chore: remove obsolete Ansible config

k8s/configure_cluster.yaml

@@ -5,6 +5,6 @@
     # - role: coder
     # - role: prometheus
     # - role: postgres
-    # - role: hcloud
+    - role: hcloud
     # - role: fider
-    - role: nextcloud
+    # - role: nextcloud

k8s/roles/download/tasks/main.yml

@@ -1,9 +0,0 @@
----
-- name: Download k3s binary
-  ansible.builtin.get_url:
-    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
-    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
-    dest: /usr/local/bin/k3s
-    owner: root
-    group: root
-    mode: 0755

k8s/roles/hcloud/tasks/main.yml

@@ -1,35 +0,0 @@
----
-- name: Create Hcloud token secret
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: hcloud
-        namespace: kube-system
-      data:
-        token: "{{ HcloudToken | b64encode }}"
-        network: "{{ 'k8s-net' | b64encode }}"
-
-- name: Add Hcloud chart repo
-  kubernetes.core.helm_repository:
-    name: hcloud
-    repo_url: https://charts.hetzner.cloud
-
-- name: Deploy cloud-controller-manager
-  kubernetes.core.helm:
-    name: hccm
-    chart_ref: hcloud/hcloud-cloud-controller-manager
-    release_namespace: kube-system
-    chart_version: "1.19.0"
-    release_values: "{{ lookup('template', 'values.hccm.yml.j2') | from_yaml }}"
-
-- name: Deploy hcloud CSI driver
-  kubernetes.core.helm:
-    name: hcloud-csi-driver
-    chart_ref: hcloud/hcloud-csi
-    release_namespace: kube-system
-    chart_version: "2.6.0"
-    release_values: "{{ lookup('template', 'values.csi.yml.j2') | from_yaml }}"
-

k8s/roles/hcloud/templates/values.csi.yml.j2

@@ -1,10 +0,0 @@
-controller:
-  hcloudToken:
-    existingSecret:
-      name: hcloud
-      key: token
-
-metrics:
-  enabled: true
-  serviceMonitor:
-    enabled: true

k8s/roles/hcloud/templates/values.hccm.yml.j2

@@ -1,13 +0,0 @@
-monitoring:
-  podMonitor:
-    enabled: true
-
-networking:
-  enabled: true
-  clusterCIDR: 10.42.0.0/24
-
-env:
-  HCLOUD_LOAD_BALANCERS_USE_PRIVATE_IP:
-    value: "true"
-  HCLOUD_LOAD_BALANCERS_LOCATION:
-    value: "hel1"

k8s/roles/postgres/files/values.postgres15.yaml

@@ -1,7 +0,0 @@
-auth:
-  existingSecret: postgres-credentials
-
-primary:
-  persistence:
-    storageClass: hcloud-volumes
-    size: 8Gi

k8s/roles/postgres/tasks/main.yml

@@ -1,36 +0,0 @@
----
-- name: Create postgres namespace
-  kubernetes.core.k8s:
-    name: postgres
-    api_version: v1
-    kind: Namespace
-    state: present
-    definition:
-      metadata:
-        labels:
-          prometheus: default
-
-- name: Create Postgres secret
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: postgres-credentials
-        namespace: postgres
-      data:
-        postgres-password: "{{ PostgresPassword | b64encode }}"
-
-- name: Add Bitnami chart repo
-  kubernetes.core.helm_repository:
-    name: bitnami
-    repo_url: https://charts.bitnami.com/bitnami
-
-- name: Deploy Postgres 15
-  kubernetes.core.helm:
-    name: postgres-15
-    chart_ref: bitnami/postgresql
-    release_namespace: postgres
-    chart_version: "12.6.4"
-    release_values: "{{ lookup('ansible.builtin.file', 'values.postgres15.yaml') | from_yaml }}"

k8s/roles/prereq/tasks/main.yml

@@ -1,16 +0,0 @@
----
-- name: Enable IPv4 forwarding
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    state: present
-    reload: yes
-
-- name: Enable IPv6 forwarding
-  sysctl:
-    name: net.ipv6.conf.all.forwarding
-    value: "1"
-    state: present
-    reload: yes
-  when: ansible_all_ipv6_addresses
-

k8s/roles/prometheus/tasks/main.yaml

@@ -1,51 +0,0 @@
----
-- name: Add Prometheus chart repo
-  kubernetes.core.helm_repository:
-    name: prometheus-community
-    repo_url: https://prometheus-community.github.io/helm-charts
-
-- name: Create observability namespace
-  kubernetes.core.k8s:
-    name: observability-system
-    api_version: v1
-    kind: Namespace
-    state: present
-    definition:
-      metadata:
-        labels:
-          prometheus: default
-
-- name: Create Grafana admin credentials secret
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: grafana-admin-credentials
-        namespace: observability-system
-      data:
-        user: "{{ grafana.admin.user | b64encode }}"
-        password: "{{ grafana.admin.password | b64encode }}"
-
-# - name: Update Prometheus operator CRDs
-#   kubernetes.core.k8s:
-#     state: present
-#     definition: "{{ lookup('ansible.builtin.url', item, split_lines=False) | from_yaml }}"
-#   loop:
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
-#   - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
-
-- name: Deploy Prometheus chart
-  kubernetes.core.helm:
-    name: prometheus
-    chart_ref: prometheus-community/kube-prometheus-stack
-    release_namespace: observability-system
-    chart_version: 47.3.0
-    update_repo_cache: true
-    release_values: "{{ lookup('ansible.builtin.template', 'values.yaml.j2') | from_yaml }}"

k8s/roles/prometheus/templates/values.yaml.j2

@@ -1,127 +0,0 @@
-commonLabels:
-  prometheus: default
-
-admin:
-  existingSecret: grafana-admin-credentials
-  userKey: user
-  passwordKey: password
-
-defaultRules:
-  rules:
-    etcd: false
-
-prometheus:
-  prometheusSpec:
-    retention: 7d
-    serviceMonitorNamespaceSelector:
-      matchLabels:
-        prometheus: default
-    serviceMonitorSelector:
-      matchLabels:
-        prometheus: default
-    ruleSelector:
-      matchLabels:
-        prometheus: default
-    ruleNamespaceSelector:
-      matchLabels:
-        prometheus: default
-    podMonitorSelector:
-      matchLabels:
-        prometheus: default
-    podMonitorNamespaceSelector:
-      matchLabels:
-        prometheus: default
-    resources:
-      requests:
-        memory: 3Gi
-        cpu: 500m
-      limits:
-        memory: 4Gi
-        cpu:  800m
-    storageSpec:
-      volumeClaimTemplate:
-        spec:
-          storageClassName: hcloud-volumes
-          resources:
-            requests:
-              storage: 15Gi
-
-alertmanager:
-  enabled: false
-
-kubeEtcd:
-  enabled: false
-
-kubeControllerManager:
-  enabled: true
-  endpoints: ['{{ master_ip }}']
-  service:
-    enabled: true
-    port: 10257
-    targetPort: 10257
-  serviceMonitor:
-    enabled: true
-    https: true
-
-kubeScheduler:
-  enabled: true
-  endpoints: ['{{ master_ip }}']
-  service:
-    enabled: true
-    port: 10259
-    targetPort: 10259
-  serviceMonitor:
-    enabled: true
-    https: true
-
-kubeProxy:
-  enabled: true
-  endpoints: ['{{ master_ip }}']
-  service:
-    enabled: true
-    port: 10249
-    targetPort: 10249
-
-grafana:
-  ingress:
-    enabled: true
-    hosts:
-      - grafana.icb4dc0.de
-  grafana.ini:
-    server:
-      domain: grafana.icb4dc0.de
-      root_url: "https://%(domain)s"
-    database:
-      type: postgres
-      host: default-cluster-primary.postgres.svc:5432
-      name: grafana
-      user: "{{ grafana.db.user }}"
-      password: "{{ grafana.db.password }}"
-      ssl_mode: require
-    auth:
-      disable_login_form: true
-    auth.generic_oauth:
-        name: Gitea
-        icon: signin
-        enabled: "true"
-        client_id: {{ grafana.auth.clientId }}
-        client_secret: {{ grafana.auth.clientSecret }}
-        empty_scopes: true
-        auth_url: https://code.icb4dc0.de/login/oauth/authorize
-        token_url: https://code.icb4dc0.de/login/oauth/access_token
-        api_url: https://code.icb4dc0.de/login/oauth/userinfo
-  persistence:
-    enabled: false
-    storageClassName: hcloud-volumes
-
-prometheus-node-exporter:
-  prometheus:
-    monitor:
-      additionalLabels:
-        prometheus: default
-
-kube-state-metrics:
-  prometheus:
-    monitor:
-      additionalLabels:
-        prometheus: default