feat: wtf

feat: changed lxc to vm in k3s
2023-01-03 12:02:07 +00:00 · 2023-01-03 12:00:52 +00:00 · 2023-01-03 11:59:54 +00:00 · 2023-01-03 11:58:31 +00:00 · 2022-11-25 23:29:38 +00:00 · 2022-11-20 00:05:51 +00:00
122 changed files with 9102 additions and 1058 deletions
@@ -1,17 +1,11 @@
 ---
 exclude_paths:
  # default paths
-  - '.cache/'
+  - ".cache/"
-  - '.github/'
+  - ".github/"
-  - 'test/fixtures/formatting-before/'
+  - "test/fixtures/formatting-before/"
-  - 'test/fixtures/formatting-prettier/'
+  - "test/fixtures/formatting-prettier/"
  # The "converge" and "reset" playbooks use import_playbook in
  # conjunction with the "env" lookup plugin, which lets the
  # syntax check of ansible-lint fail.
  - 'molecule/**/converge.yml'
  - 'molecule/**/prepare.yml'
  - 'molecule/**/reset.yml'
 skip_list:
-  - 'fqcn-builtins'
+  - "fqcn-builtins"
  - "name[play]"
@@ -1,3 +0,0 @@
 ---
 github: timothystewart6
 patreon: technotim
@@ -1,77 +0,0 @@
 <!-- It's a good idea to check this post first for general troubleshooting https://github.com/techno-tim/k3s-ansible/discussions/19   -->
 <!--- Provide a general summary of the issue in the Title above -->
 ## Expected Behavior
 <!--- Tell us what should happen -->
 ## Current Behavior
 <!--- Tell us what happens instead of the expected behavior -->
 ## Steps to Reproduce
 <!--- reproduce this bug. Include code to reproduce, if relevant -->
 1.
 2.
 3.
 4.
 ## Context (variables)
 <!--- please include which OS, along with the variables used when running the playbook -->
 Operating system:
 Hardware:
 ### Variables Used
 `all.yml`
 ```yml
 k3s_version: ""
 ansible_user: NA
 systemd_dir: ""
 flannel_iface: ""
 apiserver_endpoint: ""
 k3s_token: "NA"
 extra_server_args: ""
 extra_agent_args: ""
 kube_vip_tag_version: ""
 metal_lb_speaker_tag_version: ""
 metal_lb_controller_tag_version: ""
 metal_lb_ip_range: ""
 ```
 ### Hosts
 `host.ini`
 ```ini
 [master]
 IP.ADDRESS.ONE
 IP.ADDRESS.TWO
 IP.ADDRESS.THREE
 [node]
 IP.ADDRESS.FOUR
 IP.ADDRESS.FIVE
 [k3s_cluster:children]
 master
 node
 ```
 ## Possible Solution
 <!--- Not obligatory, but suggest a fix/reason for the bug, -->
 - [ ] I've checked the [General Troubleshooting Guide](https://github.com/techno-tim/k3s-ansible/discussions/20)
@@ -1,14 +0,0 @@
 # Proposed Changes
 <!--- Provide a general summary of your changes -->
 -
 -
 -
 ## Checklist
 - [ ] Tested locally
 - [ ] Ran `site.yml` playbook
 - [ ] Ran `reset.yml` playbook
 - [ ] Did not add any unnecessary changes
 - [ ] 🚀
@@ -1,11 +0,0 @@
 ---
 version: 2
 updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "daily"
    rebase-strategy: "auto"
    ignore:
      - dependency-name: "*"
        update-types: ["version-update:semver-major"]
@@ -1,30 +0,0 @@
 ---
 name: Linting
 on:
  pull_request:
  push:
    branches:
      - master
 jobs:
  ansible-lint:
    name: YAML Lint + Ansible Lint
    runs-on: ubuntu-latest
    steps:
      - name: Check out the codebase
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
      - name: Set up Python 3.x
        uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 #4.0.2
        with:
          python-version: '3.x'
      - name: Install test dependencies
        run: pip3 install yamllint ansible-lint ansible
      - name: Run yamllint
        run: yamllint .
      - name: Run ansible-lint
        run: ansible-lint
@@ -1,72 +0,0 @@
 ---
 name: Test
 on:
  pull_request:
  push:
    branches:
      - master
 jobs:
  molecule:
    name: Molecule
    runs-on: macos-12
    strategy:
      matrix:
        scenario:
          - default
          - ipv6
          - single_node
      fail-fast: false
    env:
      PYTHON_VERSION: "3.10"
    steps:
      - name: Check out the codebase
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
      - name: Configure VirtualBox
        run: |-
          sudo mkdir -p /etc/vbox
          cat <<EOF | sudo tee -a /etc/vbox/networks.conf > /dev/null
          * 192.168.30.0/24
          * fdad:bad:ba55::/64
          EOF
      - name: Cache Vagrant boxes
        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # 3.0.8
        with:
          path: |
            ~/.vagrant.d/boxes
          key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }}
          restore-keys: |
            vagrant-boxes
      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@v2
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: Install dependencies
        run: >-
          python3 -m pip install --upgrade pip &&
          python3 -m pip install -r requirements.txt
      - name: Test with molecule
        run: molecule test --scenario-name ${{ matrix.scenario }}
        env:
          ANSIBLE_K3S_LOG_DIR: ${{ runner.temp }}/logs/k3s-ansible/${{ matrix.scenario }}
          ANSIBLE_SSH_RETRIES: 4
          ANSIBLE_TIMEOUT: 60
      - name: Upload log files
        if: always() # do this even if a step before has failed
        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # 3.1.0
        with:
          name: logs
          path: |
            ${{ runner.temp }}/logs
      - name: Delete old box versions
        if: always() # do this even if a step before has failed
        run: vagrant box prune --force
@@ -1 +1,2 @@
 .env/
 *.log
@@ -0,0 +1,21 @@
 ---
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.3.0
    hooks:
      - id: requirements-txt-fixer
      - id: sort-simple-yaml
      - id: detect-private-key
  - repo: https://github.com/adrienverge/yamllint.git
    rev: v1.28.0
    hooks:
      - id: yamllint
        args: [-c=.yamllint]
  - repo: https://github.com/ansible-community/ansible-lint.git
    rev: v6.8.2
    hooks:
      - id: ansible-lint
  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.8.0.4
    hooks:
      - id: shellcheck
@@ -16,22 +16,26 @@ If you want more context on how this works, see:
 Build a Kubernetes cluster using Ansible with k3s. The goal is easily install a HA Kubernetes cluster on machines running:
- [X] Debian
+- [x] Debian (tested on version 11)
- [X] Ubuntu
+- [x] Ubuntu (tested on version 22.04)
- [X] CentOS
+- [x] Rocky (tested on version 9)
 on processor architecture:
- [X] x64
+- [x] x64
- [X] arm64
+- [x] arm64
- [X] armhf
+- [x] armhf
 ## ✅ System requirements
 - Deployment environment must have Ansible 2.4.0+. If you need a quick primer on Ansible [you can check out my docs and setting up Ansible](https://docs.technotim.live/posts/ansible-automation/).
-  Furthermore, the [`netaddr` package](https://pypi.org/project/netaddr/) must be available to Ansible. If you have installed Ansible via apt, this is already taken care of. If you have installed Ansible via `pip`, make sure to install `netaddr` into the respective virtual environment.
+
 - [`netaddr` package](https://pypi.org/project/netaddr/) must be available to Ansible. If you have installed Ansible via apt, this is already taken care of. If you have installed Ansible via `pip`, make sure to install `netaddr` into the respective virtual environment.
 - `server` and `agent` nodes should have passwordless SSH access, if not you can supply arguments to provide credentials `--ask-pass --ask-become-pass` to each command.
 - You will also need to install collections that this playbook uses by running `ansible-galaxy collection install -r ./collections/requirements.yml`
 ## 🚀 Getting Started
 ### 🍴 Preparation
@@ -72,7 +76,7 @@ If needed, you can also edit `inventory/my-cluster/group_vars/all.yml` to match
 Start provisioning of the cluster using the following command:
 ```bash
-ansible-playbook site.yml -i inventory/my-cluster/hosts.ini
+ansible-playbook site.yml -i inventory/my-cluster/hosts.ini --ask-become-pass --ask-vault-pass
 ```
 After deployment control plane will be accessible via virtual ip-address which is defined in inventory/group_vars/all.yml as `apiserver_endpoint`
@@ -83,7 +87,7 @@ After deployment control plane will be accessible via virtual ip-address which i
 ansible-playbook reset.yml -i inventory/my-cluster/hosts.ini
 ```
->You should also reboot these nodes due to the VIP not being destroyed
+> You should also reboot these nodes due to the VIP not being destroyed
 ## ⚙️ Kube Config
@@ -101,19 +105,16 @@ See the commands [here](https://docs.technotim.live/posts/k3s-etcd-ansible/#test
 Be sure to see [this post](https://github.com/techno-tim/k3s-ansible/discussions/20) on how to troubleshoot common problems
 ### Testing the playbook using molecule
 This playbook includes a [molecule](https://molecule.rtfd.io/)-based test setup.
 It is run automatically in CI, but you can also run the tests locally.
 This might be helpful for quick feedback in a few cases.
 You can find more information about it [here](molecule/README.md).
 ## Thanks 🤝
-This repo is really standing on the shoulders of giants.  To all those who have contributed.
+This repo is really standing on the shoulders of giants. Thank you to all those who have contributed and tanks to these repos for code and ideas:
 Thanks to these repos for code and ideas:
 - [k3s-io/k3s-ansible](https://github.com/k3s-io/k3s-ansible)
 - [geerlingguy/turing-pi-cluster](https://github.com/geerlingguy/turing-pi-cluster)
 - [212850a/k3s-ansible](https://github.com/212850a/k3s-ansible)
 ## TODO
 - https://docs.k3s.io/installation/kube-dashboard
 - https://www.phillipsj.net/posts/k3s-enable-nfs-storage/
 - https://www.authelia.com/integration/kubernetes/chart/
@@ -1,12 +1,23 @@
 [defaults]
 nocows                  = True
 roles_path              = ./roles
-inventory  = ./hosts.ini
+inventory               = ./inventory/my-cluster/hosts.ini
 stdout_callback         = yaml
 remote_tmp              = $HOME/.ansible/tmp
 local_tmp               = $HOME/.ansible/tmp
-pipelining = True
+timeout                 = 60
 become = True
 host_key_checking       = False
 deprecation_warnings    = False
 callback_whitelist      = profile_tasks
 log_path                = ./ansible.log
 [privilege_escalation]
 become                  = True
 [ssh_connection]
 scp_if_ssh              = smart
 retries                 = 3
 ssh_args                = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s
 pipelining              = True
 control_path            = %(directory)s/%%h-%%r
@@ -4,3 +4,4 @@ collections:
  - name: community.general
  - name: ansible.posix
  - name: kubernetes.core
  - name: community.docker
@@ -1,3 +0,0 @@
 /*
 !.gitignore
 !sample/
@@ -0,0 +1,86 @@
 ---
 k3s_version: v1.24.6+k3s1
 # this is the user that has ssh access to these machines
 ansible_user: lino
 systemd_dir: /etc/systemd/system
 # Set your timezone
 system_timezone: "Europe/Lisbon"
 # interface which will be used for flannel
 flannel_iface: "eth0"
 # apiserver_endpoint is virtual ip-address which will be configured on each master
 apiserver_endpoint: "10.0.3.1"
 # k3s_token is required  masters can talk together securely
 # this token should be alpha numeric only
 k3s_token: "7qXiuKpSY9uLwdVSNSnEF5RkttoERixCpc2EVJW7vh7Ws4NMN3"
 # The IP on which the node is reachable in the cluster.
 # Here, a sensible default is provided, you can still override
 # it for each of your hosts, though.
 k3s_node_ip: '{{ ansible_facts[flannel_iface]["ipv4"]["address"] }}'
 # Disable the taint manually by setting: k3s_master_taint = false
 k3s_master_taint: false
 # these arguments are recommended for servers as well as agents:
 extra_args: >-
  --flannel-iface={{ flannel_iface }}
  --node-ip={{ k3s_node_ip }}
 # change these to your liking, the only required are: --disable servicelb, --tls-san {{ apiserver_endpoint }}
 extra_server_args: >-
  {{ extra_args }}
  {{ '--node-taint node-role.kubernetes.io/master=true:NoSchedule' if k3s_master_taint else '' }}
  --tls-san {{ apiserver_endpoint }}
  --disable servicelb
  --disable traefik
 extra_agent_args: >-
  {{ extra_args }}
 # image tag for kube-vip
 kube_vip_tag_version: "v0.5.5"
 # image tag for metal lb
 metal_lb_speaker_tag_version: "v0.13.6"
 metal_lb_controller_tag_version: "v0.13.6"
 # metallb ip range for load balancer
 metal_lb_ip_range: "10.0.4.1-10.0.4.254"
 lxc_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38303735306236303463613632623161643633663631303931396564346565666236643562316264
  6533643331306364653564653763356537303932313531350a393261643137636232616335376461
  66383966333765626539363561613361393665616333303964373761356166623766663232303063
  3138353333373935660a383230393330646538303933336366383736643333623663333934663131
  3064
 proxmox_api_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  35376334616332386130656335663736343337396532663266383934643632363664646631653935
  6533343936353734343761343465646365616130643130360a316234333036303738663566666364
  61653638373830383733323563373862346662363339656632643661336533363162616435616531
  6331326462356366320a303331616366356333306638386130666538633833623162653934616338
  3566
 traefik_http_auth_user: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38323532616336373939646333613338626431363466633631343162636235623563393135653231
  3961383965356631613164303566393632323938386664360a373037616335643662613564353130
  30353832376431633834336234386161313062373437613132623733646166303639313364373637
  3933626639646536320a303163353835633837356530613931346165353939363235373561333836
  39366266303064393334383835323330353934643862323330343337393761353166393333376131
  33303439393531303031653361393530313930363039646566613831373366326432653634653165
  313735383263623836363030386531613033
 cloudflare_api_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38363363386466666266613930386237623430646531303734613863306530666530376433633339
  3166373361393839363439326661396136616637393865630a666637366132643035343832666335
  33376139643533313730313135653064393239316162376339653965313366643565643664666534
  6631393564333230370a303634643030346166383235643666356164393232643832333238313664
  38346161306138653735303861646638653830633938326566663136393862643264353437623963
  3462616435653132623563316231343739333761653365333437
@@ -0,0 +1,14 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.6
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.6
 k3s_mac_addr: DE:05:FF:02:47:D8
 k3s_hostname: k3s-agent-daruk
 k3s_lxc_host: 10.0.3.6
 k3s_vm_host: 10.0.3.106
 k3s_cores: 8
 k3s_memory: 4096
 k3s_disk: 150
 k3s_vmid: 606
 k3s_template_id: 900
@@ -0,0 +1,14 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.2
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.2
 k3s_mac_addr: de:05:ff:02:47:d7
 k3s_hostname: k3s-master-epona
 k3s_lxc_host: 10.0.3.2
 k3s_vm_host: 10.0.3.102
 k3s_cores: 4
 k3s_memory: 8192
 k3s_disk: 75
 k3s_vmid: 601
 k3s_template_id: 901
@@ -0,0 +1,8 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.13
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: EA:11:8B:05:5A:88
 vmid: 203
 node: epona
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.14
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.3.106
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.3.104
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.3.105
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.3.102
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.3.103
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -0,0 +1,14 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.3
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.3
 k3s_mac_addr: 0e:a0:ff:8c:70:df
 k3s_hostname: k3s-master-mipha
 k3s_lxc_host: 10.0.3.3
 k3s_vm_host: 10.0.3.103
 k3s_cores: 4
 k3s_memory: 6144
 k3s_disk: 75
 k3s_vmid: 602
 k3s_template_id: 902
@@ -0,0 +1,14 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.4
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.4
 k3s_mac_addr: 32:47:89:3f:1a:e2
 k3s_hostname: k3s-agent-revali
 k3s_lxc_host: 10.0.3.4
 k3s_vm_host: 10.0.3.104
 k3s_cores: 2
 k3s_memory: 4096
 k3s_disk: 200
 k3s_vmid: 603
 k3s_template_id: 903
@@ -0,0 +1,8 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.12
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: C2:F5:B2:99:92:51
 vmid: 202
 node: revali
@@ -0,0 +1,14 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.5
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.5
 # k3s_mac_addr: ee:36:d5:79:f8:ff
 # k3s_hostname: k3s-agent-urbosa
 # k3s_lxc_host: 10.0.3.5
 # k3s_vm_host: 10.0.3.105
 # k3s_cores: 3
 # k3s_memory: 2048
 # k3s_disk: 80
 # k3s_vmid: 604
 # k3s_template_id: 904
@@ -0,0 +1,8 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.11
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: 72:2E:3C:F0:2A:B3
 vmid: 201
 node: urbosa
@@ -0,0 +1,35 @@
 [master]
 k3s-master-mipha
 k3s-master-epona
 [node]
 k3s-agent-revali
 k3s-agent-daruk
 [k3s_cluster:children]
 master
 node
 [lxc]
 frigate
 [lxc:children]
 k3s_cluster
 [k3s_hosts]
 mipha
 epona
 revali
 daruk
 [baremetal]
 mipha
 epona
 urbosa
 revali
 daruk
 [pihole]
 epona-pihole
 revali-pihole
 urbosa-pihole
@@ -1,46 +0,0 @@
 ---
 k3s_version: v1.24.4+k3s1
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
 # Set your timezone
 system_timezone: "Your/Timezone"
 # interface which will be used for flannel
 flannel_iface: "eth0"
 # apiserver_endpoint is virtual ip-address which will be configured on each master
 apiserver_endpoint: "192.168.30.222"
 # k3s_token is required  masters can talk together securely
 # this token should be alpha numeric only
 k3s_token: "some-SUPER-DEDEUPER-secret-password"
 # The IP on which the node is reachable in the cluster.
 # Here, a sensible default is provided, you can still override
 # it for each of your hosts, though.
 k3s_node_ip: '{{ ansible_facts[flannel_iface]["ipv4"]["address"] }}'
 # these arguments are recommended for servers as well as agents:
 extra_args: >-
  --flannel-iface={{ flannel_iface }}
  --node-ip={{ k3s_node_ip }}
 # change these to your liking, the only required one is --disable servicelb
 extra_server_args: >-
  {{ extra_args }}
  --disable servicelb
  --disable traefik
 extra_agent_args: >-
  {{ extra_args }}
 # image tag for kube-vip
 kube_vip_tag_version: "v0.5.0"
 # image tag for metal lb
 metal_lb_speaker_tag_version: "v0.13.5"
 metal_lb_controller_tag_version: "v0.13.5"
 # metallb ip range for load balancer
 metal_lb_ip_range: "192.168.30.80-192.168.30.90"
@@ -1,12 +0,0 @@
 [master]
 192.168.30.38
 192.168.30.39
 192.168.30.40
 [node]
 192.168.30.41
 192.168.30.42
 [k3s_cluster:children]
 master
 node
@@ -1,73 +0,0 @@
 # Test suites for `k3s-ansible`
 This folder contains the [molecule](https://molecule.rtfd.io/)-based test setup for this playbook.
 ## Scenarios
 We have these scenarios:
 - **default**:
  A 3 control + 2 worker node cluster based very closely on the [sample inventory](../inventory/sample/).
 - **ipv6**:
  A cluster that is externally accessible via IPv6 ([more information](ipv6/README.md))
  To save a bit of test time, this cluster is _not_ highly available, it consists of only one control and one worker node.
 - **single_node**:
  Very similar to the default scenario, but uses only a single node for all cluster functionality.
 ## How to execute
 To test on your local machine, follow these steps:
 ### System requirements
 Make sure that the following software packages are available on your system:
 - [Python 3](https://www.python.org/downloads)
 - [Vagrant](https://www.vagrantup.com/downloads)
 - [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
 ### Set up VirtualBox networking on Linux and macOS
 _You can safely skip this if you are working on Windows._
 Furthermore, the test cluster uses the `192.168.30.0/24` subnet which is [not set up by VirtualBox automatically](https://www.virtualbox.org/manual/ch06.html#network_hostonly).
 To set the subnet up for use with VirtualBox, please make sure that `/etc/vbox/networks.conf` exists and that it contains this line:
 ```
 * 192.168.30.0/24
 * fdad:bad:ba55::/64
 ```
 ### Install Python dependencies
 You will get [Molecule, Ansible and a few extra dependencies](../requirements.txt) via [pip](https://pip.pypa.io/).
 Usually, it is advisable to work in a [virtual environment](https://docs.python.org/3/tutorial/venv.html) for this:
 ```bash
 cd /path/to/k3s-ansible
 # Create a virtualenv at ".env". You only need to do this once.
 python3 -m venv .env
 # Activate the virtualenv for your current shell session.
 # If you start a new session, you will have to repeat this.
 source .env/bin/activate
 # Install the required packages into the virtualenv.
 # These remain installed across shell sessions.
 python3 -m pip install -r requirements.txt
 ```
 ### Run molecule
 With the virtual environment from the previous step active in your shell session, you can now use molecule to test the playbook.
 Interesting commands are:
 - `molecule create`: Create virtual machines for the test cluster nodes.
 - `molecule destroy`: Delete the virtual machines for the test cluster nodes.
 - `molecule converge`: Run the `site` playbook on the nodes of the test cluster.
 - `molecule side_effect`: Run the `reset` playbook on the nodes of the test cluster.
 - `molecule verify`: Verify that the cluster works correctly.
 - `molecule test`: The "all-in-one" sequence of steps that is executed in CI.
  This includes the `create`, `converge`, `verify`, `side_effect` and `destroy` steps.
  See [`molecule.yml`](default/molecule.yml) for more details.
@@ -1,73 +0,0 @@
 ---
 dependency:
  name: galaxy
 driver:
  name: vagrant
 platforms:
  - &control
    name: control1
    box: generic/ubuntu2204
    memory: 2048
    cpus: 2
    config_options:
      # We currently can not use public-key based authentication on Ubuntu 22.04,
      # see: https://github.com/chef/bento/issues/1405
      ssh.username: "vagrant"
      ssh.password: "vagrant"
    groups:
      - k3s_cluster
      - master
    interfaces:
      - network_name: private_network
        ip: 192.168.30.38
  - <<: *control
    name: control2
    interfaces:
      - network_name: private_network
        ip: 192.168.30.39
  - <<: *control
    name: control3
    interfaces:
      - network_name: private_network
        ip: 192.168.30.40
  - &node
    <<: *control
    name: node1
    groups:
      - k3s_cluster
      - node
    interfaces:
      - network_name: private_network
        ip: 192.168.30.41
  - <<: *node
    name: node2
    interfaces:
      - network_name: private_network
        ip: 192.168.30.42
 provisioner:
  name: ansible
  playbooks:
    converge: ../resources/converge.yml
    side_effect: ../resources/reset.yml
    verify: ../resources/verify.yml
  inventory:
    links:
      group_vars: ../../inventory/sample/group_vars
 scenario:
  test_sequence:
    - dependency
    - lint
    - cleanup
    - destroy
    - syntax
    - create
    - prepare
    - converge
    # idempotence is not possible with the playbook in its current form.
    - verify
    # We are repurposing side_effect here to test the reset playbook.
    # This is why we do not run it before verify (which tests the cluster),
    # but after the verify step.
    - side_effect
    - cleanup
    - destroy
@@ -1,11 +0,0 @@
 ---
 - name: Apply overrides
  hosts: all
  tasks:
    - name: Override host variables
      ansible.builtin.set_fact:
        # See: https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant  # noqa yaml[line-length]
        flannel_iface: eth1
        # The test VMs might be a bit slow, so we give them more time to join the cluster:
        retry_count: 45
@@ -1,35 +0,0 @@
 # Sample IPv6 configuration for `k3s-ansible`
 This scenario contains a cluster configuration which is _IPv6 first_, but still supports dual-stack networking with IPv4 for most things.
 This means:
 - The API server VIP is an IPv6 address.
 - The MetalLB pool consists of both IPv4 and IPv4 addresses.
 - Nodes as well as cluster-internal resources (pods and services) are accessible via IPv4 as well as IPv6.
 ## Network design
 All IPv6 addresses used in this scenario share a single `/48` prefix: `fdad:bad:ba55`.
 The following subnets are used:
 - `fdad:bad:ba55:`**`0`**`::/64` is the subnet which contains the cluster components meant for external access.
  That includes:
  - The VIP for the Kubernetes API server: `fdad:bad:ba55::333`
  - Services load-balanced by MetalLB: `fdad:bad:ba55::1b:0/112`
  - Cluster nodes: `fdad:bad:ba55::de:0/112`
  - The host executing Vagrant: `fdad:bad:ba55::1`
  In a home lab setup, this might be your LAN.
 - `fdad:bad:ba55:`**`4200`**`::/56` is used internally by the cluster for pods.
 - `fdad:bad:ba55:`**`4300`**`::/108` is used internally by the cluster for services.
 IPv4 networking is also available:
 - The nodes have addresses inside `192.168.123.0/24`.
  MetalLB also has a bit of address space in this range: `192.168.123.80-192.168.123.90`
 - For pods and services, the k3s defaults (`10.42.0.0/16` and `10.43.0.0/16)` are used.
 Note that the host running Vagrant is not part any of these IPv4 networks.
@@ -1,3 +0,0 @@
 ---
 node_ipv4: 192.168.123.11
 node_ipv6: fdad:bad:ba55::de:11
@@ -1,3 +0,0 @@
 ---
 node_ipv4: 192.168.123.21
 node_ipv6: fdad:bad:ba55::de:21
@@ -1,57 +0,0 @@
 ---
 dependency:
  name: galaxy
 driver:
  name: vagrant
 platforms:
  - &control
    name: control1
    box: generic/ubuntu2204
    memory: 2048
    cpus: 2
    config_options:
      # We currently can not use public-key based authentication on Ubuntu 22.04,
      # see: https://github.com/chef/bento/issues/1405
      ssh.username: "vagrant"
      ssh.password: "vagrant"
    groups:
      - k3s_cluster
      - master
    interfaces:
      - network_name: private_network
        ip: fdad:bad:ba55::de:11
  - <<: *control
    name: node1
    groups:
      - k3s_cluster
      - node
    interfaces:
      - network_name: private_network
        ip: fdad:bad:ba55::de:21
 provisioner:
  name: ansible
  playbooks:
    converge: ../resources/converge.yml
    side_effect: ../resources/reset.yml
    verify: ../resources/verify.yml
  inventory:
    links:
      group_vars: ../../inventory/sample/group_vars
 scenario:
  test_sequence:
    - dependency
    - lint
    - cleanup
    - destroy
    - syntax
    - create
    - prepare
    - converge
    # idempotence is not possible with the playbook in its current form.
    - verify
    # We are repurposing side_effect here to test the reset playbook.
    # This is why we do not run it before verify (which tests the cluster),
    # but after the verify step.
    - side_effect
    - cleanup
    - destroy
@@ -1,43 +0,0 @@
 ---
 - name: Apply overrides
  hosts: all
  tasks:
    - name: Override host variables (1/2)
      ansible.builtin.set_fact:
        # See: https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant  # noqa yaml[line-length]
        flannel_iface: eth1
        # The test VMs might be a bit slow, so we give them more time to join the cluster:
        retry_count: 45
        # IPv6 configuration
        # ######################################################################
        # The API server will be reachable on IPv6 only
        apiserver_endpoint: fdad:bad:ba55::333
        # We give MetalLB address space for both IPv4 and IPv6
        metal_lb_ip_range:
          - fdad:bad:ba55::1b:0/112
          - 192.168.123.80-192.168.123.90
        # k3s_node_ip is by default set to the IPv4 address of flannel_iface.
        # We want IPv6 addresses here of course, so we just specify them
        # manually below.
        k3s_node_ip: "{{ node_ipv4 }},{{ node_ipv6 }}"
    - name: Override host variables (2/2)
      # Since "extra_args" depends on "k3s_node_ip" and "flannel_iface" we have
      # to set this AFTER overriding the both of them.
      ansible.builtin.set_fact:
        # A few extra server args are necessary:
        #  - the network policy needs to be disabled.
        #  - we need to manually specify the subnets for services and pods, as
        #    the default has IPv4 ranges only.
        extra_server_args: >-
          {{ extra_args }}
          --disable servicelb
          --disable traefik
          --disable-network-policy
          --cluster-cidr=10.42.0.0/16,fdad:bad:ba55:4200::/56
          --service-cidr=10.43.0.0/16,fdad:bad:ba55:4300::/108
@@ -1,51 +0,0 @@
 ---
 - name: Apply overrides
  ansible.builtin.import_playbook: >-
    {{ lookup("ansible.builtin.env", "MOLECULE_SCENARIO_DIRECTORY") }}/overrides.yml
 - name: Configure dual-stack networking
  hosts: all
  become: true
  # Unfortunately, as of 2022-09, Vagrant does not support the configuration
  # of both IPv4 and IPv6 addresses for a single network adapter. So we have
  # to configure that ourselves.
  # Moreover, we have to explicitly enable IPv6 for the loopback interface.
  tasks:
    - name: Enable IPv6 for network interfaces
      ansible.posix.sysctl:
        name: net.ipv6.conf.{{ item }}.disable_ipv6
        value: "0"
      with_items:
        - all
        - default
        - lo
    - name: Disable duplicate address detection
      # Duplicate address detection did repeatedly fail within the virtual
      # network. But since this setup does not use SLAAC anyway, we can safely
      # disable it.
      ansible.posix.sysctl:
        name: net.ipv6.conf.{{ item }}.accept_dad
        value: "0"
      with_items:
        - "{{ flannel_iface }}"
    - name: Write IPv4 configuration
      ansible.builtin.template:
        src: 55-flannel-ipv4.yaml.j2
        dest: /etc/netplan/55-flannel-ipv4.yaml
        owner: root
        group: root
        mode: 0644
      register: netplan_template
    - name: Apply netplan configuration
      # Conceptually, this should be a handler rather than a task.
      # However, we are currently not in a role context - creating
      # one just for this seemed overkill.
      when: netplan_template.changed
      ansible.builtin.command:
        cmd: netplan apply
      changed_when: true
@@ -1,8 +0,0 @@
 ---
 network:
  version: 2
  renderer: networkd
  ethernets:
    {{ flannel_iface }}:
      addresses:
      - {{ node_ipv4 }}/24
@@ -1,7 +0,0 @@
 ---
 - name: Apply overrides
  ansible.builtin.import_playbook: >-
    {{ lookup("ansible.builtin.env", "MOLECULE_SCENARIO_DIRECTORY") }}/overrides.yml
 - name: Converge
  ansible.builtin.import_playbook: ../../site.yml
@@ -1,7 +0,0 @@
 ---
 - name: Apply overrides
  ansible.builtin.import_playbook: >-
    {{ lookup("ansible.builtin.env", "MOLECULE_SCENARIO_DIRECTORY") }}/overrides.yml
 - name: Reset
  ansible.builtin.import_playbook: ../../reset.yml
@@ -1,5 +0,0 @@
 ---
 - name: Verify
  hosts: all
  roles:
    - verify/from_outside
@@ -1,9 +0,0 @@
 ---
 # A host outside of the cluster from which the checks shall be performed
 outside_host: localhost
 # This kubernetes namespace will be used for testing
 testing_namespace: molecule-verify-from-outside
 # The directory in which the example manifests reside
 example_manifests_path: ../../../../example
@@ -1,5 +0,0 @@
 ---
 - name: Clean up kubecfg
  ansible.builtin.file:
    path: "{{ kubecfg.path }}"
    state: absent
@@ -1,19 +0,0 @@
 ---
 - name: Create temporary directory for kubecfg
  ansible.builtin.tempfile:
    state: directory
    suffix: kubecfg
  register: kubecfg
 - name: Gathering facts
  delegate_to: "{{ groups['master'][0] }}"
  ansible.builtin.gather_facts:
 - name: Download kubecfg
  ansible.builtin.fetch:
    src: "{{ ansible_env.HOME }}/.kube/config"
    dest: "{{ kubecfg.path }}/"
    flat: true
  delegate_to: "{{ groups['master'][0] }}"
  delegate_facts: true
 - name: Store path to kubecfg
  ansible.builtin.set_fact:
    kubecfg_path: "{{ kubecfg.path }}/config"
@@ -1,12 +0,0 @@
 ---
 - name: Verify
  run_once: true
  delegate_to: "{{ outside_host }}"
  block:
    - ansible.builtin.import_tasks: kubecfg-fetch.yml
    - name: "TEST CASE: Get nodes"
      ansible.builtin.include_tasks: test/get-nodes.yml
    - name: "TEST CASE: Deploy example"
      ansible.builtin.include_tasks: test/deploy-example.yml
  always:
    - ansible.builtin.import_tasks: kubecfg-cleanup.yml
@@ -1,54 +0,0 @@
 ---
 - name: Deploy example
  block:
    - name: "Create namespace: {{ testing_namespace }}"
      kubernetes.core.k8s:
        api_version: v1
        kind: Namespace
        name: "{{ testing_namespace }}"
        state: present
        wait: true
        kubeconfig: "{{ kubecfg_path }}"
    - name: Apply example manifests
      kubernetes.core.k8s:
        src: "{{ example_manifests_path }}/{{ item }}"
        namespace: "{{ testing_namespace }}"
        state: present
        wait: true
        kubeconfig: "{{ kubecfg_path }}"
      with_items:
        - deployment.yml
        - service.yml
    - name: Get info about nginx service
      kubernetes.core.k8s_info:
        kind: service
        name: nginx
        namespace: "{{ testing_namespace }}"
        kubeconfig: "{{ kubecfg_path }}"
      vars: &load_balancer_metadata
        metallb_ip: status.loadBalancer.ingress[0].ip
        metallb_port: spec.ports[0].port
      register: nginx_services
    - name: Assert that the nginx welcome page is available
      ansible.builtin.uri:
        url: http://{{ ip | ansible.utils.ipwrap }}:{{ port }}/
        return_content: yes
      register: result
      failed_when: "'Welcome to nginx!' not in result.content"
      vars:
        ip: >-
          {{ nginx_services.resources[0].status.loadBalancer.ingress[0].ip }}
        port: >-
          {{ nginx_services.resources[0].spec.ports[0].port }}
  always:
    - name: "Remove namespace: {{ testing_namespace }}"
      kubernetes.core.k8s:
        api_version: v1
        kind: Namespace
        name: "{{ testing_namespace }}"
        state: absent
        kubeconfig: "{{ kubecfg_path }}"
@@ -1,24 +0,0 @@
 ---
 - name: Get all nodes in cluster
  kubernetes.core.k8s_info:
    kind: node
    kubeconfig: "{{ kubecfg_path }}"
  register: cluster_nodes
 - name: Assert that the cluster contains exactly the expected nodes
  ansible.builtin.assert:
    that: found_nodes == expected_nodes
    success_msg: "Found nodes as expected: {{ found_nodes }}"
    fail_msg: "Expected nodes {{ expected_nodes }}, but found nodes {{ found_nodes }}"
  vars:
    found_nodes: >-
      {{ cluster_nodes | json_query('resources[*].metadata.name') | unique | sort }}
    expected_nodes: |-
      {{
        (
          ( groups['master'] | default([]) ) +
          ( groups['node'] | default([]) )
        )
        | unique
        | sort
      }}
@@ -1,48 +0,0 @@
 ---
 dependency:
  name: galaxy
 driver:
  name: vagrant
 platforms:
  - name: control1
    box: generic/ubuntu2204
    memory: 4096
    cpus: 4
    config_options:
      # We currently can not use public-key based authentication on Ubuntu 22.04,
      # see: https://github.com/chef/bento/issues/1405
      ssh.username: "vagrant"
      ssh.password: "vagrant"
    groups:
      - k3s_cluster
      - master
    interfaces:
      - network_name: private_network
        ip: 192.168.30.50
 provisioner:
  name: ansible
  playbooks:
    converge: ../resources/converge.yml
    side_effect: ../resources/reset.yml
    verify: ../resources/verify.yml
  inventory:
    links:
      group_vars: ../../inventory/sample/group_vars
 scenario:
  test_sequence:
    - dependency
    - lint
    - cleanup
    - destroy
    - syntax
    - create
    - prepare
    - converge
    # idempotence is not possible with the playbook in its current form.
    - verify
    # We are repurposing side_effect here to test the reset playbook.
    # This is why we do not run it before verify (which tests the cluster),
    # but after the verify step.
    - side_effect
    - cleanup
    - destroy
@@ -1,15 +0,0 @@
 ---
 - name: Apply overrides
  hosts: all
  tasks:
    - name: Override host variables
      ansible.builtin.set_fact:
        # See: https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant  # noqa yaml[line-length]
        flannel_iface: eth1
        # The test VMs might be a bit slow, so we give them more time to join the cluster:
        retry_count: 45
        # Make sure that our IP ranges do not collide with those of the default scenario
        apiserver_endpoint: "192.168.30.223"
        metal_lb_ip_range: "192.168.30.91-192.168.30.99"
@@ -0,0 +1,28 @@
 ---
 - hosts: localhost
  become: yes
  roles:
    - role: frigate/provision/delete
    - role: frigate/provision/create
 - hosts: epona
  become: yes
  roles:
    - role: frigate/provision/cgroup
 - hosts: localhost
  become: yes
  roles:
    - role: frigate/provision/start
 - hosts: epona
  become: yes
  roles:
    - role: frigate/provision/enable-ssh
 - hosts: frigate
  become: yes
  roles:
    - role: frigate/update
    - role: frigate/install-docker
    - role: frigate/install-app
@@ -0,0 +1,56 @@
 ---
 # - hosts: localhost
 #   gather_facts: no
 #   become: yes
 #   roles:
 #     - role: k3s/provision/delete
 - hosts: localhost
  gather_facts: no
  become: yes
  roles:
    - role: k3s/provision/create
 - hosts: k3s_hosts
  gather_facts: yes
  become: yes
  roles:
    - role: k3s/provision/pre
    - role: k3s/provision/cloud-init
 - hosts: localhost
  gather_facts: no
  become: yes
  roles:
    - role: k3s/provision/start
 - hosts: k3s_cluster
  gather_facts: yes
  become: yes
  roles:
    - role: prereq
    - role: download
 - hosts: master
  become: yes
  roles:
    - role: k3s/master
 - hosts: node
  become: yes
  roles:
    - role: k3s/node
 - hosts: master
  become: yes
  roles:
    - role: k3s/post
 - hosts: master
  become: yes
  roles:
    - role: k3s/copy-config
 - hosts: localhost
  become: yes
  roles:
    - role: longhorn
    - role: traefik
    - role: nginx
    - role: cert-manager
    - role: authelia
    - role: redis
@@ -0,0 +1,3 @@
 #!/bin/bash
 ansible-playbook reboot.yml -i inventory/my-cluster/hosts.ini
@@ -0,0 +1,9 @@
 ---
 - name: Reboot k3s_cluster
  hosts: k3s_cluster
  gather_facts: yes
  become: yes
  tasks:
    - name: Reboot the nodes (and Wait upto 5 mins max)
      reboot:
        reboot_timeout: 300
@@ -0,0 +1,10 @@
 ansible-core>=2.13.2
 ansible-lint>=6.6.0
 kubernetes>=12.0.0
 netaddr>=0.8.0
 pyyaml>=3.11
 yamllint>=1.28.0
 jmespath>=1.0.1
 jsonpatch>=1.32
 pre-commit>=2.20.0
 netaddr>=0.8.0
@@ -1,8 +1,218 @@
-ansible-core>=2.13.2
+#
-jmespath
+# This file is autogenerated by pip-compile with python 3.8
-jsonpatch
+# To update, run:
-kubernetes>=12.0.0
+#
-molecule-vagrant>=1.0.0
+#    pip-compile requirements.in
-molecule>=4.0.1
+#
-netaddr>=0.8.0
+ansible-compat==2.2.4
-pyyaml>=3.11
+    # via
    #   ansible-lint
 ansible-core==2.13.5
    # via
    #   -r requirements.in
    #   ansible-lint
 ansible-lint==6.8.6
    # via -r requirements.in
 arrow==1.2.3
    # via jinja2-time
 attrs==22.1.0
    # via jsonschema
 binaryornot==0.4.4
    # via cookiecutter
 black==22.10.0
    # via ansible-lint
 bracex==2.3.post1
    # via wcmatch
 cachetools==5.2.0
    # via google-auth
 certifi==2022.9.24
    # via
    #   kubernetes
    #   requests
 cffi==1.15.1
    # via cryptography
 cfgv==3.3.1
    # via pre-commit
 chardet==5.0.0
    # via binaryornot
 charset-normalizer==2.1.1
    # via requests
 click==8.1.3
    # via
    #   black
    #   click-help-colors
    #   cookiecutter
 click-help-colors==0.9.1
 commonmark==0.9.1
    # via rich
 cookiecutter==2.1.1
 cryptography==38.0.3
    # via ansible-core
 distlib==0.3.6
    # via virtualenv
 distro==1.8.0
    # via selinux
 enrich==1.2.7
    # via molecule
 filelock==3.8.0
    # via
    #   ansible-lint
    #   virtualenv
 google-auth==2.14.0
    # via kubernetes
 identify==2.5.8
    # via pre-commit
 idna==3.4
    # via requests
 importlib-resources==5.10.0
    # via jsonschema
 jinja2==3.1.2
    # via
    #   ansible-core
    #   cookiecutter
    #   jinja2-time
    #   molecule
    #   molecule-vagrant
 jinja2-time==0.2.0
    # via cookiecutter
 jmespath==1.0.1
    # via -r requirements.in
 jsonpatch==1.32
    # via -r requirements.in
 jsonpointer==2.3
    # via jsonpatch
 jsonschema==4.17.0
    # via
    #   ansible-compat
    #   ansible-lint
    #   molecule
 kubernetes==25.3.0
    # via -r requirements.in
 markupsafe==2.1.1
    # via jinja2
 molecule==4.0.3
    # via
    #   -r requirements.in
    #   molecule-vagrant
 molecule-vagrant==1.0.0
    # via -r requirements.in
 mypy-extensions==0.4.3
    # via black
 netaddr==0.8.0
    # via -r requirements.in
 nodeenv==1.7.0
    # via pre-commit
 oauthlib==3.2.2
    # via requests-oauthlib
 packaging==21.3
    # via
    #   ansible-compat
    #   ansible-core
    #   ansible-lint
    #   molecule
 pathspec==0.10.1
    # via
    #   black
    #   yamllint
 pkgutil-resolve-name==1.3.10
    # via jsonschema
 platformdirs==2.5.2
    # via
    #   black
    #   virtualenv
 pluggy==1.0.0
    # via molecule
 pre-commit==2.20.0
    # via -r requirements.in
 pyasn1==0.4.8
    # via
    #   pyasn1-modules
    #   rsa
 pyasn1-modules==0.2.8
    # via google-auth
 pycparser==2.21
    # via cffi
 pygments==2.13.0
    # via rich
 pyparsing==3.0.9
    # via packaging
 pyrsistent==0.19.2
    # via jsonschema
 python-dateutil==2.8.2
    # via
    #   arrow
    #   kubernetes
 python-slugify==6.1.2
    # via cookiecutter
 python-vagrant==1.0.0
    # via molecule-vagrant
 pyyaml==6.0
    # via
    #   -r requirements.in
    #   ansible-compat
    #   ansible-core
    #   ansible-lint
    #   cookiecutter
    #   kubernetes
    #   molecule
    #   molecule-vagrant
    #   pre-commit
    #   yamllint
 requests==2.28.1
    # via
    #   cookiecutter
    #   kubernetes
    #   requests-oauthlib
 requests-oauthlib==1.3.1
    # via kubernetes
 resolvelib==0.8.1
    # via ansible-core
 rich==12.6.0
    # via
    #   ansible-lint
    #   enrich
    #   molecule
 rsa==4.9
    # via google-auth
 ruamel-yaml==0.17.21
    # via ansible-lint
 ruamel-yaml-clib==0.2.7
    # via ruamel-yaml
 selinux==0.2.1
    # via molecule-vagrant
 six==1.16.0
    # via
    #   google-auth
    #   kubernetes
    #   python-dateutil
 subprocess-tee==0.3.5
    # via ansible-compat
 text-unidecode==1.3
    # via python-slugify
 toml==0.10.2
    # via pre-commit
 tomli==2.0.1
    # via black
 typing-extensions==4.4.0
    # via
    #   black
    #   rich
 urllib3==1.26.12
    # via
    #   kubernetes
    #   requests
 virtualenv==20.16.6
    # via pre-commit
 wcmatch==8.4.1
    # via ansible-lint
 websocket-client==1.4.2
    # via kubernetes
 yamllint==1.28.0
    # via
    #   -r requirements.in
    #   ansible-lint
 zipp==3.10.0
    # via importlib-resources
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
@@ -1,7 +1,10 @@
 ---
 - hosts: k3s_cluster
  gather_facts: yes
  become: yes
  roles:
    - role: reset
  post_tasks:
    - name: Reboot and wait for node to come back up
      reboot:
        reboot_timeout: 3600
@@ -0,0 +1,20 @@
 ---
 - name: Add traefik helm repo
  kubernetes.core.helm_repository:
    name: authelia
    repo_url: "https://charts.authelia.com"
 - name: Update the repository cache
  kubernetes.core.helm:
    kubeconfig: /Users/lino.silva/.kube/config
    name: dummy
    namespace: kube-system
    state: absent
    update_repo_cache: true
 - name: Deploy latest version of Authelia chart inside
  kubernetes.core.helm:
    kubeconfig: /Users/lino.silva/.kube/config
    name: authelia
    chart_ref: authelia/authelia
    values: "{{ lookup('template', 'values.yml') | from_yaml }}"
@@ -0,0 +1,65 @@
 ---
 # From repository
 - name: Add traefik helm repo
  kubernetes.core.helm_repository:
    name: jetstack
    repo_url: "https://charts.jetstack.io"
 - name: Update the repository cache
  kubernetes.core.helm:
    kubeconfig: /Users/lino.silva/.kube/config
    name: dummy
    namespace: kube-system
    state: absent
    update_repo_cache: true
 - name: Download cert-manager.crds manifest to the cluster.
  ansible.builtin.get_url:
    url: https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.crds.yaml
    dest: /tmp/cert-manager.crds.yaml
    mode: "0664"
 - name: Apply cert-manager.crds manifest to the cluster.
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    src: /tmp/cert-manager.crds.yaml
 - name: Deploy latest version of cert-manager chart inside cert-manager namespace (and create it)
  kubernetes.core.helm:
    kubeconfig: /Users/lino.silva/.kube/config
    name: cert-manager
    chart_ref: jetstack/cert-manager
    release_namespace: cert-manager
    create_namespace: true
    values: "{{ lookup('template', 'values.yml') | from_yaml }}"
 - name: Deploy cert-manager secret - Cloudflare
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'secret-cf-token.yml') | from_yaml }}"
 - name: Deploy lets encrypt staging
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'letsencrypt-staging.yml') | from_yaml }}"
 - name: Deploy cert-manager staging
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'lino-cooking.staging.yml') | from_yaml }}"
 - name: Deploy lets encrypt production
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'letsencrypt-production.yml') | from_yaml }}"
 - name: Deploy cert-manager production
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'lino-cooking.prod.yml') | from_yaml }}"
@@ -0,0 +1,21 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-production
 spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: letsencrypt@lino.cooking
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - dns01:
          cloudflare:
            email: D5&YbHe&oKx82uuTQ^AfW#$*D8GsDE#K3x^446S^wvH#8T@W2C
            apiTokenSecretRef:
              name: cloudflare-api-token-secret
              key: cloudflare-token
        selector:
          dnsZones:
            - "lino.cooking"
@@ -0,0 +1,21 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-staging
 spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: letsencrypt@lino.cooking
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
      - dns01:
          cloudflare:
            email: okulto+cloudflare@gmail.com
            apiTokenSecretRef:
              name: cloudflare-api-token-secret
              key: api-token
        selector:
          dnsZones:
            - "lino.cooking"
@@ -0,0 +1,15 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: lino-cooking
  namespace: default
 spec:
  secretName: lino-cooking-tls
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "*.lino.cooking"
  dnsNames:
    - "lino.cooking"
    - "*.lino.cooking"
@@ -0,0 +1,15 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: lino-cooking
  namespace: default
 spec:
  secretName: lino-cooking-staging-tls
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer
  commonName: "*.lino.cooking"
  dnsNames:
    - "lino.cooking"
    - "*.lino.cooking"
@@ -0,0 +1,9 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: cloudflare-api-token-secret
  namespace: cert-manager
 type: Opaque
 stringData:
  cloudflare-token: "{{ cloudflare_api_key }}"
@@ -0,0 +1,10 @@
 installCRDs: false
 replicaCount: 3
 extraArgs:
  - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
  - --dns01-recursive-nameservers-only
 podDnsPolicy: None
 podDnsConfig:
  nameservers:
    - "1.1.1.1"
    - "9.9.9.9"
@@ -0,0 +1,20 @@
 ---
 - name: Create directory for docker-compose
  ansible.builtin.file:
    path: /root/docker/frigate/
    state: directory
    mode: "0755"
 - name: Copy docker-compose file
  template:
    src: "docker-compose.yml"
    dest: /root/docker/frigate/docker-compose.yml
    owner: root
    group: root
    mode: 0755
 - name: Run docker-compose
  ansible.builtin.shell:
  args:
    cmd: docker compose up -d
    chdir: /root/docker/frigate/
@@ -0,0 +1,20 @@
 version: "3.9"
 services:
  frigate:
    container_name: frigate
    privileged: true
    restart: unless-stopped
    image: blakeblackshear/frigate:stable
    shm_size: "256mb"
    devices:
      - /dev/bus/usb:/dev/bus/usb
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /config/config.yml:/config/config.yml:ro
      - /db:/db
      - type: tmpfs
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    ports:
      - "5000:5000"
@@ -0,0 +1,27 @@
 ---
 - name: Get convenience script
  uri:
    url: "https://get.docker.com"
    method: GET
    dest: /tmp/get-docker.sh
    mode: a+x
    creates: /tmp/get-docker.sh
 - name: Execute script
  ansible.builtin.shell: /tmp/get-docker.sh
 - name: Ensure group "docker" exists
  ansible.builtin.group:
    name: docker
    state: present
 - name: Add root user to docker group
  ansible.builtin.user:
    name: root
    groups: docker
    append: yes
 - name: Enable docker on startup
  ansible.builtin.shell: |
    systemctl enable docker.service
    systemctl enable containerd.service
@@ -0,0 +1,15 @@
 ---
 - name: Add cgroup rule
  ansible.builtin.blockinfile:
    path: /etc/pve/nodes/epona/lxc/605.conf
    state: present
    block: |
      lxc.cgroup2.devices.allow: c 226:0 rwm
      lxc.cgroup2.devices.allow: c 226:128 rwm
      lxc.cgroup2.devices.allow: c 29:0 rwm
      lxc.cgroup2.devices.allow: c 189:* rwm
      lxc.cgroup2.devices.allow: a
      lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0, 0
      lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir 0, 0
      lxc.cap.drop:
      lxc.mount.auto: cgroup:rw
@@ -0,0 +1,28 @@
 ---
 - name: Create container
  community.general.proxmox:
    vmid: 605
    node: epona
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: frigate
    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip=10.0.2.14/21,\
      hwaddr=44:ae:9f:cd:b9:2a,\
      bridge=vmbr0'}"
    cores: 1
    memory: 6144
    unprivileged: no
    swap: 0
    searchdomain: "home"
    onboot: 1
    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:50,mp=/db"}'
    features:
      - nesting=1
      - keyctl=1
    disk: local-lvm:50
    force: yes
@@ -0,0 +1,26 @@
 ---
 - name: Stop container
  community.general.proxmox:
    vmid: 605
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: stopped
  ignore_errors: true
  timeout: 90
 - name: Remove containers
  community.general.proxmox:
    vmid: 605
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: absent
  ignore_errors: true
  timeout: 90
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
    regexp: "^10.0.2.14"
@@ -0,0 +1,8 @@
 ---
 # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
 - name: Allow SSH into LXC
  ansible.builtin.command: lxc-attach -n 605 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
 - name: Restart SSH Service
  ansible.builtin.command: lxc-attach -n 605 service ssh restart
@@ -0,0 +1,8 @@
 ---
 - name: Start deployments
  community.general.proxmox:
    vmid: 605
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: started
@@ -0,0 +1,6 @@
 ---
 - name: Update all packages to their latest version
  become: true
  ansible.builtin.apt:    
    update_cache: yes
    upgrade: full
@@ -0,0 +1,7 @@
 ---
 - name: Store kube configuration
  ansible.builtin.fetch:
    src: ~/.kube/config
    dest: ~/.kube/config
    flat: true
  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
@@ -0,0 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: admin-user
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kubernetes-dashboard
@@ -0,0 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: admin-user
  namespace: kubernetes-dashboard
@@ -1,5 +1,4 @@
 ---
 - name: Clean previous runs of k3s-init
  systemd:
    name: k3s-init
@@ -76,8 +75,8 @@
        cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
      register: nodes
      until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
-      retries: "{{ retry_count | default(20) }}"
+      retries: "{{ retry_count | default(40) }}"
-      delay: 10
+      delay: 20
      changed_when: false
  always:
    - name: Save logs of k3s-init.service
@@ -85,7 +84,7 @@
      when: log_destination
      vars:
        log_destination: >-
-          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }}
+          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }}
    - name: Kill the temporary service used for initialization
      systemd:
        name: k3s-init
@@ -152,12 +151,19 @@
    owner: "{{ ansible_user }}"
    mode: "u=rw,g=,o="
- name: Configure kubectl cluster to https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443
+- name: Configure kubectl cluster to {{ endpoint_url }}
  command: >-
    k3s kubectl config set-cluster default
-      --server=https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443
+      --server={{ endpoint_url }}
      --kubeconfig ~{{ ansible_user }}/.kube/config
  changed_when: true
  vars:
    endpoint_url: >-
      https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443
  # Deactivated linter rules:
  #   - jinja[invalid]: As of version 6.6.0, ansible-lint complains that the input to ipwrap
  #                     would be undefined. This will not be the case during playbook execution.
  # noqa jinja[invalid]
 - name: Create kubectl symlink
  file:
@@ -1,3 +1,3 @@
 ---
 # Timeout to wait for MetalLB services to come up
-metal_lb_available_timeout: 60s
+metal_lb_available_timeout: 120s
@@ -28,9 +28,9 @@
  command: >-
    k3s kubectl wait {{ item.resource }}
    --namespace='metallb-system'
-    {% if item.name | default(False) -%} {{ item.name }} {%- endif %}
+    {% if item.name | default(False) -%}{{ item.name }}{%- endif %}
-    {% if item.selector | default(False) -%} --selector='{{ item.selector }}' {%- endif %}
+    {% if item.selector | default(False) -%}--selector='{{ item.selector }}'{%- endif %}
-    {% if item.condition | default(False) -%} {{ item.condition }} {%- endif %}
+    {% if item.condition | default(False) -%}{{ item.condition }}{%- endif %}
    --timeout='{{ metal_lb_available_timeout }}'
  changed_when: false
  run_once: true
@@ -0,0 +1,24 @@
 ---
 - name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.apparmor.profile{{":"}} unconfined
 - name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.cap.drop{{":"}}
 - name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.mount.auto"{{":"}}" "proc{{":"}}rw sys{{":"}}rw"
 - name: Add cgroup rule
  ansible.builtin.lineinfile:
    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
    state: present
    line: lxc.cgroup2.devices.allow{{":"}} c 10{{":"}}200 rwm
@@ -0,0 +1,21 @@
 ---
 - name: Configure cloud-init - IP
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1
 - name: Configure cloud-init - User
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root"
 - name: Configure cloud-init - Password
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}"
 - name: Copy SSH Pub key
  ansible.builtin.copy:
    src: ~/.ssh/id_rsa.pub
    dest: /tmp/ansible_controller-key.pub
    mode: 0600
 - name: Configure cloud-init - SSH Key
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub
 - name: Configure networking
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0
@@ -0,0 +1,51 @@
 ---
 - name: Create containers
  # community.general.proxmox:
  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  #   node: "{{ item }}"
  #   api_user: root@pam
  #   api_password: "{{ proxmox_api_password }}"
  #   api_host: 10.0.2.2
  #   password: "{{ lxc_password }}"
  #   hostname: "{{ hostvars[item]['k3s_hostname'] }}"
  #   ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
  #   netif: "{'net0':'name=eth0,\
  #     gw=10.0.0.1,\
  #     ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
  #     hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
  #     bridge=vmbr0'}"
  #   cores: "{{ hostvars[item]['k3s_cores'] }}"
  #   memory: "{{ hostvars[item]['k3s_memory'] }}"
  #   unprivileged: no
  #   swap: 0
  #   searchdomain: "home"
  #   onboot: 1
  #   features:
  #     - nesting=1
  #   disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
  #   force: yes
  # loop: "{{ groups['k3s_hosts'] }}"
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    newid: "{{ hostvars[item]['k3s_vmid'] }}"
    clone: debian-10-openstack-amd64
    vmid: "{{ hostvars[item]['k3s_template_id'] }}"
    timeout: 900
  loop: "{{ groups['k3s_hosts'] }}"
 - name: Update VMs
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    memory: "{{ hostvars[item]['k3s_memory'] }}"
    cores: "{{ hostvars[item]['k3s_cores'] }}"
    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
    node: "{{ item }}"
    update: yes
    agent: yes
  loop: "{{ groups['k3s_hosts'] }}"
@@ -0,0 +1,44 @@
 ---
 - name: Stop containers
  # community.general.proxmox:
  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  #   api_user: root@pam
  #   api_password: "{{ proxmox_api_password }}"
  #   api_host: 10.0.2.2
  #   state: stopped
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    state: stopped
    timeout: 240
  loop: "{{ groups['k3s_hosts'] }}"
  ignore_errors: true
 - name: Remove containers
  # community.general.proxmox:
  # vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  # api_user: root@pam
  # api_password: "{{ proxmox_api_password }}"
  # api_host: "{{ hostvars[item]['ip_addr'] }}"
  # state: absent
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    state: absent
    timeout: 90
  loop: "{{ groups['k3s_hosts'] }}"
  ignore_errors: true
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
    # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
    regexp: '^{{ hostvars[item]["k3s_vm_host"] }}'
  loop: "{{ groups['k3s_hosts'] }}"
@@ -0,0 +1,8 @@
 ---
 # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
 - name: Allow SSH into LXC
  ansible.builtin.command: lxc-attach -n "{{ k3s_vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
 - name: Restart SSH Service
  ansible.builtin.command: lxc-attach -n "{{ k3s_vmid }}" service ssh restart
@@ -0,0 +1,19 @@
 ---
 # - name: Move storage to local_lvm
 #   ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm
 #   ignore_errors: true
 # - name: Resize storage
 #   ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G"
 - name: Allow ipv4 forwarding
  ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
 - name: Allow ipv6 forwarding
  ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1"
 - name: Uncomment ipv4 forward line on /etc/sysctl.conf
  ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf"
 - name: Uncomment ipv6 forward line on /etc/sysctl.conf
  ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf"
@@ -0,0 +1,16 @@
 ---
 - name: Start deployments
  # community.general.proxmox:
  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  #   api_user: root@pam
  #   api_password: "{{ proxmox_api_password }}"
  #   api_host: 10.0.2.2
  #   state: started
  community.general.cloud.misc.proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    state: started
  loop: "{{ groups['k3s_hosts'] }}"
@@ -0,0 +1,22 @@
 ---
 - name: Add longhorn helm repo
  kubernetes.core.helm_repository:
    name: longhorn
    repo_url: "https://charts.longhorn.io"
 - name: Update the repository cache
  kubernetes.core.helm:
    kubeconfig: /Users/lino.silva/.kube/config
    name: dummy
    namespace: kube-system
    state: absent
    update_repo_cache: true
 - name: Deploy latest version of Longhorn chart inside longhorn-system namespace (and create it)
  kubernetes.core.helm:
    kubeconfig: /Users/lino.silva/.kube/config
    name: longhorn
    chart_ref: longhorn/longhorn
    release_namespace: longhorn-system
    create_namespace: true
    chart_version: 1.2.4
@@ -0,0 +1,18 @@
 ---
 - name: Deploy nginx - deployment
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'deployment.yml') | from_yaml }}"
 - name: Deploy nginx - service
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'service.yml') | from_yaml }}"
 - name: Deploy nginx - ingress
  kubernetes.core.k8s:
    kubeconfig: /Users/lino.silva/.kube/config
    state: present
    definition: "{{ lookup('template', 'ingress.yml') | from_yaml }}"
@@ -1,13 +1,20 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: nginx
  namespace: default
  labels:
    app: nginx
 spec:
  replicas: 3
  progressDeadlineSeconds: 600
  revisionHistoryLimit: 2
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nginx
  replicas: 3
  template:
    metadata:
      labels:
@@ -15,6 +22,4 @@ spec:
    spec:
      containers:
        - name: nginx
-          image: nginx:alpine
+          image: nginx:latest
          ports:
            - containerPort: 80
@@ -0,0 +1,26 @@
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: nginx
  namespace: default
  annotations:
    kubernetes.io/ingress.class: traefik-external
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`www.nginx.lino.cooking`)
      kind: Rule
      services:
        - name: nginx
          port: 80
    - match: Host(`nginx.lino.cooking`)
      kind: Rule
      services:
        - name: nginx
          port: 80
      middlewares:
        - name: default-headers
  tls:
    secretName: lino-cooking-tls
@@ -3,11 +3,11 @@ apiVersion: v1
 kind: Service
 metadata:
  name: nginx
  namespace: default
 spec:
  ipFamilyPolicy: PreferDualStack
  selector:
    app: nginx
  ports:
-    - port: 80
+    - name: http
      targetPort: 80
-  type: LoadBalancer
+      port: 80
@@ -0,0 +1,25 @@
 ---
 - name: Create Piholes
  community.general.proxmox:
    vmid: "{{ hostvars[item]['vmid'] }}"
    node: "{{ hostvars[item]['node'] }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: "{{ item }}"
    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip={{ hostvars[item]['ansible_host'] }}/21,\
      hwaddr={{ hostvars[item]['mac_addr'] }},\
      bridge=vmbr0'}"
    cores: 1
    memory: 2048
    unprivileged: no
    swap: 512
    searchdomain: "home"
    onboot: 1
    disk: local-lvm:8
    force: yes
  loop: "{{ groups['pihole'] }}"
@@ -0,0 +1,26 @@
 ---
 - name: Stop containers
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: stopped
  ignore_errors: true
  timeout: 90
 - name: Remove containers
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: absent
  ignore_errors: true
  timeout: 90
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
    regexp: "^{{ ansible_host }}"
@@ -0,0 +1,8 @@
 ---
 # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
 - name: Allow SSH into LXC
  ansible.builtin.command: lxc-attach -n "{{ vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
 - name: Restart SSH Service
  ansible.builtin.command: lxc-attach -n "{{ vmid }}" service ssh restart
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Lino Silva	5d2bd81a14	feat: wtf	2023-01-03 12:02:07 +00:00
Lino Silva	c9c9861a82	feat: changed lxc to vm in k3s	2023-01-03 12:00:52 +00:00
Lino Silva	e596ff0e83	feat: changed lxc to vm in k3s	2023-01-03 11:59:54 +00:00
lino	1913d6417c	Updated frigate playbooks	2023-01-03 11:58:31 +00:00
lino	508e433bab	feat: Frigate Co-authored-by: Lino Silva <lino.silva@farfetch.com> Reviewed-on: #1	2022-11-25 23:29:38 +00:00
Lino Silva	5075a3e697	Add TODO and pre-commit hook	2022-11-20 00:05:51 +00:00
Lino Silva	b27354241d	feat: reverse proxy and certs working	2022-11-19 23:42:06 +00:00
Lino Silva	645dacdca4	feat: Added k3s, metallb, tried adding traefik	2022-11-15 09:35:05 +00:00
lino	f783d35513	Added pre-role for k3s and frigate	2022-11-10 21:01:15 +00:00
Lino Silva	9a7c540c7e	added inventory	2022-11-07 22:52:11 +00:00
Lino Silva	6753d614ee	k3s lxc playbook done	2022-11-07 21:18:02 +00:00
automationxpert	f892029fcf	Adding additional reboot (optional) (#139 ) * Create reboot.yml * Create reboot.sh * Updated the Playbook and Tasks Name Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2022-11-06 05:54:29 +00:00
snoopy82481	6b37ba5e60	chore: ⚡ Multiple configuration changes (#144 ) Added yaml stdout for better readability, optimize ssh connections, moved become to correct section	2022-11-05 21:54:06 -05:00
Techno Tim	b1fee44403	GitHub Actions Fixes (#150 )	2022-11-05 19:57:36 -05:00
Techno Tim	a1c7175bd1	fix(requirements.txt): Use pip-compile (#148 ) * fix(requirements.txt): Use pip-compile * fix(lint): Remove anchors from molecule since they aren't yet supported via lint * fix(lint): Remove anchors from molecule since they aren't yet supported via lint	2022-11-05 18:37:46 -05:00
dependabot[bot]	69d3bdcd88	chore(deps): bump pyrsistent from 0.18.1 to 0.19.2 (#141 ) Bumps [pyrsistent](https://github.com/tobgu/pyrsistent) from 0.18.1 to 0.19.2. - [Release notes](https://github.com/tobgu/pyrsistent/releases) - [Changelog](https://github.com/tobgu/pyrsistent/blob/master/CHANGES.txt) - [Commits](https://github.com/tobgu/pyrsistent/commits) --- updated-dependencies: - dependency-name: pyrsistent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-04 23:07:18 -05:00
Techno Tim	5268ef305a	Revert "feat(ci): switching to self-hosted runners (#133 )" (#135 ) This reverts commit `a840571733`.	2022-10-31 18:50:34 -05:00
Techno Tim	a840571733	feat(ci): switching to self-hosted runners (#133 ) * feat(ci): switching to self-hosted runners * feat(gh-actions-controller): added * feat(gh-actions-controller): added	2022-10-31 17:56:22 -05:00
dependabot[bot]	b1370406ea	chore(deps): bump ansible-lint from 6.8.3 to 6.8.4 (#130 ) Bumps [ansible-lint](https://github.com/ansible-community/ansible-lint) from 6.8.3 to 6.8.4. - [Release notes](https://github.com/ansible-community/ansible-lint/releases) - [Commits](https://github.com/ansible-community/ansible-lint/compare/v6.8.3...v6.8.4) --- updated-dependencies: - dependency-name: ansible-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-28 17:16:35 -05:00
dependabot[bot]	12d57a07d0	chore(deps): bump ansible-lint from 6.8.2 to 6.8.3 (#129 ) Bumps [ansible-lint](https://github.com/ansible-community/ansible-lint) from 6.8.2 to 6.8.3. - [Release notes](https://github.com/ansible-community/ansible-lint/releases) - [Commits](https://github.com/ansible-community/ansible-lint/compare/v6.8.2...v6.8.3) --- updated-dependencies: - dependency-name: ansible-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-26 21:55:42 -05:00
samerbahri98	4f3b8ec9e0	Pre-commit hooks (#125 ) * feat: pre-commit * empty * fix: requirements.txt	2022-10-26 19:15:24 -05:00
dependabot[bot]	45ddd65e74	chore(deps): bump zipp from 3.9.0 to 3.10.0 (#128 ) Bumps [zipp](https://github.com/jaraco/zipp) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/CHANGES.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.9.0...v3.10.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-26 19:13:53 -05:00
dependabot[bot]	b2a62ea4eb	chore(deps): bump ruamel-yaml-clib from 0.2.6 to 0.2.7 (#124 ) Bumps [ruamel-yaml-clib](https://sourceforge.net/p/ruamel-yaml-clib/code/ci/default/tree) from 0.2.6 to 0.2.7. --- updated-dependencies: - dependency-name: ruamel-yaml-clib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-22 13:37:11 -05:00
dependabot[bot]	a8697edc99	chore(deps): bump oauthlib from 3.2.1 to 3.2.2 (#123 ) Bumps [oauthlib](https://github.com/oauthlib/oauthlib) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/oauthlib/oauthlib/releases) - [Changelog](https://github.com/oauthlib/oauthlib/blob/v3.2.2/CHANGELOG.rst) - [Commits](https://github.com/oauthlib/oauthlib/compare/v3.2.1...v3.2.2) --- updated-dependencies: - dependency-name: oauthlib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-18 19:20:28 -05:00
dependabot[bot]	d3218f5d5c	chore(deps): bump google-auth from 2.12.0 to 2.13.0 (#122 ) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.12.0...v2.13.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-17 23:06:58 -05:00
Irakli Nadareishvili	590a8029fd	Removing accidental tear-down step that is clearly a typo (#117 ) Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2022-10-15 14:15:25 -05:00
Techno Tim	cb2fa7c441	k3s, metallb, kube-vip updates (#119 ) * feat(k3s): Updated to v1.24.6+k3s1 * feat(kube-vip): Update to v0.5.5 * feat(metal-lb): Update to v0.13.6 * fix(pip): Freeze requirements * fix(lint): Fixed ansible-lint	2022-10-15 12:23:50 -05:00
ccoane	14508ec8dc	Add "collection" to the ansible-galaxy command as it will run without making changes if that collection argument is not provided. (#113 )	2022-10-04 20:41:19 -05:00
Ioannis Angelakopoulos	fb6c9a6866	adds colors to molecule testing in GitHub action (#109 )	2022-09-28 03:48:25 +00:00
Simon Leiner	d5d02280c1	Fix download-boxes.sh if no boxes are present (#106 ) In case of grep not matching any line, it would return an error code and thus stop the script. This patch sets "present_boxes" to an empty value in case any of the commands fail.	2022-09-26 17:21:37 -05:00
Simon Leiner	57e528832b	Fix role order in reset playbook (#104 )	2022-09-25 12:35:36 -05:00
Ioannis Angelakopoulos	cd76fa05a7	fix master taint implementation - linting problems (#95 ) * add virtual-ip to certificate SAN entries Adds the kube-vip IP as a Subject Alternative Name in the TLS cert. It is needed otherwise you cannot access the cluster. * fixes bug with master taints (#1) - improves taint logic * fixes typo * fixes formatting * fixes undefined group['node'] if missing from hosts.ini (#2) * fixes undefined group['node'] if missing from hosts.ini - improves application of master taint by centralizing code * improves molecule testing, fixes linting * hacking at linter problems, small tweaks - increases the metallb timeout error due to intermittent testing errors in GitHub actions * improves context by renaming taint variable - makes variable boolean * fix bug * removes linting hacks Co-authored-by: Ioannis Angelakopoulos <ioangel@gmail.com>	2022-09-24 20:12:24 -05:00
Simon Leiner	d5b37acd8a	Drop support for CentOS, test Rocky and Debian in CI (#92 ) * Test CentOS 7 in CI * Drop support for CentOS, test on Rocky and Debian * Fix reset playbook for Rocky Linux * Fix typo * Disable firewalld during testing Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2022-09-24 05:10:55 +00:00
Simon Leiner	5225493ca0	CI: Fix linting job for ansible-lint 6.6.0 (#96 ) * CI: Fix linting job for ansible-lint 6.6.0 * Increase MetalLB timeout to mitigate CI flakiness	2022-09-23 23:28:21 -05:00
BMeach	4acbe91b6c	Fix master node taints in multi node installs (#93 ) * Taint master nodes if more than one node * Kick off fork workflow tests Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2022-09-17 15:56:09 -05:00
Techno Tim	f1c2f3b7dd	fix(github): ignore readme updates (#94 )	2022-09-17 00:18:56 -05:00
Techno Tim	76718a010c	chore(docs): Updated with ansible collections install (#89 ) * chore(docs): Fixing thanks section * chore(docs): Updated with collections command	2022-09-15 02:32:34 +00:00
		`@@ -0,0 +1,3 @@`
							`#!/bin/bash`

							`ansible-playbook reboot.yml -i inventory/my-cluster/hosts.ini`