CyVerse-Ansible.ansible_k3s
CyVerse Ansible k3s
This role helps you set up a standalone or clustered k3s environment.
Requirements
If you plan to use Docker with k3s, make sure Docker is already installed or use a role that installs it for you.
This role will set up a firewall (ufw) and will, by default, allow all nodes in the k3s cluster to communicate with each other.
You need to configure your host files properly. Here is a sample inventory file that includes k3s_masters, k3s_agents, and k3s_cluster, which is the minimum setup.
Note: Currently, only one master node is supported.
In .ini format:
[k3s_masters]
w.x.y.z
[k3s_agents]
a.b.c.d
e.f.g.h
[k3s_cluster:children]
k3s_masters
k3s_agents
In yaml format:
all:
hosts:
k1:
ansible_host: w.x.y.z
ansible_user: root
k2:
ansible_host: a.b.c.d
ansible_user: root
k3:
ansible_host: e.f.g.h
ansible_user: root
children:
k3s_masters:
hosts:
k1:
k3s_agents:
hosts:
k2:
k3:
k3s_cluster:
children:
k3s_masters:
k3s_agents:
Role Variables
Here’s a table of optional Ansible variables with their default values if not specified.
| Variable Name | Default Value if Not Defined | Description |
|---|---|---|
| K3S_DOCKER_ENABLE | version_dependent | Enables the Docker engine unless the OS version is Ubuntu 22.04 or newer. |
| K3S_GPU_ENABLE | false | Enables the NVIDIA GPU driver. |
| K3S_GPU_TIMESLICE_ENABLE | false | If GPU is enabled, this allows time slicing. |
| K3S_GPU_TIMESLICE_NUM | 2 | Default number of time slices when GPU time slicing is enabled. |
| K3S_NVIDIA_USE_GPU_OPERATOR | true | Uses NVIDIA’s GPU operator by default (if GPU is enabled). |
| K3S_NVIDIA_GPU_OPERATOR_DRIVER | false | Option to use the driver within a container. |
| K3S_NVIDIA_GPU_OPERATOR_TOOLKIT | false | Option to use toolkit within a container. |
| K3S_TRAEFIK_ENABLE | false | Disables Traefik ingress. |
| K3S_FLANNEL_BACKEND | none | If set, passes value to --flannel-backend=. |
| K3S_CALICO_ENABLE (not working) | false | Attempts to enable Calico. |
| K3S_CLUSTER_TOKEN | none | If set, initializes the cluster with this token instead of a randomly generated one. |
| K3S_CLUSTER_CIDR | none | If set, defines the CIDR for the cluster, e.g., 192.168.0.0/16. |
| K3S_VERSION | none | If set, tries to set the k3s version. |
| K3S_IS_MULTINODE | false | If true, prepares hosts for multi-node setup (like IP forwarding). |
| K3S_MASTER_INSTALL | true | Reinstalls master node(s). |
| K3S_MASTER_IP | none | Sets the k3s master IP when a default IP is incorrect. |
| K3S_MASTER_PORT | 6443 | Port number for the master node. |
| K3S_POSTGRESQL_ENABLE | false | Enables the use of PostgreSQL. |
| K3S_POSTGRESQL_INSTALL | false | Allows installation of PostgreSQL on the first k3s master (K3S_POSTGRESQL_ENABLE must be true). |
| K3S_POSTGRESQL_HOST | 127.0.0.1 | Hostname or IP for the PostgreSQL database from the k3s master configuration. |
| K3S_POSTGRESQL_PORT | 5432 | Port for the PostgreSQL database. |
| K3S_POSTGRESQL_DB | kubernetes | PostgreSQL database name. |
| K3S_POSTGRESQL_USER | k3suser | Database username for K3S_POSTGRESQL_DB. |
| K3S_POSTGRESQL_PASS | randomly generated | Password for K3S_POSTGRESQL_USER to access K3S_POSTGRESQL_DB; stored in /opt/k3s. |
| K3S_FIREWALL_MANAGE | false | Enables firewall management through this role. |
| K3S_FIREWALL_ADD_PORTS | none | Array of dictionaries to add firewall rules; each element should include port, rule, protocol, and source. |
| K3S_REGISTRIES_MIRRORS | none | If defined, places "mirrors:" configuration in /etc/rancher/k3s/registries.yaml. |
Example Playbook
Here’s how a sample playbook looks:
- hosts: k3s_cluster
become: true
roles:
- k3s
vars:
K3S_FORCE_UNINSTALL: true
K3S_POSTGRESQL_ENABLE: true
K3S_POSTGRESQL_INSTALL: true
K3S_FIREWALL_ADD_PORTS:
- port: "8888"
rule: "allow"
proto: "tcp"
src: "1.2.3.0/24"
- port: "443"
rule: "deny"
proto: "tcp"
src: "any"
Author Information
Edwin Skidmore (edwin@cyverse.org)
Informazioni sul progetto
This role will install a single or multi-cluster k3s, with the option of installing with postgresql. At this time, this is not suppose to be a comprehensive k3s, but rather a role sufficient for CyVerse's needs
Installa
ansible-galaxy install CyVerse-Ansible.ansible_k3sLicenza
other
Download
2.2k
Proprietario