DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.8

Browse Source
This commit is contained in:
Eric Meehan 2024-11-25 22:10:13 -05:00
parent 5d1c7e5c1b
commit b599bbae3d
4 changed files with 89 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

265
tasks/git.yaml
View File

@ -1,197 +1,96 @@
--- ---
# tasks file for gitea # tasks file for gitea
- name: Create git namespace - name: Add gitea repo
k8s: kubernetes.core.helm_repository:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: git
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: git
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: git
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_DATABASE
value: gitea
- name: MYSQL_USER
value: gitea
- name: MYSQL_PASSWORD
value: "{{ gitea_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: git
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for Gitea
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea name: gitea
namespace: git repo_url: https://dl.gitea.com/charts/
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for Gitea - name: Update Helm repos
k8s: command: helm repo update
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: gitea
namespace: git
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea
volumeMounts:
- name: data
mountPath: /data
ports:
- containerPort: 3000
- containerPort: 22
env:
- name: GITEA__database__DB_TYPE
value: mysql
- name: GITEA__database__HOST
value: mysql
- name: GITEA__database__NAME
value: gitea
- name: GITEA__database__USER
value: gitea
- name: GITEA__database__PASSWD
value: "{{ gitea_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea
- name: Create Service for GitLab - name: Deploy Gitea
k8s: kubernetes.core.helm:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: gitea name: gitea
namespace: git chart_ref: gitea/gitea
spec: release_namespace: git
selector: create_namespace: true
app: gitea values:
ports: service:
- port: 22 ssh:
name: ssh
- port: 80
targetPort: 3000
name: http
type: LoadBalancer type: LoadBalancer
ingress:
- name: Create Ingress enabled: true
k8s: className: nginx
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations: annotations:
cert-manager.io/cluster-issuer: ca-issuer cert-manager.io/cluster-issuer: ca-issuer
name: gitea hosts:
namespace: git
spec:
ingressClassName: nginx
rules:
- host: git.eom.dev - host: git.eom.dev
http:
paths: paths:
- pathType: Prefix - path: /
path: / pathType: Prefix
backend:
service:
name: gitea
port:
number: 80
tls: tls:
- hosts: - hosts:
- git.eom.dev - git.eom.dev
secretName: gitea secretName: gitea-tls
persistence:
size: 128Gi
actions:
enabled: true
provisioning:
enabled: true
gitea:
admin:
username: gitea
password: "{{ gitea_admin_password }}"
email: "gitea@mail.eom.dev"
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
interval: ""
relabelings: []
scheme: ""
scrapeTimeout: ""
tlsConfig: {}
ldap:
- name: OpenLDAP
securityProtocol: unencrypted
host: openldap.auth.svc.cluster.local
port: 389
userSearchBase: ou=People,dc=eom,dc=dev
userFilter: (&(objectClass=inetOrgPerson)(uid=%s))
adminFilter: (&(cn=Gitea Admin,ou=Gitea,ou=Services,dc=eom,dc=dev)(memberUid=%s))
emailAttribute: mail
bindDn: cn=readonly,dc=eom,dc=dev
bindPassword: "{{ ldap_readonly_password }}"
usernameAttribute: uid
publicSSHKeyAttribute: publicSSHKey
config:
APP_NAME: "Gitea"
additionalConfigFromEnvs:
- name: GITEA_DISABLE_REGISTRATION
value: "true"
- name: GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION
value: "false"
redis-cluster:
enabled: false
redis:
enabled: true
global:
redis:
password: "{{ gitea_redis_password }}"
postgresql-ha:
enabled: false
postgresql:
enabled: true
global:
postgresql:
auth:
password: "{{ gitea_postgres_password }}"
database: gitea
username: gitea
primary:
persistence:
size: 128Gi

81
tasks/gitea.yaml
View File

@ -1,81 +0,0 @@
---
# tasks file for gitea
- name: Deploy Gitea
kubernetes.core.helm:
name: gitea
chart_ref: gitea/gitea
release_namespace: git
create_namespace: true
values:
service:
ssh:
type: LoadBalancer
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: git.eom.dev
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- git.eom.dev
secretName: gitea-tls
persistence:
size: 128Gi
actions:
enabled: true
gitea:
admin:
username: gitea
password: "{{ gitea_admin_password }}"
email: "gitea@mail.eom.dev"
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
interval: ""
relabelings: []
scheme: ""
scrapeTimeout: ""
tlsConfig: {}
ldap:
- name: "OpenLDAP"
securityProtocol:
host: openldap.auth.svc.cluster.local
port: 389
userSearchBase: dc=eom,dc=dev
userFilter: (&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%[1]s))
emailAttribute: mail
bindDn: cn=readonly,dc=eom,dc=dev
bindPassword: "{{ ldap_readonly_password }}"
usernameAttribute: uid
config:
APP_NAME: "Gitea"
server:
SSH_LISTEN_PORT: 22
redis-cluster:
enabled: false
redis:
enabled: true
global:
redis:
password: "{{ gitea_redis_password }}"
postgresql-ha:
enabled: false
postgresql:
enabled: true
global:
postgresql:
auth:
password: "{{ gitea_postgres_password }}"
database: gitea
username: gitea
primary:
persistence:
size: 128Gi

2
tasks/main.yaml
View File

@ -1,4 +1,4 @@
--- ---
# tasks file for eom # tasks file for eom
- name: Deploy - name: Deploy
include_tasks: mastodon.yaml include_tasks: git.yaml

4
tasks/mastodon.yaml
View File

@ -23,11 +23,11 @@
LDAP_HOST: openldap.auth.svc.cluster.local LDAP_HOST: openldap.auth.svc.cluster.local
LDAP_PORT: "389" LDAP_PORT: "389"
LDAP_METHOD: plain LDAP_METHOD: plain
LDAP_BASE: dc=eom,dc=dev LDAP_BASE: ou=People,dc=eom,dc=dev
LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev
LDAP_PASSWORD: "{{ ldap_readonly_password }}" LDAP_PASSWORD: "{{ ldap_readonly_password }}"
LDAP_UID: uid LDAP_UID: uid
LDAP_SEARCH_FILTER: "(&(objectClass=posixAccount)(uid=%{uid}))" LDAP_SEARCH_FILTER: "(&(objectClass=inetOrgPerson)(uid=%{uid}))"
LDAP_MAIL: mail LDAP_MAIL: mail
enableS3: false enableS3: false
localDomain: "mastodon.eom.dev" localDomain: "mastodon.eom.dev"