Reorder ingress configuration tasks;Housekeeping

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/ingress.yml

@@ -1,3 +1,21 @@
+- name: Reconfigure traefik container for persistence
+  ansible.builtin.blockinfile:
+    path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
+    block: |2
+          deployment:
+            initContainers:
+              - name: volume-permissions
+                image: busybox:1
+                command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
+                volumeMounts:
+                  - name: data
+                    mountPath: /data
+          persistence:
+            enabled: true
+    marker: '    # {mark} ANSIBLE MANAGED BLOCK'
+  notify:
+    - Apply manifests
+
 - name: Configure traefik dashboard ingress
   ansible.builtin.template:
     src: ingressroute.j2

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml

@@ -31,17 +31,6 @@
     INSTALL_K3S_EXEC: "server --cluster-init --token {{ vapp['metacluster.token'] | trim }} --tls-san {{ vapp['metacluster.vip'] }} --disable local-storage --config /etc/rancher/k3s/config.yaml"
   when: ansible_facts.services['k3s.service'] is undefined
 
-- name: Debug possible taints on k3s node
-  ansible.builtin.shell:
-    cmd: >-
-      while true;
-      do
-        kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers | awk '{print strftime("%H:%M:%S"),$0;fflush();}' >> /var/log/taintlog
-        sleep 1
-      done
-  async: 1800
-  poll: 0
-
 - name: Ensure API availability
   ansible.builtin.uri:
     url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose

ansible/vars/metacluster.yml

@@ -19,20 +19,10 @@ platform:
               - "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
               - "--certificatesResolvers.stepca.acme.tlsChallenge=true"
               - "--certificatesresolvers.stepca.acme.certificatesduration=24"
-            deployment:
-              initContainers:
-                - name: volume-permissions
-                  image: busybox:1
-                  command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
-                  volumeMounts:
-                    - name: data
-                      mountPath: /data
             globalArguments: []
             ingressRoute:
               dashboard:
                 enabled: false
-            persistence:
-              enabled: true
             ports:
               ssh:
                 port: 8022