# K3s 集群安装 Playbook --- - name: Validate environment hosts: localhost gather_facts: no tasks: - name: Check TAILSCALE_AUTH_KEY ansible.builtin.fail: msg: "请设置: export TAILSCALE_AUTH_KEY='tskey-auth-xxx'" when: lookup('env', 'TAILSCALE_AUTH_KEY') | length == 0 - name: Check SSH credentials ansible.builtin.debug: msg: | {% if lookup('env', 'SSH_PASSWORD') | length > 0 %} ✓ 使用密码登录 (首次安装) {% else %} ✓ 使用密钥登录 {% endif %} # ============================================ # 阶段 1: SSH 安全加固 (可选,首次安装时使用) # ============================================ - name: SSH Security Hardening hosts: k3s_cluster gather_facts: no tags: [ssh, never] roles: - ssh # ============================================ # 阶段 2: 基础配置 # ============================================ - name: Common Setup hosts: k3s_cluster gather_facts: yes tags: [common] roles: - common # ============================================ # 阶段 3: 安装 K3s (按顺序: init -> masters -> agents) # ============================================ - name: Install K3s on init node hosts: masters gather_facts: yes serial: 1 tags: [k3s] roles: - role: k3s when: cluster_init | default(false) - name: Install K3s on other masters hosts: masters gather_facts: yes serial: 1 tags: [k3s] roles: - role: k3s when: not (cluster_init | default(false)) - name: Install K3s on agents hosts: agents gather_facts: yes tags: [k3s] roles: - k3s # ============================================ # 阶段 4: 显示集群状态 # ============================================ - name: Show cluster status hosts: masters gather_facts: no tags: [status] run_once: true tasks: - name: Get nodes ansible.builtin.shell: kubectl get nodes -o wide environment: KUBECONFIG: /etc/rancher/k3s/k3s.yaml register: nodes when: cluster_init | default(false) - name: Display nodes ansible.builtin.debug: msg: | ══════════════════════════════════════════════════════════════ K3s 集群节点: {{ nodes.stdout }} ══════════════════════════════════════════════════════════════ when: cluster_init | default(false)