added k3s role

ansible/roles/k3s/README.md

@@ -0,0 +1,10 @@
+Role Name
+=========
+
+This role installs a single-node k3s installation and fetches the kubeconfig to the basedir.
+It also installs helm.
+
+License
+-------
+
+BSD

ansible/roles/k3s/defaults/main.yml

@@ -0,0 +1,5 @@
+#SPDX-License-Identifier: MIT-0
+---
+# defaults/main.yml
+k3s_version: "latest"
+

ansible/roles/k3s/files/k3s.config

@@ -0,0 +1,11 @@
+cluster-init: true
+disable:
+#  - servicelb
+  - traefik
+#cluster-cidr: 10.42.0.0/16
+#flannel-backend: "none"
+#disable-kube-proxy: true
+#disable-network-policy: true
+#kube-apiserver-arg:
+#  - kubelet-arg=max-pods=65534 
+#  - kube-controller-manager-arg=node-cidr-mask-size=16 

ansible/roles/k3s/handlers/main.yml

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+---
+# handlers file for k3s

ansible/roles/k3s/meta/main.yml

@@ -0,0 +1,2 @@
+#SPDX-License-Identifier: MIT-0
+#---

ansible/roles/k3s/tasks/main.yml

@@ -0,0 +1,74 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks/main.yml
+
+## shell used as workaround cause get.helm.sh is down atm
+- name: Add helm key
+  shell: |
+    curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
+  args:
+    creates: /usr/share/keyrings/helm.gpg
+
+- name: Add helm repo
+  lineinfile:
+    path: /etc/apt/sources.list.d/helm-stable-debian.list
+    line: "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main"
+    create: yes
+
+- name: Update apt repository
+  apt:
+    update_cache: yes
+
+- name: Install required packages
+  apt:
+    name:
+      - curl
+      - wget
+      - apt-transport-https
+      - ca-certificates
+      - pip
+      - gpg
+      - helm
+    state: present
+
+- name: Install python kubernetes module
+  ansible.builtin.pip:
+    break_system_packages: yes
+    name: kubernetes
+
+### Ubuntu workaround
+#- name: Install helm
+#  command: snap install --classic helm
+
+### k3s config for Cilium CNI installation
+#- name: Copy k3s.config to server
+#  ansible.builtin.copy:
+#    src: k3s.config
+#    dest: /root/config.yaml
+
+- name: Install k3s (disabled traefik in favour of nginx for modSecurity support)
+  shell: |
+    curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --disable=traefik --cluster-init" sh -s -
+  args:
+    executable: /bin/bash
+
+- name: Check if k3s is running
+  systemd:
+    name: k3s
+    state: started
+    enabled: yes
+
+- name: Get k3s version
+  command: k3s --version
+  register: k3s_version
+
+- name: Show k3s version
+  debug:
+    msg: "K3s version: {{ k3s_version.stdout }}"
+
+# Download kubeconfig for remote access
+- name: Fetch kubconfig
+ ansible.builtin.fetch:
+    src: /etc/rancher/k3s/k3s.yaml
+    dest: ../kubeconfig
+    flat: yes

ansible/roles/k3s/tests/inventory

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+localhost
+

ansible/roles/k3s/tests/test.yml

@@ -0,0 +1,6 @@
+#SPDX-License-Identifier: MIT-0
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - k3s

ansible/roles/k3s/vars/main.yml

@@ -0,0 +1,3 @@
+#SPDX-License-Identifier: MIT-0
+---
+# vars file for k3s