phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Rook controller to manage Ceph + Anderia wiki initial setup

Browse source
This commit is contained in:
Paul-Henri Froidmont 2019-08-27 03:49:43 +02:00
parent 977059e9de
commit edb4cbe640
7 changed files with 306 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/k8s-manifests/defaults/main.yml
View file

@ -2,3 +2,5 @@
letsencrypt_email: letsencrypt.account@banditlair.com letsencrypt_email: letsencrypt.account@banditlair.com
traefik_domain: "traefik.{{banditlair_domain}}" traefik_domain: "traefik.{{banditlair_domain}}"
searx_domain: "searx.{{banditlair_domain}}" searx_domain: "searx.{{banditlair_domain}}"
anderia_domain: "anderia.{{banditlair_domain}}"
rook_domain: "rook.{{banditlair_domain}}"

89
roles/k8s-manifests/tasks/anderia-wiki.yml Normal file
View file

@ -0,0 +1,89 @@
- name: Anderia wiki deployment
k8s:
namespace: default
state: present
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: anderia-wiki
spec:
replicas: 2
selector:
matchLabels:
app: anderia-wiki
template:
metadata:
labels:
app: anderia-wiki
spec:
containers:
- name: anderia-wiki
image: bitnami/dokuwiki
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /
port: 80
readinessProbe:
httpGet:
path: /
port: 80
volumeMounts:
- mountPath: "/bitnami"
name: anderia-wiki-data
volumes:
- name: anderia-wiki-data
flexVolume:
driver: ceph.rook.io/rook
fsType: ceph
options:
fsName: ceph-fs # name of the filesystem specified in the filesystem CRD.
clusterNamespace: rook-ceph # namespace where the Rook cluster is deployed
- name: Anderia wiki service
k8s:
namespace: default
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: anderia-wiki
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: anderia-wiki
- name: Anderia wiki ingress
k8s:
namespace: default
state: present
definition:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: anderia
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
# ingress.kubernetes.io/ssl-redirect: "true"
# ingress.kubernetes.io/ssl-temporary-redirect: "false"
spec:
rules:
- host: "{{ anderia_domain }}"
http:
paths:
- path: /
backend:
serviceName: anderia-wiki
servicePort: 80
tls:
- hosts:
- "{{ anderia_domain }}"
secretName: anderia-cert

1
roles/k8s-manifests/tasks/hcloud-csi.yml
View file

@ -14,6 +14,7 @@
url: https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml url: https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml
dest: /tmp/hcloud-csi.yml dest: /tmp/hcloud-csi.yml
mode: 0600 mode: 0600
force: yes
delegate_to: localhost delegate_to: localhost
- name: Apply CSI driver manifest - name: Apply CSI driver manifest

9
roles/k8s-manifests/tasks/main.yml
View file

@ -5,8 +5,17 @@
- import_tasks: hcloud-csi.yml - import_tasks: hcloud-csi.yml
tags: hcloud-csi tags: hcloud-csi
- import_tasks: rook.yml
tags: rook
- import_tasks: cert-manager.yml - import_tasks: cert-manager.yml
tags: cert-manager tags: cert-manager
- import_tasks: searx.yml - import_tasks: searx.yml
tags: searx tags: searx
- import_tasks: anderia-wiki.yml
tags:
- anderia
- wiki

2
roles/k8s-manifests/tasks/prerequisites.yml
View file

@ -9,6 +9,4 @@
pip: pip:
name: name:
- openshift - openshift
# - pyhelm
# - grpcio
state: present state: present

204
roles/k8s-manifests/tasks/rook.yml Normal file
View file

@ -0,0 +1,204 @@
- name: Download Rook manifests
get_url:
url: "{{item.url}}"
dest: "/tmp/{{item.filename}}"
mode: 0600
force: yes
delegate_to: localhost
changed_when: false
with_items:
- url: https://raw.githubusercontent.com/rook/rook/release-1.0/cluster/examples/kubernetes/ceph/common.yaml
filename: rook-common.yml
- url: https://raw.githubusercontent.com/rook/rook/release-1.0/cluster/examples/kubernetes/ceph/operator.yaml
filename: rook-operator.yml
# Workaround until https://github.com/ansible/ansible/pull/59160 is released
- name: Remove last line of the manifest file
lineinfile:
path: /tmp/rook-common.yml
state: absent
regexp: '^---$'
delegate_to: localhost
changed_when: false
- name: Apply Rook manifests
k8s:
state: present
definition: "{{ lookup('file', '/tmp/' + item) }}"
with_items:
- rook-common.yml
- rook-operator.yml
- name: Rook cluster CRD
k8s:
state: present
definition:
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
cephVersion:
image: ceph/ceph:v14.2.2-20190722
allowUnsupported: false
dataDirHostPath: /var/lib/rook
mon:
count: 3
allowMultiplePerNode: false
dashboard:
enabled: true
# serve the dashboard under a subpath (useful when you are accessing the dashboard via a reverse proxy)
# urlPrefix: /ceph-dashboard
# serve the dashboard at the given port.
port: 8080
# serve the dashboard using SSL
ssl: false
network:
hostNetwork: false
rbdMirroring:
workers: 0
storage:
useAllNodes: true
useAllDevices: true
directories:
- path: /var/lib/rook
- name: Rook CephFS
k8s:
state: present
definition:
apiVersion: ceph.rook.io/v1
kind: CephFilesystem
metadata:
name: ceph-fs
namespace: rook-ceph
spec:
metadataPool:
failureDomain: host
replicated:
size: 2
dataPools:
- failureDomain: host
replicated:
size: 3
metadataServer:
activeCount: 1
activeStandby: true
- name: Rook Toolbox
k8s:
state: present
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: rook-ceph-tools
namespace: rook-ceph
labels:
app: rook-ceph-tools
spec:
replicas: 1
selector:
matchLabels:
app: rook-ceph-tools
template:
metadata:
labels:
app: rook-ceph-tools
spec:
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: rook-ceph-tools
image: rook/ceph:v1.0.5
command: ["/tini"]
args: ["-g", "--", "/usr/local/bin/toolbox.sh"]
imagePullPolicy: IfNotPresent
env:
- name: ROOK_ADMIN_SECRET
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: admin-secret
securityContext:
privileged: true
volumeMounts:
- mountPath: /dev
name: dev
- mountPath: /sys/bus
name: sysbus
- mountPath: /lib/modules
name: libmodules
- name: mon-endpoint-volume
mountPath: /etc/rook
# if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021
hostNetwork: true
volumes:
- name: dev
hostPath:
path: /dev
- name: sysbus
hostPath:
path: /sys/bus
- name: libmodules
hostPath:
path: /lib/modules
- name: mon-endpoint-volume
configMap:
name: rook-ceph-mon-endpoints
items:
- key: data
path: mon-endpoints
- name: Rook ceph dashboard service
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: rook-ceph-mgr-dashboard
namespace: rook-ceph
labels:
app: rook-ceph-mgr
rook_cluster: rook-ceph
spec:
type: ClusterIP
ports:
- name: dashboard
port: 8080
targetPort: 8080
selector:
app: rook-ceph-mgr
rook_cluster: rook-ceph
sessionAffinity: None
- name: Rook ceph dashboard ingress
k8s:
state: present
definition:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: rook-ceph-mgr-dashboard
namespace: rook-ceph
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: "{{cert_manager_issuer}}"
# kubernetes.io/tls-acme: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/server-snippet: |
# proxy_ssl_verify off;
spec:
rules:
- host: "{{rook_domain}}"
http:
paths:
- path: /
backend:
serviceName: rook-ceph-mgr-dashboard
servicePort: 8080
tls:
- hosts:
- "{{rook_domain}}"
secretName: rook-cert

2
roles/k8s-manifests/tasks/searx.yml
View file

@ -75,4 +75,4 @@
tls: tls:
- hosts: - hosts:
- "{{searx_domain}}" - "{{searx_domain}}"
secretName: letsencrypt-staging secretName: searx-cert