feat: metallb, kubegres

10-init-k8s.yaml

@@ -12,10 +12,20 @@
     - name: Remove master node taint
       shell: kubectl taint node --all node-role.kubernetes.io/control-plane:NoSchedule-
     - name: Apply flannel
-    shell: kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
+      shell: kubectl apply -f "https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml"
+    - name: Apply metallb
+      shell: kubectl apply -f "https://raw.githubusercontent.com/metallb/metallb/v{{ mettallb_version }}/config/manifests/metallb-native.yaml"
     - name: Apply nginx ingress
       shell: kubectl apply -f "https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v{{ nginx_version }}/deploy/static/provider/baremetal/deploy.yaml"
     - name: Apply cert-manager
-    shell: kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/v{{ certmanager_version }}/cert-manager.yaml"
+      shell: kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml"
+    - name: Apply kubegres
+      shell: kubectl apply -f "https://raw.githubusercontent.com/reactive-tech/kubegres/v{{ kubegres_version }}/kubegres.yaml"
+    - name: Apply manifests
+      shell: |
+        kubectl apply -f - <<EOF
+        {{ lookup('template', '{{ item }}') }}
+        EOF
+      with_fileglob: 'manifests/*.yaml'
     - name: Reboot
       reboot:

get_kube_conf.sh

@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
-endpoint="$(awk -F '[ \t]*:[ \t]*' '$1 == "endpoint" {print $NF}' group_vars/all)"
+endpoint="$(sed -n 's/^endpoint:\s*//p' group_vars/all)"
 
 ssh "$endpoint" sudo cat /etc/kubernetes/admin.conf > kubeconfig
 chmod 600 kubeconfig

group_vars/all

@@ -5,6 +5,10 @@ arch: amd64
 os: Debian_12
 codename: bookworm
 k8s_version: 1.27           # https://kubernetes.io/releases/patch-releases/#detailed-release-history-for-active-branches
+metallb_version: 0.14.3     # https://github.com/metallb/metallb/releases
 nginx_version: 1.9.6        # https://github.com/kubernetes/ingress-nginx/releases
-certmanager_version: 1.14.2 # https://github.com/cert-manager/cert-manager/releases/
+kubegres_version: 1.17      # https://github.com/reactive-tech/kubegres/releases
+
+# TODO
 rook_version: 1.13.4        # https://github.com/rook/rook/releases
+nfs_version: 4.6.0          # https://github.com/kubernetes-csi/csi-driver-nfs/releases

manifests/cm-ingress-nginx-controller.yaml

@@ -1,6 +1,7 @@
 apiVersion: v1
 data:
   use-proxy-protocol: "true"
+  allow-snippet-annotations: "true"
 kind: ConfigMap
 metadata:
   name: ingress-nginx-controller

manifests/ingress-nginx-controller.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: ingress-nginx
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/part-of: ingress-nginx
-    app.kubernetes.io/version: 1.9.6
+    app.kubernetes.io/version: "{{ nginx_version }}"
   name: ingress-nginx-controller
   namespace: ingress-nginx
 spec:

manifests/letsencrypt-prod.yaml

@@ -5,7 +5,7 @@ metadata:
   name: letsencrypt-prod
 spec:
   acme:
-    email: ange@yw5n.com
+    email: "{{ letsencrypt_email }}"
     privateKeySecretRef:
       name: letsencrypt-prod
     server: https://acme-v02.api.letsencrypt.org/directory

manifests/letsencrypt-staging.yaml

@@ -5,7 +5,7 @@ metadata:
   name: letsencrypt-staging
 spec:
   acme:
-    email: ange@yw5n.com
+    email: "{{ letsencrypt_email }}"
     privateKeySecretRef:
       name: letsencrypt-staging
     server: https://acme-staging-v02.api.letsencrypt.org/directory