version: '3'
services:
  server:
    image: "rancher/k3s"
    restart: always
    command: server --no-deploy traefik --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
    tmpfs:
    - /run
    - /var/run
    privileged: true
    environment:
    - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
    - K3S_KUBECONFIG_OUTPUT=/host/build/kubeconfig.yaml
    - K3S_KUBECONFIG_MODE=666
    volumes:
    - k3s_data:/var/lib/rancher/k3s
    - .:/host
    - ./manifests:/var/lib/rancher/k3s/server/manifests/host
    ports:
      - 80:80
      - 443:443
      - 6443:6443
  agent:
    image: "rancher/k3s"
    restart: always
    command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
    tmpfs:
    - /run
    - /var/run
    privileged: true
    environment:
    - K3S_URL=https://server:6443
    - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}

volumes:
  k3s_data: