feat: add skooner, upgrade a few things

2023-07-19 18:55:17 +00:00 · 2023-07-19 18:55:17 +00:00 · 831a85436f
commit 831a85436f
parent 62b5b303a9
12 changed files with 112 additions and 18 deletions
--- a/k8s/configure_cluster.yaml
+++ b/k8s/configure_cluster.yaml
@ -1,14 +1,15 @@
 - name: Configure cluster
  hosts: localhost
  roles:
-    - role: cifs-csi
-    - role: coder
-    - role: codimd
-    - role: prometheus
-    - role: postgres
+    # - role: cifs-csi
+    # - role: skooner
+    # - role: coder
+    # - role: codimd
+    # - role: prometheus
+    # - role: postgres
    - role: hcloud
-    - role: minio
-    - role: gitea
-    - role: drone
-    - role: fider
-    - role: nextcloud
+    # - role: minio
+    # - role: gitea
+    # - role: drone
+    # - role: fider
+    # - role: nextcloud
--- a/k8s/roles/coder/templates/values.coder.yml.j2
+++ b/k8s/roles/coder/templates/values.coder.yml.j2
@ -51,4 +51,7 @@ coder:
      valueFrom:
        secretKeyRef:
          name: coder-secrets
-          key: OIDC_CLIENT_SECRET
+          key: OIDC_CLIENT_SECRET
+
+service:
+  type: ClusterIP
--- a/k8s/roles/drone/tasks/main.yml
+++ b/k8s/roles/drone/tasks/main.yml
@ -80,7 +80,7 @@
          kubernetes.io/service-account.name: drone-deploy
      type: kubernetes.io/service-account-token

- name: Create Drone service account
+- name: Create Drone deployment cluster role
  kubernetes.core.k8s:
    state: present
    definition:
@ -129,7 +129,7 @@
        verbs: ["*"]


- name: Create Drone service account
+- name: Create Drone deploy role bindings
  kubernetes.core.k8s:
    state: present
    definition:
--- a/k8s/roles/hcloud/tasks/main.yml
+++ b/k8s/roles/hcloud/tasks/main.yml
@ -18,11 +18,18 @@
    definition: "{{ item }}"
  loop: "{{ lookup('ansible.builtin.template', 'hcloud-csi.yml.j2') | ansible.builtin.from_yaml_all | list }}"

+- name: Add Hcloud chart repo
+  kubernetes.core.helm_repository:
+    name: hcloud
+    repo_url: https://charts.hetzner.cloud
+
 - name: Deploy cloud-controller-manager
-  kubernetes.core.k8s:
-    state: present
-    definition: "{{ item }}"
-  loop: "{{ lookup('ansible.builtin.template', 'cloud-controller-manager.yml.j2') | ansible.builtin.from_yaml_all | list }}"
+  kubernetes.core.helm:
+    name: hccm
+    chart_ref: hcloud/hcloud-cloud-controller-manager
+    release_namespace: kube-system
+    chart_version: "1.17.0"
+    release_values: "{{ lookup('template', 'values.hccm.yml.j2') | from_yaml }}"

 - name: Create CSI controller PodMonitor
  kubernetes.core.k8s:
--- a/k8s/roles/hcloud/templates/values.hccm.yml.j2
+++ b/k8s/roles/hcloud/templates/values.hccm.yml.j2
@ -0,0 +1,3 @@
+monitoring:
+  podMonitor:
+    enabled: true
--- a/k8s/roles/postgres/tasks/main.yml
+++ b/k8s/roles/postgres/tasks/main.yml
@ -32,5 +32,5 @@
    name: postgres-15
    chart_ref: bitnami/postgresql
    release_namespace: postgres
-    chart_version: 12.6.4
+    chart_version: "12.6.4"
    release_values: "{{ lookup('ansible.builtin.file', 'values.postgres15.yaml') | from_yaml }}"
--- a/k8s/roles/skooner/files/kustomization.yaml
+++ b/k8s/roles/skooner/files/kustomization.yaml
@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+commonLabels:
+  app.kubernetes.io/instance: icb4dc0de
+  app.kubernetes.io/managed-by: kustomize
+
+resources:
+  - "resources/deployment.yaml"
+  - "resources/service.yaml"
+  - "resources/rbac/service_account.yaml"
+  - "resources/rbac/sa_token_secret.yaml"
--- a/k8s/roles/skooner/files/resources/deployment.yaml
+++ b/k8s/roles/skooner/files/resources/deployment.yaml
@ -0,0 +1,37 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: skooner
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: skooner
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: skooner
+    spec:
+      containers:
+        - name: skooner
+          image: ghcr.io/skooner-k8s/skooner:stable
+          ports:
+          - containerPort: 4654
+          livenessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /
+              port: 4654
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+          resources:
+            requests:
+              cpu: 50m
+              memory: 50Mi
+            limits:
+              cpu: 100m
+              memory: 150Mi
+      nodeSelector:
+        kubernetes.io/arch: amd64
--- a/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml
+++ b/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prskr-token
+  annotations:
+    kubernetes.io/service-account.name: prskr
+type: kubernetes.io/service-account-token
--- a/k8s/roles/skooner/files/resources/rbac/service_account.yaml
+++ b/k8s/roles/skooner/files/resources/rbac/service_account.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prskr
--- a/k8s/roles/skooner/files/resources/service.yaml
+++ b/k8s/roles/skooner/files/resources/service.yaml
@ -0,0 +1,12 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: skooner
+  namespace: kube-system
+spec:
+  ports:
+    - port: 8000
+      targetPort: 4654
+  selector:
+    app.kubernetes.io/name: skooner
--- a/k8s/roles/skooner/tasks/main.yml
+++ b/k8s/roles/skooner/tasks/main.yml
@ -0,0 +1,4 @@
+---
+- name: Deploy Skooner kustomization
+  k8s:
+    definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"