Generate and apply Talso configs
This commit is contained in:
parent
647ed922b8
commit
09c9ff41c2
|
@ -6,4 +6,6 @@
|
|||
hosts:
|
||||
- talos
|
||||
roles:
|
||||
- role: talos_configs
|
||||
- role: machine_status
|
||||
- role: talos_apply
|
||||
|
|
|
@ -4,14 +4,22 @@
|
|||
delegate_to: localhost
|
||||
become: false
|
||||
ansible.builtin.command:
|
||||
cmd: "talosctl get machinestatus --endpoints '{{ ansible_remote }}' --nodes '{{ ansible_remote }}' --insecure --output json"
|
||||
register: _machine_status_output
|
||||
cmd: "talosctl get machinestatus --endpoints '{{ ansible_remote }}' --nodes '{{ ansible_remote }}' --output json"
|
||||
register: _machine_status_cmd
|
||||
failed_when: _machine_status_cmd.rc not in [0, 1]
|
||||
|
||||
- name: Get machine status - insecure
|
||||
when: "_machine_status_cmd.rc == 1"
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
ansible.builtin.command:
|
||||
cmd: "talosctl get machinestatus --endpoints '{{ ansible_remote }}' --nodes '{{ ansible_remote }}' --insecure --output json"
|
||||
register: _machine_status_cmd_insec
|
||||
|
||||
- name: Parse machine status
|
||||
ansible.builtin.set_fact:
|
||||
_machine_status: "{{ _machine_status_output.stdout | from_json }}"
|
||||
talos_machine_status: "{{ _machine_status_cmd_insec.stdout | default(_machine_status_cmd.stdout) | from_json }}"
|
||||
|
||||
- name: Show machine status
|
||||
ansible.builtin.debug:
|
||||
var: _machine_status
|
||||
var: talos_machine_status
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
kubernetes_version: v1.26.7
|
||||
talos_version: v1.5.1
|
||||
ansible_root_dir: "{{ inventory_dir | ansible.builtin.dirname }}"
|
||||
ansible_vault_password_file: "{{ ansible_root_dir }}/.ansible/vault_pass"
|
||||
talos_generic_config_dir: "{{ ansible_root_dir }}/configs/talos"
|
||||
talos_cluster_config_dir: "{{ ansible_root_dir }}/configs/{{ cluster_name }}"
|
||||
talos_cluster_secrets_file: "{{ talos_cluster_config_dir }}/talos-secrets.yaml"
|
||||
talos_control_lb_hostname: "control.{{ cluster_name }}"
|
||||
talos_node_config_file: "{{ talos_cluster_config_dir }}/talos-{{ inventory_hostname }}.yaml"
|
||||
talosconfig: "{{ talos_cluster_config_dir }}/talosconfig.yaml"
|
||||
kubeconfig: "{{ talos_cluster_config_dir }}/kubeconfig.yaml"
|
||||
talos_image_version: v1.4.7
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
|
||||
- name: Encrypt secrets
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: yes
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
ansible-vault encrypt
|
||||
--vault-password-file '{{ ansible_vault_password_file }}'
|
||||
--output '{{ talos_cluster_secrets_file }}.enc'
|
||||
'{{ talos_cluster_secrets_file }}'"
|
||||
|
||||
- name: Update talosconfig - endpoints
|
||||
listen: Update talosconfig
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: yes
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl config endpoints '{{ talos_control_lb_hostname }}'
|
||||
|
||||
- name: Update talosconfig - nodes
|
||||
listen: Update talosconfig
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: yes
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl config nodes '{{ talos_control_lb_hostname }}'
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Apply Talos node config
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl apply-config
|
||||
--file '{{ talos_node_config_file }}'
|
||||
--nodes '{{ ansible_remote }}'
|
||||
--endpoints '{{ ansible_remote }}'
|
||||
{% if talos_machine_status.spec.stage == 'maintenance' %} --insecure{% endif %}
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
|
||||
- name: Create Talos control node config
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl gen config '{{ cluster_name }}' 'https://{{ talos_control_lb_hostname }}:6443'
|
||||
--output-types controlplane
|
||||
--output '{{ talos_node_config_file }}'
|
||||
--with-secrets '{{ talos_cluster_secrets_file }}'
|
||||
--config-patch @'{{ talos_generic_config_dir }}/talos-patch.yaml'
|
||||
--config-patch-control-plane @'{{ talos_generic_config_dir }}/talos-patch-control.yaml'
|
||||
--config-patch='[{"op": "replace", "path": "/machine/network/hostname", "value": "{{ inventory_hostname }}"}]'
|
||||
--talos-version '{{ talos_image_version }}'
|
||||
--kubernetes-version '{{ kubernetes_version }}'
|
||||
--additional-sans '{{ talos_control_lb_hostname }}'
|
||||
--force
|
||||
creates: "{{ talos_node_config_file }}"
|
||||
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Create secrets file for Talos
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: yes
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl gen secrets
|
||||
--output-file '{{ talos_cluster_secrets_file }}'
|
||||
creates: "{{ talos_cluster_secrets_file }}"
|
||||
notify: Encrypt secrets
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: Create talosctl config
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
run_once: yes
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl gen config '{{ cluster_name }}' 'https://{{ talos_control_lb_hostname }}:6443'
|
||||
--output-types talosconfig
|
||||
--output '{{ talosconfig }}'
|
||||
--with-secrets '{{ talos_cluster_secrets_file }}'
|
||||
--force
|
||||
creates: "{{ talosconfig }}"
|
||||
notify: Update talosconfig
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
|
||||
- name: Create Talos worker node config
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
talosctl gen config '{{ cluster_name }}' 'https://{{ talos_control_lb_hostname }}:6443'
|
||||
--output-types worker
|
||||
--output '{{ talos_node_config_file }}'
|
||||
--with-secrets '{{ talos_cluster_secrets_file }}'
|
||||
--config-patch @'{{ talos_generic_config_dir }}/talos-patch.yaml'
|
||||
--config-patch-worker @'{{ talos_generic_config_dir }}/talos-patch-worker.yaml'
|
||||
--config-patch='[{"op": "replace", "path": "/machine/network/hostname", "value": "{{ inventory_hostname }}"}]'
|
||||
--talos-version '{{ talos_image_version }}'
|
||||
--kubernetes-version '{{ kubernetes_version }}'
|
||||
--additional-sans '{{ talos_control_lb_hostname }}'
|
||||
--force
|
||||
creates: "{{ talos_node_config_file }}"
|
||||
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: Directory for configs
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
ansible.builtin.file:
|
||||
path: "{{ talos_cluster_config_dir }}"
|
||||
state: directory
|
||||
mode: u=rwX,go=
|
||||
|
||||
- name: Import create_secrets tasks
|
||||
ansible.builtin.import_tasks: create_secrets.yml
|
||||
|
||||
- name: Import create_talosconfig tasks
|
||||
ansible.builtin.import_tasks: create_talosconfig.yml
|
||||
|
||||
- name: Import create_control_configs tasks
|
||||
when: "'talos_control_nodes' in group_names"
|
||||
ansible.builtin.import_tasks: create_control_configs.yml
|
||||
|
||||
- name: Import create_worker_configs tasks
|
||||
when: "'talos_worker_nodes' in group_names"
|
||||
ansible.builtin.import_tasks: create_worker_configs.yml
|
||||
|
||||
- name: Import apply_node_config tasks
|
||||
ansible.builtin.import_tasks: ../../talos_configs/tasks/apply_node_config.yml
|
Loading…
Reference in New Issue