diff --git a/tasks/digital_ocean.yml b/tasks/digital_ocean.yml index 15d9b30..e196a1d 100644 --- a/tasks/digital_ocean.yml +++ b/tasks/digital_ocean.yml @@ -1,39 +1,39 @@ --- # https://github.com/digitalocean/csi-digitalocean - - name: Include file list - ansible.builtin.include_vars: "digitalocean.yaml" +- name: Include file list + ansible.builtin.include_vars: "digitalocean.yaml" - - name: Defined digitalocean-storage state to present - ansible.builtin.set_fact: - storage_digitalocean_state: present - when: - - storage_digitalocean|bool +- name: Defined digitalocean-storage state to present + ansible.builtin.set_fact: + storage_digitalocean_state: present + when: + - storage_digitalocean|bool - - name: find state of digitalocean-storage - ansible.builtin.set_fact: - storage_digitalocean_state: absent - when: - - not storage_digitalocean|bool +- name: find state of digitalocean-storage + ansible.builtin.set_fact: + storage_digitalocean_state: absent + when: + - not storage_digitalocean|bool - - name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }} - kubernetes.core.k8s: - state: "{{ storage_digitalocean_state }}" - context: "{{ my_context }}" - definition: - apiVersion: v1 - kind: Secret - metadata: - name: digitalocean - namespace: kube-system - type: Opaque - stringData: - access-token: "{{ digitalocean_token | default('token_missing') }}" +- name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }} + kubernetes.core.k8s: + state: "{{ storage_digitalocean_state }}" + context: "{{ my_context }}" + definition: + apiVersion: v1 + kind: Secret + metadata: + name: digitalocean + namespace: kube-system + type: Opaque + stringData: + access-token: "{{ digitalocean_token | default('token_missing') }}" - - name: digitalocean-storage need to be {{ storage_digitalocean_state }} - kubernetes.core.k8s: - state: "{{ storage_digitalocean_state }}" - context: "{{ my_context }}" - merge_type: merge - resource_definition: "{{ lookup('file', item) | from_yaml }}" - with_items: - - "{{ storage_digitalocean_files_list }}" +- name: digitalocean-storage need to be {{ storage_digitalocean_state }} + kubernetes.core.k8s: + state: "{{ storage_digitalocean_state }}" + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('file', item) | from_yaml }}" + with_items: + - "{{ storage_digitalocean_files_list }}" diff --git a/tasks/linode.yml b/tasks/linode.yml index 1147f41..fed5339 100644 --- a/tasks/linode.yml +++ b/tasks/linode.yml @@ -1,40 +1,40 @@ --- # https://github.com/linode/linode-blockstorage-csi-driver - - name: Include file list - ansible.builtin.include_vars: "linode.yaml" +- name: Include file list + ansible.builtin.include_vars: "linode.yaml" - - name: Defined linode-storage state to present - ansible.builtin.set_fact: - storage_linode_state: present - when: - - storage_linode|bool +- name: Defined linode-storage state to present + ansible.builtin.set_fact: + storage_linode_state: present + when: + - storage_linode|bool - - name: find state of linode-storage - ansible.builtin.set_fact: - storage_linode_state: absent - when: - - not storage_linode|bool +- name: find state of linode-storage + ansible.builtin.set_fact: + storage_linode_state: absent + when: + - not storage_linode|bool - - name: Add secret for Linode Access Key - kubernetes.core.k8s: - state: "{{ storage_linode_state }}" - context: "{{ my_context }}" - definition: - apiVersion: v1 - kind: Secret - metadata: - name: linode - namespace: kube-system - type: Opaque - stringData: - token: "{{ LINODE_TOKEN | default('token_missing') }}" - region: "{{ LINODE_REGION | default('token_missing') }}" +- name: Add secret for Linode Access Key + kubernetes.core.k8s: + state: "{{ storage_linode_state }}" + context: "{{ my_context }}" + definition: + apiVersion: v1 + kind: Secret + metadata: + name: linode + namespace: kube-system + type: Opaque + stringData: + token: "{{ LINODE_TOKEN | default('token_missing') }}" + region: "{{ LINODE_REGION | default('token_missing') }}" - - name: linode-storage need to be {{ storage_linode_state }} - kubernetes.core.k8s: - state: "{{ storage_linode_state }}" - context: "{{ my_context }}" - merge_type: merge - resource_definition: "{{ lookup('file', item) | from_yaml }}" - with_items: - - "{{ storage_linode_files_list }}" +- name: linode-storage need to be {{ storage_linode_state }} + kubernetes.core.k8s: + state: "{{ storage_linode_state }}" + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('file', item) | from_yaml }}" + with_items: + - "{{ storage_linode_files_list }}" diff --git a/tasks/longhorn.yml b/tasks/longhorn.yml index 203aa4a..ecfb5a7 100644 --- a/tasks/longhorn.yml +++ b/tasks/longhorn.yml @@ -1,148 +1,148 @@ --- - - name: longhorn need to be present - block: - - name: Defined longhorn repository - kubernetes.core.helm_repository: - name: longhorn - repo_url: "https://charts.longhorn.io" - - name: Deploy latest version of longhorn - kubernetes.core.helm: - context: "{{ my_context }}" - name: longhorn - chart_ref: longhorn/longhorn - chart_version: "{{ storage_longhorn.version }}" - create_namespace: true - release_namespace: "{{ storage_longhorn.namespace }}" - values: - persistence: - defaultClass: true -# defaultClassReplicaCount: 3 -# reclaimPolicy: Delete - recurringJobSelector: - enable: true - jobList: '[ - { - "name":"snapshot", - "isGroup":true, - }, - { - "name":"backup-daily", - "isGroup":true, - } - ]' - defaultSettings: - defaultDataPath: "/var/lib/longhorn/" - backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore" - allowRecurringJobWhileVolumeDetached: true - createDefaultDiskLabeledNodes: true - replicaSoftAntiAffinity: false -# defaultReplicaCount: 2 - defaultDataLocality: best-effort -# defaultLonghornStaticStorageClass: longhorn -# disableSchedulingOnCordonedNode: false - replicaZoneSoftAntiAffinity: false - guaranteed-engine-manager-cpu: 6 - guaranteed-replica-manager-cpu: 6 - ingress: - enabled: true - host: "longhorn.{{ cluster_domain }}" -# tls: false -# tlsSecret: longhorn.local-tls - annotations: - kubernetes.io/ingress.class: traefik -# cert-manager.io/cluster-issuer: letsencrypt-prod +- name: longhorn need to be present + block: + - name: Defined longhorn repository + kubernetes.core.helm_repository: + name: longhorn + repo_url: "https://charts.longhorn.io" + - name: Deploy latest version of longhorn + kubernetes.core.helm: + context: "{{ my_context }}" + name: longhorn + chart_ref: longhorn/longhorn + chart_version: "{{ storage_longhorn.version }}" + create_namespace: true + release_namespace: "{{ storage_longhorn.namespace }}" + values: + persistence: + defaultClass: true +# defaultClassReplicaCount: 3 +# reclaimPolicy: Delete + recurringJobSelector: + enable: true + jobList: '[ + { + "name":"snapshot", + "isGroup":true, + }, + { + "name":"backup-daily", + "isGroup":true, + } + ]' + defaultSettings: + defaultDataPath: "/var/lib/longhorn/" + backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore" + allowRecurringJobWhileVolumeDetached: true + createDefaultDiskLabeledNodes: true + replicaSoftAntiAffinity: false +# defaultReplicaCount: 2 + defaultDataLocality: best-effort +# defaultLonghornStaticStorageClass: longhorn +# disableSchedulingOnCordonedNode: false + replicaZoneSoftAntiAffinity: false + guaranteed-engine-manager-cpu: 6 + guaranteed-replica-manager-cpu: 6 + ingress: + enabled: true + host: "longhorn.{{ cluster_domain }}" +# tls: false +# tlsSecret: longhorn.local-tls + annotations: + kubernetes.io/ingress.class: traefik +# cert-manager.io/cluster-issuer: letsencrypt-prod # {% if ingress_whitelist is defined %} -# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}" +# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}" # {% endif %} - traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure # {% if basic_auth is defined %} -# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd -# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file -# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd +# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd +# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file +# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd # {% endif %} -# enablePSP: true +# enablePSP: true - - name: Configure Longhorn - kubernetes.core.k8s: - state: present - context: "{{ my_context }}" - definition: - kind: Setting - apiVersion: longhorn.io/v1beta1 - metadata: - name: "{{ item.name }}" - namespace: "{{ storage_longhorn_namespace }}" - value: "{{ item.value }}" - with_items: - - { - name: "guaranteed-engine-manager-cpu", - value: "6" - } - - { - name: "guaranteed-replica-manager-cpu", - value: "6" - } - - { - name: "default-data-locality", - value: "best-effort" - } + - name: Configure Longhorn + kubernetes.core.k8s: + state: present + context: "{{ my_context }}" + definition: + kind: Setting + apiVersion: longhorn.io/v1beta1 + metadata: + name: "{{ item.name }}" + namespace: "{{ storage_longhorn_namespace }}" + value: "{{ item.value }}" + with_items: + - { + name: "guaranteed-engine-manager-cpu", + value: "6" + } + - { + name: "guaranteed-replica-manager-cpu", + value: "6" + } + - { + name: "default-data-locality", + value: "best-effort" + } - - name: Install longhorn Recurring Jobs - kubernetes.core.k8s: - state: present - context: "{{ my_context }}" - apply: true - namespace: "{{ storage_longhorn.namespace }}" - resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}" - with_items: - - { - name: "snapshot", - ansible.builtin.cron: "1 * * * *", - task: "snapshot", - retain: 25 - } - - { - name: "backup-daily", - ansible.builtin.cron: "0 1 * * *", - task: "backup", - retain: 8 - } + - name: Install longhorn Recurring Jobs + kubernetes.core.k8s: + state: present + context: "{{ my_context }}" + apply: true + namespace: "{{ storage_longhorn.namespace }}" + resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}" + with_items: + - { + name: "snapshot", + ansible.builtin.cron: "1 * * * *", + task: "snapshot", + retain: 25 + } + - { + name: "backup-daily", + ansible.builtin.cron: "0 1 * * *", + task: "backup", + retain: 8 + } -# - name: Install longhorn UI Ingress -# kubernetes.core.k8s: -# state: present -# context: "{{ my_context }}" -# apply: true -# namespace: "{{ storage_longhorn.namespace }}" -# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" -# with_items: -# - "longhorn_ingressroute.yaml.j2" - when: - - storage_longhorn.enabled - tags: - - longhorn - - storage +# - name: Install longhorn UI Ingress +# kubernetes.core.k8s: +# state: present +# context: "{{ my_context }}" +# apply: true +# namespace: "{{ storage_longhorn.namespace }}" +# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" +# with_items: +# - "longhorn_ingressroute.yaml.j2" + when: + - storage_longhorn.enabled + tags: + - longhorn + - storage - - name: longhorn need to be absent - block: - - name: Deploy latest version of longhorn - kubernetes.core.helm: - context: "{{ my_context }}" - name: longhorn - state: absent - release_namespace: "{{ storage_longhorn.namespace }}" - - - name: Remove Ingress for longhorn UI - kubernetes.core.k8s: - state: absent - context: "{{ my_context }}" - namespace: "{{ storage_longhorn.namespace }}" - resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" - with_items: -# - "longhorn_ingressroute.yaml.j2" - - "longhorn-namespace.yml.j2" - when: - - not storage_longhorn.enabled - tags: - - longhorn - - storage +- name: longhorn need to be absent + block: + - name: Deploy latest version of longhorn + kubernetes.core.helm: + context: "{{ my_context }}" + name: longhorn + state: absent + release_namespace: "{{ storage_longhorn.namespace }}" + + - name: Remove Ingress for longhorn UI + kubernetes.core.k8s: + state: absent + context: "{{ my_context }}" + namespace: "{{ storage_longhorn.namespace }}" + resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" + with_items: +# - "longhorn_ingressroute.yaml.j2" + - "longhorn-namespace.yml.j2" + when: + - not storage_longhorn.enabled + tags: + - longhorn + - storage diff --git a/tasks/nfs.yml b/tasks/nfs.yml index 541cd16..ec8bb0e 100644 --- a/tasks/nfs.yml +++ b/tasks/nfs.yml @@ -1,51 +1,50 @@ --- - - name: NFS client setup - block: +- name: NFS client setup + block: # https://github.com/kubernetes-incubator/external-storage/blob/master/nfs/docs/deployment.md # Ne pas oublier de "sudo chcon -Rt svirt_sandbox_file_t /srv" pour le stockage # ou alors tourner le container en privileged # https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md - - name: Defined NFS Provisioner repository - kubernetes.core.helm_repository: - name: nfs-subdir-external-provisioner - repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner" + - name: Defined NFS Provisioner repository + kubernetes.core.helm_repository: + name: nfs-subdir-external-provisioner + repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner" + - name: Deploy latest version of NFS Provisioner + kubernetes.core.helm: + context: "{{ my_context }}" + state: "present" + name: nfs-subdir-external-provisioner + chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner + create_namespace: true + release_namespace: "{{ storage_nfs.namespace }}" + values: + nfs: + server: x.x.x.x + path: /exported/path +# podSecurityPolicy: +# enabled: true +# storageClass: +# name: nfs-client +# defaultClass: false +# provisionerName: "" +# accessModes: ReadWriteOnce + when: + - storage_nfs.enabled + tags: + - nfs + - storage - - name: Deploy latest version of NFS Provisioner - kubernetes.core.helm: - context: "{{ my_context }}" - state: "present" - name: nfs-subdir-external-provisioner - chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner - create_namespace: true - release_namespace: "{{ storage_nfs.namespace }}" - values: - nfs: - server: x.x.x.x - path: /exported/path -# podSecurityPolicy: -# enabled: true -# storageClass: -# name: nfs-client -# defaultClass: false -# provisionerName: "" -# accessModes: ReadWriteOnce - when: - - storage_nfs.enabled - tags: - - nfs - - storage - - - name: NFS client need to be absent - block: - - name: Uninstall nfs-subdir-external-provisioner - kubernetes.core.helm: - context: "{{ my_context }}" - name: nfs-subdir-external-provisioner - release_state: absent - release_namespace: "{{ storage_nfs.namespace }}" - when: - - not storage_nfs.enabled - tags: - - nfs - - storage +- name: NFS client need to be absent + block: + - name: Uninstall nfs-subdir-external-provisioner + kubernetes.core.helm: + context: "{{ my_context }}" + name: nfs-subdir-external-provisioner + release_state: absent + release_namespace: "{{ storage_nfs.namespace }}" + when: + - not storage_nfs.enabled + tags: + - nfs + - storage