DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.0

Browse Source
This commit is contained in:
Eric Meehan 2024-11-11 15:29:29 -05:00
parent a36bf31bf8
commit be231a9031
12 changed files with 1224 additions and 676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
tasks/auth.yaml Normal file
View File

@ -0,0 +1,108 @@
---
# tasks file for openldap
- name: Create auth namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: auth
- name: Create PVC for OpenLDAP data
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: auth
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
- name: Create PVC for OpenLDAP configuration
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: config
namespace: auth
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
- name: Create Deployment for OpenLDAP
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: openldap
namespace: auth
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openldap
image: osixia/openldap
env:
- name: LDAP_ORGANISATION
value: "EOM"
- name: LDAP_DOMAIN
value: "eom.dev"
- name: LDAP_ADMIN_PASSWORD
value: "{{ ldap_admin_password }}"
- name: LDAP_READONLY_USER
value: "true"
- name: LDAP_READONLY_USER_PASSWORD
value: "{{ ldap_readonly_password }}"
volumeMounts:
- name: config
mountPath: /etc/ldap/slapd.d
- name: data
mountPath: /var/lib/ldap
ports:
- containerPort: 389
- containerPort: 636
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
persistentVolumeClaim:
claimName: config
- name: Create Service for OpenLDAP
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: openldap
namespace: auth
spec:
selector:
app: openldap
ports:
- port: 389
name: ldap
- port: 636
name: ldaps
type: ClusterIP

191
tasks/cloud.yaml Normal file
View File

@ -0,0 +1,191 @@
---
# tasks file for nextcloud
- name: Create NextCloud namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: cloud
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: cloud
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: cloud
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_DATABASE
value: nextcloud
- name: MYSQL_USER
value: nextcloud
- name: MYSQL_PASSWORD
value: "{{ nextcloud_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: cloud
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for NextCloud
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud
namespace: cloud
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for NextCloud
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: nextcloud
namespace: cloud
labels:
app: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- name: nextcloud
image: nextcloud
volumeMounts:
- name: data
mountPath: /var/www/html
ports:
- containerPort: 3000
env:
- name: MYSQL_HOST
value: mysql
- name: MYSQL_DATABASE
value: nextcloud
- name: MYSQL_USER
value: nextcloud
- name: MYSQL_PASSWORD
value: "{{ nextcloud_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: nextcloud
- name: Create Service for NextCloud
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: nextcloud
namespace: cloud
spec:
selector:
app: nextcloud
ports:
- port: 80
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: nextcloud
namespace: cloud
spec:
ingressClassName: nginx
rules:
- host: cloud.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: nextcloud
port:
number: 80
tls:
- hosts:
- cloud.eom.dev
secretName: nextcloud

234
tasks/git.yaml
View File

@ -1,133 +1,197 @@
---
# tasks file for git
- name: Create a config map for git gitweb
k8s:
state: present
api_version: v1
kind: ConfigMap
name: git-gitweb
namespace: "eom-{{ target_namespace }}"
definition:
data:
gitweb.conf: "{{ lookup('file', 'gitweb.conf') }}"
- name: Create a config map for git httpd
vars:
httpd_server_name: "git.eom.dev"
httpd_conf_extra:
- httpd-auth.conf
- httpd-git.conf
k8s:
state: present
api_version: v1
kind: ConfigMap
name: git-httpd
namespace: "eom-{{ target_namespace }}"
definition:
data:
httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}"
httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}"
httpd-git.conf: "{{ lookup('file', 'httpd-gitweb.conf') }}"
mime.types: "{{ lookup('file', 'mime.types') }}"
- name: Create persistent volume for git
# tasks file for gitea
- name: Create git namespace
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
kind: Namespace
metadata:
name: "eom-{{ target_namespace }}-git"
spec:
capacity:
storage: 32Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: "/data/store-0/eom-{{ target_namespace }}/git"
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
name: git
- name: Create a persistent volume claim for git
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: git
namespace: "eom-{{ target_namespace }}"
name: mysql
namespace: git
spec:
accessModes:
- ReadWriteMany
- ReadWriteOnce
resources:
requests:
storage: 32Gi
storageClassName: standard
volumeName: "eom-{{ target_namespace }}-git"
storage: 64Gi
- name: Create a deployment
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: git
namespace: "eom-{{ target_namespace }}"
name: mysql
namespace: git
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: git
app: mysql
template:
metadata:
labels:
app: git
app: mysql
spec:
containers:
- name: gitweb
image: ericomeehan/gitweb
- name: mysql
image: mysql
volumeMounts:
- name: gitweb-config
mountPath: /etc/gitweb.conf
subPath: gitweb.conf
- name: httpd-config
mountPath: /usr/local/apache2/conf
- name: data
mountPath: /usr/local/apache2/htdocs
mountPath: /var/lib/mysql
ports:
- containerPort: 80
- containerPort: 3306
env:
- name: MYSQL_DATABASE
value: gitea
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_USER
value: gitea
- name: MYSQL_PASSWORD
value: "{{ gitea_mysql_password }}"
volumes:
- name: gitweb-config
configMap:
name: git-gitweb
- name: httpd-config
configMap:
name: git-httpd
- name: data
persistentVolumeClaim:
claimName: git
claimName: mysql
- name: Expose deployment as a service
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: git
namespace: "eom-{{ target_namespace }}"
name: mysql
namespace: git
spec:
selector:
app: git
app: mysql
ports:
- port: 80
name: git-80
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for Gitea
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea
namespace: git
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for Gitea
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: gitea
namespace: git
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea
volumeMounts:
- name: data
mountPath: /data
ports:
- containerPort: 3000
- containerPort: 22
env:
- name: GITEA__database__DB_TYPE
value: mysql
- name: GITEA__database__HOST
value: mysql
- name: GITEA__database__NAME
value: gitea
- name: GITEA__database__USER
value: gitea
- name: GITEA__database__DB_PASSWD
value: "{{ gitea_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea
- name: Create Service for Gitea
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: gitea
namespace: git
spec:
selector:
app: gitea
ports:
- port: 22
name: ssh
- port: 80
targetPort: 3000
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: gitea
namespace: git
spec:
ingressClassName: nginx
rules:
- host: git.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: gitea
port:
number: 80
tls:
- hosts:
- git.eom.dev
secretName: gitea

169
tasks/mail.yaml
View File

@ -1,169 +0,0 @@
---
# tasks file for mail
- name: Create ConfigMap for mail
k8s:
state: present
api_version: v1
kind: ConfigMap
name: mail
namespace: "eom-{{ target_namespace }}"
definition:
data:
server.crt: "{{ proxy_server_crt }}"
server.key: "{{ proxy_server_key }}"
- name: Create persistent volume for mail
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: "eom-{{ target_namespace }}-mail"
spec:
capacity:
storage: 32Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: "/data/store-0/eom-{{ target_namespace }}/mail"
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create a persistent volume claim for mail
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mail
namespace: "eom-{{ target_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 32Gi
storageClassName: standard
volumeName: "eom-{{ target_namespace }}-mail"
- name: Create a deployment
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mail
namespace: "eom-{{ target_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: mail
template:
metadata:
labels:
app: mail
spec:
containers:
- name: mail
image: mailserver/docker-mailserver
volumeMounts:
- name: ssl
mountPath: /etc/letsencrypt
- name: mail
mountPath: /var/mail
ports:
- containerPort: 25
- containerPort: 465
- containerPort: 587
- containerPort: 993
env:
- name: OVERRIDE_HOSTNAME
value: "mail.eom.dev"
- name: ACCOUNT_PROVISIONER
value: "LDAP"
- name: LDAP_SERVER_HOST
value: "ldap://openldap/"
- name: LDAP_SEARCH_BASE
value: "dc=eom,dc=dev"
- name: LDAP_BIND_DN
value: "cn=admin,dc=eom,dc=dev"
- name: LDAP_BIND_PW
value: "{{ ldap_admin_password }}"
- name: LDAP_QUERY_FILTER_USER
value: "(&(mail=%s))"
- name: LDAP_QUERY_FILTER_GROUP
value: "(&(mailGroupMember=%s)(mailEnabled=TRUE))"
- name: LDAP_QUERY_FILTER_ALIAS
value: "(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))"
- name: LDAP_QUERY_FILTER_DOMAIN
value: "(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))"
- name: DOVECOT_PASS_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- name: DOVECOT_USER_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- name: ENABLE_SASLAUTHD
value: "1"
- name: SASLAUTHD_MECHANISMS
value: "ldap"
- name: SASLAUTHD_LDAP_SERVER
value: "ldap://openldap/"
- name: SASLAUTHD_LDAP_BIND_DN
value: "cn=admin,dc=eom,dc=dev"
- name: SASLAUTHD_LDAP_PASSWORD
value: "{{ ldap_admin_password }}"
- name: SASLAUTHD_LDAP_SEARCH_BASE
value: "dc=eom,dc=dev"
- name: SASLAUTHD_LDAP_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%U))"
- name: POSTMASTER_ADDRESS
value: "admin@mail.eom.dev"
- name: SSL_TYPE
value: "manual"
- name: SSL_CERT_PATH
value: "/etc/letsencrypt/server.crt"
- name: SSL_KEY_PATH
value: "/etc/letsencrypt/server.key"
volumes:
- name: ssl
configMap:
name: mail
- name: mail
persistentVolumeClaim:
claimName: mail
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: mail
namespace: "eom-{{ target_namespace }}"
spec:
selector:
app: mail
ports:
- port: 25
name: mail-25
nodePort: 30025
- port: 465
name: mail-465
nodePort: 30465
- port: 587
name: mail-587
nodePort: 30587
- port: 993
name: mail-993
nodePort: 30993
type: NodePort

50
tasks/main.yaml
View File

@ -1,48 +1,16 @@
---
# tasks file for eom
- name: Create eom namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: "eom-{{ target_namespace }}"
- name: Deploy Auth
include_tasks: auth.yaml
- name: Deploy eom openldap
include_tasks: openldap.yaml
- name: Deploy Cloud
include_tasks: cloud.yaml
- name: Deploy eom proxy
include_tasks: proxy.yaml
- name: Deploy eom git
- name: Deploy Git
include_tasks: git.yaml
- name: Deploy eom media
include_tasks: media.yaml
- name: Deploy Wiki
include_tasks: wiki.yaml
- name: Deploy eom www
include_tasks: www.yaml
- name: Create network policy
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: restrict-external-access
namespace: "eom-{{ target_namespace }}"
spec:
podSelector:
matchExpressions:
- key: app
operator: In
values:
- proxy
policyTypes:
- Ingress
ingress:
- from:
- ipBlock:
cidr: 192.168.1.0/24
- name: Deploy Redmine
include_tasks: org.yaml

116
tasks/media.yaml
View File

@ -1,116 +0,0 @@
---
# tasks file for media
- name: Create a config map for httpd
vars:
httpd_server_name: "media.eom.dev"
httpd_conf_extra:
- httpd-auth.conf
- httpd-dav.conf
k8s:
state: present
api_version: v1
kind: ConfigMap
name: media
namespace: "eom-{{ target_namespace }}"
definition:
data:
httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}"
httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}"
httpd-dav.conf: "{{ lookup('file', 'httpd-dav.conf') }}"
mime.types: "{{ lookup('file', 'mime.types') }}"
- name: Create persistent volume for media
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: "eom-{{ target_namespace }}-media"
spec:
capacity:
storage: 1024Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: "/data/store-0/eom-{{ target_namespace }}/media"
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create a persistent volume claim for media
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: media
namespace: "eom-{{ target_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1024Gi
storageClassName: standard
volumeName: "eom-{{ target_namespace }}-media"
- name: Create a deployment
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: media
namespace: "eom-{{ target_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: media
template:
metadata:
labels:
app: media
spec:
containers:
- name: httpd
image: httpd
volumeMounts:
- name: config
mountPath: /usr/local/apache2/conf
- name: media
mountPath: /usr/local/apache2/htdocs/
ports:
- containerPort: 80
volumes:
- name: config
configMap:
name: media
- name: media
persistentVolumeClaim:
claimName: media
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: media
namespace: "eom-{{ target_namespace }}"
spec:
selector:
app: media
ports:
- port: 80
name: media-80
type: ClusterIP

237
tasks/monitor.yaml Normal file
View File

@ -0,0 +1,237 @@
---
# tasks file for grafana
- name: Create monitoring namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: monitor
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: monitor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: monitor
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_DATABASE
value: grafana
- name: MYSQL_USER
value: grafana
- name: MYSQL_PASSWORD
value: "{{ grafana_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: monitor
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for InfluxDB
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: influxdb
namespace: monitor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for InfluxDB
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: influxdb
namespace: monitor
labels:
app: influxdb
spec:
replicas: 1
selector:
matchLabels:
app: influxdb
template:
metadata:
labels:
app: influxdb
spec:
containers:
- name: influxdb
image: influxdb
volumeMounts:
- name: data
mountPath: /var/lib/influxdb
ports:
- containerPort: 8086
volumes:
- name: data
persistentVolumeClaim:
claimName: influxdb
- name: Create Service for InfluxDB
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: influxdb
namespace: monitor
spec:
selector:
app: influxdb
ports:
- port: 80
targetPort: 8086
name: influxdb
type: ClusterIP
- name: Create Deployment for Grafana
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: grafana
namespace: monitor
labels:
app: grafana
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
image: grafana
ports:
- containerPort: 3000
env:
- name: GF_DATABASE_TYPE
value: mysql
- name: GF_DATABASE_HOST
value: mysql
- name: GF_DATABASE_USER
value: grafana
- name: GF_DATABASE_PASSWORD
value: "{{ grafana_mysql_password }}"
- name: Create Service for Grafana
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitor
spec:
selector:
app: grafana
ports:
- port: 22
name: ssh
- port: 80
targetPort: 3000
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: grafana
namespace: monitor
spec:
ingressClassName: nginx
rules:
- host: git.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: grafana
port:
number: 80
tls:
- hosts:
- git.eom.dev
secretName: grafana

153
tasks/openldap.yaml
View File

@ -1,153 +0,0 @@
---
# tasks file for openldap
- name: Create persistent volume for openldap-config
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: "eom-{{ target_namespace }}-openldap-config"
spec:
capacity:
storage: 1024Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: "/data/store-0/eom-{{ target_namespace }}/openldap-config"
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create a persistent volume claim for openldap-config
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openldap-config
namespace: "eom-{{ target_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1024Gi
storageClassName: standard
volumeName: "eom-{{ target_namespace }}-openldap-config"
- name: Create persistent volume for openldap-data
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: "eom-{{ target_namespace }}-openldap-data"
spec:
capacity:
storage: 1024Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: "/data/store-0/eom-{{ target_namespace }}/openldap-data"
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create a persistent volume claim for openldap-data
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openldap-data
namespace: "eom-{{ target_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1024Gi
storageClassName: standard
volumeName: "eom-{{ target_namespace }}-openldap-data"
- name: Create a deployment
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: openldap
namespace: "eom-{{ target_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openldap
image: osixia/openldap
env:
- name: LDAP_ORGANISATION
value: "EOM"
- name: LDAP_DOMAIN
value: "eom.dev"
- name: LDAP_ADMIN_PASSWORD
value: "{{ ldap_admin_password }}"
- name: LDAP_READONLY_USER
value: "true"
- name: LDAP_READONLY_USER_PASSWORD
value: "{{ ldap_readonly_password }}"
volumeMounts:
- name: config
mountPath: /etc/ldap/slapd.d
- name: data
mountPath: /var/lib/ldap
ports:
- containerPort: 389
- containerPort: 636
volumes:
- name: config
persistentVolumeClaim:
claimName: openldap-config
- name: data
persistentVolumeClaim:
claimName: openldap-data
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: openldap
namespace: "eom-{{ target_namespace }}"
spec:
selector:
app: openldap
ports:
- port: 389
name: openldap-389
type: ClusterIP

192
tasks/org.yaml Normal file
View File

@ -0,0 +1,192 @@
---
# tasks file for redmine
- name: Create org namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: org
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: org
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: org
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_DATABASE
value: redmine
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_USER
value: redmine
- name: MYSQL_PASSWORD
value: "{{ redmine_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: org
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for Redmine
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redmine
namespace: org
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for Redmine
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: redmine
namespace: org
labels:
app: redmine
spec:
replicas: 1
selector:
matchLabels:
app: redmine
template:
metadata:
labels:
app: redmine
spec:
containers:
- name: redmine
image: redmine
volumeMounts:
- name: data
mountPath: /usr/src/redmine/files
ports:
- containerPort: 3000
env:
- name: REDMINE_DB_MYSQL
value: mysql
- name: REDMINE_DB_DATABASE
value: redmine
- name: REDMINE_DB_USERNAME
value: redmine
- name: REDMINE_DB_PASSWORD
value: "{{ redmine_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: redmine
- name: Create Service for Redmine
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: redmine
namespace: org
spec:
selector:
app: redmine
ports:
- port: 80
targetPort: 3000
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: redmine
namespace: org
spec:
ingressClassName: nginx
rules:
- host: org.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: redmine
port:
number: 80
tls:
- hosts:
- org.eom.dev
secretName: redmine

78
tasks/proxy.yaml
View File

@ -1,78 +0,0 @@
---
# tasks file for deploy-reverse-proxy.yml
- name: Create ConfigMap for httpd
vars:
httpd_server_name: "proxy.eom.dev"
httpd_conf_extra:
- httpd-auth.conf
- httpd-proxy.conf
- httpd-ssl.conf
k8s:
state: present
api_version: v1
kind: ConfigMap
name: proxy
namespace: "eom-{{ target_namespace }}"
definition:
data:
httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}"
httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}"
httpd-proxy.conf: "{{ lookup('file', 'httpd-proxy.conf') }}"
httpd-ssl.conf: "{{ lookup('file', 'httpd-ssl.conf') }}"
mime.types: "{{ lookup('file', 'mime.types') }}"
server.crt: "{{ proxy_server_crt }}"
server.key: "{{ proxy_server_key }}"
- name: Create a deployment
k8s:
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy
namespace: "eom-{{ target_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: proxy
template:
metadata:
labels:
app: proxy
spec:
containers:
- name: proxy
image: httpd
volumeMounts:
- name: config
mountPath: /usr/local/apache2/conf
ports:
- containerPort: 80
- containerPort: 443
volumes:
- name: config
configMap:
name: proxy
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: proxy
namespace: "eom-{{ target_namespace }}"
spec:
selector:
app: proxy
ports:
- port: 80
protocol: TCP
nodePort: 30080
name: proxy-80
- port: 443
protocol: TCP
nodePort: 30443
name: proxy-443
type: NodePort

182
tasks/wiki.yaml Normal file
View File

@ -0,0 +1,182 @@
---
# tasks file for mediawiki
- name: Create wiki namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: wiki
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: wiki
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: wiki
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_DATABASE
value: mediawiki
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_USER
value: mediawiki
- name: MYSQL_PASSWORD
value: "{{ mediawiki_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: wiki
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for MediaWiki
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mediawiki
namespace: wiki
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for MediaWiki
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mediawiki
namespace: wiki
labels:
app: mediawiki
spec:
replicas: 1
selector:
matchLabels:
app: mediawiki
template:
metadata:
labels:
app: mediawiki
spec:
containers:
- name: mediawiki
image: mediawiki
volumeMounts:
- name: data
mountPath: /var/www/html/images
ports:
- containerPort: 80
volumes:
- name: data
persistentVolumeClaim:
claimName: mediawiki
- name: Create Service for MediaWiki
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mediawiki
namespace: wiki
spec:
selector:
app: mediawiki
ports:
- port: 80
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: mediawiki
namespace: wiki
spec:
ingressClassName: nginx
rules:
- host: wiki.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: mediawiki
port:
number: 80
tls:
- hosts:
- wiki.eom.dev
secretName: mediawiki

190
tasks/www.yaml
View File

@ -1,67 +1,189 @@
---
# tasks file for www
- name: Create a config map for www
vars:
httpd_server_name: "www.eom.dev"
httpd_conf_extra:
- httpd-auth.conf
- httpd-ssi.conf
# tasks file for wordpress
- name: Create WordPress namespace
k8s:
state: present
api_version: v1
kind: ConfigMap
name: www
namespace: "eom-{{ target_namespace }}"
definition:
data:
httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}"
httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}"
httpd-ssi.conf: "{{ lookup('file', 'httpd-ssi.conf') }}"
mime.types: "{{ lookup('file', 'mime.types') }}"
apiVersion: v1
kind: Namespace
metadata:
name: www
- name: Create a deployment
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: www
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: www
namespace: "eom-{{ target_namespace }}"
name: mysql
namespace: www
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: www
app: mysql
template:
metadata:
labels:
app: www
app: mysql
spec:
containers:
- name: www
image: ericomeehan/www
- name: mysql
image: mysql
volumeMounts:
- name: config
mountPath: /usr/local/apache2/conf
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 80
- containerPort: 3306
env:
- name: MYSQL_DATABASE
value: wordpress
- name: MYSQL_USER
value: wordpress
- name: MYSQL_PASSWORD
value: "{{ wordpress_mysql_password }}"
volumes:
- name: config
configMap:
name: www
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Expose deployment as a service
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: www
namespace: "eom-{{ target_namespace }}"
name: mysql
namespace: www
spec:
selector:
app: www
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for WordPress
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress
namespace: www
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for WordPress
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: wordpress
namespace: www
labels:
app: wordpress
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: wordpress
image: wordpress
volumeMounts:
- name: data
mountPath: /var/www/html
ports:
- containerPort: 3000
env:
- name: WORDPRESS_DB_HOST
value: mysql
- name: WORDPRESS_DB_NAME
value: wordpress
- name: WORDPRESS_DB_USER
value: wordpress
- name: WORDPRESS_DB_PASSWORD
value: "{{ wordpress_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: wordpress
- name: Create Service for WordPress
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: www
spec:
selector:
app: wordpress
ports:
- port: 80
name: www-80
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: wordpress
namespace: www
spec:
ingressClassName: nginx
rules:
- host: www.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: wordpress
port:
number: 80
tls:
- hosts:
- www.eom.dev
secretName: wordpress