Add tls-san option to k3s install options (#2886)

Also: - change "become: no" to "become: false" - remove microk8s
sillsdev · Mar 6, 2024 · feb5334 · feb5334
1 parent b36749f
commit feb5334
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 91 deletions.
diff --git a/deploy/ansible/group_vars/nuc/main.yml b/deploy/ansible/group_vars/nuc/main.yml
@@ -30,7 +30,7 @@ ingress_namespace: ingress-nginx
 # The server name will direct traffic to the production
 # server since it is used to get the certificates for the
 # NUC.
-k8s_dns_name: "{{ ansible_hostname }}"
+public_dns_name: "{{ ansible_hostname }}"
 
 ################################################
 # Ethernet settings

diff --git a/deploy/ansible/roles/k8s_config/defaults/main.yml b/deploy/ansible/roles/k8s_config/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 # Used to setup the certificate for kubectl
 # Can be overridden by specific groups/hosts
-k8s_dns_name: "{{ combine_server_name }}"
+public_dns_name: "{{ combine_server_name }}"
diff --git a/deploy/ansible/roles/k8s_config/tasks/main.yml b/deploy/ansible/roles/k8s_config/tasks/main.yml
@@ -13,7 +13,7 @@
 
 - name: Restrict permissions to kubeconfig to owner
   delegate_to: localhost
-  become: no
+  become: false
   file:
     path: "{{ kubecfg }}"
     state: file
@@ -31,25 +31,25 @@
   # (kubectl communicates with the cluster over port 16443 or 6443)
 - name: Replace server IP with DNS name in site_files copy
   delegate_to: localhost
-  become: no
+  become: false
   lineinfile:
     state: present
     path: "{{ kubecfg }}"
     regexp: '^(\s+server: https:\/\/)[.0-9]+:(1?6443)'
     backrefs: yes
-    line: '\1{{ k8s_dns_name }}:\2'
+    line: '\1{{ public_dns_name }}:\2'
 
 - name: Replace 'default' cluster, user, etc with {{ kubecfgdir }}
   delegate_to: localhost
-  become: no
+  become: false
   replace:
     path: "{{ kubecfg }}"
     regexp: "^(.*)default(.*)$"
     replace: '\1{{ kubecfgdir }}\2'
 
 - name: Link ~/.kube/config to {{ kubecfg }}
   delegate_to: localhost
-  become: no
+  become: false
   file:
     state: link
     src: "{{ kubecfg }}"

diff --git a/deploy/ansible/roles/k8s_install/defaults/main.yml b/deploy/ansible/roles/k8s_install/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # Used to setup the certificate for kubectl
 # Can be overridden by specific groups/hosts
-k8s_dns_name: "{{ combine_server_name }}"
+public_dns_name: "{{ combine_server_name }}"
 
 k8s_required_pkgs:
   - apt-transport-https
@@ -14,12 +14,5 @@ k3s_options:
   - 644
   - --disable
   - traefik
-
-# Options for installing the microk8s engine
-microk8s_options:
-  addons:
-    - storage
-    - dns
-    - ingress
-    - helm3
-    - rbac
+  - --tls-san
+  - "{{ public_dns_name }}"
diff --git a/deploy/ansible/roles/k8s_install/tasks/microk8s.yml b/deploy/ansible/roles/k8s_install/tasks/microk8s.yml
diff --git a/deploy/ansible/roles/network_config/defaults/main.yaml b/deploy/ansible/roles/network_config/defaults/main.yaml
@@ -4,7 +4,7 @@ eth_if_pattern: "en[a-z][0-9]"
 
 ###############################
 # virtual_if device
-# This is needed when microk8s is running on a target that
+# This is needed when k3s is running on a target that
 # does not have an ethernet connection plugged-in.
 ###############################
 

diff --git a/deploy/ansible/roles/network_config/tasks/main.yml b/deploy/ansible/roles/network_config/tasks/main.yml
@@ -33,7 +33,7 @@
   when: has_wifi
 
 ###
-# Create a virtual network interface so that microk8s/k3s can run
+# Create a virtual network interface so that k3s can run
 # when no ethernet connection is attached.
 ###
 - name: Create virtual network I/F