adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix lint errors
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-07-23 01:21:31 +02:00
parent dcbc650c9e
commit 46272c92d8
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
4 changed files with 249 additions and 250 deletions
Download patch file Download diff file Expand all files Collapse all files

66
tasks/digital_ocean.yml
View file

@ -1,39 +1,39 @@
--- ---
# https://github.com/digitalocean/csi-digitalocean # https://github.com/digitalocean/csi-digitalocean
- name: Include file list - name: Include file list
ansible.builtin.include_vars: "digitalocean.yaml" ansible.builtin.include_vars: "digitalocean.yaml"
- name: Defined digitalocean-storage state to present - name: Defined digitalocean-storage state to present
ansible.builtin.set_fact: ansible.builtin.set_fact:
storage_digitalocean_state: present storage_digitalocean_state: present
when: when:
- storage_digitalocean|bool - storage_digitalocean|bool
- name: find state of digitalocean-storage - name: find state of digitalocean-storage
ansible.builtin.set_fact: ansible.builtin.set_fact:
storage_digitalocean_state: absent storage_digitalocean_state: absent
when: when:
- not storage_digitalocean|bool - not storage_digitalocean|bool
- name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }} - name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }}
kubernetes.core.k8s: kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}" state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: digitalocean name: digitalocean
namespace: kube-system namespace: kube-system
type: Opaque type: Opaque
stringData: stringData:
access-token: "{{ digitalocean_token | default('token_missing') }}" access-token: "{{ digitalocean_token | default('token_missing') }}"
- name: digitalocean-storage need to be {{ storage_digitalocean_state }} - name: digitalocean-storage need to be {{ storage_digitalocean_state }}
kubernetes.core.k8s: kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}" state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
merge_type: merge merge_type: merge
resource_definition: "{{ lookup('file', item) | from_yaml }}" resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items: with_items:
- "{{ storage_digitalocean_files_list }}" - "{{ storage_digitalocean_files_list }}"

68
tasks/linode.yml
View file

@ -1,40 +1,40 @@
--- ---
# https://github.com/linode/linode-blockstorage-csi-driver # https://github.com/linode/linode-blockstorage-csi-driver
- name: Include file list - name: Include file list
ansible.builtin.include_vars: "linode.yaml" ansible.builtin.include_vars: "linode.yaml"
- name: Defined linode-storage state to present - name: Defined linode-storage state to present
ansible.builtin.set_fact: ansible.builtin.set_fact:
storage_linode_state: present storage_linode_state: present
when: when:
- storage_linode|bool - storage_linode|bool
- name: find state of linode-storage - name: find state of linode-storage
ansible.builtin.set_fact: ansible.builtin.set_fact:
storage_linode_state: absent storage_linode_state: absent
when: when:
- not storage_linode|bool - not storage_linode|bool
- name: Add secret for Linode Access Key - name: Add secret for Linode Access Key
kubernetes.core.k8s: kubernetes.core.k8s:
state: "{{ storage_linode_state }}" state: "{{ storage_linode_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: linode name: linode
namespace: kube-system namespace: kube-system
type: Opaque type: Opaque
stringData: stringData:
token: "{{ LINODE_TOKEN | default('token_missing') }}" token: "{{ LINODE_TOKEN | default('token_missing') }}"
region: "{{ LINODE_REGION | default('token_missing') }}" region: "{{ LINODE_REGION | default('token_missing') }}"
- name: linode-storage need to be {{ storage_linode_state }} - name: linode-storage need to be {{ storage_linode_state }}
kubernetes.core.k8s: kubernetes.core.k8s:
state: "{{ storage_linode_state }}" state: "{{ storage_linode_state }}"
context: "{{ my_context }}" context: "{{ my_context }}"
merge_type: merge merge_type: merge
resource_definition: "{{ lookup('file', item) | from_yaml }}" resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items: with_items:
- "{{ storage_linode_files_list }}" - "{{ storage_linode_files_list }}"

278
tasks/longhorn.yml
View file

@ -1,148 +1,148 @@
--- ---
- name: longhorn need to be present - name: longhorn need to be present
block: block:
- name: Defined longhorn repository - name: Defined longhorn repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: longhorn name: longhorn
repo_url: "https://charts.longhorn.io" repo_url: "https://charts.longhorn.io"
- name: Deploy latest version of longhorn - name: Deploy latest version of longhorn
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: longhorn name: longhorn
chart_ref: longhorn/longhorn chart_ref: longhorn/longhorn
chart_version: "{{ storage_longhorn.version }}" chart_version: "{{ storage_longhorn.version }}"
create_namespace: true create_namespace: true
release_namespace: "{{ storage_longhorn.namespace }}" release_namespace: "{{ storage_longhorn.namespace }}"
values: values:
persistence: persistence:
defaultClass: true defaultClass: true
# defaultClassReplicaCount: 3 # defaultClassReplicaCount: 3
# reclaimPolicy: Delete # reclaimPolicy: Delete
recurringJobSelector: recurringJobSelector:
enable: true enable: true
jobList: '[ jobList: '[
{ {
"name":"snapshot", "name":"snapshot",
"isGroup":true, "isGroup":true,
}, },
{ {
"name":"backup-daily", "name":"backup-daily",
"isGroup":true, "isGroup":true,
} }
]' ]'
defaultSettings: defaultSettings:
defaultDataPath: "/var/lib/longhorn/" defaultDataPath: "/var/lib/longhorn/"
backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore" backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
allowRecurringJobWhileVolumeDetached: true allowRecurringJobWhileVolumeDetached: true
createDefaultDiskLabeledNodes: true createDefaultDiskLabeledNodes: true
replicaSoftAntiAffinity: false replicaSoftAntiAffinity: false
# defaultReplicaCount: 2 # defaultReplicaCount: 2
defaultDataLocality: best-effort defaultDataLocality: best-effort
# defaultLonghornStaticStorageClass: longhorn # defaultLonghornStaticStorageClass: longhorn
# disableSchedulingOnCordonedNode: false # disableSchedulingOnCordonedNode: false
replicaZoneSoftAntiAffinity: false replicaZoneSoftAntiAffinity: false
guaranteed-engine-manager-cpu: 6 guaranteed-engine-manager-cpu: 6
guaranteed-replica-manager-cpu: 6 guaranteed-replica-manager-cpu: 6
ingress: ingress:
enabled: true enabled: true
host: "longhorn.{{ cluster_domain }}" host: "longhorn.{{ cluster_domain }}"
# tls: false # tls: false
# tlsSecret: longhorn.local-tls # tlsSecret: longhorn.local-tls
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt-prod # cert-manager.io/cluster-issuer: letsencrypt-prod
# {% if ingress_whitelist is defined %} # {% if ingress_whitelist is defined %}
# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}" # ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
# {% endif %} # {% endif %}
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
# {% if basic_auth is defined %} # {% if basic_auth is defined %}
# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd # traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file # traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd # #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
# {% endif %} # {% endif %}
# enablePSP: true # enablePSP: true
- name: Configure Longhorn - name: Configure Longhorn
kubernetes.core.k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
definition: definition:
kind: Setting kind: Setting
apiVersion: longhorn.io/v1beta1 apiVersion: longhorn.io/v1beta1
metadata: metadata:
name: "{{ item.name }}" name: "{{ item.name }}"
namespace: "{{ storage_longhorn_namespace }}" namespace: "{{ storage_longhorn_namespace }}"
value: "{{ item.value }}" value: "{{ item.value }}"
with_items: with_items:
- { - {
name: "guaranteed-engine-manager-cpu", name: "guaranteed-engine-manager-cpu",
value: "6" value: "6"
} }
- { - {
name: "guaranteed-replica-manager-cpu", name: "guaranteed-replica-manager-cpu",
value: "6" value: "6"
} }
- { - {
name: "default-data-locality", name: "default-data-locality",
value: "best-effort" value: "best-effort"
} }
- name: Install longhorn Recurring Jobs - name: Install longhorn Recurring Jobs
kubernetes.core.k8s: kubernetes.core.k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
apply: true apply: true
namespace: "{{ storage_longhorn.namespace }}" namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}" resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
with_items: with_items:
- { - {
name: "snapshot", name: "snapshot",
ansible.builtin.cron: "1 * * * *", ansible.builtin.cron: "1 * * * *",
task: "snapshot", task: "snapshot",
retain: 25 retain: 25
} }
- { - {
name: "backup-daily", name: "backup-daily",
ansible.builtin.cron: "0 1 * * *", ansible.builtin.cron: "0 1 * * *",
task: "backup", task: "backup",
retain: 8 retain: 8
} }
# - name: Install longhorn UI Ingress # - name: Install longhorn UI Ingress
# kubernetes.core.k8s: # kubernetes.core.k8s:
# state: present # state: present
# context: "{{ my_context }}" # context: "{{ my_context }}"
# apply: true # apply: true
# namespace: "{{ storage_longhorn.namespace }}" # namespace: "{{ storage_longhorn.namespace }}"
# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" # resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
# with_items: # with_items:
# - "longhorn_ingressroute.yaml.j2" # - "longhorn_ingressroute.yaml.j2"
when: when:
- storage_longhorn.enabled - storage_longhorn.enabled
tags: tags:
- longhorn - longhorn
- storage - storage
- name: longhorn need to be absent - name: longhorn need to be absent
block: block:
- name: Deploy latest version of longhorn - name: Deploy latest version of longhorn
kubernetes.core.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: longhorn name: longhorn
state: absent state: absent
release_namespace: "{{ storage_longhorn.namespace }}" release_namespace: "{{ storage_longhorn.namespace }}"
- name: Remove Ingress for longhorn UI - name: Remove Ingress for longhorn UI
kubernetes.core.k8s: kubernetes.core.k8s:
state: absent state: absent
context: "{{ my_context }}" context: "{{ my_context }}"
namespace: "{{ storage_longhorn.namespace }}" namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
with_items: with_items:
# - "longhorn_ingressroute.yaml.j2" # - "longhorn_ingressroute.yaml.j2"
- "longhorn-namespace.yml.j2" - "longhorn-namespace.yml.j2"
when: when:
- not storage_longhorn.enabled - not storage_longhorn.enabled
tags: tags:
- longhorn - longhorn
- storage - storage

87
tasks/nfs.yml
View file

@ -1,51 +1,50 @@
--- ---
- name: NFS client setup - name: NFS client setup
block: block:
# https://github.com/kubernetes-incubator/external-storage/blob/master/nfs/docs/deployment.md # https://github.com/kubernetes-incubator/external-storage/blob/master/nfs/docs/deployment.md
# Ne pas oublier de "sudo chcon -Rt svirt_sandbox_file_t /srv" pour le stockage # Ne pas oublier de "sudo chcon -Rt svirt_sandbox_file_t /srv" pour le stockage
# ou alors tourner le container en privileged # ou alors tourner le container en privileged
# https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md # https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md
- name: Defined NFS Provisioner repository - name: Defined NFS Provisioner repository
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner" repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
- name: Deploy latest version of NFS Provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
state: "present"
name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
create_namespace: true
release_namespace: "{{ storage_nfs.namespace }}"
values:
nfs:
server: x.x.x.x
path: /exported/path
# podSecurityPolicy:
# enabled: true
# storageClass:
# name: nfs-client
# defaultClass: false
# provisionerName: ""
# accessModes: ReadWriteOnce
when:
- storage_nfs.enabled
tags:
- nfs
- storage
- name: Deploy latest version of NFS Provisioner - name: NFS client need to be absent
kubernetes.core.helm: block:
context: "{{ my_context }}" - name: Uninstall nfs-subdir-external-provisioner
state: "present" kubernetes.core.helm:
name: nfs-subdir-external-provisioner context: "{{ my_context }}"
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
create_namespace: true release_state: absent
release_namespace: "{{ storage_nfs.namespace }}" release_namespace: "{{ storage_nfs.namespace }}"
values: when:
nfs: - not storage_nfs.enabled
server: x.x.x.x tags:
path: /exported/path - nfs
# podSecurityPolicy: - storage
# enabled: true
# storageClass:
# name: nfs-client
# defaultClass: false
# provisionerName: ""
# accessModes: ReadWriteOnce
when:
- storage_nfs.enabled
tags:
- nfs
- storage
- name: NFS client need to be absent
block:
- name: Uninstall nfs-subdir-external-provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
name: nfs-subdir-external-provisioner
release_state: absent
release_namespace: "{{ storage_nfs.namespace }}"
when:
- not storage_nfs.enabled
tags:
- nfs
- storage