It simply doesn't make sense to split the installation of the kubernetes-cluster from the provisioning of foundational services. Therefore I drop the idea to organise these services in another terraform-setup and instead ensure their presence with ansible, as it's already responsible for setting up the cluster and keep it up-to.date.
29 lines
898 B
YAML
29 lines
898 B
YAML
all:
|
|
vars:
|
|
k8s_api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
|
|
cert_manager_state: present
|
|
cert_manager_version: v1.18.2
|
|
letsencrypt_clusterissuers:
|
|
staging:
|
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
email: "{{ vault_letsencrypt_issuer_email }}"
|
|
prod:
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
email: "{{ vault_letsencrypt_issuer_email }}"
|
|
|
|
k3s_cluster:
|
|
vars:
|
|
ansible_user: root
|
|
# note the space between the IPs!
|
|
dns_servers: 8.8.8.8 8.8.4.4
|
|
|
|
agent:
|
|
vars:
|
|
ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new -o ProxyCommand="ssh -p 1022 -W %h:%p -q root@{{ k8s_api_endpoint }}"
|
|
k3s_version: v1.31.6+k3s1
|
|
|
|
server:
|
|
vars:
|
|
ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new'
|
|
k3s_version: v1.31.6+k3s1
|