From 831a85436f6a82d6ff173c11fb986a8b50afd899 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Wed, 19 Jul 2023 18:55:17 +0000 Subject: [PATCH] feat: add skooner, upgrade a few things --- k8s/configure_cluster.yaml | 21 ++++++----- k8s/roles/coder/templates/values.coder.yml.j2 | 5 ++- k8s/roles/drone/tasks/main.yml | 4 +- k8s/roles/hcloud/tasks/main.yml | 15 ++++++-- k8s/roles/hcloud/templates/values.hccm.yml.j2 | 3 ++ k8s/roles/postgres/tasks/main.yml | 2 +- k8s/roles/skooner/files/kustomization.yaml | 14 +++++++ .../skooner/files/resources/deployment.yaml | 37 +++++++++++++++++++ .../files/resources/rbac/sa_token_secret.yaml | 8 ++++ .../files/resources/rbac/service_account.yaml | 5 +++ .../skooner/files/resources/service.yaml | 12 ++++++ k8s/roles/skooner/tasks/main.yml | 4 ++ 12 files changed, 112 insertions(+), 18 deletions(-) create mode 100644 k8s/roles/hcloud/templates/values.hccm.yml.j2 create mode 100644 k8s/roles/skooner/files/kustomization.yaml create mode 100644 k8s/roles/skooner/files/resources/deployment.yaml create mode 100644 k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml create mode 100644 k8s/roles/skooner/files/resources/rbac/service_account.yaml create mode 100644 k8s/roles/skooner/files/resources/service.yaml create mode 100644 k8s/roles/skooner/tasks/main.yml diff --git a/k8s/configure_cluster.yaml b/k8s/configure_cluster.yaml index 3abe031..7b57275 100644 --- a/k8s/configure_cluster.yaml +++ b/k8s/configure_cluster.yaml @@ -1,14 +1,15 @@ - name: Configure cluster hosts: localhost roles: - - role: cifs-csi - - role: coder - - role: codimd - - role: prometheus - - role: postgres + # - role: cifs-csi + # - role: skooner + # - role: coder + # - role: codimd + # - role: prometheus + # - role: postgres - role: hcloud - - role: minio - - role: gitea - - role: drone - - role: fider - - role: nextcloud + # - role: minio + # - role: gitea + # - role: drone + # - role: fider + # - role: nextcloud diff --git a/k8s/roles/coder/templates/values.coder.yml.j2 b/k8s/roles/coder/templates/values.coder.yml.j2 index bb4096f..5c64922 100644 --- a/k8s/roles/coder/templates/values.coder.yml.j2 +++ b/k8s/roles/coder/templates/values.coder.yml.j2 @@ -51,4 +51,7 @@ coder: valueFrom: secretKeyRef: name: coder-secrets - key: OIDC_CLIENT_SECRET \ No newline at end of file + key: OIDC_CLIENT_SECRET + +service: + type: ClusterIP \ No newline at end of file diff --git a/k8s/roles/drone/tasks/main.yml b/k8s/roles/drone/tasks/main.yml index fdcee18..2bd2ffc 100644 --- a/k8s/roles/drone/tasks/main.yml +++ b/k8s/roles/drone/tasks/main.yml @@ -80,7 +80,7 @@ kubernetes.io/service-account.name: drone-deploy type: kubernetes.io/service-account-token -- name: Create Drone service account +- name: Create Drone deployment cluster role kubernetes.core.k8s: state: present definition: @@ -129,7 +129,7 @@ verbs: ["*"] -- name: Create Drone service account +- name: Create Drone deploy role bindings kubernetes.core.k8s: state: present definition: diff --git a/k8s/roles/hcloud/tasks/main.yml b/k8s/roles/hcloud/tasks/main.yml index 8a625d9..03eda35 100644 --- a/k8s/roles/hcloud/tasks/main.yml +++ b/k8s/roles/hcloud/tasks/main.yml @@ -18,11 +18,18 @@ definition: "{{ item }}" loop: "{{ lookup('ansible.builtin.template', 'hcloud-csi.yml.j2') | ansible.builtin.from_yaml_all | list }}" +- name: Add Hcloud chart repo + kubernetes.core.helm_repository: + name: hcloud + repo_url: https://charts.hetzner.cloud + - name: Deploy cloud-controller-manager - kubernetes.core.k8s: - state: present - definition: "{{ item }}" - loop: "{{ lookup('ansible.builtin.template', 'cloud-controller-manager.yml.j2') | ansible.builtin.from_yaml_all | list }}" + kubernetes.core.helm: + name: hccm + chart_ref: hcloud/hcloud-cloud-controller-manager + release_namespace: kube-system + chart_version: "1.17.0" + release_values: "{{ lookup('template', 'values.hccm.yml.j2') | from_yaml }}" - name: Create CSI controller PodMonitor kubernetes.core.k8s: diff --git a/k8s/roles/hcloud/templates/values.hccm.yml.j2 b/k8s/roles/hcloud/templates/values.hccm.yml.j2 new file mode 100644 index 0000000..8040477 --- /dev/null +++ b/k8s/roles/hcloud/templates/values.hccm.yml.j2 @@ -0,0 +1,3 @@ +monitoring: + podMonitor: + enabled: true \ No newline at end of file diff --git a/k8s/roles/postgres/tasks/main.yml b/k8s/roles/postgres/tasks/main.yml index 519d567..ee34893 100644 --- a/k8s/roles/postgres/tasks/main.yml +++ b/k8s/roles/postgres/tasks/main.yml @@ -32,5 +32,5 @@ name: postgres-15 chart_ref: bitnami/postgresql release_namespace: postgres - chart_version: 12.6.4 + chart_version: "12.6.4" release_values: "{{ lookup('ansible.builtin.file', 'values.postgres15.yaml') | from_yaml }}" \ No newline at end of file diff --git a/k8s/roles/skooner/files/kustomization.yaml b/k8s/roles/skooner/files/kustomization.yaml new file mode 100644 index 0000000..b2b9df6 --- /dev/null +++ b/k8s/roles/skooner/files/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kube-system + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +resources: + - "resources/deployment.yaml" + - "resources/service.yaml" + - "resources/rbac/service_account.yaml" + - "resources/rbac/sa_token_secret.yaml" \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/deployment.yaml b/k8s/roles/skooner/files/resources/deployment.yaml new file mode 100644 index 0000000..d7e15b8 --- /dev/null +++ b/k8s/roles/skooner/files/resources/deployment.yaml @@ -0,0 +1,37 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: skooner + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: skooner + template: + metadata: + labels: + app.kubernetes.io/name: skooner + spec: + containers: + - name: skooner + image: ghcr.io/skooner-k8s/skooner:stable + ports: + - containerPort: 4654 + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 4654 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 100m + memory: 150Mi + nodeSelector: + kubernetes.io/arch: amd64 \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml b/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml new file mode 100644 index 0000000..84147f2 --- /dev/null +++ b/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: prskr-token + annotations: + kubernetes.io/service-account.name: prskr +type: kubernetes.io/service-account-token \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/rbac/service_account.yaml b/k8s/roles/skooner/files/resources/rbac/service_account.yaml new file mode 100644 index 0000000..5dc5dbc --- /dev/null +++ b/k8s/roles/skooner/files/resources/rbac/service_account.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prskr \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/service.yaml b/k8s/roles/skooner/files/resources/service.yaml new file mode 100644 index 0000000..3fc032b --- /dev/null +++ b/k8s/roles/skooner/files/resources/service.yaml @@ -0,0 +1,12 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: skooner + namespace: kube-system +spec: + ports: + - port: 8000 + targetPort: 4654 + selector: + app.kubernetes.io/name: skooner diff --git a/k8s/roles/skooner/tasks/main.yml b/k8s/roles/skooner/tasks/main.yml new file mode 100644 index 0000000..0ef061d --- /dev/null +++ b/k8s/roles/skooner/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Deploy Skooner kustomization + k8s: + definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" \ No newline at end of file