Add custom configuration of the apiserver endpoint for HA mode

This replaces the `master_ip` var by `apiserver_endpoint` for genericity. The
init service is deployed only when k3s.service is not present on the machine to
ensure idempotence.

Signed-off-by: Julien DOCHE <[email protected]>

inventory/sample/group_vars/all.yml

@@ -2,6 +2,13 @@
 k3s_version: v1.17.5+k3s1
 ansible_user: debian
 systemd_dir: /etc/systemd/system
-master_ip: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
+
+# If you define multiple masters you should be providing a loadbalanced
+# apiserver endpoint to all masters here. This default value is only suitable
+# for a non-HA setup, if used in a HA setup, it will not protect you if the
+# first node fails.
+
+apiserver_endpoint: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
+
 extra_server_args: ""
 extra_agent_args: ""

roles/k3s/master/tasks/main.yml

@@ -14,18 +14,25 @@
 
 - name: Init cluster inside the transient k3s-init service
   command:
-    cmd: "systemd-run -p RestartSec=2 -p Restart=on-failure -E K3S_TOKEN={{ lookup('password') }} --unit=k3s-init k3s server {{ server_init_args }}"
-    creates: /var/lib/rancher/k3s/server
+    cmd: "systemd-run -p RestartSec=2i \
+                      -p Restart=on-failure \
+                      -E K3S_TOKEN={{ hostvars[groups['master'][0]]['token'] }} \
+                      --unit=k3s-init \
+                      k3s server {{ server_init_args }}"
+    creates: "{{ systemd_dir }}/k3s.service"
   args:
     warn: false  # The ansible systemd module does not support transient units
 
 - name: Verification
   block:
     - name: Verify that all nodes actually joined
-      command: k3s kubectl get --raw /api/v1/nodes/
+      command:
+        cmd: k3s kubectl get --raw /api/v1/nodes/
+        creates: "{{ systemd_dir }}/k3s.service"
       register: nodes
       until: nodes.rc == 0 and
-        ((nodes.stdout | from_json)['items'] | json_query('[*].metadata.labels."node-role.kubernetes.io/master"') | count) == (groups['master'] | length)
+        ((nodes.stdout | from_json)['items'] |
+        json_query('[*].metadata.labels."node-role.kubernetes.io/master"') | count) == (groups['master'] | length)
       retries: 20
       delay: 10
       changed_when: false
@@ -98,7 +105,7 @@
 - name: Replace https://localhost:6443 by https://master-ip:6443
   command: >-
     k3s kubectl config set-cluster default
-      --server=https://{{ master_ip }}:6443
+      --server=https://{{ apiserver_endpoint }}:6443
       --kubeconfig ~{{ ansible_user }}/.kube/config
   changed_when: true
 

roles/k3s/node/templates/k3s.service.j2

@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} {{ extra_agent_args | default("") }}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} {{ extra_agent_args | default("") }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead