adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix lint errors
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-07-23 01:00:27 +02:00
parent 762bd0781b
commit 27f14ecf1b
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
9 changed files with 326 additions and 322 deletions
Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -29,4 +29,4 @@ storage_linode: false
storage_digitalocean: false
# local-path, longhorn, linode-block-storage, linode-block-storage-retain, do-block-storage
#storage_default_storageclass: local-path
# storage_default_storageclass: local-path

6
meta/main.yml
View file

@ -6,6 +6,6 @@ galaxy_info:
galaxy_tags: []
license: GPL2
platforms:
- name: kubernetes
version:
- all
- name: kubernetes
version:
- all

10
tasks/digital_ocean.yml
View file

@ -1,22 +1,22 @@
---
# https://github.com/digitalocean/csi-digitalocean
- name: Include file list
include_vars: "digitalocean.yaml"
ansible.builtin.include_vars: "digitalocean.yaml"
- name: Defined digitalocean-storage state to present
set_fact:
ansible.builtin.set_fact:
storage_digitalocean_state: present
when:
- storage_digitalocean|bool
- name: find state of digitalocean-storage
set_fact:
ansible.builtin.set_fact:
storage_digitalocean_state: absent
when:
- not storage_digitalocean|bool
- name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }}
k8s:
kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}"
definition:
@ -30,7 +30,7 @@
access-token: "{{ digitalocean_token | default('token_missing') }}"
- name: digitalocean-storage need to be {{ storage_digitalocean_state }}
k8s:
kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}"
merge_type: merge

10
tasks/linode.yml
View file

@ -1,22 +1,22 @@
---
# https://github.com/linode/linode-blockstorage-csi-driver
- name: Include file list
include_vars: "linode.yaml"
ansible.builtin.include_vars: "linode.yaml"
- name: Defined linode-storage state to present
set_fact:
ansible.builtin.set_fact:
storage_linode_state: present
when:
- storage_linode|bool
- name: find state of linode-storage
set_fact:
ansible.builtin.set_fact:
storage_linode_state: absent
when:
- not storage_linode|bool
- name: Add secret for Linode Access Key
k8s:
kubernetes.core.k8s:
state: "{{ storage_linode_state }}"
context: "{{ my_context }}"
definition:
@ -31,7 +31,7 @@
region: "{{ LINODE_REGION | default('token_missing') }}"
- name: linode-storage need to be {{ storage_linode_state }}
k8s:
kubernetes.core.k8s:
state: "{{ storage_linode_state }}"
context: "{{ my_context }}"
merge_type: merge

62
tasks/local-path.yml
View file

@ -4,44 +4,44 @@
# https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart
- name: Install Local-path
block:
- name: Git clone stable repo on HEAD
ansible.builtin.git:
repo: "https://github.com/rancher/local-path-provisioner.git"
dest: tmp/local-path-provisioner
version: "{{ storage_localpath.version }}"
- name: Git clone stable repo on HEAD
ansible.builtin.git:
repo: "https://github.com/rancher/local-path-provisioner.git"
dest: tmp/local-path-provisioner
version: "{{ storage_localpath.version }}"
- name: Deploy local-path chart from local path
kubernetes.core.helm:
state: "present"
name: local-path-provisioner
context: "{{ my_context }}"
chart_ref: tmp/local-path-provisioner/deploy/chart
release_namespace: "{{ storage_localpath.namespace }}"
create_namespace: true
values:
nodePathMap:
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
paths: ["{{ storage_localpath.default_path }}"]
- name: Deploy local-path chart from local path
kubernetes.core.helm:
state: "present"
name: local-path-provisioner
context: "{{ my_context }}"
chart_ref: tmp/local-path-provisioner/deploy/chart
release_namespace: "{{ storage_localpath.namespace }}"
create_namespace: true
values:
nodePathMap:
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
paths: ["{{ storage_localpath.default_path }}"]
when:
- storage_localpath.enabled
- name: Uninstall Local-path
block:
- name: Uninstall local-path
kubernetes.core.helm:
context: "{{ my_context }}"
name: local-path-provisioner
release_state: absent
release_namespace: "{{ storage_localpath.namespace }}"
- name: namespace
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "{{ storage_localpath.namespace }}"
resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}"
with_items:
- "local-path-namespace.yml.j2"
- name: Uninstall local-path
kubernetes.core.helm:
context: "{{ my_context }}"
name: local-path-provisioner
release_state: absent
release_namespace: "{{ storage_localpath.namespace }}"
- name: namespace
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "{{ storage_localpath.namespace }}"
resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}"
with_items:
- "local-path-namespace.yml.j2"
when:
- not storage_localpath.enabled

258
tasks/longhorn.yml
View file

@ -1,122 +1,122 @@
---
- name: longhorn need to be present
block:
- name: Defined longhorn repository
kubernetes.core.helm_repository:
name: longhorn
repo_url: "https://charts.longhorn.io"
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
chart_ref: longhorn/longhorn
chart_version: "{{ storage_longhorn.version }}"
create_namespace: yes
release_namespace: "{{ storage_longhorn.namespace }}"
values:
persistence:
defaultClass: true
# defaultClassReplicaCount: 3
# reclaimPolicy: Delete
recurringJobSelector:
enable: true
jobList: '[
{
"name":"snapshot",
"isGroup":true,
},
{
"name":"backup-daily",
"isGroup":true,
}
]'
defaultSettings:
defaultDataPath: "/var/lib/longhorn/"
backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
allowRecurringJobWhileVolumeDetached: true
createDefaultDiskLabeledNodes: true
replicaSoftAntiAffinity: false
# defaultReplicaCount: 2
defaultDataLocality: best-effort
# defaultLonghornStaticStorageClass: longhorn
# disableSchedulingOnCordonedNode: false
replicaZoneSoftAntiAffinity: false
guaranteed-engine-manager-cpu: 6
guaranteed-replica-manager-cpu: 6
ingress:
enabled: true
host: "longhorn.{{ cluster_domain }}"
# tls: false
# tlsSecret: longhorn.local-tls
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt-prod
#{% if ingress_whitelist is defined %}
# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
#{% endif %}
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
#{% if basic_auth is defined %}
# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
#{% endif %}
# enablePSP: true
- name: Defined longhorn repository
kubernetes.core.helm_repository:
name: longhorn
repo_url: "https://charts.longhorn.io"
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
chart_ref: longhorn/longhorn
chart_version: "{{ storage_longhorn.version }}"
create_namespace: true
release_namespace: "{{ storage_longhorn.namespace }}"
values:
persistence:
defaultClass: true
# defaultClassReplicaCount: 3
# reclaimPolicy: Delete
recurringJobSelector:
enable: true
jobList: '[
{
"name":"snapshot",
"isGroup":true,
},
{
"name":"backup-daily",
"isGroup":true,
}
]'
defaultSettings:
defaultDataPath: "/var/lib/longhorn/"
backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
allowRecurringJobWhileVolumeDetached: true
createDefaultDiskLabeledNodes: true
replicaSoftAntiAffinity: false
# defaultReplicaCount: 2
defaultDataLocality: best-effort
# defaultLonghornStaticStorageClass: longhorn
# disableSchedulingOnCordonedNode: false
replicaZoneSoftAntiAffinity: false
guaranteed-engine-manager-cpu: 6
guaranteed-replica-manager-cpu: 6
ingress:
enabled: true
host: "longhorn.{{ cluster_domain }}"
# tls: false
# tlsSecret: longhorn.local-tls
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt-prod
# {% if ingress_whitelist is defined %}
# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
# {% endif %}
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
# {% if basic_auth is defined %}
# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
# {% endif %}
# enablePSP: true
- name: Configure Longhorn
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
kind: Setting
apiVersion: longhorn.io/v1beta1
metadata:
name: "{{ item.name }}"
namespace: "{{ storage_longhorn_namespace }}"
value: "{{ item.value }}"
with_items:
- {
name: "guaranteed-engine-manager-cpu",
value: "6"
}
- {
name: "guaranteed-replica-manager-cpu",
value: "6"
}
- {
name: "default-data-locality",
value: "best-effort"
}
- name: Configure Longhorn
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
kind: Setting
apiVersion: longhorn.io/v1beta1
metadata:
name: "{{ item.name }}"
namespace: "{{ storage_longhorn_namespace }}"
value: "{{ item.value }}"
with_items:
- {
name: "guaranteed-engine-manager-cpu",
value: "6"
}
- {
name: "guaranteed-replica-manager-cpu",
value: "6"
}
- {
name: "default-data-locality",
value: "best-effort"
}
- name: Install longhorn Recurring Jobs
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
with_items:
- {
name: "snapshot",
cron: "1 * * * *",
task: "snapshot",
retain: 25
}
- {
name: "backup-daily",
cron: "0 1 * * *",
task: "backup",
retain: 8
}
- name: Install longhorn Recurring Jobs
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
with_items:
- {
name: "snapshot",
ansible.builtin.cron: "1 * * * *",
task: "snapshot",
retain: 25
}
- {
name: "backup-daily",
ansible.builtin.cron: "0 1 * * *",
task: "backup",
retain: 8
}
# - name: Install longhorn UI Ingress
# kubernetes.core.k8s:
# state: present
# context: "{{ my_context }}"
# apply: true
# namespace: "{{ storage_longhorn.namespace }}"
# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
# with_items:
# - "longhorn_ingressroute.yaml.j2"
# - name: Install longhorn UI Ingress
# kubernetes.core.k8s:
# state: present
# context: "{{ my_context }}"
# apply: true
# namespace: "{{ storage_longhorn.namespace }}"
# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
# with_items:
# - "longhorn_ingressroute.yaml.j2"
when:
- storage_longhorn.enabled
tags:
@ -125,22 +125,22 @@
- name: longhorn need to be absent
block:
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
state: absent
release_namespace: "{{ storage_longhorn.namespace }}"
- name: Remove Ingress for longhorn UI
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
with_items:
# - "longhorn_ingressroute.yaml.j2"
- "longhorn-namespace.yml.j2"
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
state: absent
release_namespace: "{{ storage_longhorn.namespace }}"
- name: Remove Ingress for longhorn UI
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
with_items:
# - "longhorn_ingressroute.yaml.j2"
- "longhorn-namespace.yml.j2"
when:
- not storage_longhorn.enabled
tags:

140
tasks/main.yml
View file

@ -1,39 +1,43 @@
- name: Local Path setup
block:
- name: Define Manual StorageClass
k8s:
state: present
context: "{{ my_context }}"
definition:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: manual
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
when:
- storage_manual.enabled
tags:
- manual
- storage
- name: Define Manual StorageClass
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: manual
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
when:
- storage_manual.enabled
tags:
- manual
- storage
- include_tasks: "local-path.yml"
tags:
- local-path
- storage
- include_tasks: "longhorn.yml"
tags:
- longhorn
- storage
- include_tasks: "nfs.yml"
tags:
- nfs
- storage
- include_tasks: "secrets-store.yml"
tags:
- secrets-store
- storage
- name: include local-path tasks
ansible.builtin.include_tasks: "local-path.yml"
tags:
- local-path
- storage
- name: include longhorn tasks
ansible.builtin.include_tasks: "longhorn.yml"
tags:
- longhorn
- storage
- name: include nfs tasks
ansible.builtin.include_tasks: "nfs.yml"
tags:
- nfs
- storage
- name: include secrets store tasks
ansible.builtin.include_tasks: "secrets-store.yml"
tags:
- secrets-store
- storage
# https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3
# https://github.com/ctrox/csi-s3
@ -41,40 +45,40 @@
# https://github.com/reactr-io/gocachefs
# - include_tasks: "digital_ocean.yml"
# - include_tasks: "linode.yml"
# - ansible.builtin.include_tasks: "digital_ocean.yml"
# - ansible.builtin.include_tasks: "linode.yml"
- name: Select the default StorageClass
k8s:
state: present
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: StorageClass
metadata:
name: "{{ storage.default_storageclass }}"
annotations:
storageclass.kubernetes.io/is-default-class: "true"
when:
- storage.default_storageclass is defined
tags:
- manual
- local-path
- nfs
- longhorn
- storage
- name: Select the default StorageClass
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: StorageClass
metadata:
name: "{{ storage.default_storageclass }}"
annotations:
storageclass.kubernetes.io/is-default-class: "true"
when:
- storage.default_storageclass is defined
tags:
- manual
- local-path
- nfs
- longhorn
- storage
- name: Select the default VolumeSnapshotClass
k8s:
state: present
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: VolumeSnapshotClass
metadata:
name: "{{ storage.default_storageclass }}"
annotations:
snapshot.storage.kubernetes.io/is-default-class: "true"
when:
- storage.default_storageclass is defined
- storage.default_storageclass == "do-block-storage"
- name: Select the default VolumeSnapshotClass
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: VolumeSnapshotClass
metadata:
name: "{{ storage.default_storageclass }}"
annotations:
snapshot.storage.kubernetes.io/is-default-class: "true"
when:
- storage.default_storageclass is defined
- storage.default_storageclass == "do-block-storage"

58
tasks/nfs.yml
View file

@ -6,30 +6,30 @@
# ou alors tourner le container en privileged
# https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md
- name: Defined NFS Provisioner repository
kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner
repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
- name: Defined NFS Provisioner repository
kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner
repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
- name: Deploy latest version of NFS Provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
state: "present"
name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
create_namespace: yes
release_namespace: "{{ storage_nfs.namespace }}"
values:
nfs:
server: x.x.x.x
path: /exported/path
# podSecurityPolicy:
# enabled: true
# storageClass:
# name: nfs-client
# defaultClass: false
# provisionerName: ""
# accessModes: ReadWriteOnce
- name: Deploy latest version of NFS Provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
state: "present"
name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
create_namespace: true
release_namespace: "{{ storage_nfs.namespace }}"
values:
nfs:
server: x.x.x.x
path: /exported/path
# podSecurityPolicy:
# enabled: true
# storageClass:
# name: nfs-client
# defaultClass: false
# provisionerName: ""
# accessModes: ReadWriteOnce
when:
- storage_nfs.enabled
tags:
@ -38,12 +38,12 @@
- name: NFS client need to be absent
block:
- name: Uninstall nfs-subdir-external-provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
name: nfs-subdir-external-provisioner
release_state: absent
release_namespace: "{{ storage_nfs.namespace }}"
- name: Uninstall nfs-subdir-external-provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
name: nfs-subdir-external-provisioner
release_state: absent
release_namespace: "{{ storage_nfs.namespace }}"
when:
- not storage_nfs.enabled
tags:

102
tasks/secrets-store.yml
View file

@ -2,43 +2,43 @@
- name: Install Secrets Store
block:
# https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver
- name: Defined Secrets Store repository
kubernetes.core.helm_repository:
name: secrets-store-csi-driver
repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
- name: Defined Secrets Store repository
kubernetes.core.helm_repository:
name: secrets-store-csi-driver
repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
- name: Deploy Secrets Store chart
kubernetes.core.helm:
context: "{{ my_context }}"
name: csi-secrets-store
release_namespace: "kube-system"
chart_version: "{{ storage_secrets_store.version }}"
chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
- name: Deploy Secrets Store chart
kubernetes.core.helm:
context: "{{ my_context }}"
name: csi-secrets-store
release_namespace: "kube-system"
chart_version: "{{ storage_secrets_store.version }}"
chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
- name: Deploy Secrets Store CSI driver provider gopass
kubernetes.core.k8s:
state: "present"
context: "{{ my_context }}"
namespace: "kube-system"
apply: true
resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
- name: Deploy Secrets Store CSI driver provider gopass
kubernetes.core.k8s:
state: "present"
context: "{{ my_context }}"
namespace: "kube-system"
apply: true
resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
# https://github.com/Azure/secrets-store-csi-driver-provider-azure
- name: Deploy Secrets Store CSI driver provider azure
kubernetes.core.helm_repository:
name: csi-secrets-store-provider-azure
repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts"
- name: Deploy Secrets Store chart
kubernetes.core.helm:
context: "{{ my_context }}"
name: csi-secrets-store-provider-azure
release_namespace: "kube-system"
chart_version: "{{ storage_secrets_store_azure.version }}"
chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
values:
secrets-store-csi-driver:
install: false
# https://github.com/Azure/secrets-store-csi-driver-provider-azure
- name: Deploy Secrets Store CSI driver provider azure
kubernetes.core.helm_repository:
name: csi-secrets-store-provider-azure
repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts"
- name: Deploy Secrets Store chart
kubernetes.core.helm:
context: "{{ my_context }}"
name: csi-secrets-store-provider-azure
release_namespace: "kube-system"
chart_version: "{{ storage_secrets_store_azure.version }}"
chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
values:
secrets-store-csi-driver:
install: false
when:
- storage_secrets_store.enabled
tags:
@ -49,23 +49,23 @@
- name: Secret Store need to be absent
block:
- name: Uninstall Secrets Store
kubernetes.core.helm:
context: "{{ my_context }}"
name: "{{ item }}"
state: absent
release_namespace: "kube-system"
with_items:
- "csi-secrets-store"
- "csi-secrets-store-provider-azure"
- name: Remove Ingress for longhorn UI
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "kube-system"
resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items:
- "secrets-provider-gopass/provider-gopass-installer.yaml"
- name: Uninstall Secrets Store
kubernetes.core.helm:
context: "{{ my_context }}"
name: "{{ item }}"
state: absent
release_namespace: "kube-system"
with_items:
- "csi-secrets-store"
- "csi-secrets-store-provider-azure"
- name: Remove Ingress for longhorn UI
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "kube-system"
resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items:
- "secrets-provider-gopass/provider-gopass-installer.yaml"
when:
- not storage_secrets_store.enabled