coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
Files
ada406f3279432380dec3b6396a52c0d7d8c4e0f
railiance-cluster/ansible/bootstrap.yml
Bernd Worsch ada406f327 fix(bootstrap): commit full bootstrap.yml — Helm + kubeconfig tasks 
The previous commit only included the staged portion (k3s tasks).
The working-tree additions (Helm install, kubeconfig fetch, version vars)
were never staged and were left behind.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 09:52:36 +00:00

94 lines
3.6 KiB
YAML
Raw Blame History

---
# Pre-condition: the target host must already be converged by railiance-infra
# (`make converge` in that repo) before running this playbook.
# OS hardening (SSH, UFW, fail2ban) is owned by railiance-infra — see ADR-003.
- name: Railiance host bootstrap — k3s + Helm
hosts: all
become: true
vars:
k3s_version: "v1.35.1+k3s1"
helm_version: "v3.17.3"
kubeconfig_local_path: "~/.kube/config-hosteurope"
tasks:
# ── Base packages ────────────────────────────────────────────────────────
- name: Ensure base packages
apt:
name:
- curl
- git
- jq
update_cache: yes
state: present
# ── k3s ──────────────────────────────────────────────────────────────────
- name: Install k3s (server, pinned version)
shell: |
curl -sfL https://get.k3s.io | \
INSTALL_K3S_VERSION="{{ k3s_version }}" \
INSTALL_K3S_EXEC="server --cluster-init --write-kubeconfig-mode=644" \
sh -
args:
creates: /usr/local/bin/k3s
- name: Wait for k3s service to be active
systemd:
name: k3s
state: started
enabled: true
- name: Wait for node to reach Ready state
shell: k3s kubectl wait node --all --for=condition=Ready --timeout=120s
changed_when: false
- name: Verify k3s node
shell: k3s kubectl get nodes
register: nodes
changed_when: false
- debug: var=nodes.stdout_lines
# ── Helm ─────────────────────────────────────────────────────────────────
- name: Check if Helm is already installed at correct version
shell: helm version --short 2>/dev/null || true
register: helm_installed
changed_when: false
- name: Download Helm archive and checksum
shell: |
cd /tmp
curl -sfLO "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz"
curl -sfLO "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz.sha256sum"
sha256sum -c "helm-{{ helm_version }}-linux-amd64.tar.gz.sha256sum"
when: helm_version not in helm_installed.stdout
- name: Extract and install Helm
shell: |
tar -xzf /tmp/helm-{{ helm_version }}-linux-amd64.tar.gz -C /tmp
install -m 0755 /tmp/linux-amd64/helm /usr/local/bin/helm
rm -rf /tmp/helm-{{ helm_version }}-linux-amd64.tar.gz /tmp/helm-{{ helm_version }}-linux-amd64.tar.gz.sha256sum /tmp/linux-amd64
when: helm_version not in helm_installed.stdout
- name: Verify Helm
shell: helm version --short
register: helm_ver
changed_when: false
- debug: var=helm_ver.stdout
# ── Kubeconfig ───────────────────────────────────────────────────────────
- name: Fetch kubeconfig to control node
fetch:
src: /etc/rancher/k3s/k3s.yaml
dest: "{{ kubeconfig_local_path }}"
flat: yes
- name: Fix server address in fetched kubeconfig
delegate_to: localhost
become: false
replace:
path: "{{ kubeconfig_local_path }}"
regexp: 'server: https://127\.0\.0\.1:6443'
replace: "server: https://{{ ansible_host }}:6443"
Reference in New Issue View Git Blame Copy Permalink