Deploy with helm

2021-07-15 15:32:18 +02:00 · 2021-07-15 15:32:18 +02:00 · cd4e448487
commit cd4e448487
parent 89f62343f8
22 changed files with 503 additions and 1192 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -12,105 +12,89 @@
      - gitea-pvc.yml.j2
      - gitea-IngressRoute.yml.j2
 #      - gitea-IngressRouteTCP.yml.j2
-  - name: Install Gitea static files
-    k8s:
-      state: present
+#  - name: Install Gitea static files
+#    k8s:
+#      state: present
+#      context: "{{ my_context }}"
+#      merge_type: merge
+#      resource_definition: "{{ lookup('file', 'gitea/' + item) | from_yaml }}"
+#    with_items:
+#      - gitea-ConfigMap.yaml
+#      - gitea-Deployment.yaml
+#      - gitea-Service.yaml
+
+  - name: Defined gitea repository
+    kubernetes.core.helm_repository:
+      name: gitea-charts
+      repo_url: "https://dl.gitea.io/charts"
+  - name: Deploy latest version of Gitea
+    kubernetes.core.helm:
      context: "{{ my_context }}"
-      merge_type: merge
-      resource_definition: "{{ lookup('file', 'gitea/' + item) | from_yaml }}"
-    with_items:
-      - gitea-ConfigMap.yaml
-      - gitea-Deployment.yaml
-      - gitea-Service.yaml
+      name: gitea
+      chart_ref: gitea-charts/gitea
+      release_namespace: "{{ gitea_namespace }}"
+      values: "{{ lookup('template', 'gitea/helm-value.yaml.j2') | from_yaml }}"
  tags:
    - gitea

 - name: Drone setup
  block:
-  - name: Configure environnement
-    k8s:
-      state: present
-      context: "{{ my_context }}"
-      merge_type: merge
-      resource_definition: "{{ lookup('template', item) | from_yaml }}"
-    with_items:
-      - drone-Namespace.yaml.j2
+  - name: Defined drone repository
+    kubernetes.core.helm_repository:
+      name: drone
+      repo_url: "https://charts.drone.io"
    tags:
      - drone-server
      - drone-runner
+      - drone

-  - name: Drone Server install
-    block:
-    - name: Install Drone dynamic files
-      k8s:
-        state: present
-        context: "{{ my_context }}"
-        merge_type: merge
-        resource_definition: "{{ lookup('template', item) | from_yaml }}"
-      with_items:
-        - drone/drone-PersistentVolumeClaim.yml.j2
-        - drone/drone-Secret.yaml.j2
-        - drone/drone-IngressRoute.yml.j2
-    - name: Install Drone Static files
-      k8s:
-        state: present
-        context: "{{ my_context }}"
-        merge_type: merge
-        resource_definition: "{{ lookup('file', item) | from_yaml }}"
-      with_items:
-        - drone/drone-ConfigMap.yaml
-        - drone/drone-Deployment.yaml
-        - drone/drone-Service.yaml
+  - name: Drone install
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      name: drone
+      chart_ref: drone/drone
+      release_namespace: "{{ drone_namespace }}"
+      create_namespace: yes
+      values: "{{ lookup('template', 'drone-helm-value.yaml.j2') | from_yaml }}"
    tags:
      - drone-server
+      - drone

  - name: Drone Runner install
-    block:
-    - name: Install Drone Runner dynamic files
-      k8s:
-        state: present
-        context: "{{ my_context }}"
-        merge_type: merge
-        resource_definition: "{{ lookup('template', item) | from_yaml }}"
-      with_items:
-        - drone-runner/drone-runner-Secret.yaml.j2
-    - name: Install Drone Runner static files
-      k8s:
-        state: present
-        context: "{{ my_context }}"
-        merge_type: merge
-        resource_definition: "{{ lookup('file', item) | from_yaml }}"
-      with_items:
-        - drone-runner/drone-runner-Namespace.yaml
-        - drone-runner/drone-runner-ServiceAccount.yaml
-        - drone-runner/drone-runner-Role.yaml
-        - drone-runner/drone-runner-RoleBinding.yaml
-        - drone-runner/drone-runner-ConfigMap.yaml
-        - drone-runner/drone-runner-Service.yaml
-        - drone-runner/drone-runner.yaml
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      name: drone
+      chart_ref: drone/drone-runner-kube
+      release_namespace: "{{ drone_runner_namespace }}"
+      create_namespace: yes
+      values: "{{ lookup('template', 'drone-runner-helm-value.yaml.j2') | from_yaml }}"
    tags:
      - drone-runner
-  tags:
-    - drone
+      - drone

 # https://github.com/aquasecurity/trivy/tree/main/helm/trivy
 - name: Trivy Setup
  block:
-  - name: Git clone stable repo on HEAD
-    ansible.builtin.git:
-      repo: "https://github.com/aquasecurity/trivy.git"
-      dest: tmp/trivy
-  - name: Deploy trivy chart from local path
-    community.kubernetes.helm:
+#  - name: Git clone stable repo on HEAD
+#    ansible.builtin.git:
+#      repo: "https://github.com/aquasecurity/trivy.git"
+#      dest: tmp/trivy
+#      version: "{{ trivy_version }}"
+  - name: Defined trivy repository
+    kubernetes.core.helm_repository:
+      name: aquasecurity
+      repo_url: "https://aquasecurity.github.io/helm-charts/"
+  - name: Deploy trivy chart
+    kubernetes.core.helm:
      state: present
      name: trivy
      context: "{{ my_context }}"
-      chart_ref: tmp/trivy/helm/trivy
+      chart_ref: aquasecurity/trivy
      release_namespace: "{{ trivy_namespace }}"
      create_namespace: true
-      values:
-        image:
-          tag: "{{ trivy_version }}"
+#      values:
+#        image:
+#          tag: "{{ trivy_version }}"
 #        persistence:
 #          storageClass: "{{ trivy_storage_classname }}"
 #        trivy:
@ -122,9 +106,62 @@
 #        ingress:
 #          enabled: false
 #          annotations: {}
-#            # kubernetes.io/ingress.class: nginx
+#            # kubernetes.io/ingress.class: traefik
 #          hosts:
 #            - host: trivy.{{ traefik_domain }}

  tags:
    - trivy
+
+#- name: Registry setup
+#  block:
+#  - name: Defined Registry repository
+#    kubernetes.core.helm_repository:
+#      name: cesanta
+#      repo_url: "https://cesanta.github.io/docker_auth/"
+#  - name: Deploy latest version of Registry
+#    kubernetes.core.helm:
+#      context: "{{ my_context }}"
+#      name: docker-auth
+#      chart_ref: cesanta/docker-auth
+#      release_namespace: "{{ registry_namespace }}"
+#      values: "{{ lookup('template', 'helm-value.yaml.j2') | from_yaml }}"
+#  tags:
+#    - registry
+
+# https://github.com/helm/chartmuseum
+# https://artifacthub.io/packages/helm/chartmuseum/chartmuseum
+- name: ChartMuseum Setup
+  block:
+  - name: Defined ChartMuseum repository
+    kubernetes.core.helm_repository:
+      name: chartmuseum
+      repo_url: "https://chartmuseum.github.io/charts"
+  - name: Deploy trivy chart from local path
+    kubernetes.core.helm:
+      state: present
+      name: chartmuseum
+      context: "{{ my_context }}"
+      chart_ref: chartmuseum/chartmuseum
+      release_namespace: "{{ chartmuseum_namespace }}"
+      create_namespace: true
+      values:
+        persistence:
+          enabled: true
+#          path: "/storage"
+#          storageClass:
+          accessMode: ReadWriteOnce
+          size: 2Gi
+        env:
+          open:
+            STORAGE: local
+        extraArgs: []
+        ingress:
+          enabled: true
+          annotations: {}
+          labels: {}
+          hosts[0]:
+            name: chartmuseum.{{ traefik_domain }}
+
+  tags:
+    - chartmuseum