107 lines
No EOL
3.1 KiB
YAML
107 lines
No EOL
3.1 KiB
YAML
---
|
|
- name: Create Concourse namespace
|
|
kubernetes.core.k8s:
|
|
name: concourse
|
|
api_version: v1
|
|
kind: Namespace
|
|
state: present
|
|
definition:
|
|
metadata:
|
|
labels:
|
|
prometheus: default
|
|
|
|
- name: Add Concourse chart repo
|
|
kubernetes.core.helm_repository:
|
|
name: concourse
|
|
repo_url: https://concourse-charts.storage.googleapis.com/
|
|
|
|
- name: Create Concourse worker secret
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: concourse-worker
|
|
namespace: concourse
|
|
data:
|
|
host-key-pub: "{{ concourse.worker.hostKeyPub | b64encode}}"
|
|
worker-key: "{{ concourse.worker.workerKey | b64encode}}"
|
|
worker-key-pub: "{{ concourse.worker.workerKeyPub | b64encode}}"
|
|
|
|
- name: Create Concourse web secret
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: concourse-web
|
|
namespace: concourse
|
|
data:
|
|
worker-key-pub: "{{ concourse.worker.workerKeyPub | b64encode}}"
|
|
host-key: "{{ concourse.web.hostKey | b64encode}}"
|
|
session-signing-key: "{{ concourse.web.sessionSigningKey | b64encode}}"
|
|
postgresql-user: "{{ concourse.db.user | b64encode}}"
|
|
postgresql-password: "{{ concourse.db.password | b64encode}}"
|
|
encryption-key: "{{ concourse.encryptionKey | b64encode}}"
|
|
oidc-client-id: "{{ concourse.auth.clientId | b64encode }}"
|
|
oidc-client-secret: "{{ concourse.auth.clientSecret | b64encode }}"
|
|
local-users: "{{ ('concourse:%s' % concourse.local.password) | b64encode }}"
|
|
|
|
- name: Deploy Concourse chart
|
|
kubernetes.core.helm:
|
|
name: concourse
|
|
chart_ref: concourse/concourse
|
|
release_namespace: concourse
|
|
chart_version: 17.1.0
|
|
update_repo_cache: true
|
|
release_values: "{{ lookup('template', 'values.concourse.yml.j2') | from_yaml }}"
|
|
|
|
- name: Create concourse RBAC resources
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', 'rbac/deploy-role.yml.j2') | from_yaml }}"
|
|
|
|
- name: Bind service account for deployment
|
|
kubernetes.core.k8s:
|
|
name: "{{ item }}"
|
|
namespace: "{{ item }}"
|
|
definition: "{{ lookup('template', 'rbac/deploy-rolebinding.yml.j2') | from_yaml }}"
|
|
state: present
|
|
loop:
|
|
- concourse-main
|
|
- concourse-inetmock
|
|
- blog
|
|
- inetmock
|
|
|
|
- name: Create Gitea team credentials
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: gitea-credentials
|
|
namespace: "concourse-{{ item }}"
|
|
data:
|
|
user: "{{ concourse.gitea.user | b64encode}}"
|
|
token: "{{ concourse.gitea.token | b64encode}}"
|
|
loop:
|
|
- main
|
|
- inetmock
|
|
|
|
- name: Create Github team credentials
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: github-credentials
|
|
namespace: "concourse-{{ item }}"
|
|
data:
|
|
token: "{{ github.token | b64encode}}"
|
|
loop:
|
|
- main
|
|
- inetmock |