feat: Add HA Kubernetes cluster with Terraform + Ansible

- 3x CX23 control plane nodes (HA) - 4x CX33 worker nodes - k3s with embedded etcd - Hetzner CCM for load balancers - Gitea CI/CD workflows - Backblaze B2 for Terraform state
2026-02-28 20:24:55 +00:00
parent 3e8eb072b5
commit 3b3084b997
27 changed files with 1324 additions and 0 deletions
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -0,0 +1,94 @@
+---
+- name: Bootstrap Kubernetes cluster
+  hosts: cluster
+  become: true
+  gather_facts: true
+
+  pre_tasks:
+    - name: Wait for SSH
+      wait_for_connection:
+        delay: 10
+        timeout: 300
+
+  roles:
+    - common
+
+- name: Setup primary control plane
+  hosts: control_plane[0]
+  become: true
+
+  vars:
+    k3s_primary: true
+    k3s_token: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}"
+
+  roles:
+    - k3s-server
+
+- name: Get join info from primary
+  hosts: control_plane[0]
+  become: true
+  tasks:
+    - name: Fetch node token
+      command: cat /var/lib/rancher/k3s/server/node-token
+      register: node_token
+      changed_when: false
+
+    - name: Set join token fact
+      set_fact:
+        k3s_token: "{{ node_token.stdout }}"
+        k3s_primary_ip: "{{ ansible_default_ipv4.address }}"
+
+    - name: Fetch kubeconfig
+      fetch:
+        src: /etc/rancher/k3s/k3s.yaml
+        dest: ../outputs/kubeconfig
+        flat: true
+
+- name: Setup secondary control planes
+  hosts: control_plane[1:]
+  become: true
+
+  vars:
+    k3s_primary: false
+    k3s_token: "{{ hostvars[groups['control_plane'][0]]['k3s_token'] }}"
+    k3s_primary_ip: "{{ hostvars[groups['control_plane'][0]]['ansible_default_ipv4']['address'] }}"
+
+  roles:
+    - k3s-server
+
+- name: Setup workers
+  hosts: workers
+  become: true
+
+  vars:
+    k3s_token: "{{ hostvars[groups['control_plane'][0]]['k3s_token'] }}"
+    k3s_server_url: "https://{{ hostvars[groups['control_plane'][0]]['ansible_default_ipv4']['address'] }}:6443"
+
+  roles:
+    - k3s-agent
+
+- name: Deploy Hetzner CCM
+  hosts: control_plane[0]
+  become: true
+
+  roles:
+    - ccm
+
+- name: Finalize
+  hosts: localhost
+  connection: local
+  tasks:
+    - name: Update kubeconfig server address
+      command: |
+        sed -i 's/127.0.0.1/{{ hostvars[groups["control_plane"][0]]["ansible_default_ipv4"]["address"] }}/g' ../outputs/kubeconfig
+      changed_when: true
+
+    - name: Display success message
+      debug:
+        msg: |
+          Cluster setup complete!
+          Control planes: {{ groups['control_plane'] | length }}
+          Workers: {{ groups['workers'] | length }}
+          To access the cluster:
+            export KUBECONFIG={{ playbook_dir }}/../outputs/kubeconfig
+            kubectl get nodes