# K3s Setup/Update Playbook for my Homelab host
- hosts: all
  vars:
    ansible_user: nold
    ansible_become_method: su
    ansible_become: true

    k3s_release_version: v1.27
    k3s_debug: false
    k3s_registration_address: 192.168.1.111
    k3s_become: true
    k3s_control_node: true
    k3s_start_on_boot: false
    k3s_registries:
      mirrors:
        docker.io:
          endpoint:
          - "https://reg.dc/f/docker"
      configs:
        "reg.dc":
          tls:
            ca_file: /etc/ssl/vault_ca.crt
    k3s_server:
      kube-proxy-args:
        "enable-health-check-nodeport=true"
      kubelet-arg:
        - "kube-reserved=cpu=500m,memory=1Gi,ephemeral-storage=2Gi"
        - "system-reserved=cpu=500m, memory=500Mi,ephemeral-storage=1Gi"
        - "eviction-hard=memory.available<100Mi,nodefs.available<1%"
        - "allowed-unsafe-sysctls=net.ipv6.*"
      cluster-cidr: 10.0.0.0/8
      flannel-backend: "none"
      default-local-storage-path: /data/kubernetes/storage
      disable:
        - traefik
        - servicelb
      disable-network-policy: true
  pre_tasks:
    - name: Ensure Vault CA file exists
      copy:
        src: vault_ca.crt
        dest: /etc/ssl/vault_ca.crt
  roles:
    - ansible-role-k3s