Add tasks to deploy k8s to hosts
This commit is contained in:
parent
9e404d7299
commit
f40ca9ac83
@ -4,6 +4,10 @@
|
|||||||
- name: Setup k8s
|
- name: Setup k8s
|
||||||
hosts: "{{ target_host }}"
|
hosts: "{{ target_host }}"
|
||||||
|
|
||||||
|
environment:
|
||||||
|
PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/.local/bin"
|
||||||
|
VAULT_KEY: "{{ vault_passphrase }}"
|
||||||
|
|
||||||
vars_files:
|
vars_files:
|
||||||
- k8s-vars.yml
|
- k8s-vars.yml
|
||||||
- dns-vars.yml
|
- dns-vars.yml
|
||||||
@ -107,9 +111,61 @@
|
|||||||
- name: Copy wildcard-pwa-example.yml.j2 to the remote VM
|
- name: Copy wildcard-pwa-example.yml.j2 to the remote VM
|
||||||
template:
|
template:
|
||||||
src: ./templates/wildcard-pwa-example.yml.j2
|
src: ./templates/wildcard-pwa-example.yml.j2
|
||||||
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yml"
|
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{dns_domain}}.yaml"
|
||||||
|
|
||||||
- name: Delete old wildcard-pwa file
|
- name: Delete old wildcard-pwa file
|
||||||
file:
|
file:
|
||||||
path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml"
|
path: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-laconic.yaml"
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
|
- name: Install required ansible roles
|
||||||
|
shell: ansible-galaxy install -f -p roles -r roles/requirements.yml
|
||||||
|
args:
|
||||||
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||||
|
|
||||||
|
- name: Install Kubernetes helper tools
|
||||||
|
shell: ./roles/k8s/files/scripts/get-kube-tools.sh
|
||||||
|
args:
|
||||||
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Update group_vars/all/vault.yml with support email using template
|
||||||
|
template:
|
||||||
|
src: ./templates/vault.yml.j2
|
||||||
|
dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/all/vault.yml"
|
||||||
|
|
||||||
|
- name: Base64 encode DigitalOcean token
|
||||||
|
set_fact:
|
||||||
|
b64_encoded_token: "{{ do_api_token | b64encode }}"
|
||||||
|
|
||||||
|
- name: Update secret-digitalocean-dns.yaml with encoded token
|
||||||
|
template:
|
||||||
|
src: ./templates/secret-digitalocean-dns.yml.j2
|
||||||
|
dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/secret-digitalocean-dns.yaml"
|
||||||
|
vars:
|
||||||
|
b64_encoded_token: "{{ b64_encoded_token }}"
|
||||||
|
|
||||||
|
- name: Remove k8s-vault.yml file
|
||||||
|
file:
|
||||||
|
path: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Generate token for the cluster
|
||||||
|
command: ./roles/k8s/files/scripts/token-vault.sh ./group_vars/{{ org_id }}_{{ location_id }}/k8s-vault.yml
|
||||||
|
args:
|
||||||
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||||
|
|
||||||
|
- name: Configure firewalld and nginx
|
||||||
|
command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
|
||||||
|
args:
|
||||||
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||||
|
|
||||||
|
- name: Install Stack Orchestrator
|
||||||
|
command: ansible-playbook -i hosts site.yml --tags=so --limit=so
|
||||||
|
args:
|
||||||
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||||
|
|
||||||
|
- name: Deploy Kubernetes
|
||||||
|
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }}
|
||||||
|
args:
|
||||||
|
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||||
|
@ -5,8 +5,8 @@
|
|||||||
[so]
|
[so]
|
||||||
{{ org_id }}-daemon
|
{{ org_id }}-daemon
|
||||||
|
|
||||||
[{{ org_id }}-{{ location_id }}]
|
[{{ org_id }}_{{ location_id }}]
|
||||||
{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }}
|
{{ org_id }}-{{ location_id }}-cluster-control k8s_node_type=bootstrap k8s_pod_limit=1024 k8s_external_ip={{ cluster_control_ip }}
|
||||||
|
|
||||||
[k8s:children]
|
[k8s:children]
|
||||||
{{ org_id }}-{{ location_id }}
|
{{ org_id }}_{{ location_id }}
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: cert-manager
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
access-token: {{ b64_encoded_token }}
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: digitalocean-dns
|
||||||
|
namespace: cert-manager
|
2
service-provider-setup/templates/vault.yml.j2
Normal file
2
service-provider-setup/templates/vault.yml.j2
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
support_email: {{ support_email }}
|
Loading…
Reference in New Issue
Block a user