Add Rook controller to manage Ceph + Anderia wiki initial setup

2025-12-25 13:46:59 +01:00 · 2019-08-27 03:49:43 +02:00 · 2019-08-27 03:49:43 +02:00 · edb4cbe640
commit edb4cbe640
parent 977059e9de
7 changed files with 306 additions and 3 deletions
--- a/roles/k8s-manifests/tasks/anderia-wiki.yml
+++ b/roles/k8s-manifests/tasks/anderia-wiki.yml
@ -0,0 +1,89 @@
+- name: Anderia wiki deployment
+  k8s:
+    namespace: default
+    state: present
+    definition:
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: anderia-wiki
+      spec:
+        replicas: 2
+        selector:
+          matchLabels:
+            app: anderia-wiki
+        template:
+          metadata:
+            labels:
+              app: anderia-wiki
+          spec:
+            containers:
+              - name: anderia-wiki
+                image: bitnami/dokuwiki
+                imagePullPolicy: IfNotPresent
+                ports:
+                  - containerPort: 80
+                livenessProbe:
+                  httpGet:
+                    path: /
+                    port: 80
+                readinessProbe:
+                  httpGet:
+                    path: /
+                    port: 80
+                volumeMounts:
+                - mountPath: "/bitnami"
+                  name: anderia-wiki-data
+            volumes:
+              - name: anderia-wiki-data
+                flexVolume:
+                  driver: ceph.rook.io/rook
+                  fsType: ceph
+                  options:
+                    fsName: ceph-fs # name of the filesystem specified in the filesystem CRD.
+                    clusterNamespace: rook-ceph # namespace where the Rook cluster is deployed
+
+- name: Anderia wiki service
+  k8s:
+    namespace: default
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: anderia-wiki
+      spec:
+        type: ClusterIP
+        ports:
+          - port: 80
+            targetPort: 80
+        selector:
+          app: anderia-wiki
+
+- name: Anderia wiki ingress
+  k8s:
+    namespace: default
+    state: present
+    definition:
+      apiVersion: extensions/v1beta1
+      kind: Ingress
+      metadata:
+        name: anderia
+        annotations:
+          kubernetes.io/ingress.class: nginx
+          certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
+          # ingress.kubernetes.io/ssl-redirect: "true"
+          # ingress.kubernetes.io/ssl-temporary-redirect: "false"
+      spec:
+        rules:
+        - host: "{{ anderia_domain }}"
+          http:
+            paths:
+            - path: /
+              backend:
+                serviceName: anderia-wiki
+                servicePort: 80
+        tls:
+        - hosts:
+            - "{{ anderia_domain }}"
+          secretName: anderia-cert
--- a/roles/k8s-manifests/tasks/hcloud-csi.yml
+++ b/roles/k8s-manifests/tasks/hcloud-csi.yml
@ -14,6 +14,7 @@
    url: https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml
    dest: /tmp/hcloud-csi.yml
    mode: 0600
+    force: yes
  delegate_to: localhost

 - name: Apply CSI driver manifest
--- a/roles/k8s-manifests/tasks/main.yml
+++ b/roles/k8s-manifests/tasks/main.yml
@ -5,8 +5,17 @@
 - import_tasks: hcloud-csi.yml
  tags: hcloud-csi

+- import_tasks: rook.yml
+  tags: rook
+
 - import_tasks: cert-manager.yml
  tags: cert-manager

 - import_tasks: searx.yml
  tags: searx
+
+
+- import_tasks: anderia-wiki.yml
+  tags: 
+    - anderia
+    - wiki
--- a/roles/k8s-manifests/tasks/prerequisites.yml
+++ b/roles/k8s-manifests/tasks/prerequisites.yml
@ -9,6 +9,4 @@
  pip:
    name: 
      - openshift
-      # - pyhelm
-      # - grpcio
    state: present
--- a/roles/k8s-manifests/tasks/rook.yml
+++ b/roles/k8s-manifests/tasks/rook.yml
@ -0,0 +1,204 @@
+- name: Download Rook manifests
+  get_url:
+    url: "{{item.url}}"
+    dest: "/tmp/{{item.filename}}"
+    mode: 0600
+    force: yes
+  delegate_to: localhost
+  changed_when: false
+  with_items:
+   - url: https://raw.githubusercontent.com/rook/rook/release-1.0/cluster/examples/kubernetes/ceph/common.yaml
+     filename: rook-common.yml
+   - url: https://raw.githubusercontent.com/rook/rook/release-1.0/cluster/examples/kubernetes/ceph/operator.yaml
+     filename: rook-operator.yml
+
+# Workaround until https://github.com/ansible/ansible/pull/59160 is released
+- name: Remove last line of the manifest file
+  lineinfile:
+    path: /tmp/rook-common.yml
+    state: absent
+    regexp: '^---$'
+  delegate_to: localhost
+  changed_when: false
+
+- name: Apply Rook manifests
+  k8s:
+    state: present
+    definition: "{{ lookup('file', '/tmp/' + item) }}"
+  with_items:
+   - rook-common.yml
+   - rook-operator.yml
+
+- name: Rook cluster CRD
+  k8s:
+    state: present
+    definition:
+      apiVersion: ceph.rook.io/v1
+      kind: CephCluster
+      metadata:
+        name: rook-ceph
+        namespace: rook-ceph
+      spec:
+        cephVersion:
+          image: ceph/ceph:v14.2.2-20190722
+          allowUnsupported: false
+        dataDirHostPath: /var/lib/rook
+        mon:
+          count: 3
+          allowMultiplePerNode: false
+        dashboard:
+          enabled: true
+          # serve the dashboard under a subpath (useful when you are accessing the dashboard via a reverse proxy)
+          # urlPrefix: /ceph-dashboard
+          # serve the dashboard at the given port.
+          port: 8080
+          # serve the dashboard using SSL
+          ssl: false
+        network:
+          hostNetwork: false
+        rbdMirroring:
+          workers: 0
+        storage:
+          useAllNodes: true
+          useAllDevices: true
+          directories:
+          - path: /var/lib/rook
+
+- name: Rook CephFS
+  k8s:
+    state: present
+    definition:
+      apiVersion: ceph.rook.io/v1
+      kind: CephFilesystem
+      metadata:
+        name: ceph-fs
+        namespace: rook-ceph
+      spec:
+        metadataPool:
+          failureDomain: host
+          replicated:
+            size: 2
+        dataPools:
+          - failureDomain: host
+            replicated:
+              size: 3
+        metadataServer:
+          activeCount: 1
+          activeStandby: true
+
+- name: Rook Toolbox
+  k8s:
+    state: present
+    definition:
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: rook-ceph-tools
+        namespace: rook-ceph
+        labels:
+          app: rook-ceph-tools
+      spec:
+        replicas: 1
+        selector:
+          matchLabels:
+            app: rook-ceph-tools
+        template:
+          metadata:
+            labels:
+              app: rook-ceph-tools
+          spec:
+            dnsPolicy: ClusterFirstWithHostNet
+            containers:
+            - name: rook-ceph-tools
+              image: rook/ceph:v1.0.5
+              command: ["/tini"]
+              args: ["-g", "--", "/usr/local/bin/toolbox.sh"]
+              imagePullPolicy: IfNotPresent
+              env:
+                - name: ROOK_ADMIN_SECRET
+                  valueFrom:
+                    secretKeyRef:
+                      name: rook-ceph-mon
+                      key: admin-secret
+              securityContext:
+                privileged: true
+              volumeMounts:
+                - mountPath: /dev
+                  name: dev
+                - mountPath: /sys/bus
+                  name: sysbus
+                - mountPath: /lib/modules
+                  name: libmodules
+                - name: mon-endpoint-volume
+                  mountPath: /etc/rook
+            # if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021
+            hostNetwork: true
+            volumes:
+              - name: dev
+                hostPath:
+                  path: /dev
+              - name: sysbus
+                hostPath:
+                  path: /sys/bus
+              - name: libmodules
+                hostPath:
+                  path: /lib/modules
+              - name: mon-endpoint-volume
+                configMap:
+                  name: rook-ceph-mon-endpoints
+                  items:
+                  - key: data
+                    path: mon-endpoints
+
+- name: Rook ceph dashboard service
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: rook-ceph-mgr-dashboard
+        namespace: rook-ceph
+        labels:
+          app: rook-ceph-mgr
+          rook_cluster: rook-ceph
+      spec:
+        type: ClusterIP
+        ports:
+        - name: dashboard
+          port: 8080
+          targetPort: 8080
+        selector:
+          app: rook-ceph-mgr
+          rook_cluster: rook-ceph
+        sessionAffinity: None
+
+- name: Rook ceph dashboard ingress
+  k8s:
+    state: present
+    definition:
+      apiVersion: extensions/v1beta1
+      kind: Ingress
+      metadata:
+        name: rook-ceph-mgr-dashboard
+        namespace: rook-ceph
+        annotations:
+          kubernetes.io/ingress.class: nginx
+          certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
+          # kubernetes.io/tls-acme: "true"
+          # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+          # nginx.ingress.kubernetes.io/server-snippet: |
+          #   proxy_ssl_verify off;
+      spec:
+        rules:
+        - host: "{{rook_domain}}"
+          http:
+            paths:
+            - path: /
+              backend:
+                serviceName: rook-ceph-mgr-dashboard
+                servicePort: 8080
+        tls:
+        - hosts:
+          - "{{rook_domain}}"
+          secretName: rook-cert
--- a/roles/k8s-manifests/tasks/searx.yml
+++ b/roles/k8s-manifests/tasks/searx.yml
@ -75,4 +75,4 @@
        tls:
        - hosts:
            - "{{searx_domain}}"
-          secretName: letsencrypt-staging
+          secretName: searx-cert