From 1627b4b6b4d3294c2e51afa846101f900dbf42c3 Mon Sep 17 00:00:00 2001 From: eric o meehan Date: Mon, 25 Nov 2024 08:35:30 -0500 Subject: [PATCH] v1.0.6 --- tasks/jupyter.yaml | 100 ++++++++++++++++ tasks/mastodon.yaml | 12 +- tasks/mediawiki.yaml | 45 +++++++ tasks/monitor.yaml | 273 ------------------------------------------ tasks/monitoring.yaml | 147 +++++++++++++++++++++++ 5 files changed, 294 insertions(+), 283 deletions(-) create mode 100644 tasks/jupyter.yaml create mode 100644 tasks/mediawiki.yaml delete mode 100644 tasks/monitor.yaml create mode 100644 tasks/monitoring.yaml diff --git a/tasks/jupyter.yaml b/tasks/jupyter.yaml new file mode 100644 index 0000000..21dbc11 --- /dev/null +++ b/tasks/jupyter.yaml @@ -0,0 +1,100 @@ +--- +# tasks file for jupyter hub +- name: Add jupyter repository + kubernetes.core.helm_repository: + name: jupyterhub + repo_url: https://hub.jupyter.org/helm-chart/ + +- name: Update Helm repos + command: helm repo update + +- name: Deploy Jupyter Hub + kubernetes.core.helm: + name: jupyter + chart_ref: jupyterhub/jupyterhub + release_namespace: jupyter + create_namespace: true + timeout: 2h + values: + prePuller: + hook: + enabled: false + continuous: + enabled: false + hub: + config: + Authenticator: + admin_users: + - eric + allow_all: true + JupyterHub: + admin_access: true + authenticator_class: ldapauthenticator.LDAPAuthenticator + LDAPAuthenticator: + server_address: openldap.auth.svc.cluster.local + server_port: 389 + use_ssl: false + tls_strategy: insecure + lookup_dn: true + lookup_dn_search_user: cn=readonly,dc=eom,dc=dev + lookup_dn_search_password: "{{ ldap_readonly_password }}" + lookup_dn_search_filter: ({login_attr}={login}) + lookup_dn_user_dn_attribute: cn + user_search_base: ou=People,dc=eom,dc=dev + user_attribute: uid + db: + pvc: + storage: 16Gi + singleuser: + extraFiles: + jupyter_notebook_config.json: + mountPath: /etc/jupyter/jupyter_notebook_config.json + # data is a YAML structure here but will be rendered to JSON file as our + # file extension is ".json". + data: + MappingKernelManager: + cull_idle_timeout: 1200 + cull_interval: 120 + cull_connected: true + cull_busy: false + storage: + capacity: 32Gi + image: + name: jupyter/minimal-notebook + tag: latest + pullPolicy: IfNotPresent + memory: + guarantee: 1G + profileList: + - display_name: Minimal notebook + description: Command-line tools useful when working in Jupyter applications + kubespawner_override: + image: jupyter/minimal-notebook + tag: latest + pullPolicy: IfNotPresent + default: true + - display_name: Tensorflow notebook + description: Python deep learning libraries + kubespawner_override: + image: jupyter/tensorflow-notebook + tag: latest + pullPolicy: IfNotPresent + - display_name: Data science notebook + description: Libraries for data analysis from the Python, R, and Julia communities + kubespawner_override: + image: jupyter/datascience-notebook + tag: latest + pullPolicy: IfNotPresent + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: ca-issuer + ingressClassName: nginx + hosts: + - jupyter.eom.dev + pathSuffix: + pathType: Prefix + tls: + - hosts: + - jupyter.eom.dev + secretName: jupyterhub diff --git a/tasks/mastodon.yaml b/tasks/mastodon.yaml index 2d5e01d..e3ee187 100644 --- a/tasks/mastodon.yaml +++ b/tasks/mastodon.yaml @@ -1,20 +1,12 @@ --- # tasks file for mastodon -- name: Add bitnami repository - kubernetes.core.helm_repository: - name: bitnami - repo_url: https://charts.bitnami.com/bitnami - -- name: Update Helm repos - command: helm repo update - - name: Deploy Mastodon kubernetes.core.helm: name: mastodon chart_ref: bitnami/mastodon release_namespace: mastodon create_namespace: true - timeout: 300s + timeout: 600s values: adminUser: "mastodon" adminEmail: "mastodon@mail.eom.dev" @@ -29,7 +21,7 @@ extraConfig: LDAP_ENABLED: "true" LDAP_HOST: openldap.auth.svc.cluster.local - LDAP_PORT: "387" + LDAP_PORT: "389" LDAP_METHOD: plain LDAP_BASE: dc=eom,dc=dev LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev diff --git a/tasks/mediawiki.yaml b/tasks/mediawiki.yaml new file mode 100644 index 0000000..0ae9dc7 --- /dev/null +++ b/tasks/mediawiki.yaml @@ -0,0 +1,45 @@ +--- +# tasks file for mediawiki +- name: Deploy MediaWiki + kubernetes.core.helm: + name: mediawiki + chart_ref: bitnami/mediawiki + release_namespace: mediawiki + create_namespace: true + values: + mediawikiUser: mediawiki + mediawikiPassword: "{{ mediawiki_admin_password }}" + mediawikiEmail: mediawiki@mail.eom.dev + mediawikiName: MediaWiki + mediawikiHost: https://wiki.eom.dev/ + smtpHost: mail.eom.dev + smtpPort: 587 + smtpUser: mediawiki + smtpPassword: "{{ mediawiki_mail_password }}" + persistence: + size: 32Gi + service: + type: ClusterIP + ingress: + enabled: true + annotations: + cert-manager.io/clusteer-issuer: ca-issuer + ingressClassName: nginx + pathType: Prefix + hostname: wiki.eom.dev + extraHosts: + - mediawiki.eom.dev + path: / + tls: true + extraTls: + - hosts: + - wiki.eom.dev + - mediawiki.eom.dev + secretName: mediawiki + mariadb: + auth: + rootPassword: "{{ mariadb_root_password }}" + password: "{{ mediawiki_mariadb_password }}" + primary: + persistence: + size: 128Gi diff --git a/tasks/monitor.yaml b/tasks/monitor.yaml deleted file mode 100644 index f4bb0ec..0000000 --- a/tasks/monitor.yaml +++ /dev/null @@ -1,273 +0,0 @@ ---- -# tasks file for grafana -- name: Create monitoring namespace - k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: monitor - -- name: Create PVC for MySQL - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: mysql - namespace: monitor - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 64Gi - -- name: Create Deployment for MySQL - k8s: - state: present - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: mysql - namespace: monitor - labels: - app: mysql - spec: - replicas: 1 - selector: - matchLabels: - app: mysql - template: - metadata: - labels: - app: mysql - spec: - containers: - - name: mysql - image: mysql - volumeMounts: - - name: data - mountPath: /var/lib/mysql - ports: - - containerPort: 3306 - env: - - name: MYSQL_ROOT_PASSWORD - value: "{{ mysql_root_password }}" - - name: MYSQL_DATABASE - value: grafana - - name: MYSQL_USER - value: grafana - - name: MYSQL_PASSWORD - value: "{{ grafana_mysql_password }}" - volumes: - - name: data - persistentVolumeClaim: - claimName: mysql - -- name: Create Service for MySQL - k8s: - state: present - definition: - apiVersion: v1 - kind: Service - metadata: - name: mysql - namespace: monitor - spec: - selector: - app: mysql - ports: - - port: 3306 - name: mysql - type: ClusterIP - -- name: Create PVC for InfluxDB - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: influxdb - namespace: monitor - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 128Gi - -- name: Create Deployment for InfluxDB - k8s: - state: present - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: influxdb - namespace: monitor - labels: - app: influxdb - spec: - replicas: 1 - selector: - matchLabels: - app: influxdb - template: - metadata: - labels: - app: influxdb - spec: - containers: - - name: influxdb - image: influxdb - env: - - name: DOCKER_INFLUXDB_INIT_MODE - value: setup - - name: DOCKER_INFLUXDB_INIT_USERNAME - value: grafana - - name: DOCKER_INFLUXDB_INIT_PASSWORD - value: "{{ grafana_influxdb_password }}" - - name: DOCKER_INFLUXDB_INIT_ORG - value: grafana - - name: DOCKER_INFLUXDB_INIT_BUCKET - value: default - - name: DOCKER_INFLUXDB_INIT_RETENTION - value: 1w - volumeMounts: - - name: data - mountPath: /var/lib/influxdb - ports: - - containerPort: 8086 - volumes: - - name: data - persistentVolumeClaim: - claimName: influxdb - -- name: Create Service for InfluxDB - k8s: - state: present - definition: - apiVersion: v1 - kind: Service - metadata: - name: influxdb - namespace: monitor - spec: - selector: - app: influxdb - ports: - - port: 8086 - name: influxdb - type: LoadBalancer - -- name: Create a config map for grafana - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: grafana - namespace: monitor - definition: - data: - ldap.toml: "{{ lookup('template', 'ldap.toml.j2') }}" - -- name: Create Deployment for Grafana - k8s: - state: present - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: grafana - namespace: monitor - labels: - app: grafana - spec: - replicas: 1 - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - spec: - containers: - - name: grafana - image: grafana/grafana - ports: - - containerPort: 3000 - env: - - name: GF_DATABASE_TYPE - value: mysql - - name: GF_DATABASE_HOST - value: mysql - - name: GF_DATABASE_USER - value: grafana - - name: GF_DATABASE_PASSWORD - value: "{{ grafana_mysql_password }}" - - name: GF_AUTH_LDAP_ENABLED - value: "true" - - name: GF_AUTH_LDAP_CONFIG_FILE - value: /etc/grafana/cm/ldap.toml - - name: GF_AUTH_LDAP_ALLOW_SIGN_UP - value: "true" - volumeMounts: - - name: config - mountPath: /etc/grafana/cm - volumes: - - name: config - configMap: - name: grafana - -- name: Create Service for Grafana - k8s: - state: present - definition: - apiVersion: v1 - kind: Service - metadata: - name: grafana - namespace: monitor - spec: - selector: - app: grafana - ports: - - port: 80 - targetPort: 3000 - name: grafana - type: ClusterIP - -- name: Create Ingress - k8s: - state: present - definition: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - annotations: - cert-manager.io/cluster-issuer: ca-issuer - name: grafana - namespace: monitor - spec: - ingressClassName: nginx - rules: - - host: grafana.eom.dev - http: - paths: - - pathType: Prefix - path: / - backend: - service: - name: grafana - port: - number: 80 - tls: - - hosts: - - grafana.eom.dev - secretName: grafana diff --git a/tasks/monitoring.yaml b/tasks/monitoring.yaml new file mode 100644 index 0000000..7f9358d --- /dev/null +++ b/tasks/monitoring.yaml @@ -0,0 +1,147 @@ +--- +# tasks file for grafana +- name: Create monitoring namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: monitoring + +- name: Deploy Prometheus + kubernetes.core.helm: + name: prometheus + chart_ref: bitnami/prometheus + release_namespace: monitoring + timeout: 300s + values: + server: + persistence: + size: 32Gi + extraScrapeConfigs: + - job_name: libvirt_exporter + static_configs: + - targets: + - 192.168.1.48:9177 + labels: + instance: poweredge-t640 + - job_name: node_exporter + static_configs: + - targets: + - 192.168.1.95:9100 + labels: + instance: poweredge-r350 + - targets: + - 192.168.1.48:9100 + labels: + instance: poweredge-t640 + - targets: + - 192.168.1.59:9100 + labels: + instance: alpha-control-plane + - targets: + - 192.168.1.91:9100 + labels: + instance: alpha-worker-0 + - targets: + - 192.168.1.71:9100 + labels: + instance: alpha-worker-1 + - targets: + - 192.168.1.74:9100 + labels: + instance: alpha-worker-2 + - targets: + - 192.168.1.75:9100 + labels: + instance: alpha-worker-3 + - targets: + - 192.168.1.60:9100 + labels: + instance: alpha-worker-4 + - targets: + - 192.168.1.66:9100 + labels: + instance: alpha-worker-5 + - targets: + - 192.168.1.38:9100 + labels: + instance: alpha-worker-6 + - targets: + - 192.168.1.92:9100 + labels: + instance: alpha-worker-7 + - targets: + - 192.168.1.67:9100 + labels: + instance: alpha-worker-8 + - targets: + - 192.168.1.63:9100 + labels: + instance: alpha-worker-9 + - targets: + - 192.168.1.86:9100 + labels: + instance: alpha-worker-10 + - targets: + - 192.168.1.68:9100 + labels: + instance: alpha-worker-11 + - targets: + - 192.168.1.72:9100 + labels: + instance: alpha-worker-12 + metrics_path: /metrics + +- name: Deploy Grafana + kubernetes.core.helm: + name: grafana + chart_ref: bitnami/grafana + release_namespace: monitoring + timeout: 300s + values: + admin: + user: grafana + password: "{{ grafana_admin_password }}" + persistence: + size: 32Gi + smtp: + enabled: true + user: grafana + password: "{{ grafana_mail_password }}" + host: mail.eom.dev + fromAddress: grafana@mail.eom.dev + fromName: Grafana + ldap: + enabled: true + allowSignUp: true + configuration: "{{ lookup('template', 'ldap.toml.j2') }}" + ingress: + enabled: true + pathType: Prefix + hostname: grafana.eom.dev + annotations: + cert-manager.io/cluster-issuer: ca-issuer + ingressClassName: nginx + tls: true + datasources: + secretDefinition: + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + access: proxy + orgId: 1 + url: http://prometheus.monitoring.svc.cluster.local + version: 1 + editable: true + isDefault: true + - name: Alertmanager + uid: alertmanager + type: alertmanager + access: proxy + orgId: 1 + url: http://prometheus-alertmanager.monitoring.svc.cluster.local:9093 + version: 1 + editable: true