First push

.drone.status

@@ -0,0 +1,3 @@
+{
+  "url": "https://drone.reslinger.net/adrien/ansible-role-k8s-calico/"
+}

.drone.yml

@@ -0,0 +1,12 @@
+---
+kind: pipeline
+type: kubernetes
+name: default
+
+steps:
+  - name: lint
+    image: quay.io/adrilinux/ansible:latest
+    commands:
+      - ansible-lint ./
+#      - "find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' | xargs ansible-playbook --syntax-check --list-tasks"
+#      - "find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' | xargs ansible-lint"

defaults/main.yml

@@ -0,0 +1 @@
+my_context: minikube

meta/main.yml

@@ -0,0 +1,11 @@
+galaxy_info:
+  author: Adrien Reslinger
+  description: Install Diun to a kubernetes cluster
+  company: Personnal
+  min_ansible_version: 2.9
+  galaxy_tags: []
+  license: GPL2
+  platforms:
+  - name: kubernetes
+    version:
+    - all

tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: calico setup
+  block:
+#  - name: Include vars
+#    include_vars: "diun-files.yaml"
+
+  - name: Diun install
+    kubernetes.core.k8s:
+      state: present
+      context: "{{ my_context }}"
+      merge_type: merge
+      resource_definition: "{{ lookup('template', item) | from_yaml }}"
+    with_items:
+      - diun-ServiceAccount.yml.j2
+      - diun-ClusterRole.yml.j2
+      - diun-ClusterRoleBinding.yml.j2
+      - diun-ConfigMap.yml.j2
+      - diun-Deployment.yml.j2
+
+
+  tags:
+    - diun

templates/diun-ClusterRole.yml.j2

@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: diun
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - watch
+      - list

templates/diun-ClusterRoleBinding.yml.j2

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: diun
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: diun
+subjects:
+  - kind: ServiceAccount
+    name: diun
+    namespace: default

templates/diun-ConfigMap.yml.j2

@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: diun
+  name: diun-conf
+data:
+  diun.yml: |
+    db:
+      path: diun.db
+
+    watch:
+      workers: 10
+      schedule: "0 */6 * * *"
+      firstCheckNotif: false
+
+    notif:
+      amqp:
+        host: localhost
+        port: 5672
+        username: guest
+        password: guest
+        queue: queue
+      gotify:
+        endpoint: http://gotify.foo.com
+        token: Token123456
+        priority: 1
+        timeout: 10s
+      mail:
+        host: localhost
+        port: 25
+        ssl: false
+        insecureSkipVerify: false
+        from: diun@example.com
+        to:
+          - webmaster@example.com
+          - me@example.com
+      rocketchat:
+        endpoint: http://rocket.foo.com:3000
+        channel: "#general"
+        userID: abcdEFGH012345678
+        token: Token123456
+        timeout: 10s
+      script:
+          cmd: "myprogram"
+          args:
+            - "--anarg"
+            - "another"
+      slack:
+        webhookURL: https://hooks.slack.com/services/ABCD12EFG/HIJK34LMN/01234567890abcdefghij
+      teams:
+        webhookURL: https://outlook.office.com/webhook/ABCD12EFG/HIJK34LMN/01234567890abcdefghij
+      telegram:
+        token: aabbccdd:11223344
+        chatIDs:
+          - 123456789
+          - 987654321
+      webhook:
+        endpoint: http://webhook.foo.com/sd54qad89azd5a
+        method: GET
+        headers:
+          content-type: application/json
+          authorization: Token123456
+        timeout: 10s
+
+    regopts:
+      - name: "myregistry"
+        username: foo
+        password: bar
+        timeout: 20s
+        insecureTLS: true
+      - name: "docker.io"
+        selector: image
+        username: foo2
+        password: bar2
+
+    providers:
+      docker:
+        watchStopped: true
+      swarm:
+        watchByDefault: true
+      kubernetes:
+        namespaces:
+          - default
+          - production
+      file:
+        directory: ./imagesdir

templates/diun-Deployment.yml.j2

@@ -0,0 +1,56 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: default
+  name: diun
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: diun
+  template:
+    metadata:
+      labels:
+        app: diun
+      annotations:
+        diun.enable: "true"
+        diun.watch_repo: "true"
+    spec:
+      serviceAccountName: diun
+      containers:
+        - name: diun
+          image: crazymax/diun:latest
+          imagePullPolicy: Always
+          args: ["serve"]
+          env:
+            - name: TZ
+              value: "Europe/Paris"
+            - name: LOG_LEVEL
+              value: "info"
+            - name: LOG_JSON
+              value: "false"
+            - name: DIUN_WATCH_WORKERS
+              value: "20"
+            - name: DIUN_WATCH_SCHEDULE
+              value: "0 */6 * * *"
+            - name: DIUN_PROVIDERS_KUBERNETES
+              value: "true"
+          volumeMounts:
+            - mountPath: "/data"
+              name: "data"
+            - mountPath: "/etc/diun"
+              name: "config"
+      restartPolicy: Always
+      volumes:
+        # Set up a data directory for diun
+        # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS)
+        # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/
+        - name: "data"
+          hostPath:
+            path: "/data"
+            type: Directory
+        - configMap:
+            defaultMode: 420
+            name: diun-conf
+          name: config

templates/diun-ServiceAccount.yml.j2

@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: default
+  name: diun

vars/diun-files.yaml

@@ -0,0 +1 @@
+---