Register worker nodes with tags in ansible

Author: x0rw

ansible/playbooks/roles/k3s-worker/tasks/main.yml

@@ -1,3 +1,7 @@
 - name: Install k3s agent
   ansible.builtin.shell: |
-    curl -sfL https://get.k3s.io | K3S_URL=https://{{ k3s_master_ip }}:6443 K3S_TOKEN={{ hostvars[groups['master'][0]]['k3s_token'] }} sh -
+    curl -sfL https://get.k3s.io | \
+    K3S_URL=https://{{ k3s_master_ip }}:6443 \
+    K3S_TOKEN={{ hostvars[groups['master'][0]]['k3s_token'] }} \
+    K3S_NODE_LABEL="node-role.kubernetes.io/worker=true" \
+    sh -

ansible/playbooks/roles/teleport-master/templates/roles/admin-bot-role.yaml.j2

@@ -12,8 +12,12 @@ spec:
           - repository: "{{ github_infra_repo }}"
             workflow: "{{ github_infra_repo_workflows }}"
     resources: ['bot']
+    rules:
+      - resources: [user]
+        verbs: [renew]
     verbs: ['create', 'read']
 
+
     impersonate:
       roles: ['admin-access']
       users: ["{{ '{{internal.bot_name}}' }}"]

ansible/playbooks/roles/teleport-master/templates/roles/admin-role.yaml.j2

@@ -13,13 +13,19 @@ spec:
     kubernetes_labels:
       '*': '*'
     kubernetes_groups: ['system:masters']
+    kubernetes_resources:
+      - kind: '*'  
+        namespace: '*'
+        name: '*'
 
     db_labels:
       '*': '*'
 
     rules:
       - resources: ['*']
         verbs: ['*']
+      - resources: [user]
+        verbs: [renew]
 
   options:
     forward_agent: true

terraform/clusters.auto.tfvars

@@ -8,7 +8,7 @@ clusters = {
         name          = "worker-group-1"
         instance_size = "Standard_B1ms"
         disk_size     = 30
-        count         = 1
+        count         = 2
         tags          = { role = "ms1", owner = "exploravis-infra" }
       }
     ]