
become: false
|
|
when: >
|
|
traefik_service.resources[0].spec.ports |
|
|
selectattr('port', 'equalto', 22) | list | length == 0
|
|
run_once: true
|