Big update af the role

2022-03-03 12:06:46 +01:00 · 2022-03-03 12:06:46 +01:00 · d97acb68b0
commit d97acb68b0
parent 10f4eb6ef0
14 changed files with 156 additions and 246 deletions
--- a/tasks/local-path.yml
+++ b/tasks/local-path.yml
@ -1,72 +1,51 @@
 ---
 - name: Local-path
  block:
-  - name: Include file list
-    include_vars: "local-path.yaml"
-
-  - name: Defined local-path-storage state to present
-    set_fact:
-      storage_localpath_state: present
-    when:
-      - storage_localpath|bool
-
-  - name: find state of local-path-storage
-    set_fact:
-      storage_localpath_state: absent
-    when:
-      - not storage_localpath|bool
-
-#  - name: namespace
-#    kubernetes.core.k8s:
-#      state: present
-#      context: "{{ my_context }}"
-#      merge_type: merge
-#      definition:
-#        api_version: v1
-#        kind: Namespace
-#        metadata:
-#          name: "{{ storage_localpath_namespace }}"
-#          labels:
-#            namespace: '{{ storage_localpath_namespace }}'
-#    when:
-#      - storage_localpath|bool
-#
-#  - name: local-path-storage need to be {{ storage_localpath_state }}
-#    kubernetes.core.k8s:
-#      state: "{{ storage_localpath_state }}"
-#      context: "{{ my_context }}"
-#      namespace: "{{ storage_localpath_namespace }}"
-#      apply: true
-#      resource_definition: "{{ lookup('file', 'local-path/' + item) | from_yaml }}"
-#    with_items:
-#      - "{{ storage_localpath_files_list }}"
-
 # https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart
-  - name: Downloal Local-path repository
+  - name: Install Local-path
    block:
    - name: Git clone stable repo on HEAD
      ansible.builtin.git:
        repo: "https://github.com/rancher/local-path-provisioner.git"
        dest: tmp/local-path-provisioner
-        version: "{{ storage_localpath_version }}"
+        version: "{{ storage_localpath.version }}"

    - name: Deploy local-path chart from local path
      kubernetes.core.helm:
-        state: "{{ storage_localpath_state }}"
+        state: "present"
        name: local-path-provisioner
        context: "{{ my_context }}"
        chart_ref: tmp/local-path-provisioner/deploy/chart
-        release_namespace: "{{ storage_localpath_namespace }}"
+        release_namespace: "{{ storage_localpath.namespace }}"
        create_namespace: true
        values:
-#          rbac:
-#            create: false
-#          serviceAccount:
-#            create: false
-#            name: local-path-provisioner
          nodePathMap:
            - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
-              paths: ["{{ storage_localpath_default_path }}"]
+              paths: ["{{ storage_localpath.default_path }}"]
+
+    when:
+      - storage_localpath.enabled
+
+  - name: Uninstall Local-path
+    block:
+    - name: Uninstall local-path
+      kubernetes.core.helm:
+        context: "{{ my_context }}"
+        name: local-path-provisioner
+        release_state: absent
+        release_namespace: "{{ storage_localpath.namespace }}"
+    - name: namespace
+      kubernetes.core.k8s:
+        state: absent
+        context: "{{ my_context }}"
+        namespace: "{{ storage_localpath.namespace }}"
+        resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}"
+      with_items:
+        - "local-path-namespace.yml.j2"
+
+    when:
+      - not storage_localpath.enabled
+
  tags:
    - storage
    - local-path
--- a/tasks/longhorn.yml
+++ b/tasks/longhorn.yml
@ -10,9 +10,9 @@
        context: "{{ my_context }}"
        name: longhorn
        chart_ref: longhorn/longhorn
-        chart_version: "{{ storage_longhorn_version }}"
+        chart_version: "{{ storage_longhorn.version }}"
        create_namespace: yes
-        release_namespace: "{{ storage_longhorn_namespace }}"
+        release_namespace: "{{ storage_longhorn.namespace }}"
        values:
 #          persistence:
 #            defaultClass: true
@ -62,19 +62,19 @@
 #              traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
 #              traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
 #{% endif %}
-          enablePSP: true
+#          enablePSP: true

    - name: Install longhorn UI Ingress
-      k8s:
+      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        apply: true
-        namespace: "{{ storage_longhorn_namespace }}"
+        namespace: "{{ storage_longhorn.namespace }}"
        resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
      with_items:
        - "longhorn_ingressroute.yaml.j2"
    when:
-      - storage_longhorn|bool
+      - storage_longhorn.enabled
    tags:
      - longhorn
      - storage
@ -85,23 +85,20 @@
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: longhorn
-        chart_ref: longhorn/longhorn
-#        chart_version: 1.2.0
-        release_state: absent
-        release_namespace: "{{ storage_longhorn_namespace }}"
-        create_namespace: true
+        state: absent
+        release_namespace: "{{ storage_longhorn.namespace }}"

    - name: Remove Ingress for longhorn UI
-      k8s:
+      kubernetes.core.k8s:
        state: absent
        context: "{{ my_context }}"
-        namespace: "{{ storage_longhorn_namespace }}"
+        namespace: "{{ storage_longhorn.namespace }}"
        resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
      with_items:
-        - "longhorn_ingressroute.yaml.j2"
+#        - "longhorn_ingressroute.yaml.j2"
        - "longhorn-namespace.yml.j2"
    when:
-      - not storage_longhorn|bool
+      - not storage_longhorn.enabled
    tags:
      - longhorn
      - storage
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -13,7 +13,7 @@
        volumeBindingMode: WaitForFirstConsumer
        allowVolumeExpansion: true
    when:
-      - storage_manual|bool
+      - storage_manual.enabled
    tags:
      - manual
      - storage
@ -52,11 +52,11 @@
        apiVersion: v1
        kind: StorageClass
        metadata:
-          name: "{{ storage_default_storageclass }}"
+          name: "{{ storage.default_storageclass }}"
          annotations:
            storageclass.kubernetes.io/is-default-class: "true"
    when:
-      - storage_default_storageclass is defined
+      - storage.default_storageclass is defined
    tags:
      - manual
      - local-path
@ -72,9 +72,9 @@
        apiVersion: v1
        kind: VolumeSnapshotClass
        metadata:
-          name: "{{ storage_default_storageclass }}"
+          name: "{{ storage.default_storageclass }}"
          annotations:
            snapshot.storage.kubernetes.io/is-default-class: "true"
    when:
-      - storage_default_storageclass is defined
-      - storage_default_storageclass == "do-block-storage"
+      - storage.default_storageclass is defined
+      - storage.default_storageclass == "do-block-storage"
--- a/tasks/nfs.yml
+++ b/tasks/nfs.yml
@ -1,43 +1,51 @@
 ---
+  - name: NFS client setup
+    block:
 # https://github.com/kubernetes-incubator/external-storage/blob/master/nfs/docs/deployment.md
 # Ne pas oublier de "sudo chcon -Rt svirt_sandbox_file_t /srv" pour le stockage
 # ou alors tourner le container en privileged
-  - name: Defined nfs-provisioner state to present
-    check_mode: false
-    set_fact:
-      storage_nfs_state: present
-    when:
-      - storage_nfs|bool
-
-  - name: find state of nfs-provisioner
-    check_mode: false
-    set_fact:
-      storage_nfs_state: absent
-    when:
-      - not storage_nfs|bool

 # https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md
-  - name: Defined NFS Provisioner repository
-    kubernetes.core.helm_repository:
-      name: nfs-subdir-external-provisioner
-      repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
+    - name: Defined NFS Provisioner repository
+      kubernetes.core.helm_repository:
+        name: nfs-subdir-external-provisioner
+        repo_url: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"

-  - name: Deploy latest version of NFS Provisioner
-    kubernetes.core.helm:
-      context: "{{ my_context }}"
-      state: "{{ storage_nfs_state }}"
-      name: nfs-subdir-external-provisioner
-      chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
-      create_namespace: yes
-      release_namespace: "{{ storage_nfs_namespace }}"
-      values:
-        nfs:
-          server: x.x.x.x
-          path: /exported/path
-        podSecurityPolicy:
-          enabled: true
-#        storageClass:
-#          name: nfs-client
-#          defaultClass: false
-#          provisionerName: ""
-#          accessModes: ReadWriteOnce
+    - name: Deploy latest version of NFS Provisioner
+      kubernetes.core.helm:
+        context: "{{ my_context }}"
+        state: "present"
+        name: nfs-subdir-external-provisioner
+        chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
+        create_namespace: yes
+        release_namespace: "{{ storage_nfs.namespace }}"
+        values:
+          nfs:
+            server: x.x.x.x
+            path: /exported/path
+#          podSecurityPolicy:
+#            enabled: true
+#          storageClass:
+#            name: nfs-client
+#            defaultClass: false
+#            provisionerName: ""
+#            accessModes: ReadWriteOnce
+    when:
+      - storage_nfs.enabled
+    tags:
+      - nfs
+      - storage
+
+  - name: NFS client need to be absent
+    block:
+    - name: Uninstall nfs-subdir-external-provisioner
+      kubernetes.core.helm:
+        context: "{{ my_context }}"
+        name: nfs-subdir-external-provisioner
+        release_state: absent
+        release_namespace: "{{ storage_nfs.namespace }}"
+    when:
+      - not storage_nfs.enabled
+    tags:
+      - nfs
+      - storage
--- a/tasks/secrets-store.yml
+++ b/tasks/secrets-store.yml
@ -1,18 +1,6 @@
 ---
- name: Secrets Store
+- name: Install Secrets Store
  block:
-  - name: Defined secrets-storage state to present
-    set_fact:
-      storage_secrets_store_state: present
-    when:
-      - storage_secrets_store|bool
-
-  - name: find state of secrets-storage
-    set_fact:
-      storage_secrets_store_state: absent
-    when:
-      - not storage_secrets_store|bool
-
 # https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver
  - name: Defined Secrets Store repository
    kubernetes.core.helm_repository:
@ -22,16 +10,15 @@
  - name: Deploy Secrets Store chart
    kubernetes.core.helm:
      context: "{{ my_context }}"
-      state: "{{ storage_secrets_store_state }}"
      name: csi-secrets-store
-      namespace: "kube-system"
-      chart_version: "{{ storage_secrets_store_version }}"
+      release_namespace: "kube-system"
+      chart_version: "{{ storage_secrets_store.version }}"
      chart_ref: secrets-store-csi-driver/secrets-store-csi-driver

  # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
  - name: Deploy Secrets Store CSI driver provider gopass
    kubernetes.core.k8s:
-      state: "{{ storage_secrets_store_state }}"
+      state: "present"
      context: "{{ my_context }}"
      namespace: "kube-system"
      apply: true
@ -45,16 +32,43 @@
  - name: Deploy Secrets Store chart
    kubernetes.core.helm:
      context: "{{ my_context }}"
-      state: "{{ storage_secrets_store_state }}"
      name: csi-secrets-store-provider-azure
-      namespace: "kube-system"
+      release_namespace: "kube-system"
+      chart_version: "{{ storage_secrets_store_azure.version }}"
      chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
      values:
        secrets-store-csi-driver:
          install: false
-
+  when:
+    - storage_secrets_store.enabled
  tags:
    - storage
    - secrets-store

 # https://github.com/hashicorp/vault-csi-provider
+
+- name: Secret Store need to be absent
+  block:
+  - name: Uninstall Secrets Store
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      name: "{{ item }}"
+      state: absent
+      release_namespace: "kube-system"
+    with_items:
+      - "csi-secrets-store"
+      - "csi-secrets-store-provider-azure"
+  - name: Remove Ingress for longhorn UI
+    kubernetes.core.k8s:
+      state: absent
+      context: "{{ my_context }}"
+      namespace: "kube-system"
+      resource_definition: "{{ lookup('file', item) | from_yaml }}"
+    with_items:
+      - "secrets-provider-gopass/provider-gopass-installer.yaml"
+
+  when:
+    - not storage_secrets_store.enabled
+  tags:
+    - secrets-store
+    - storage