adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix lint errors
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-07-23 01:21:31 +02:00
parent dcbc650c9e
commit 46272c92d8
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
4 changed files with 249 additions and 250 deletions
Download patch file Download diff file Expand all files Collapse all files

66
tasks/digital_ocean.yml
View file

@ -1,39 +1,39 @@
---
# https://github.com/digitalocean/csi-digitalocean
- name: Include file list
ansible.builtin.include_vars: "digitalocean.yaml"
- name: Include file list
ansible.builtin.include_vars: "digitalocean.yaml"
- name: Defined digitalocean-storage state to present
ansible.builtin.set_fact:
storage_digitalocean_state: present
when:
- storage_digitalocean|bool
- name: Defined digitalocean-storage state to present
ansible.builtin.set_fact:
storage_digitalocean_state: present
when:
- storage_digitalocean|bool
- name: find state of digitalocean-storage
ansible.builtin.set_fact:
storage_digitalocean_state: absent
when:
- not storage_digitalocean|bool
- name: find state of digitalocean-storage
ansible.builtin.set_fact:
storage_digitalocean_state: absent
when:
- not storage_digitalocean|bool
- name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }}
kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: Secret
metadata:
name: digitalocean
namespace: kube-system
type: Opaque
stringData:
access-token: "{{ digitalocean_token | default('token_missing') }}"
- name: Secret for DigitalOcean Access Key need to be {{ storage_digitalocean_state }}
kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: Secret
metadata:
name: digitalocean
namespace: kube-system
type: Opaque
stringData:
access-token: "{{ digitalocean_token | default('token_missing') }}"
- name: digitalocean-storage need to be {{ storage_digitalocean_state }}
kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}"
merge_type: merge
resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items:
- "{{ storage_digitalocean_files_list }}"
- name: digitalocean-storage need to be {{ storage_digitalocean_state }}
kubernetes.core.k8s:
state: "{{ storage_digitalocean_state }}"
context: "{{ my_context }}"
merge_type: merge
resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items:
- "{{ storage_digitalocean_files_list }}"

68
tasks/linode.yml
View file

@ -1,40 +1,40 @@
---
# https://github.com/linode/linode-blockstorage-csi-driver
- name: Include file list
ansible.builtin.include_vars: "linode.yaml"
- name: Include file list
ansible.builtin.include_vars: "linode.yaml"
- name: Defined linode-storage state to present
ansible.builtin.set_fact:
storage_linode_state: present
when:
- storage_linode|bool
- name: Defined linode-storage state to present
ansible.builtin.set_fact:
storage_linode_state: present
when:
- storage_linode|bool
- name: find state of linode-storage
ansible.builtin.set_fact:
storage_linode_state: absent
when:
- not storage_linode|bool
- name: find state of linode-storage
ansible.builtin.set_fact:
storage_linode_state: absent
when:
- not storage_linode|bool
- name: Add secret for Linode Access Key
kubernetes.core.k8s:
state: "{{ storage_linode_state }}"
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: Secret
metadata:
name: linode
namespace: kube-system
type: Opaque
stringData:
token: "{{ LINODE_TOKEN | default('token_missing') }}"
region: "{{ LINODE_REGION | default('token_missing') }}"
- name: Add secret for Linode Access Key
kubernetes.core.k8s:
state: "{{ storage_linode_state }}"
context: "{{ my_context }}"
definition:
apiVersion: v1
kind: Secret
metadata:
name: linode
namespace: kube-system
type: Opaque
stringData:
token: "{{ LINODE_TOKEN | default('token_missing') }}"
region: "{{ LINODE_REGION | default('token_missing') }}"
- name: linode-storage need to be {{ storage_linode_state }}
kubernetes.core.k8s:
state: "{{ storage_linode_state }}"
context: "{{ my_context }}"
merge_type: merge
resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items:
- "{{ storage_linode_files_list }}"
- name: linode-storage need to be {{ storage_linode_state }}
kubernetes.core.k8s:
state: "{{ storage_linode_state }}"
context: "{{ my_context }}"
merge_type: merge
resource_definition: "{{ lookup('file', item) | from_yaml }}"
with_items:
- "{{ storage_linode_files_list }}"

276
tasks/longhorn.yml
View file

@ -1,148 +1,148 @@
---
- name: longhorn need to be present
block:
- name: Defined longhorn repository
kubernetes.core.helm_repository:
name: longhorn
repo_url: "https://charts.longhorn.io"
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
chart_ref: longhorn/longhorn
chart_version: "{{ storage_longhorn.version }}"
create_namespace: true
release_namespace: "{{ storage_longhorn.namespace }}"
values:
persistence:
defaultClass: true
# defaultClassReplicaCount: 3
# reclaimPolicy: Delete
recurringJobSelector:
enable: true
jobList: '[
{
"name":"snapshot",
"isGroup":true,
},
{
"name":"backup-daily",
"isGroup":true,
}
]'
defaultSettings:
defaultDataPath: "/var/lib/longhorn/"
backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
allowRecurringJobWhileVolumeDetached: true
createDefaultDiskLabeledNodes: true
replicaSoftAntiAffinity: false
# defaultReplicaCount: 2
defaultDataLocality: best-effort
# defaultLonghornStaticStorageClass: longhorn
# disableSchedulingOnCordonedNode: false
replicaZoneSoftAntiAffinity: false
guaranteed-engine-manager-cpu: 6
guaranteed-replica-manager-cpu: 6
ingress:
enabled: true
host: "longhorn.{{ cluster_domain }}"
# tls: false
# tlsSecret: longhorn.local-tls
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt-prod
- name: longhorn need to be present
block:
- name: Defined longhorn repository
kubernetes.core.helm_repository:
name: longhorn
repo_url: "https://charts.longhorn.io"
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
chart_ref: longhorn/longhorn
chart_version: "{{ storage_longhorn.version }}"
create_namespace: true
release_namespace: "{{ storage_longhorn.namespace }}"
values:
persistence:
defaultClass: true
# defaultClassReplicaCount: 3
# reclaimPolicy: Delete
recurringJobSelector:
enable: true
jobList: '[
{
"name":"snapshot",
"isGroup":true,
},
{
"name":"backup-daily",
"isGroup":true,
}
]'
defaultSettings:
defaultDataPath: "/var/lib/longhorn/"
backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
allowRecurringJobWhileVolumeDetached: true
createDefaultDiskLabeledNodes: true
replicaSoftAntiAffinity: false
# defaultReplicaCount: 2
defaultDataLocality: best-effort
# defaultLonghornStaticStorageClass: longhorn
# disableSchedulingOnCordonedNode: false
replicaZoneSoftAntiAffinity: false
guaranteed-engine-manager-cpu: 6
guaranteed-replica-manager-cpu: 6
ingress:
enabled: true
host: "longhorn.{{ cluster_domain }}"
# tls: false
# tlsSecret: longhorn.local-tls
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt-prod
# {% if ingress_whitelist is defined %}
# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
# {% endif %}
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
# {% if basic_auth is defined %}
# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
# {% endif %}
# enablePSP: true
# enablePSP: true
- name: Configure Longhorn
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
kind: Setting
apiVersion: longhorn.io/v1beta1
metadata:
name: "{{ item.name }}"
namespace: "{{ storage_longhorn_namespace }}"
value: "{{ item.value }}"
with_items:
- {
name: "guaranteed-engine-manager-cpu",
value: "6"
}
- {
name: "guaranteed-replica-manager-cpu",
value: "6"
}
- {
name: "default-data-locality",
value: "best-effort"
}
- name: Configure Longhorn
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
definition:
kind: Setting
apiVersion: longhorn.io/v1beta1
metadata:
name: "{{ item.name }}"
namespace: "{{ storage_longhorn_namespace }}"
value: "{{ item.value }}"
with_items:
- {
name: "guaranteed-engine-manager-cpu",
value: "6"
}
- {
name: "guaranteed-replica-manager-cpu",
value: "6"
}
- {
name: "default-data-locality",
value: "best-effort"
}
- name: Install longhorn Recurring Jobs
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
with_items:
- {
name: "snapshot",
ansible.builtin.cron: "1 * * * *",
task: "snapshot",
retain: 25
}
- {
name: "backup-daily",
ansible.builtin.cron: "0 1 * * *",
task: "backup",
retain: 8
}
- name: Install longhorn Recurring Jobs
kubernetes.core.k8s:
state: present
context: "{{ my_context }}"
apply: true
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
with_items:
- {
name: "snapshot",
ansible.builtin.cron: "1 * * * *",
task: "snapshot",
retain: 25
}
- {
name: "backup-daily",
ansible.builtin.cron: "0 1 * * *",
task: "backup",
retain: 8
}
# - name: Install longhorn UI Ingress
# kubernetes.core.k8s:
# state: present
# context: "{{ my_context }}"
# apply: true
# namespace: "{{ storage_longhorn.namespace }}"
# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
# with_items:
# - "longhorn_ingressroute.yaml.j2"
when:
- storage_longhorn.enabled
tags:
- longhorn
- storage
# - name: Install longhorn UI Ingress
# kubernetes.core.k8s:
# state: present
# context: "{{ my_context }}"
# apply: true
# namespace: "{{ storage_longhorn.namespace }}"
# resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
# with_items:
# - "longhorn_ingressroute.yaml.j2"
when:
- storage_longhorn.enabled
tags:
- longhorn
- storage
- name: longhorn need to be absent
block:
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
state: absent
release_namespace: "{{ storage_longhorn.namespace }}"
- name: longhorn need to be absent
block:
- name: Deploy latest version of longhorn
kubernetes.core.helm:
context: "{{ my_context }}"
name: longhorn
state: absent
release_namespace: "{{ storage_longhorn.namespace }}"
- name: Remove Ingress for longhorn UI
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
with_items:
# - "longhorn_ingressroute.yaml.j2"
- "longhorn-namespace.yml.j2"
when:
- not storage_longhorn.enabled
tags:
- longhorn
- storage
- name: Remove Ingress for longhorn UI
kubernetes.core.k8s:
state: absent
context: "{{ my_context }}"
namespace: "{{ storage_longhorn.namespace }}"
resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
with_items:
# - "longhorn_ingressroute.yaml.j2"
- "longhorn-namespace.yml.j2"
when:
- not storage_longhorn.enabled
tags:
- longhorn
- storage

87
tasks/nfs.yml
View file

@ -1,51 +1,50 @@
---
- name: NFS client setup
block:
- name: NFS client setup
block:
# https://github.com/kubernetes-incubator/external-storage/blob/master/nfs/docs/deployment.md
# Ne pas oublier de "sudo chcon -Rt svirt_sandbox_file_t /srv" pour le stockage
# ou alors tourner le container en privileged
# https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md
- name: Defined NFS Provisioner repository
kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner
repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
- name: Defined NFS Provisioner repository
kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner
repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
- name: Deploy latest version of NFS Provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
state: "present"
name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
create_namespace: true
release_namespace: "{{ storage_nfs.namespace }}"
values:
nfs:
server: x.x.x.x
path: /exported/path
# podSecurityPolicy:
# enabled: true
# storageClass:
# name: nfs-client
# defaultClass: false
# provisionerName: ""
# accessModes: ReadWriteOnce
when:
- storage_nfs.enabled
tags:
- nfs
- storage
- name: Deploy latest version of NFS Provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
state: "present"
name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
create_namespace: true
release_namespace: "{{ storage_nfs.namespace }}"
values:
nfs:
server: x.x.x.x
path: /exported/path
# podSecurityPolicy:
# enabled: true
# storageClass:
# name: nfs-client
# defaultClass: false
# provisionerName: ""
# accessModes: ReadWriteOnce
when:
- storage_nfs.enabled
tags:
- nfs
- storage
- name: NFS client need to be absent
block:
- name: Uninstall nfs-subdir-external-provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
name: nfs-subdir-external-provisioner
release_state: absent
release_namespace: "{{ storage_nfs.namespace }}"
when:
- not storage_nfs.enabled
tags:
- nfs
- storage
- name: NFS client need to be absent
block:
- name: Uninstall nfs-subdir-external-provisioner
kubernetes.core.helm:
context: "{{ my_context }}"
name: nfs-subdir-external-provisioner
release_state: absent
release_namespace: "{{ storage_nfs.namespace }}"
when:
- not storage_nfs.enabled
tags:
- nfs
- storage