k3s-ansible

mirror of https://github.com/k3s-io/k3s-ansible.git synced 2025-12-25 00:12:37 +01:00

Author	SHA1	Message	Date
anon-software	2d98982809	Security exposure related to the token (#356 ) * Security exposure related to the token The installation playbook saves the token into the systemd unit configuration file /etc/systemd/system/k3s.service. The problem is that according to K3s' documentation "the server token should be guarded carefully" (https://docs.k3s.io/cli/token), yet the configuration file is readable by anybody. A better solution is to save the token into its corresponding environment file /etc/systemd/system/k3s.service.env which is readable by the super user only. This is what the standard K3s' installation script (https://get.k3s.io) does. Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com> * Restore the server URL into systemd configuration file There aren't any security implications in keeping it there. Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com> --------- Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>	2024-09-04 14:02:52 -07:00
Derek Nola	af29159231	Implement compatible yamllint, make octals explicit (#332 ) * Implement compatible yamllint, make octals explicit Signed-off-by: Derek Nola <derek.nola@suse.com> * Replace yum with dnf, yum is deprecated Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-06-04 09:56:07 -07:00
Mykyta Orlov	5dd8c3f5a3	Fix typo in main.yml (#317 ) Signed-off-by: Mykyta Orlov <orlovmyk@gmail.com>	2024-04-01 11:15:20 -07:00
LawiK974	a2916230ba	Check K3s installed version before download tasks (#297 ) - [Agent : Download artefact only if needed](roles/k3s_agent/tasks/main.yml#L13) - [Server : Download artefact only if needed](roles/k3s_server/tasks/main.yml#L13) - [Upgrade : Upgrade node only if needed](roles/k3s_upgrade/tasks/main.yml#L14) Linked issue #264 k3s_server and k3s_agent tasks are not idempotent Signed-off-by: Loïc Dubard <loic97429@gmail.com>	2024-03-07 16:05:07 -08:00
Jon S. Stumpf	4d6e60281e	Role tweaks (#268 ) * Limited boolean values to true/false; Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com> * Moved ArchLinux prereq task to be a handler; Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com> * Standardized task name for adding cgroup support; Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com> * Have backrefs: follow path:; Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com> * Addressed ansible-lint errors; Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com> * Fixed #264, task 7: Copy K3s service file; Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com> --------- Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>	2023-12-04 09:46:45 -08:00
Derek Nola	1e633c5ad1	Rework Role Structure (#254 ) * Add more defaults * Rename roles, covert download to airgap role * Remove unnecessary gather_facts Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-11-16 12:03:07 -08:00

6 Commits