michi/k3s-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
k3s-ansible/site.yml
Michael Skrynski 14d4f2528d Add automatic TLS via Let's Encrypt Cloudflare DNS-01 and Vaultwarden 
- Introduce Traefik ACME configuration using Cloudflare DNS-01 challenge
- Deploy Vaultwarden password manager with IP allowlist protection
- Add middleware for security headers, compression, and rate limiting
- Update IngressRoute resources to use new ACME resolver
- Add troubleshooting steps for certificate and TLS issues
- Include test application deployment and verification commands
2026-03-25 11:21:01 +01:00

91 lines
1.6 KiB
YAML
Raw Permalink Blame History

---
- name: Prepare all nodes
hosts: k3s_cluster
gather_facts: true
become: true
roles:
- role: prereq
tags:
- prereq
- prepare
- name: Setup primary k3s master (control-plane node 1)
hosts: "{{ groups['master'][0] }}"
become: true
roles:
- role: k3s-server
tags:
- k3s-server
- server
- master
- name: Setup additional k3s masters (control-plane nodes 2+)
hosts: "{{ groups['master'][1:] | default([]) }}"
serial: 1
become: true
roles:
- role: k3s-server
tags:
- k3s-server
- server
- master
- name: Setup k3s agents (worker nodes)
hosts: worker
become: true
roles:
- role: k3s-agent
tags:
- k3s-agent
- agent
- worker
- name: Install compute-blade-agent on all nodes
hosts: all
become: true
roles:
- role: compute-blade-agent
tags:
- compute-blade-agent
- blade-agent
- name: Configure Traefik (ACME / Let's Encrypt via Cloudflare DNS-01)
hosts: "{{ groups['master'][0] }}"
gather_facts: false
become: false
roles:
- role: traefik-config
tags:
- traefik-config
- traefik
- certs
- name: Deploy Vaultwarden
hosts: "{{ groups['master'][0] }}"
gather_facts: false
become: false
roles:
- role: vaultwarden
tags:
- vaultwarden
- name: Install Prometheus Operator
hosts: "{{ groups['master'][0] }}"
gather_facts: false
become: true
roles:
- role: prometheus-operator
tags:
- prometheus-operator
- monitoring
- name: Deploy test applications
hosts: "{{ groups['master'][0] }}"
gather_facts: true
become: true
roles:
- role: k3s-deploy-test
tags:
- test
- deploy-test
Reference in New Issue View Git Blame Copy Permalink