5 files changed, 86 insertions, 0 deletions

diff --git a/terraform/ansible/roles/k3s/defaults/main.yml b/terraform/ansible/roles/k3s/defaults/main.yml
new file mode 100644
index 0000000..9731038
--- /dev/null
+++ b/terraform/ansible/roles/k3s/defaults/main.yml
@@ -0,0 +1 @@
+k3s__version: 0.7.0
diff --git a/terraform/ansible/roles/k3s/handlers/main.yml b/terraform/ansible/roles/k3s/handlers/main.yml
new file mode 100644
index 0000000..206b14e
--- /dev/null
+++ b/terraform/ansible/roles/k3s/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: systemctl restart k3s
+  systemd:
+    unit: k3s
+    state: restarted
diff --git a/terraform/ansible/roles/k3s/tasks/main.yml b/terraform/ansible/roles/k3s/tasks/main.yml
new file mode 100644
index 0000000..0b7797a
--- /dev/null
+++ b/terraform/ansible/roles/k3s/tasks/main.yml
@@ -0,0 +1,39 @@
+- include_vars:
+    file: k3s_releases.yml
+
+- get_url:
+    url: "{{ k3s__releases[k3s_version][item].url }}"
+    dest: /usr/local/bin/k3s
+    checksum: "sha256:{{ k3s__releases[k3s_version][item].checksum }}"
+    mode: ugo=rx
+
+  with_items:
+    - k3s
+  notify: systemctl restart k3s
+
+- template:
+    src: "k3s.service.j2"
+    dest: "/etc/systemd/system/k3s.service"
+  notify: systemctl restart k3s
+
+- systemd:
+    unit: k3s
+    daemon_reload: yes
+    enabled: yes
+
+- meta: flush_handlers
+
+- when: k3s_role == 'master'
+  block:
+    - name: Wait for node-token
+      wait_for:
+        path: /var/lib/rancher/k3s/server/node-token
+
+    - name: Read node-token from master
+      slurp:
+        src: /var/lib/rancher/k3s/server/node-token
+      register: node_token
+
+    - name: Store Master node-token
+      set_fact: 
+        node_token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"
diff --git a/terraform/ansible/roles/k3s/templates/k3s.service.j2 b/terraform/ansible/roles/k3s/templates/k3s.service.j2
new file mode 100644
index 0000000..b1c5c54
--- /dev/null
+++ b/terraform/ansible/roles/k3s/templates/k3s.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+After=network.target
+
+[Service]
+{% if k3s_role == 'master' %}
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/k3s server
+{% else %}
+# TODO: this should use private_ip
+ExecStart=/usr/local/bin/k3s agent --server https://{{ hostvars['k8s-master']['ansible_host'] }}:6443 --token {{ hostvars['k8s-master']['node_token'] }}
+{% endif %}
+KillMode=process
+Delegate=yes
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+
+[Install]
+WantedBy=multi-user.target
diff --git a/terraform/ansible/roles/k3s/vars/k3s_releases.yml b/terraform/ansible/roles/k3s/vars/k3s_releases.yml
new file mode 100644
index 0000000..52f599d
--- /dev/null
+++ b/terraform/ansible/roles/k3s/vars/k3s_releases.yml
@@ -0,0 +1,21 @@
+k3s__releases:
+  "0.6.0":
+    "hyperkube":
+      url: "https://github.com/rancher/k3s/releases/download/v0.6.0/hyperkube"
+      checksum: "7bb86be92335ebe5fc653d90b28575b7cb0f036b26a1c468ea7bc9d5eb2c302c"
+    "k3s":
+      url: "https://github.com/rancher/k3s/releases/download/v0.6.0/k3s"
+      checksum: "d1ffefe9fa8de45236c9394b5622c8e67319acda5b70ee8a83496325eeb27359"
+    "k3s-airgap-images-amd64.tar":
+      url: "https://github.com/rancher/k3s/releases/download/v0.6.0/k3s-airgap-images-amd64.tar"
+      checksum: "0ea5c7763d6f58294778ffa2fe4167f76f9cf2be0b6e3d15f9fda177838baa0b"
+  "0.7.0":
+    "hyperkube":
+      url: "https://github.com/rancher/k3s/releases/download/v0.7.0/hyperkube"
+      checksum: "96a07f3dfc1e53d8e12964936687ab70831ac5a15de49ed1c4126758acbe1e4b"
+    "k3s":
+      url: "https://github.com/rancher/k3s/releases/download/v0.7.0/k3s"
+      checksum: "b838785f81f4a8c7e4564769c4deae391439d6782170f6a03bee742dd39c4d3c"
+    "k3s-airgap-images-amd64.tar":
+      url: "https://github.com/rancher/k3s/releases/download/v0.7.0/k3s-airgap-images-amd64.tar"
+      checksum: "219f3bc8c9747a317362c948efb10b750233fcd751cb793fcb78d5b7b1449008"