feat(ansible): add K3s installation playbooks and configuration templates
这个提交包含在:
rohow
@@ -0,0 +1,19 @@
|
||||
# 添加新节点到集群
|
||||
# 使用: export K3S_TOKEN='xxx' K3S_SERVER_URL='xxx' TAILSCALE_AUTH_KEY='xxx'
|
||||
# ansible-playbook playbooks/add-node.yml -l <node_name>
|
||||
---
|
||||
- name: Validate
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- ansible.builtin.fail:
|
||||
msg: "请设置: export K3S_TOKEN='xxx'"
|
||||
when: lookup('env', 'K3S_TOKEN') | length == 0
|
||||
|
||||
- name: Add node
|
||||
hosts: masters:agents:!master_init
|
||||
gather_facts: yes
|
||||
roles:
|
||||
- common
|
||||
- k3s
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
# 首次安装 (包含 SSH 加固)
|
||||
# 使用: export SSH_PASSWORD='xxx' TAILSCALE_AUTH_KEY='xxx'
|
||||
# ansible-playbook playbooks/init.yml
|
||||
---
|
||||
- name: First time installation with SSH hardening
|
||||
import_playbook: site.yml
|
||||
tags: [ssh, common, k3s, status]
|
||||
|
||||
@@ -0,0 +1,93 @@
|
||||
# K3s 集群安装 Playbook
|
||||
---
|
||||
- name: Validate environment
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: Check TAILSCALE_AUTH_KEY
|
||||
ansible.builtin.fail:
|
||||
msg: "请设置: export TAILSCALE_AUTH_KEY='tskey-auth-xxx'"
|
||||
when: lookup('env', 'TAILSCALE_AUTH_KEY') | length == 0
|
||||
|
||||
- name: Check SSH credentials
|
||||
ansible.builtin.debug:
|
||||
msg: |
|
||||
{% if lookup('env', 'SSH_PASSWORD') | length > 0 %}
|
||||
✓ 使用密码登录 (首次安装)
|
||||
{% else %}
|
||||
✓ 使用密钥登录
|
||||
{% endif %}
|
||||
|
||||
# ============================================
|
||||
# 阶段 1: SSH 安全加固 (可选,首次安装时使用)
|
||||
# ============================================
|
||||
- name: SSH Security Hardening
|
||||
hosts: k3s_cluster
|
||||
gather_facts: no
|
||||
tags: [ssh, never]
|
||||
roles:
|
||||
- ssh
|
||||
|
||||
# ============================================
|
||||
# 阶段 2: 基础配置
|
||||
# ============================================
|
||||
- name: Common Setup
|
||||
hosts: k3s_cluster
|
||||
gather_facts: yes
|
||||
tags: [common]
|
||||
roles:
|
||||
- common
|
||||
|
||||
# ============================================
|
||||
# 阶段 3: 安装 K3s (按顺序: init -> masters -> agents)
|
||||
# ============================================
|
||||
- name: Install K3s on init node
|
||||
hosts: masters
|
||||
gather_facts: yes
|
||||
serial: 1
|
||||
tags: [k3s]
|
||||
roles:
|
||||
- role: k3s
|
||||
when: cluster_init | default(false)
|
||||
|
||||
- name: Install K3s on other masters
|
||||
hosts: masters
|
||||
gather_facts: yes
|
||||
serial: 1
|
||||
tags: [k3s]
|
||||
roles:
|
||||
- role: k3s
|
||||
when: not (cluster_init | default(false))
|
||||
|
||||
- name: Install K3s on agents
|
||||
hosts: agents
|
||||
gather_facts: yes
|
||||
tags: [k3s]
|
||||
roles:
|
||||
- k3s
|
||||
|
||||
# ============================================
|
||||
# 阶段 4: 显示集群状态
|
||||
# ============================================
|
||||
- name: Show cluster status
|
||||
hosts: masters
|
||||
gather_facts: no
|
||||
tags: [status]
|
||||
run_once: true
|
||||
tasks:
|
||||
- name: Get nodes
|
||||
ansible.builtin.shell: kubectl get nodes -o wide
|
||||
environment:
|
||||
KUBECONFIG: /etc/rancher/k3s/k3s.yaml
|
||||
register: nodes
|
||||
when: cluster_init | default(false)
|
||||
|
||||
- name: Display nodes
|
||||
ansible.builtin.debug:
|
||||
msg: |
|
||||
══════════════════════════════════════════════════════════════
|
||||
K3s 集群节点:
|
||||
{{ nodes.stdout }}
|
||||
══════════════════════════════════════════════════════════════
|
||||
when: cluster_init | default(false)
|
||||
|
||||
在新议题中引用
屏蔽一个用户