From 5aecf61a01e0c31ce20e65f80c79d2156edde1a6 Mon Sep 17 00:00:00 2001
From: Danny Bessems <danny@bessems.eu>
Date: Wed, 1 Feb 2023 20:07:04 +0100
Subject: [PATCH] Reorder ingress configuration tasks;Housekeeping

---
 .../roles/metacluster/tasks/ingress.yml        | 18 ++++++++++++++++++
 .../bootstrap/roles/metacluster/tasks/k3s.yml  | 11 -----------
 ansible/vars/metacluster.yml                   | 10 ----------
 3 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
index 9e43122..d66bd84 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml
@@ -1,3 +1,21 @@
+- name: Reconfigure traefik container for persistence
+  ansible.builtin.blockinfile:
+    path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
+    block: |2
+          deployment:
+            initContainers:
+              - name: volume-permissions
+                image: busybox:1
+                command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
+                volumeMounts:
+                  - name: data
+                    mountPath: /data
+          persistence:
+            enabled: true
+    marker: '    # {mark} ANSIBLE MANAGED BLOCK'
+  notify:
+    - Apply manifests
+
 - name: Configure traefik dashboard ingress
   ansible.builtin.template:
     src: ingressroute.j2
diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
index 94f80ec..5ce79ed 100644
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml
@@ -31,17 +31,6 @@
     INSTALL_K3S_EXEC: "server --cluster-init --token {{ vapp['metacluster.token'] | trim }} --tls-san {{ vapp['metacluster.vip'] }} --disable local-storage --config /etc/rancher/k3s/config.yaml"
   when: ansible_facts.services['k3s.service'] is undefined
 
-- name: Debug possible taints on k3s node
-  ansible.builtin.shell:
-    cmd: >-
-      while true;
-      do
-        kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers | awk '{print strftime("%H:%M:%S"),$0;fflush();}' >> /var/log/taintlog
-        sleep 1
-      done
-  async: 1800
-  poll: 0
-
 - name: Ensure API availability
   ansible.builtin.uri:
     url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml
index 5c131a0..914de93 100644
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@@ -19,20 +19,10 @@ platform:
               - "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
               - "--certificatesResolvers.stepca.acme.tlsChallenge=true"
               - "--certificatesresolvers.stepca.acme.certificatesduration=24"
-            deployment:
-              initContainers:
-                - name: volume-permissions
-                  image: busybox:1
-                  command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
-                  volumeMounts:
-                    - name: data
-                      mountPath: /data
             globalArguments: []
             ingressRoute:
               dashboard:
                 enabled: false
-            persistence:
-              enabled: true
             ports:
               ssh:
                 port: 8022