DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.8

Browse Source
This commit is contained in:
Eric Meehan 2024-11-25 22:10:13 -05:00
parent 5d1c7e5c1b
commit b599bbae3d
4 changed files with 89 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

273
tasks/git.yaml
View File

@ -1,197 +1,96 @@
---
# tasks file for gitea
- name: Create git namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: git
- name: Add gitea repo
kubernetes.core.helm_repository:
name: gitea
repo_url: https://dl.gitea.com/charts/
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: git
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Update Helm repos
command: helm repo update
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: git
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_DATABASE
value: gitea
- name: MYSQL_USER
value: gitea
- name: MYSQL_PASSWORD
value: "{{ gitea_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: git
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for Gitea
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea
namespace: git
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for Gitea
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: gitea
namespace: git
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea
volumeMounts:
- name: data
mountPath: /data
ports:
- containerPort: 3000
- containerPort: 22
env:
- name: GITEA__database__DB_TYPE
value: mysql
- name: GITEA__database__HOST
value: mysql
- name: GITEA__database__NAME
value: gitea
- name: GITEA__database__USER
value: gitea
- name: GITEA__database__PASSWD
value: "{{ gitea_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea
- name: Create Service for GitLab
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: gitea
namespace: git
spec:
selector:
app: gitea
ports:
- port: 22
name: ssh
- port: 80
targetPort: 3000
name: http
type: LoadBalancer
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: Deploy Gitea
kubernetes.core.helm:
name: gitea
chart_ref: gitea/gitea
release_namespace: git
create_namespace: true
values:
service:
ssh:
type: LoadBalancer
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: gitea
namespace: git
spec:
ingressClassName: nginx
rules:
hosts:
- host: git.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: gitea
port:
number: 80
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- git.eom.dev
secretName: gitea
secretName: gitea-tls
persistence:
size: 128Gi
actions:
enabled: true
provisioning:
enabled: true
gitea:
admin:
username: gitea
password: "{{ gitea_admin_password }}"
email: "gitea@mail.eom.dev"
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
interval: ""
relabelings: []
scheme: ""
scrapeTimeout: ""
tlsConfig: {}
ldap:
- name: OpenLDAP
securityProtocol: unencrypted
host: openldap.auth.svc.cluster.local
port: 389
userSearchBase: ou=People,dc=eom,dc=dev
userFilter: (&(objectClass=inetOrgPerson)(uid=%s))
adminFilter: (&(cn=Gitea Admin,ou=Gitea,ou=Services,dc=eom,dc=dev)(memberUid=%s))
emailAttribute: mail
bindDn: cn=readonly,dc=eom,dc=dev
bindPassword: "{{ ldap_readonly_password }}"
usernameAttribute: uid
publicSSHKeyAttribute: publicSSHKey
config:
APP_NAME: "Gitea"
additionalConfigFromEnvs:
- name: GITEA_DISABLE_REGISTRATION
value: "true"
- name: GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION
value: "false"
redis-cluster:
enabled: false
redis:
enabled: true
global:
redis:
password: "{{ gitea_redis_password }}"
postgresql-ha:
enabled: false
postgresql:
enabled: true
global:
postgresql:
auth:
password: "{{ gitea_postgres_password }}"
database: gitea
username: gitea
primary:
persistence:
size: 128Gi

81
tasks/gitea.yaml
View File

@ -1,81 +0,0 @@
---
# tasks file for gitea
- name: Deploy Gitea
kubernetes.core.helm:
name: gitea
chart_ref: gitea/gitea
release_namespace: git
create_namespace: true
values:
service:
ssh:
type: LoadBalancer
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: git.eom.dev
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- git.eom.dev
secretName: gitea-tls
persistence:
size: 128Gi
actions:
enabled: true
gitea:
admin:
username: gitea
password: "{{ gitea_admin_password }}"
email: "gitea@mail.eom.dev"
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
interval: ""
relabelings: []
scheme: ""
scrapeTimeout: ""
tlsConfig: {}
ldap:
- name: "OpenLDAP"
securityProtocol:
host: openldap.auth.svc.cluster.local
port: 389
userSearchBase: dc=eom,dc=dev
userFilter: (&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%[1]s))
emailAttribute: mail
bindDn: cn=readonly,dc=eom,dc=dev
bindPassword: "{{ ldap_readonly_password }}"
usernameAttribute: uid
config:
APP_NAME: "Gitea"
server:
SSH_LISTEN_PORT: 22
redis-cluster:
enabled: false
redis:
enabled: true
global:
redis:
password: "{{ gitea_redis_password }}"
postgresql-ha:
enabled: false
postgresql:
enabled: true
global:
postgresql:
auth:
password: "{{ gitea_postgres_password }}"
database: gitea
username: gitea
primary:
persistence:
size: 128Gi

2
tasks/main.yaml
View File

@ -1,4 +1,4 @@
---
# tasks file for eom
- name: Deploy
include_tasks: mastodon.yaml
include_tasks: git.yaml

4
tasks/mastodon.yaml
View File

@ -23,11 +23,11 @@
LDAP_HOST: openldap.auth.svc.cluster.local
LDAP_PORT: "389"
LDAP_METHOD: plain
LDAP_BASE: dc=eom,dc=dev
LDAP_BASE: ou=People,dc=eom,dc=dev
LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev
LDAP_PASSWORD: "{{ ldap_readonly_password }}"
LDAP_UID: uid
LDAP_SEARCH_FILTER: "(&(objectClass=posixAccount)(uid=%{uid}))"
LDAP_SEARCH_FILTER: "(&(objectClass=inetOrgPerson)(uid=%{uid}))"
LDAP_MAIL: mail
enableS3: false
localDomain: "mastodon.eom.dev"