diff --git a/ansible/Containerfile b/ansible/Containerfile new file mode 100644 index 00000000..86aa0dd5 --- /dev/null +++ b/ansible/Containerfile @@ -0,0 +1,9 @@ +FROM quay.io/ansible/ansible-runner:latest + +RUN useradd -m nold && chown -R nold:nold /home/runner + +COPY . /ansible +WORKDIR /ansible + +USER 1000 +CMD ["/bin/bash", "/ansible/entrypoint.sh"] diff --git a/ansible/entrypoint.sh b/ansible/entrypoint.sh new file mode 100644 index 00000000..b3fe8a7a --- /dev/null +++ b/ansible/entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/bash +ansible-galaxy role list 2>/dev/null | grep -q ansible-role-k3s || ansible-galaxy role install git+https://github.com/PyratLabs/ansible-role-k3s +ansible-playbook k3s-playbook.yml -i inventory.ini -K diff --git a/ansible/inventory.ini b/ansible/inventory.ini new file mode 100644 index 00000000..889c9cad --- /dev/null +++ b/ansible/inventory.ini @@ -0,0 +1,2 @@ +[all] +hive.lan diff --git a/ansible/k3s-playbook.yml b/ansible/k3s-playbook.yml index 7a9243ae..9f9253b3 100644 --- a/ansible/k3s-playbook.yml +++ b/ansible/k3s-playbook.yml @@ -1,13 +1,25 @@ # K3s Setup/Update Playbook for my Homelab host -- hosts: localhost - connection: local +- hosts: all vars: + ansible_user: nold + ansible_become_method: su + ansible_become: true + k3s_release_version: v1.22 k3s_debug: false k3s_registration_address: 192.168.1.111 - k3s_become_for_all: false + k3s_become: true k3s_control_node: true k3s_start_on_boot: false + k3s_registries: + mirrors: + docker.io: + endpoint: + - "https://reg.dc/f/docker" + configs: + "reg.dc": + tls: + ca_file: /etc/ssl/vault_ca.crt k3s_server: cluster-cidr: 10.0.0.0/8 flannel-backend: "none" @@ -16,6 +28,10 @@ - traefik - servicelb disable-network-policy: true - + pre_tasks: + - name: Ensure Vault CA file exists + copy: + src: vault_ca.crt + dest: /etc/ssl/vault_ca.crt roles: - ansible-role-k3s diff --git a/ansible/run.sh b/ansible/run.sh new file mode 100644 index 00000000..8dd41a85 --- /dev/null +++ b/ansible/run.sh @@ -0,0 +1,3 @@ +#!/bin/bash +docker build -f Containerfile -t hive-ansible . +docker run -ti --rm -v /home/nold/.ssh:/home/nold/.ssh hive-ansible diff --git a/ansible/vault_ca.crt b/ansible/vault_ca.crt new file mode 100644 index 00000000..4b9389fd --- /dev/null +++ b/ansible/vault_ca.crt @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIDGjCCAgKgAwIBAgIUEaD1kSZtDX9X/0rZMSIjvurPqIowDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAxMCZGMwHhcNMjEwNDMwMTAwNTE5WhcNMzEwNDI4MTAwNTQ5 +WjANMQswCQYDVQQDEwJkYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKLcvBssxeO7Py6X1fCDMc3woF2KnF9MH87PJSH0aJ32B18FSjmTH5VKBc/azov5 +MLzavMdCyMXl3QO77EIYjHtrZFJOeFVARLU2BtPN2Ebz8u6bII6uGbyUHrBO8fpl +hh0Ug3Dks9Fk7EV3Re+1C9oluxZNPC+p8zRfT/jTy0ddJfGcePCkPDAF7FGEjfWn +f5qlu6lDwaEk/M4BjGFgeP2pswaMljfo2YSQOKOEaktaNgcklMeRLtIds6IGgypX +apYh7TtxSzt3oHzxOSFLDFZNLolGZGYqfkGez3Z01rrfBrEYf20OaCI3xHurguRr +TD6EX2oa1fGCCZ5PV8UKpRUCAwEAAaNyMHAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFO3+pFOMVitiPXqMhHXpDDH+NKIqMB8GA1Ud +IwQYMBaAFO3+pFOMVitiPXqMhHXpDDH+NKIqMA0GA1UdEQQGMASCAmRjMA0GCSqG +SIb3DQEBCwUAA4IBAQBGuzYCepecnpIobYgSB4T/Gq+Ak5XoabiVXFaKIRUqiHq4 +Ofzl/GJcZ9IXhKxdzjwI2YVKI9Z+J8oy2fzt6rShjnVaz4hJNuN/uCtUAfXdpirb +Rbh+nlaiNVq7+YadiuOJnTKOEMgTWbjcKtzNoAhwQW+HPNhzHxKtcYIrq0Muppo9 +PAqhJaBdx/NLNOM2X7oOCqEwWE/vaGxPSFjQ1ZGRwTCiZG55z/NILznkmdWH1zln +jyS8mVciA68yGhH3BBnDmWDktgXGHgFRGwj/AFDZy0MaXziEXXi9OAdMXcqZ7/V9 +MdjCPHJhQp173zE64/OZ0IBDgCgjTDb7gr3g96ko +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIUIysxDnlOcWOQPdrnD9JobSNbKIAwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAxMCZGMwHhcNMjEwNDMwMTAxMzAxWhcNMjYwNDI5MTAxMzMx +WjAkMSIwIAYDVQQDExlkYyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4Y9Tx4SSMv9MBeIGxpIpBntFCtgtfIr +rrplPRZuWOkML3psJkLL+BXiESO4vOX6Zj32PK2uyg/AGg+hCEkNNLdc9B4yyg9Z +Nm1ILRfyXFU1IeWzhibg9orAVsQNjJO/S8SPIXRGPpkNrfnOmUlHUIdD40/3drh7 +tM13h82pS3ptsUxYDso4Symhgz52eAuWYKgno1SbL1FIGrafgBVRjdbNRcu8OaMK +VWMK0aM/u0gVW0H7MlcCNV7fVEq59JtQBjyebtml09A77kKzZj49BkI03hh68v7w +D0CLqhqSO4d5ytMtojtza7YA4KbU1Ub1JA47of83oAxvIKocuOrdDQIDAQABo4HU +MIHRMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSO +FRMNYkAXQVgbE+K1d0g55bDXDzAfBgNVHSMEGDAWgBTt/qRTjFYrYj16jIR16Qwx +/jSiKjA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAKGH2h0dHA6Ly8xMjcuMC4w +LjE6ODIwMC92MS9wa2kvY2EwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovLzEyNy4w +LjAuMTo4MjAwL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQADggEBAFWex1uAg3vh +P1O9jcMk/FQ78+Lo//O2dlO3XvifflsQm+a0uFkhr8C9lCg+lB1Tc4M7OSuirxBb +gQWF/6Z34iulIyEUC97JeATjQT44B2sAXY02w5M9kioDeDz1xX3REST27MmaO6JE +XPWU4hMELrlcQCIHI9rzV9pU2NkLFL98zs8xozGt8xk6GolNvFIlNrxJRV0tCmxI +VwNx5hCyyxlWbpy+0WJnwfL6xAXaThNP51auiX8iuYiJTmeryEmyH5pULY1Dd43Y +uiNf5WHKzaYH8uXbk0xyQKmd+m7HwdtXzjC9ZEQrAP1Tocum6lV54DkL4Ujn0iI2 +Nm3zqtPjMX0= +-----END CERTIFICATE----- diff --git a/projects/blocky/values/blocky.yaml b/projects/blocky/values/blocky.yaml index 947328ee..26be9f6c 100644 --- a/projects/blocky/values/blocky.yaml +++ b/projects/blocky/values/blocky.yaml @@ -9,9 +9,6 @@ podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "4000" -image: - tag: v0.15 - service: main: ports: @@ -32,7 +29,7 @@ service: persistence: logs: - enabled: true + enabled: false mountPath: /logs accessMode: ReadWriteOnce size: 1Gi @@ -189,11 +186,11 @@ config: | # optional: write query information (question, answer, client, duration etc) to daily csv file queryLog: # # directory (should be mounted as volume in docker) - dir: /logs + # dir: /logs # # if true, write one file per client. Writes all queries to single file otherwise # perClient: true # # if > 0, deletes log files which are older than ... days - logRetentionDays: 1 + # logRetentionDays: 1 port: 53 httpPort: 4000 diff --git a/projects/core/values/ingress-internal.yaml b/projects/core/values/ingress-internal.yaml index ebe6d6df..de75da7a 100644 --- a/projects/core/values/ingress-internal.yaml +++ b/projects/core/values/ingress-internal.yaml @@ -5,6 +5,9 @@ ingressClass: providers: kubernetesCRD: ingressClass: traefik + kubernetesIngress: + publishedService: + enabled: true globalArguments: []