Reorder ingress configuration tasks;Housekeeping

2023-02-01 20:07:04 +01:00 · 2023-02-01 20:07:04 +01:00 · 5aecf61a01
parent be4b6177f9
commit 5aecf61a01
3 changed files with 18 additions and 21 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
@ -1,3 +1,21 @@
+- name: Reconfigure traefik container for persistence
+  ansible.builtin.blockinfile:
+    path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
+    block: |2
+          deployment:
+            initContainers:
+              - name: volume-permissions
+                image: busybox:1
+                command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
+                volumeMounts:
+                  - name: data
+                    mountPath: /data
+          persistence:
+            enabled: true
+    marker: '    # {mark} ANSIBLE MANAGED BLOCK'
+  notify:
+    - Apply manifests
+
 - name: Configure traefik dashboard ingress
  ansible.builtin.template:
    src: ingressroute.j2
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
@ -31,17 +31,6 @@
    INSTALL_K3S_EXEC: "server --cluster-init --token {{ vapp['metacluster.token'] | trim }} --tls-san {{ vapp['metacluster.vip'] }} --disable local-storage --config /etc/rancher/k3s/config.yaml"
  when: ansible_facts.services['k3s.service'] is undefined

- name: Debug possible taints on k3s node
-  ansible.builtin.shell:
-    cmd: >-
-      while true;
-      do
-        kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers | awk '{print strftime("%H:%M:%S"),$0;fflush();}' >> /var/log/taintlog
-        sleep 1
-      done
-  async: 1800
-  poll: 0
-
 - name: Ensure API availability
  ansible.builtin.uri:
    url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -19,20 +19,10 @@ platform:
              - "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
              - "--certificatesResolvers.stepca.acme.tlsChallenge=true"
              - "--certificatesresolvers.stepca.acme.certificatesduration=24"
-            deployment:
-              initContainers:
-                - name: volume-permissions
-                  image: busybox:1
-                  command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
-                  volumeMounts:
-                    - name: data
-                      mountPath: /data
            globalArguments: []
            ingressRoute:
              dashboard:
                enabled: false
-            persistence:
-              enabled: true
            ports:
              ssh:
                port: 8022