K3S/molecule/cluster/converge.yml

---
# ── Render k3s server config for all masters ──────────────────────────────────
- name: Converge — k3s master configs (3-node HA)
  hosts: k3s_master
  become: true
  gather_facts: true

  vars:
    k3s_token: "molecule-cluster-token-abc123"
    k3s_version: "v1.29.3+k3s1"
    k3s_become: true
    k3s_fetch_kubeconfig: false
    k3s_master_ip: "192.168.1.100"
    k3s_common_packages:
      - htop
      - vim
      - git
      - jq
      - net-tools
    k3s_node_labels: []
    k3s_node_taints: []
    k3s_cluster_cidr: "10.42.0.0/16"
    k3s_service_cidr: "10.43.0.0/16"
    k3s_cluster_dns: "10.43.0.10"
    k3s_flannel_backend: "vxlan"
    k3s_cni: "flannel"
    k3s_install_dir: /usr/local/bin
    k3s_config_dir: /etc/kubernetes/k3s
    k3s_data_dir: /var/lib/kubernetes/k3s
    k3s_kubeconfig_path: /etc/kubernetes/k3s/k3s.yaml
    k3s_disable_traefik: true
    k3s_disable_servicelb: false
    k3s_disable_local_storage: false
    k3s_extra_server_args: ""
    k3s_etcd_type: embedded
    # kube-vip VIP (mock) used as join address for master02/master03
    k3s_join_address: "192.168.1.100"
    molecule_test: true

  tasks:
    # ── Prerequisites ──────────────────────────────────────────────────────────
    - name: Run prereqs tasks
      ansible.builtin.include_tasks: "{{ playbook_dir }}/../../roles/k3s/tasks/prereqs.yml"

    # ── Server config rendering ────────────────────────────────────────────────
    - name: Render k3s server config
      ansible.builtin.template:
        src: "{{ playbook_dir }}/../../roles/k3s/templates/k3s-server-config.yaml.j2"
        dest: /etc/kubernetes/k3s/config.yaml
        mode: "0600"

    # ── kube-vip DaemonSet template ────────────────────────────────────────────
    - name: Create kube-vip manifest directory
      ansible.builtin.file:
        path: /var/lib/kubernetes/k3s/server/manifests
        state: directory
        mode: "0755"

    - name: Render kube-vip DaemonSet manifest
      ansible.builtin.template:
        src: "{{ playbook_dir }}/../../roles/kube-vip/templates/kube-vip-ds.yaml.j2"
        dest: /var/lib/kubernetes/k3s/server/manifests/kube-vip.yaml
        mode: "0644"
      vars:
        kube_vip_address: "192.168.1.100"
        kube_vip_interface: "eth0"
        kube_vip_version: "v0.7.2"
        kube_vip_image: "ghcr.io/kube-vip/kube-vip"
        kube_vip_mode: "arp"
        kube_vip_services_enable: true
        _kube_vip_iface: "eth0"
        kube_vip_enable_lb: true
        kube_vip_enable_arp: true

# ── Render k3s agent config for all workers ───────────────────────────────────
- name: Converge — k3s worker configs (2 workers)
  hosts: k3s_workers
  become: true
  gather_facts: true

  vars:
    k3s_become: true
    k3s_config_dir: /etc/kubernetes/k3s
    k3s_data_dir: /var/lib/kubernetes/k3s
    k3s_common_packages:
      - htop
      - vim
      - git
      - jq
      - net-tools
    k3s_api_url: "https://192.168.1.100:6443"
    k3s_node_token: "K10::server:molecule-test-node-token"
    k3s_node_taints: []
    k3s_node_labels:
      - "node-role=worker"
    k3s_extra_agent_args: ""
    molecule_test: true

  tasks:
    - name: Run prereqs tasks
      ansible.builtin.include_tasks: "{{ playbook_dir }}/../../roles/k3s/tasks/prereqs.yml"

    - name: Render k3s agent config
      ansible.builtin.template:
        src: "{{ playbook_dir }}/../../roles/k3s/templates/k3s-agent-config.yaml.j2"
        dest: /etc/kubernetes/k3s/config.yaml
        mode: "0600"

# ── Test addon template rendering ─────────────────────────────────────────────
- name: Converge — core addon values.yaml templates (master01 only)
  hosts: master01
  become: false
  gather_facts: false

  vars:
    # ingress-nginx
    ingress_nginx_version: "4.10.1"
    ingress_nginx_namespace: "ingress-nginx"
    ingress_nginx_service_type: "LoadBalancer"
    ingress_nginx_load_balancer_ip: "192.168.1.100"
    ingress_nginx_replica_count: 1
    ingress_nginx_use_daemonset: false
    ingress_nginx_metrics_enabled: true
    ingress_nginx_class_name: "nginx"
    ingress_nginx_set_default_class: true
    ingress_nginx_custom_errors_enabled: false
    ingress_nginx_error_cluster_name: "K3S"
    ingress_nginx_error_cluster_domain: "home.local"
    ingress_nginx_extra_args: {}
    ingress_nginx_resources:
      requests:
        cpu: 100m
        memory: 90Mi
      limits:
        cpu: 500m
        memory: 256Mi
    # cert-manager
    cert_manager_version: "v1.15.3"
    cert_manager_namespace: "cert-manager"
    cert_manager_issuer: "letsencrypt"
    cert_manager_acme_email: "test@home.local"

  tasks:
    - name: Create temp dir for rendered values
      ansible.builtin.file:
        path: /tmp/molecule-values
        state: directory
        mode: "0755"

    - name: Render ingress-nginx values
      ansible.builtin.template:
        src: "{{ playbook_dir }}/../../addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2"
        dest: /tmp/molecule-values/ingress-nginx.yaml
        mode: "0644"