Adrien Reslinger
91cc528a2f
All checks were successful
continuous-integration/drone/push Build is passing
130 lines
3.7 KiB
YAML
130 lines
3.7 KiB
YAML
---
|
|
- name: Gitea setup
|
|
block:
|
|
- name: Install Gitea dynamic files
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('template', 'gitea/' + item) | from_yaml }}"
|
|
with_items:
|
|
- gitea-Namespace.yaml.j2
|
|
- gitea-pvc.yml.j2
|
|
- gitea-IngressRoute.yml.j2
|
|
# - gitea-IngressRouteTCP.yml.j2
|
|
- name: Install Gitea static files
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('file', 'gitea/' + item) | from_yaml }}"
|
|
with_items:
|
|
- gitea-ConfigMap.yaml
|
|
- gitea-Deployment.yaml
|
|
- gitea-Service.yaml
|
|
tags:
|
|
- gitea
|
|
|
|
- name: Drone setup
|
|
block:
|
|
- name: Configure environnement
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('template', item) | from_yaml }}"
|
|
with_items:
|
|
- drone-Namespace.yaml.j2
|
|
tags:
|
|
- drone-server
|
|
- drone-runner
|
|
|
|
- name: Drone Server install
|
|
block:
|
|
- name: Install Drone dynamic files
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('template', item) | from_yaml }}"
|
|
with_items:
|
|
- drone/drone-PersistentVolumeClaim.yml.j2
|
|
- drone/drone-Secret.yaml.j2
|
|
- drone/drone-IngressRoute.yml.j2
|
|
- name: Install Drone Static files
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('file', item) | from_yaml }}"
|
|
with_items:
|
|
- drone/drone-ConfigMap.yaml
|
|
- drone/drone-Deployment.yaml
|
|
- drone/drone-Service.yaml
|
|
tags:
|
|
- drone-server
|
|
|
|
- name: Drone Runner install
|
|
block:
|
|
- name: Install Drone Runner dynamic files
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('template', item) | from_yaml }}"
|
|
with_items:
|
|
- drone-runner/drone-runner-Secret.yaml.j2
|
|
- name: Install Drone Runner static files
|
|
k8s:
|
|
state: present
|
|
context: "{{ my_context }}"
|
|
merge_type: merge
|
|
resource_definition: "{{ lookup('file', item) | from_yaml }}"
|
|
with_items:
|
|
- drone-runner/drone-runner-Namespace.yaml
|
|
- drone-runner/drone-runner-ServiceAccount.yaml
|
|
- drone-runner/drone-runner-Role.yaml
|
|
- drone-runner/drone-runner-RoleBinding.yaml
|
|
- drone-runner/drone-runner-ConfigMap.yaml
|
|
- drone-runner/drone-runner-Service.yaml
|
|
- drone-runner/drone-runner.yaml
|
|
tags:
|
|
- drone-runner
|
|
tags:
|
|
- drone
|
|
|
|
# https://github.com/aquasecurity/trivy/tree/main/helm/trivy
|
|
- name: Trivy Setup
|
|
block:
|
|
- name: Git clone stable repo on HEAD
|
|
ansible.builtin.git:
|
|
repo: "https://github.com/aquasecurity/trivy.git"
|
|
dest: tmp/trivy
|
|
- name: Deploy trivy chart from local path
|
|
community.kubernetes.helm:
|
|
state: present
|
|
name: trivy
|
|
context: "{{ my_context }}"
|
|
chart_ref: tmp/trivy/helm/trivy
|
|
release_namespace: "{{ trivy_namespace }}"
|
|
create_namespace: true
|
|
values:
|
|
image:
|
|
tag: "{{ trivy_version }}"
|
|
# persistence:
|
|
# storageClass: "{{ trivy_storage_classname }}"
|
|
# trivy:
|
|
# gitHubToken: ""
|
|
# cache:
|
|
# redis:
|
|
# enabled: false
|
|
# url: "" # e.g. redis://redis.redis.svc:6379
|
|
# ingress:
|
|
# enabled: false
|
|
# annotations: {}
|
|
# # kubernetes.io/ingress.class: nginx
|
|
# hosts:
|
|
# - host: trivy.{{ traefik_domain }}
|
|
|
|
tags:
|
|
- trivy
|