118 lines
4.7 KiB
YAML
118 lines
4.7 KiB
YAML
---
|
||
# ─────────────────────────────────────────────────────────────────────────────
|
||
# K3S Core Stack — разворачивает кластер без аддонов.
|
||
#
|
||
# Порядок:
|
||
# 0. Chrony — синхронизация времени (обязательно до k3s)
|
||
# 1. K3S — кластер (master → workers)
|
||
# 2. Helm — устанавливается на мастер-ноды (нужен аддонам)
|
||
# 3. CNI — сетевой плагин (calico/cilium; flannel встроен)
|
||
# 4. kube-vip — VIP для control plane + LoadBalancer
|
||
# 5. k3s-certs — systemd таймер авторотации сертификатов
|
||
#
|
||
# Аддоны устанавливаются отдельно: make addon-<name>
|
||
# Полный стек с аддонами: make install-full
|
||
# ─────────────────────────────────────────────────────────────────────────────
|
||
|
||
# ── 0. External etcd (если k3s_etcd_type: external) ──────────────────────────
|
||
- name: Deploy external etcd cluster
|
||
hosts: etcd_nodes
|
||
gather_facts: true
|
||
become: true
|
||
tags: [etcd]
|
||
tasks:
|
||
- name: Include etcd role for external mode
|
||
ansible.builtin.include_role:
|
||
name: etcd
|
||
when: k3s_etcd_type | default('embedded') == 'external'
|
||
|
||
# ── 0. Chrony — синхронизация времени ────────────────────────────────────────
|
||
- name: Configure time synchronization (chrony)
|
||
hosts: k3s_cluster
|
||
gather_facts: true
|
||
become: true
|
||
tags: [chrony, time, prereqs]
|
||
roles:
|
||
- role: chrony
|
||
|
||
# ── 1. K3S Cluster ────────────────────────────────────────────────────────────
|
||
- name: Install K3S cluster (HA embedded etcd)
|
||
hosts: k3s_cluster
|
||
gather_facts: true
|
||
become: true
|
||
serial: 1
|
||
tags: [k3s]
|
||
roles:
|
||
- role: k3s
|
||
|
||
# ── 2. Helm на мастер-нодах ──────────────────────────────────────────────────
|
||
- name: Install Helm on master nodes
|
||
hosts: k3s_master
|
||
gather_facts: false
|
||
become: true
|
||
tags: [helm]
|
||
tasks:
|
||
- name: Check if Helm is installed
|
||
ansible.builtin.command: helm version --short
|
||
register: helm_check
|
||
failed_when: false
|
||
changed_when: false
|
||
|
||
- name: Download and install Helm
|
||
ansible.builtin.shell: |
|
||
set -o pipefail
|
||
curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
|
||
args:
|
||
executable: /bin/bash
|
||
when: helm_check.rc != 0
|
||
retries: 3
|
||
delay: 5
|
||
|
||
# ── 3. CNI (calico/cilium; при flannel — пропускается) ──────────────────────
|
||
- name: Deploy CNI plugin
|
||
hosts: k3s_master[0]
|
||
gather_facts: false
|
||
become: true
|
||
tags: [cni]
|
||
roles:
|
||
- role: cni
|
||
|
||
# ── 4. kube-vip ───────────────────────────────────────────────────────────────
|
||
- name: Deploy kube-vip (VIP + LoadBalancer)
|
||
hosts: k3s_master
|
||
gather_facts: true
|
||
become: true
|
||
tags: [kube_vip]
|
||
roles:
|
||
- role: kube-vip
|
||
|
||
# ── 5. Certificate Auto-Rotation ─────────────────────────────────────────────
|
||
- name: Setup K3S certificate auto-rotation
|
||
hosts: k3s_cluster
|
||
gather_facts: true
|
||
become: true
|
||
tags: [certs, k3s_certs]
|
||
roles:
|
||
- role: k3s-certs
|
||
|
||
# ── Verify core stack ─────────────────────────────────────────────────────────
|
||
- name: Verify core stack
|
||
hosts: k3s_master[0]
|
||
gather_facts: false
|
||
become: true
|
||
tags: [verify]
|
||
tasks:
|
||
- name: Nodes
|
||
ansible.builtin.command: k3s kubectl get nodes -o wide
|
||
register: nodes
|
||
changed_when: false
|
||
- ansible.builtin.debug:
|
||
msg: "{{ nodes.stdout_lines }}"
|
||
|
||
- name: All pods
|
||
ansible.builtin.command: k3s kubectl get pods -A
|
||
register: pods
|
||
changed_when: false
|
||
- ansible.builtin.debug:
|
||
msg: "{{ pods.stdout_lines }}"
|