adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix lint errors
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-07-23 01:00:27 +02:00
parent 762bd0781b
commit 27f14ecf1b
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
9 changed files with 326 additions and 322 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -29,4 +29,4 @@ storage_linode: false
storage_digitalocean: false storage_digitalocean: false
# local-path, longhorn, linode-block-storage, linode-block-storage-retain, do-block-storage # local-path, longhorn, linode-block-storage, linode-block-storage-retain, do-block-storage
#storage_default_storageclass: local-path # storage_default_storageclass: local-path

6
meta/main.yml
View file

@ -6,6 +6,6 @@ galaxy_info:
galaxy_tags: [] galaxy_tags: []
license: GPL2 license: GPL2
platforms: platforms:
- name: kubernetes - name: kubernetes
version: version:
- all - all

10
tasks/digital_ocean.yml
View file

@ -1,22 +1,22 @@
--- ---
# https://github.com/digitalocean/csi-digitalocean # https://github.com/digitalocean/csi-digitalocean
- name: Include file list - name: Include file list
include_vars: "digitalocean.yaml" ansible.builtin.include_vars: "digitalocean.yaml"
- name: Defined digitalocean-storage state to present - name: Defined digitalocean-storage state to present
set_fact: ansible.builtin.set_fact:
storage_digitalocean_state: present storage_digitalocean_state: present
when: when:
- storage_digitalocean|bool - storage_digitalocean|bool
- name: find state of digitalocean-storage - name: find state of digitalocean-storage
set_fact: ansible.builtin.set_fact:
storage_digitalocean_state: absent storage_digitalocean_state: absent
when: when:
- not storage_digitalocean|bool - not storage_digitalocean|bool
- name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }} - name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }}
k8s: kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}" state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
@ -30,7 +30,7 @@
access-token: "{{ digitalocean_token | default('token_missing') }}" access-token: "{{ digitalocean_token | default('token_missing') }}"
- name: digitalocean-storage need to be {{ storage_digitalocean_state }} - name: digitalocean-storage need to be {{ storage_digitalocean_state }}
k8s: kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}" state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
merge_type: merge merge_type: merge

10
tasks/linode.yml
View file

@ -1,22 +1,22 @@
--- ---
# https://github.com/linode/linode-blockstorage-csi-driver # https://github.com/linode/linode-blockstorage-csi-driver
- name: Include file list - name: Include file list
include_vars: "linode.yaml" ansible.builtin.include_vars: "linode.yaml"
- name: Defined linode-storage state to present - name: Defined linode-storage state to present
set_fact: ansible.builtin.set_fact:
storage_linode_state: present storage_linode_state: present
when: when:
- storage_linode|bool - storage_linode|bool
- name: find state of linode-storage - name: find state of linode-storage
set_fact: ansible.builtin.set_fact:
storage_linode_state: absent storage_linode_state: absent
when: when:
- not storage_linode|bool - not storage_linode|bool
- name: Add secret for Linode Access Key - name: Add secret for Linode Access Key
k8s: kubernetes.core.k8s:
state: "{{ storage_linode_state }}" state: "{{ storage_linode_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
@ -31,7 +31,7 @@
region: "{{ LINODE_REGION | default('token_missing') }}" region: "{{ LINODE_REGION | default('token_missing') }}"
- name: linode-storage need to be {{ storage_linode_state }} - name: linode-storage need to be {{ storage_linode_state }}
k8s: kubernetes.core.k8s:
state: "{{ storage_linode_state }}" state: "{{ storage_linode_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
merge_type: merge merge_type: merge

62
tasks/local-path.yml
View file

@ -4,44 +4,44 @@
# https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart # https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart
- name: Install Local-path - name: Install Local-path
block: block:
- name: Git clone stable repo on HEAD - name: Git clone stable repo on HEAD
ansible.builtin.git: ansible.builtin.git:
repo: "https://github.com/rancher/local-path-provisioner.git" repo: "https://github.com/rancher/local-path-provisioner.git"
dest: tmp/local-path-provisioner dest: tmp/local-path-provisioner
version: "{{ storage_localpath.version }}" version: "{{ storage_localpath.version }}"
- name: Deploy local-path chart from local path - name: Deploy local-path chart from local path
kubernetes.core.helm: kubernetes.core.helm:
state: "present" state: "present"
name: local-path-provisioner name: local-path-provisioner
context: "{{ my_context }}" context: "{{ my_context }}"
chart_ref: tmp/local-path-provisioner/deploy/chart chart_ref: tmp/local-path-provisioner/deploy/chart
release_namespace: "{{ storage_localpath.namespace }}" release_namespace: "{{ storage_localpath.namespace }}"
create_namespace: true create_namespace: true
values: values:
nodePathMap: nodePathMap:
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
paths: ["{{ storage_localpath.default_path }}"] paths: ["{{ storage_localpath.default_path }}"]
when: when:
- storage_localpath.enabled - storage_localpath.enabled
- name: Uninstall Local-path - name: Uninstall Local-path
block: block:
- name: Uninstall local-path - name: Uninstall local-path
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: local-path-provisioner name: local-path-provisioner
release_state: absent release_state: absent
release_namespace: "{{ storage_localpath.namespace }}" release_namespace: "{{ storage_localpath.namespace }}"
- name: namespace - name: namespace
kubernetes.core.k8s: kubernetes.core.k8s:
state: absent state: absent
context: "{{ my_context }}" context: "{{ my_context }}"
namespace: "{{ storage_localpath.namespace }}" namespace: "{{ storage_localpath.namespace }}"
resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}" resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}"
with_items: with_items:
- "local-path-namespace.yml.j2" - "local-path-namespace.yml.j2"
when: when:
- not storage_localpath.enabled - not storage_localpath.enabled

258
tasks/longhorn.yml
View file

@ -1,122 +1,122 @@
--- ---
- name: longhorn need to be present - name: longhorn need to be present
block: block:
- name: Defined longhorn repository - name: Defined longhorn repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: longhorn name: longhorn
repo_url: "https://charts.longhorn.io" repo_url: "https://charts.longhorn.io"
- name: Deploy latest version of longhorn - name: Deploy latest version of longhorn
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: longhorn name: longhorn
chart_ref: longhorn/longhorn chart_ref: longhorn/longhorn
chart_version: "{{ storage_longhorn.version }}" chart_version: "{{ storage_longhorn.version }}"
create_namespace: yes create_namespace: true
release_namespace: "{{ storage_longhorn.namespace }}" release_namespace: "{{ storage_longhorn.namespace }}"
values: values:
persistence: persistence:
defaultClass: true defaultClass: true
# defaultClassReplicaCount: 3 # defaultClassReplicaCount: 3
# reclaimPolicy: Delete # reclaimPolicy: Delete
recurringJobSelector: recurringJobSelector:
enable: true enable: true
jobList: '[ jobList: '[
{ {
"name":"snapshot", "name":"snapshot",
"isGroup":true, "isGroup":true,
}, },
{ {
"name":"backup-daily", "name":"backup-daily",
"isGroup":true, "isGroup":true,
} }
]' ]'
defaultSettings: defaultSettings:
defaultDataPath: "/var/lib/longhorn/" defaultDataPath: "/var/lib/longhorn/"
backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore" backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
allowRecurringJobWhileVolumeDetached: true allowRecurringJobWhileVolumeDetached: true
createDefaultDiskLabeledNodes: true createDefaultDiskLabeledNodes: true
replicaSoftAntiAffinity: false replicaSoftAntiAffinity: false
# defaultReplicaCount: 2 # defaultReplicaCount: 2
defaultDataLocality: best-effort defaultDataLocality: best-effort
# defaultLonghornStaticStorageClass: longhorn # defaultLonghornStaticStorageClass: longhorn
# disableSchedulingOnCordonedNode: false # disableSchedulingOnCordonedNode: false
replicaZoneSoftAntiAffinity: false replicaZoneSoftAntiAffinity: false
guaranteed-engine-manager-cpu: 6 guaranteed-engine-manager-cpu: 6
guaranteed-replica-manager-cpu: 6 guaranteed-replica-manager-cpu: 6
ingress: ingress:
enabled: true enabled: true
host: "longhorn.{{ cluster_domain }}" host: "longhorn.{{ cluster_domain }}"
# tls: false # tls: false
# tlsSecret: longhorn.local-tls # tlsSecret: longhorn.local-tls
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt-prod # cert-manager.io/cluster-issuer: letsencrypt-prod
#{% if ingress_whitelist is defined %} # {% if ingress_whitelist is defined %}
# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}" # ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
#{% endif %} # {% endif %}
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
#{% if basic_auth is defined %} # {% if basic_auth is defined %}
# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd # traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file # traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd # #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
#{% endif %} # {% endif %}
# enablePSP: true # enablePSP: true
- name: Configure Longhorn - name: Configure Longhorn
kubernetes.core.k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
kind: Setting kind: Setting
apiVersion: longhorn.io/v1beta1 apiVersion: longhorn.io/v1beta1
metadata: metadata:
name: "{{ item.name }}" name: "{{ item.name }}"
namespace: "{{ storage_longhorn_namespace }}" namespace: "{{ storage_longhorn_namespace }}"
value: "{{ item.value }}" value: "{{ item.value }}"
with_items: with_items:
- { - {
name: "guaranteed-engine-manager-cpu", name: "guaranteed-engine-manager-cpu",
value: "6" value: "6"
} }
- { - {
name: "guaranteed-replica-manager-cpu", name: "guaranteed-replica-manager-cpu",
value: "6" value: "6"
} }
- { - {
name: "default-data-locality", name: "default-data-locality",
value: "best-effort" value: "best-effort"
} }
- name: Install longhorn Recurring Jobs - name: Install longhorn Recurring Jobs
kubernetes.core.k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
apply: true apply: true
namespace: "{{ storage_longhorn.namespace }}" namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}" resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
with_items: with_items:
- { - {
name: "snapshot", name: "snapshot",
cron: "1 * * * *", ansible.builtin.cron: "1 * * * *",
task: "snapshot", task: "snapshot",
retain: 25 retain: 25
} }
- { - {
name: "backup-daily", name: "backup-daily",
cron: "0 1 * * *", ansible.builtin.cron: "0 1 * * *",
task: "backup", task: "backup",
retain: 8 retain: 8
} }
# - name: Install longhorn UI Ingress # - name: Install longhorn UI Ingress
# kubernetes.core.k8s: # kubernetes.core.k8s:
# state: present # state: present
# context: "{{ my_context }}" # context: "{{ my_context }}"
# apply: true # apply: true
# namespace: "{{ storage_longhorn.namespace }}" # namespace: "{{ storage_longhorn.namespace }}"
# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" # resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
# with_items: # with_items:
# - "longhorn_ingressroute.yaml.j2" # - "longhorn_ingressroute.yaml.j2"
when: when:
- storage_longhorn.enabled - storage_longhorn.enabled
tags: tags:
@ -125,22 +125,22 @@
- name: longhorn need to be absent - name: longhorn need to be absent
block: block:
- name: Deploy latest version of longhorn - name: Deploy latest version of longhorn
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: longhorn name: longhorn
state: absent state: absent
release_namespace: "{{ storage_longhorn.namespace }}" release_namespace: "{{ storage_longhorn.namespace }}"
- name: Remove Ingress for longhorn UI - name: Remove Ingress for longhorn UI
kubernetes.core.k8s: kubernetes.core.k8s:
state: absent state: absent
context: "{{ my_context }}" context: "{{ my_context }}"
namespace: "{{ storage_longhorn.namespace }}" namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
with_items: with_items:
# - "longhorn_ingressroute.yaml.j2" # - "longhorn_ingressroute.yaml.j2"
- "longhorn-namespace.yml.j2" - "longhorn-namespace.yml.j2"
when: when:
- not storage_longhorn.enabled - not storage_longhorn.enabled
tags: tags:

140
tasks/main.yml
View file

@ -1,39 +1,43 @@
- name: Local Path setup - name: Local Path setup
block: block:
- name: Define Manual StorageClass - name: Define Manual StorageClass
k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
kind: StorageClass kind: StorageClass
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
metadata: metadata:
name: manual name: manual
provisioner: kubernetes.io/no-provisioner provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true allowVolumeExpansion: true
when: when:
- storage_manual.enabled - storage_manual.enabled
tags: tags:
- manual - manual
- storage - storage
- include_tasks: "local-path.yml" - name: include local-path tasks
tags: ansible.builtin.include_tasks: "local-path.yml"
- local-path tags:
- storage - local-path
- include_tasks: "longhorn.yml" - storage
tags: - name: include longhorn tasks
- longhorn ansible.builtin.include_tasks: "longhorn.yml"
- storage tags:
- include_tasks: "nfs.yml" - longhorn
tags: - storage
- nfs - name: include nfs tasks
- storage ansible.builtin.include_tasks: "nfs.yml"
- include_tasks: "secrets-store.yml" tags:
tags: - nfs
- secrets-store - storage
- storage - name: include secrets store tasks
ansible.builtin.include_tasks: "secrets-store.yml"
tags:
- secrets-store
- storage
# https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3 # https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3
# https://github.com/ctrox/csi-s3 # https://github.com/ctrox/csi-s3
@ -41,40 +45,40 @@
# https://github.com/reactr-io/gocachefs # https://github.com/reactr-io/gocachefs
# - include_tasks: "digital_ocean.yml" # - ansible.builtin.include_tasks: "digital_ocean.yml"
# - include_tasks: "linode.yml" # - ansible.builtin.include_tasks: "linode.yml"
- name: Select the default StorageClass - name: Select the default StorageClass
k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
apiVersion: v1 apiVersion: v1
kind: StorageClass kind: StorageClass
metadata: metadata:
name: "{{ storage.default_storageclass }}" name: "{{ storage.default_storageclass }}"
annotations: annotations:
storageclass.kubernetes.io/is-default-class: "true" storageclass.kubernetes.io/is-default-class: "true"
when: when:
- storage.default_storageclass is defined - storage.default_storageclass is defined
tags: tags:
- manual - manual
- local-path - local-path
- nfs - nfs
- longhorn - longhorn
- storage - storage
- name: Select the default VolumeSnapshotClass - name: Select the default VolumeSnapshotClass
k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
apiVersion: v1 apiVersion: v1
kind: VolumeSnapshotClass kind: VolumeSnapshotClass
metadata: metadata:
name: "{{ storage.default_storageclass }}" name: "{{ storage.default_storageclass }}"
annotations: annotations:
snapshot.storage.kubernetes.io/is-default-class: "true" snapshot.storage.kubernetes.io/is-default-class: "true"
when: when:
- storage.default_storageclass is defined - storage.default_storageclass is defined
- storage.default_storageclass == "do-block-storage" - storage.default_storageclass == "do-block-storage"

58
tasks/nfs.yml
View file

@ -6,30 +6,30 @@
# ou alors tourner le container en privileged # ou alors tourner le container en privileged
# https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md # https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md
- name: Defined NFS Provisioner repository - name: Defined NFS Provisioner repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner" repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
- name: Deploy latest version of NFS Provisioner - name: Deploy latest version of NFS Provisioner
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
state: "present" state: "present"
name: nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
create_namespace: yes create_namespace: true
release_namespace: "{{ storage_nfs.namespace }}" release_namespace: "{{ storage_nfs.namespace }}"
values: values:
nfs: nfs:
server: x.x.x.x server: x.x.x.x
path: /exported/path path: /exported/path
# podSecurityPolicy: # podSecurityPolicy:
# enabled: true # enabled: true
# storageClass: # storageClass:
# name: nfs-client # name: nfs-client
# defaultClass: false # defaultClass: false
# provisionerName: "" # provisionerName: ""
# accessModes: ReadWriteOnce # accessModes: ReadWriteOnce
when: when:
- storage_nfs.enabled - storage_nfs.enabled
tags: tags:
@ -38,12 +38,12 @@
- name: NFS client need to be absent - name: NFS client need to be absent
block: block:
- name: Uninstall nfs-subdir-external-provisioner - name: Uninstall nfs-subdir-external-provisioner
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
release_state: absent release_state: absent
release_namespace: "{{ storage_nfs.namespace }}" release_namespace: "{{ storage_nfs.namespace }}"
when: when:
- not storage_nfs.enabled - not storage_nfs.enabled
tags: tags:

102
tasks/secrets-store.yml
View file

@ -2,43 +2,43 @@
- name: Install Secrets Store - name: Install Secrets Store
block: block:
# https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver # https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver
- name: Defined Secrets Store repository - name: Defined Secrets Store repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: secrets-store-csi-driver name: secrets-store-csi-driver
repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts" repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
- name: Deploy Secrets Store chart - name: Deploy Secrets Store chart
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: csi-secrets-store name: csi-secrets-store
release_namespace: "kube-system" release_namespace: "kube-system"
chart_version: "{{ storage_secrets_store.version }}" chart_version: "{{ storage_secrets_store.version }}"
chart_ref: secrets-store-csi-driver/secrets-store-csi-driver chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
- name: Deploy Secrets Store CSI driver provider gopass - name: Deploy Secrets Store CSI driver provider gopass
kubernetes.core.k8s: kubernetes.core.k8s:
state: "present" state: "present"
context: "{{ my_context }}" context: "{{ my_context }}"
namespace: "kube-system" namespace: "kube-system"
apply: true apply: true
resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}" resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
# https://github.com/Azure/secrets-store-csi-driver-provider-azure # https://github.com/Azure/secrets-store-csi-driver-provider-azure
- name: Deploy Secrets Store CSI driver provider azure - name: Deploy Secrets Store CSI driver provider azure
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: csi-secrets-store-provider-azure name: csi-secrets-store-provider-azure
repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts" repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts"
- name: Deploy Secrets Store chart - name: Deploy Secrets Store chart
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: csi-secrets-store-provider-azure name: csi-secrets-store-provider-azure
release_namespace: "kube-system" release_namespace: "kube-system"
chart_version: "{{ storage_secrets_store_azure.version }}" chart_version: "{{ storage_secrets_store_azure.version }}"
chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
values: values:
secrets-store-csi-driver: secrets-store-csi-driver:
install: false install: false
when: when:
- storage_secrets_store.enabled - storage_secrets_store.enabled
tags: tags:
@ -49,23 +49,23 @@
- name: Secret Store need to be absent - name: Secret Store need to be absent
block: block:
- name: Uninstall Secrets Store - name: Uninstall Secrets Store
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: "{{ item }}" name: "{{ item }}"
state: absent state: absent
release_namespace: "kube-system" release_namespace: "kube-system"
with_items: with_items:
- "csi-secrets-store" - "csi-secrets-store"
- "csi-secrets-store-provider-azure" - "csi-secrets-store-provider-azure"
- name: Remove Ingress for longhorn UI - name: Remove Ingress for longhorn UI
kubernetes.core.k8s: kubernetes.core.k8s:
state: absent state: absent
context: "{{ my_context }}" context: "{{ my_context }}"
namespace: "kube-system" namespace: "kube-system"
resource_definition: "{{ lookup('file', item) | from_yaml }}" resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items: with_items:
- "secrets-provider-gopass/provider-gopass-installer.yaml" - "secrets-provider-gopass/provider-gopass-installer.yaml"
when: when:
- not storage_secrets_store.enabled - not storage_secrets_store.enabled