From be231a903113d5092a8b1ea6830c1bbbaad424b6 Mon Sep 17 00:00:00 2001 From: eric o meehan Date: Mon, 11 Nov 2024 15:29:29 -0500 Subject: [PATCH] v1.0.0 --- tasks/auth.yaml | 108 ++++++++++++++++++++ tasks/cloud.yaml | 191 +++++++++++++++++++++++++++++++++++ tasks/git.yaml | 234 +++++++++++++++++++++++++++---------------- tasks/mail.yaml | 169 ------------------------------- tasks/main.yaml | 50 ++-------- tasks/media.yaml | 116 ---------------------- tasks/monitor.yaml | 237 ++++++++++++++++++++++++++++++++++++++++++++ tasks/openldap.yaml | 153 ---------------------------- tasks/org.yaml | 192 +++++++++++++++++++++++++++++++++++ tasks/proxy.yaml | 78 --------------- tasks/wiki.yaml | 182 ++++++++++++++++++++++++++++++++++ tasks/www.yaml | 190 ++++++++++++++++++++++++++++------- 12 files changed, 1224 insertions(+), 676 deletions(-) create mode 100644 tasks/auth.yaml create mode 100644 tasks/cloud.yaml delete mode 100644 tasks/mail.yaml delete mode 100644 tasks/media.yaml create mode 100644 tasks/monitor.yaml delete mode 100644 tasks/openldap.yaml create mode 100644 tasks/org.yaml delete mode 100644 tasks/proxy.yaml create mode 100644 tasks/wiki.yaml diff --git a/tasks/auth.yaml b/tasks/auth.yaml new file mode 100644 index 0000000..4df269a --- /dev/null +++ b/tasks/auth.yaml @@ -0,0 +1,108 @@ +--- +# tasks file for openldap +- name: Create auth namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: auth + +- name: Create PVC for OpenLDAP data + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + namespace: auth + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + +- name: Create PVC for OpenLDAP configuration + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: config + namespace: auth + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + +- name: Create Deployment for OpenLDAP + k8s: + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: openldap + namespace: auth + spec: + replicas: 1 + selector: + matchLabels: + app: openldap + template: + metadata: + labels: + app: openldap + spec: + containers: + - name: openldap + image: osixia/openldap + env: + - name: LDAP_ORGANISATION + value: "EOM" + - name: LDAP_DOMAIN + value: "eom.dev" + - name: LDAP_ADMIN_PASSWORD + value: "{{ ldap_admin_password }}" + - name: LDAP_READONLY_USER + value: "true" + - name: LDAP_READONLY_USER_PASSWORD + value: "{{ ldap_readonly_password }}" + volumeMounts: + - name: config + mountPath: /etc/ldap/slapd.d + - name: data + mountPath: /var/lib/ldap + ports: + - containerPort: 389 + - containerPort: 636 + volumes: + - name: data + persistentVolumeClaim: + claimName: data + - name: config + persistentVolumeClaim: + claimName: config + +- name: Create Service for OpenLDAP + k8s: + definition: + apiVersion: v1 + kind: Service + metadata: + name: openldap + namespace: auth + spec: + selector: + app: openldap + ports: + - port: 389 + name: ldap + - port: 636 + name: ldaps + type: ClusterIP diff --git a/tasks/cloud.yaml b/tasks/cloud.yaml new file mode 100644 index 0000000..439d59f --- /dev/null +++ b/tasks/cloud.yaml @@ -0,0 +1,191 @@ +--- +# tasks file for nextcloud +- name: Create NextCloud namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: cloud + +- name: Create PVC for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mysql + namespace: cloud + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + +- name: Create Deployment for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: mysql + namespace: cloud + labels: + app: mysql + spec: + replicas: 1 + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mysql + volumeMounts: + - name: data + mountPath: /var/lib/mysql + ports: + - containerPort: 3306 + env: + - name: MYSQL_ROOT_PASSWORD + value: "{{ mysql_root_password }}" + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_PASSWORD + value: "{{ nextcloud_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: mysql + +- name: Create Service for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: mysql + namespace: cloud + spec: + selector: + app: mysql + ports: + - port: 3306 + name: mysql + type: ClusterIP + +- name: Create PVC for NextCloud + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: nextcloud + namespace: cloud + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Gi + +- name: Create Deployment for NextCloud + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: nextcloud + namespace: cloud + labels: + app: nextcloud + spec: + replicas: 1 + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud + volumeMounts: + - name: data + mountPath: /var/www/html + ports: + - containerPort: 3000 + env: + - name: MYSQL_HOST + value: mysql + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_PASSWORD + value: "{{ nextcloud_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: nextcloud + +- name: Create Service for NextCloud + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: nextcloud + namespace: cloud + spec: + selector: + app: nextcloud + ports: + - port: 80 + name: http + type: ClusterIP + +- name: Create Ingress + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + cert-manager.io/cluster-issuer: ca-issuer + name: nextcloud + namespace: cloud + spec: + ingressClassName: nginx + rules: + - host: cloud.eom.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: nextcloud + port: + number: 80 + tls: + - hosts: + - cloud.eom.dev + secretName: nextcloud diff --git a/tasks/git.yaml b/tasks/git.yaml index e99b744..2ba4d0b 100644 --- a/tasks/git.yaml +++ b/tasks/git.yaml @@ -1,133 +1,197 @@ --- -# tasks file for git -- name: Create a config map for git gitweb - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: git-gitweb - namespace: "eom-{{ target_namespace }}" - definition: - data: - gitweb.conf: "{{ lookup('file', 'gitweb.conf') }}" - -- name: Create a config map for git httpd - vars: - httpd_server_name: "git.eom.dev" - httpd_conf_extra: - - httpd-auth.conf - - httpd-git.conf - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: git-httpd - namespace: "eom-{{ target_namespace }}" - definition: - data: - httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}" - httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}" - httpd-git.conf: "{{ lookup('file', 'httpd-gitweb.conf') }}" - mime.types: "{{ lookup('file', 'mime.types') }}" - -- name: Create persistent volume for git +# tasks file for gitea +- name: Create git namespace k8s: state: present definition: apiVersion: v1 - kind: PersistentVolume + kind: Namespace metadata: - name: "eom-{{ target_namespace }}-git" - spec: - capacity: - storage: 32Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: "/data/store-0/eom-{{ target_namespace }}/git" - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 + name: git -- name: Create a persistent volume claim for git +- name: Create PVC for MySQL k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: git - namespace: "eom-{{ target_namespace }}" + name: mysql + namespace: git spec: accessModes: - - ReadWriteMany + - ReadWriteOnce resources: requests: - storage: 32Gi - storageClassName: standard - volumeName: "eom-{{ target_namespace }}-git" + storage: 64Gi -- name: Create a deployment +- name: Create Deployment for MySQL k8s: + state: present definition: apiVersion: v1 kind: Deployment metadata: - name: git - namespace: "eom-{{ target_namespace }}" + name: mysql + namespace: git + labels: + app: mysql spec: replicas: 1 selector: matchLabels: - app: git + app: mysql template: metadata: labels: - app: git + app: mysql spec: containers: - - name: gitweb - image: ericomeehan/gitweb + - name: mysql + image: mysql volumeMounts: - - name: gitweb-config - mountPath: /etc/gitweb.conf - subPath: gitweb.conf - - name: httpd-config - mountPath: /usr/local/apache2/conf - name: data - mountPath: /usr/local/apache2/htdocs + mountPath: /var/lib/mysql ports: - - containerPort: 80 + - containerPort: 3306 + env: + - name: MYSQL_DATABASE + value: gitea + - name: MYSQL_ROOT_PASSWORD + value: "{{ mysql_root_password }}" + - name: MYSQL_USER + value: gitea + - name: MYSQL_PASSWORD + value: "{{ gitea_mysql_password }}" volumes: - - name: gitweb-config - configMap: - name: git-gitweb - - name: httpd-config - configMap: - name: git-httpd - name: data persistentVolumeClaim: - claimName: git + claimName: mysql -- name: Expose deployment as a service +- name: Create Service for MySQL k8s: + state: present definition: apiVersion: v1 kind: Service metadata: - name: git - namespace: "eom-{{ target_namespace }}" + name: mysql + namespace: git spec: selector: - app: git + app: mysql ports: - - port: 80 - name: git-80 + - port: 3306 + name: mysql type: ClusterIP + +- name: Create PVC for Gitea + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: gitea + namespace: git + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Gi + +- name: Create Deployment for Gitea + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: gitea + namespace: git + labels: + app: gitea + spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + containers: + - name: gitea + image: gitea/gitea + volumeMounts: + - name: data + mountPath: /data + ports: + - containerPort: 3000 + - containerPort: 22 + env: + - name: GITEA__database__DB_TYPE + value: mysql + - name: GITEA__database__HOST + value: mysql + - name: GITEA__database__NAME + value: gitea + - name: GITEA__database__USER + value: gitea + - name: GITEA__database__DB_PASSWD + value: "{{ gitea_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: gitea + +- name: Create Service for Gitea + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: gitea + namespace: git + spec: + selector: + app: gitea + ports: + - port: 22 + name: ssh + - port: 80 + targetPort: 3000 + name: http + type: ClusterIP + +- name: Create Ingress + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + cert-manager.io/cluster-issuer: ca-issuer + name: gitea + namespace: git + spec: + ingressClassName: nginx + rules: + - host: git.eom.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: gitea + port: + number: 80 + tls: + - hosts: + - git.eom.dev + secretName: gitea diff --git a/tasks/mail.yaml b/tasks/mail.yaml deleted file mode 100644 index 3e784bc..0000000 --- a/tasks/mail.yaml +++ /dev/null @@ -1,169 +0,0 @@ ---- -# tasks file for mail -- name: Create ConfigMap for mail - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: mail - namespace: "eom-{{ target_namespace }}" - definition: - data: - server.crt: "{{ proxy_server_crt }}" - server.key: "{{ proxy_server_key }}" - -- name: Create persistent volume for mail - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolume - metadata: - name: "eom-{{ target_namespace }}-mail" - spec: - capacity: - storage: 32Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: "/data/store-0/eom-{{ target_namespace }}/mail" - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 - -- name: Create a persistent volume claim for mail - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: mail - namespace: "eom-{{ target_namespace }}" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 32Gi - storageClassName: standard - volumeName: "eom-{{ target_namespace }}-mail" - -- name: Create a deployment - k8s: - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: mail - namespace: "eom-{{ target_namespace }}" - spec: - replicas: 1 - selector: - matchLabels: - app: mail - template: - metadata: - labels: - app: mail - spec: - containers: - - name: mail - image: mailserver/docker-mailserver - volumeMounts: - - name: ssl - mountPath: /etc/letsencrypt - - name: mail - mountPath: /var/mail - ports: - - containerPort: 25 - - containerPort: 465 - - containerPort: 587 - - containerPort: 993 - env: - - name: OVERRIDE_HOSTNAME - value: "mail.eom.dev" - - name: ACCOUNT_PROVISIONER - value: "LDAP" - - name: LDAP_SERVER_HOST - value: "ldap://openldap/" - - name: LDAP_SEARCH_BASE - value: "dc=eom,dc=dev" - - name: LDAP_BIND_DN - value: "cn=admin,dc=eom,dc=dev" - - name: LDAP_BIND_PW - value: "{{ ldap_admin_password }}" - - name: LDAP_QUERY_FILTER_USER - value: "(&(mail=%s))" - - name: LDAP_QUERY_FILTER_GROUP - value: "(&(mailGroupMember=%s)(mailEnabled=TRUE))" - - name: LDAP_QUERY_FILTER_ALIAS - value: "(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))" - - name: LDAP_QUERY_FILTER_DOMAIN - value: "(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))" - - name: DOVECOT_PASS_FILTER - value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" - - name: DOVECOT_USER_FILTER - value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" - - name: ENABLE_SASLAUTHD - value: "1" - - name: SASLAUTHD_MECHANISMS - value: "ldap" - - name: SASLAUTHD_LDAP_SERVER - value: "ldap://openldap/" - - name: SASLAUTHD_LDAP_BIND_DN - value: "cn=admin,dc=eom,dc=dev" - - name: SASLAUTHD_LDAP_PASSWORD - value: "{{ ldap_admin_password }}" - - name: SASLAUTHD_LDAP_SEARCH_BASE - value: "dc=eom,dc=dev" - - name: SASLAUTHD_LDAP_FILTER - value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%U))" - - name: POSTMASTER_ADDRESS - value: "admin@mail.eom.dev" - - name: SSL_TYPE - value: "manual" - - name: SSL_CERT_PATH - value: "/etc/letsencrypt/server.crt" - - name: SSL_KEY_PATH - value: "/etc/letsencrypt/server.key" - volumes: - - name: ssl - configMap: - name: mail - - name: mail - persistentVolumeClaim: - claimName: mail - -- name: Expose deployment as a service - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: mail - namespace: "eom-{{ target_namespace }}" - spec: - selector: - app: mail - ports: - - port: 25 - name: mail-25 - nodePort: 30025 - - port: 465 - name: mail-465 - nodePort: 30465 - - port: 587 - name: mail-587 - nodePort: 30587 - - port: 993 - name: mail-993 - nodePort: 30993 - type: NodePort diff --git a/tasks/main.yaml b/tasks/main.yaml index 3e4638a..f77ded2 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,48 +1,16 @@ --- # tasks file for eom -- name: Create eom namespace - k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: "eom-{{ target_namespace }}" +- name: Deploy Auth + include_tasks: auth.yaml -- name: Deploy eom openldap - include_tasks: openldap.yaml +- name: Deploy Cloud + include_tasks: cloud.yaml -- name: Deploy eom proxy - include_tasks: proxy.yaml - -- name: Deploy eom git +- name: Deploy Git include_tasks: git.yaml -- name: Deploy eom media - include_tasks: media.yaml +- name: Deploy Wiki + include_tasks: wiki.yaml -- name: Deploy eom www - include_tasks: www.yaml - -- name: Create network policy - k8s: - state: present - definition: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: restrict-external-access - namespace: "eom-{{ target_namespace }}" - spec: - podSelector: - matchExpressions: - - key: app - operator: In - values: - - proxy - policyTypes: - - Ingress - ingress: - - from: - - ipBlock: - cidr: 192.168.1.0/24 +- name: Deploy Redmine + include_tasks: org.yaml diff --git a/tasks/media.yaml b/tasks/media.yaml deleted file mode 100644 index d12808a..0000000 --- a/tasks/media.yaml +++ /dev/null @@ -1,116 +0,0 @@ ---- -# tasks file for media -- name: Create a config map for httpd - vars: - httpd_server_name: "media.eom.dev" - httpd_conf_extra: - - httpd-auth.conf - - httpd-dav.conf - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: media - namespace: "eom-{{ target_namespace }}" - definition: - data: - httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}" - httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}" - httpd-dav.conf: "{{ lookup('file', 'httpd-dav.conf') }}" - mime.types: "{{ lookup('file', 'mime.types') }}" - -- name: Create persistent volume for media - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolume - metadata: - name: "eom-{{ target_namespace }}-media" - spec: - capacity: - storage: 1024Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: "/data/store-0/eom-{{ target_namespace }}/media" - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 - -- name: Create a persistent volume claim for media - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: media - namespace: "eom-{{ target_namespace }}" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1024Gi - storageClassName: standard - volumeName: "eom-{{ target_namespace }}-media" - -- name: Create a deployment - k8s: - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: media - namespace: "eom-{{ target_namespace }}" - spec: - replicas: 1 - selector: - matchLabels: - app: media - template: - metadata: - labels: - app: media - spec: - containers: - - name: httpd - image: httpd - volumeMounts: - - name: config - mountPath: /usr/local/apache2/conf - - name: media - mountPath: /usr/local/apache2/htdocs/ - ports: - - containerPort: 80 - volumes: - - name: config - configMap: - name: media - - name: media - persistentVolumeClaim: - claimName: media - -- name: Expose deployment as a service - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: media - namespace: "eom-{{ target_namespace }}" - spec: - selector: - app: media - ports: - - port: 80 - name: media-80 - type: ClusterIP diff --git a/tasks/monitor.yaml b/tasks/monitor.yaml new file mode 100644 index 0000000..c5cae6f --- /dev/null +++ b/tasks/monitor.yaml @@ -0,0 +1,237 @@ +--- +# tasks file for grafana +- name: Create monitoring namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: monitor + +- name: Create PVC for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mysql + namespace: monitor + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + +- name: Create Deployment for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: mysql + namespace: monitor + labels: + app: mysql + spec: + replicas: 1 + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mysql + volumeMounts: + - name: data + mountPath: /var/lib/mysql + ports: + - containerPort: 3306 + env: + - name: MYSQL_DATABASE + value: grafana + - name: MYSQL_USER + value: grafana + - name: MYSQL_PASSWORD + value: "{{ grafana_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: mysql + +- name: Create Service for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: mysql + namespace: monitor + spec: + selector: + app: mysql + ports: + - port: 3306 + name: mysql + type: ClusterIP + +- name: Create PVC for InfluxDB + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: influxdb + namespace: monitor + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Gi + +- name: Create Deployment for InfluxDB + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: influxdb + namespace: monitor + labels: + app: influxdb + spec: + replicas: 1 + selector: + matchLabels: + app: influxdb + template: + metadata: + labels: + app: influxdb + spec: + containers: + - name: influxdb + image: influxdb + volumeMounts: + - name: data + mountPath: /var/lib/influxdb + ports: + - containerPort: 8086 + volumes: + - name: data + persistentVolumeClaim: + claimName: influxdb + +- name: Create Service for InfluxDB + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: influxdb + namespace: monitor + spec: + selector: + app: influxdb + ports: + - port: 80 + targetPort: 8086 + name: influxdb + type: ClusterIP + +- name: Create Deployment for Grafana + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: grafana + namespace: monitor + labels: + app: grafana + spec: + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + containers: + - name: grafana + image: grafana + ports: + - containerPort: 3000 + env: + - name: GF_DATABASE_TYPE + value: mysql + - name: GF_DATABASE_HOST + value: mysql + - name: GF_DATABASE_USER + value: grafana + - name: GF_DATABASE_PASSWORD + value: "{{ grafana_mysql_password }}" + +- name: Create Service for Grafana + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: grafana + namespace: monitor + spec: + selector: + app: grafana + ports: + - port: 22 + name: ssh + - port: 80 + targetPort: 3000 + name: http + type: ClusterIP + +- name: Create Ingress + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + cert-manager.io/cluster-issuer: ca-issuer + name: grafana + namespace: monitor + spec: + ingressClassName: nginx + rules: + - host: git.eom.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: grafana + port: + number: 80 + tls: + - hosts: + - git.eom.dev + secretName: grafana diff --git a/tasks/openldap.yaml b/tasks/openldap.yaml deleted file mode 100644 index d07f8c4..0000000 --- a/tasks/openldap.yaml +++ /dev/null @@ -1,153 +0,0 @@ ---- -# tasks file for openldap -- name: Create persistent volume for openldap-config - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolume - metadata: - name: "eom-{{ target_namespace }}-openldap-config" - spec: - capacity: - storage: 1024Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: "/data/store-0/eom-{{ target_namespace }}/openldap-config" - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 - -- name: Create a persistent volume claim for openldap-config - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: openldap-config - namespace: "eom-{{ target_namespace }}" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1024Gi - storageClassName: standard - volumeName: "eom-{{ target_namespace }}-openldap-config" - -- name: Create persistent volume for openldap-data - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolume - metadata: - name: "eom-{{ target_namespace }}-openldap-data" - spec: - capacity: - storage: 1024Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: "/data/store-0/eom-{{ target_namespace }}/openldap-data" - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 - -- name: Create a persistent volume claim for openldap-data - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: openldap-data - namespace: "eom-{{ target_namespace }}" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1024Gi - storageClassName: standard - volumeName: "eom-{{ target_namespace }}-openldap-data" - -- name: Create a deployment - k8s: - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: openldap - namespace: "eom-{{ target_namespace }}" - spec: - replicas: 1 - selector: - matchLabels: - app: openldap - template: - metadata: - labels: - app: openldap - spec: - containers: - - name: openldap - image: osixia/openldap - env: - - name: LDAP_ORGANISATION - value: "EOM" - - name: LDAP_DOMAIN - value: "eom.dev" - - name: LDAP_ADMIN_PASSWORD - value: "{{ ldap_admin_password }}" - - name: LDAP_READONLY_USER - value: "true" - - name: LDAP_READONLY_USER_PASSWORD - value: "{{ ldap_readonly_password }}" - volumeMounts: - - name: config - mountPath: /etc/ldap/slapd.d - - name: data - mountPath: /var/lib/ldap - ports: - - containerPort: 389 - - containerPort: 636 - volumes: - - name: config - persistentVolumeClaim: - claimName: openldap-config - - name: data - persistentVolumeClaim: - claimName: openldap-data - -- name: Expose deployment as a service - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: openldap - namespace: "eom-{{ target_namespace }}" - spec: - selector: - app: openldap - ports: - - port: 389 - name: openldap-389 - type: ClusterIP diff --git a/tasks/org.yaml b/tasks/org.yaml new file mode 100644 index 0000000..3655bb2 --- /dev/null +++ b/tasks/org.yaml @@ -0,0 +1,192 @@ +--- +# tasks file for redmine +- name: Create org namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: org + +- name: Create PVC for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mysql + namespace: org + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Gi + +- name: Create Deployment for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: mysql + namespace: org + labels: + app: mysql + spec: + replicas: 1 + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mysql + volumeMounts: + - name: data + mountPath: /var/lib/mysql + ports: + - containerPort: 3306 + env: + - name: MYSQL_DATABASE + value: redmine + - name: MYSQL_ROOT_PASSWORD + value: "{{ mysql_root_password }}" + - name: MYSQL_USER + value: redmine + - name: MYSQL_PASSWORD + value: "{{ redmine_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: mysql + +- name: Create Service for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: mysql + namespace: org + spec: + selector: + app: mysql + ports: + - port: 3306 + name: mysql + type: ClusterIP + +- name: Create PVC for Redmine + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redmine + namespace: org + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + +- name: Create Deployment for Redmine + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: redmine + namespace: org + labels: + app: redmine + spec: + replicas: 1 + selector: + matchLabels: + app: redmine + template: + metadata: + labels: + app: redmine + spec: + containers: + - name: redmine + image: redmine + volumeMounts: + - name: data + mountPath: /usr/src/redmine/files + ports: + - containerPort: 3000 + env: + - name: REDMINE_DB_MYSQL + value: mysql + - name: REDMINE_DB_DATABASE + value: redmine + - name: REDMINE_DB_USERNAME + value: redmine + - name: REDMINE_DB_PASSWORD + value: "{{ redmine_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: redmine + +- name: Create Service for Redmine + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: redmine + namespace: org + spec: + selector: + app: redmine + ports: + - port: 80 + targetPort: 3000 + name: http + type: ClusterIP + +- name: Create Ingress + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + cert-manager.io/cluster-issuer: ca-issuer + name: redmine + namespace: org + spec: + ingressClassName: nginx + rules: + - host: org.eom.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: redmine + port: + number: 80 + tls: + - hosts: + - org.eom.dev + secretName: redmine diff --git a/tasks/proxy.yaml b/tasks/proxy.yaml deleted file mode 100644 index ff2a510..0000000 --- a/tasks/proxy.yaml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# tasks file for deploy-reverse-proxy.yml -- name: Create ConfigMap for httpd - vars: - httpd_server_name: "proxy.eom.dev" - httpd_conf_extra: - - httpd-auth.conf - - httpd-proxy.conf - - httpd-ssl.conf - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: proxy - namespace: "eom-{{ target_namespace }}" - definition: - data: - httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}" - httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}" - httpd-proxy.conf: "{{ lookup('file', 'httpd-proxy.conf') }}" - httpd-ssl.conf: "{{ lookup('file', 'httpd-ssl.conf') }}" - mime.types: "{{ lookup('file', 'mime.types') }}" - server.crt: "{{ proxy_server_crt }}" - server.key: "{{ proxy_server_key }}" - -- name: Create a deployment - k8s: - definition: - apiVersion: apps/v1 - kind: Deployment - metadata: - name: proxy - namespace: "eom-{{ target_namespace }}" - spec: - replicas: 1 - selector: - matchLabels: - app: proxy - template: - metadata: - labels: - app: proxy - spec: - containers: - - name: proxy - image: httpd - volumeMounts: - - name: config - mountPath: /usr/local/apache2/conf - ports: - - containerPort: 80 - - containerPort: 443 - volumes: - - name: config - configMap: - name: proxy - -- name: Expose deployment as a service - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: proxy - namespace: "eom-{{ target_namespace }}" - spec: - selector: - app: proxy - ports: - - port: 80 - protocol: TCP - nodePort: 30080 - name: proxy-80 - - port: 443 - protocol: TCP - nodePort: 30443 - name: proxy-443 - type: NodePort diff --git a/tasks/wiki.yaml b/tasks/wiki.yaml new file mode 100644 index 0000000..91ec763 --- /dev/null +++ b/tasks/wiki.yaml @@ -0,0 +1,182 @@ +--- +# tasks file for mediawiki +- name: Create wiki namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: wiki + +- name: Create PVC for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mysql + namespace: wiki + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Gi + +- name: Create Deployment for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: mysql + namespace: wiki + labels: + app: mysql + spec: + replicas: 1 + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mysql + volumeMounts: + - name: data + mountPath: /var/lib/mysql + ports: + - containerPort: 3306 + env: + - name: MYSQL_DATABASE + value: mediawiki + - name: MYSQL_ROOT_PASSWORD + value: "{{ mysql_root_password }}" + - name: MYSQL_USER + value: mediawiki + - name: MYSQL_PASSWORD + value: "{{ mediawiki_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: mysql + +- name: Create Service for MySQL + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: mysql + namespace: wiki + spec: + selector: + app: mysql + ports: + - port: 3306 + name: mysql + type: ClusterIP + +- name: Create PVC for MediaWiki + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mediawiki + namespace: wiki + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + +- name: Create Deployment for MediaWiki + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: mediawiki + namespace: wiki + labels: + app: mediawiki + spec: + replicas: 1 + selector: + matchLabels: + app: mediawiki + template: + metadata: + labels: + app: mediawiki + spec: + containers: + - name: mediawiki + image: mediawiki + volumeMounts: + - name: data + mountPath: /var/www/html/images + ports: + - containerPort: 80 + volumes: + - name: data + persistentVolumeClaim: + claimName: mediawiki + +- name: Create Service for MediaWiki + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: mediawiki + namespace: wiki + spec: + selector: + app: mediawiki + ports: + - port: 80 + name: http + type: ClusterIP + +- name: Create Ingress + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + cert-manager.io/cluster-issuer: ca-issuer + name: mediawiki + namespace: wiki + spec: + ingressClassName: nginx + rules: + - host: wiki.eom.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: mediawiki + port: + number: 80 + tls: + - hosts: + - wiki.eom.dev + secretName: mediawiki diff --git a/tasks/www.yaml b/tasks/www.yaml index a503cc0..24b0292 100644 --- a/tasks/www.yaml +++ b/tasks/www.yaml @@ -1,67 +1,189 @@ --- -# tasks file for www -- name: Create a config map for www - vars: - httpd_server_name: "www.eom.dev" - httpd_conf_extra: - - httpd-auth.conf - - httpd-ssi.conf +# tasks file for wordpress +- name: Create WordPress namespace k8s: state: present - api_version: v1 - kind: ConfigMap - name: www - namespace: "eom-{{ target_namespace }}" definition: - data: - httpd.conf: "{{ lookup('template', 'httpd.conf.j2') }}" - httpd-auth.conf: "{{ lookup('template', 'httpd-auth.conf.j2') }}" - httpd-ssi.conf: "{{ lookup('file', 'httpd-ssi.conf') }}" - mime.types: "{{ lookup('file', 'mime.types') }}" + apiVersion: v1 + kind: Namespace + metadata: + name: www -- name: Create a deployment +- name: Create PVC for MySQL k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mysql + namespace: www + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 64Gi + +- name: Create Deployment for MySQL + k8s: + state: present definition: apiVersion: v1 kind: Deployment metadata: - name: www - namespace: "eom-{{ target_namespace }}" + name: mysql + namespace: www + labels: + app: mysql spec: replicas: 1 selector: matchLabels: - app: www + app: mysql template: metadata: labels: - app: www + app: mysql spec: containers: - - name: www - image: ericomeehan/www + - name: mysql + image: mysql volumeMounts: - - name: config - mountPath: /usr/local/apache2/conf + - name: data + mountPath: /var/lib/mysql ports: - - containerPort: 80 + - containerPort: 3306 + env: + - name: MYSQL_DATABASE + value: wordpress + - name: MYSQL_USER + value: wordpress + - name: MYSQL_PASSWORD + value: "{{ wordpress_mysql_password }}" volumes: - - name: config - configMap: - name: www + - name: data + persistentVolumeClaim: + claimName: mysql -- name: Expose deployment as a service +- name: Create Service for MySQL k8s: + state: present definition: apiVersion: v1 kind: Service metadata: - name: www - namespace: "eom-{{ target_namespace }}" + name: mysql + namespace: www spec: selector: - app: www + app: mysql + ports: + - port: 3306 + name: mysql + type: ClusterIP + +- name: Create PVC for WordPress + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: wordpress + namespace: www + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Gi + +- name: Create Deployment for WordPress + k8s: + state: present + definition: + apiVersion: v1 + kind: Deployment + metadata: + name: wordpress + namespace: www + labels: + app: wordpress + spec: + replicas: 1 + selector: + matchLabels: + app: wordpress + template: + metadata: + labels: + app: wordpress + spec: + containers: + - name: wordpress + image: wordpress + volumeMounts: + - name: data + mountPath: /var/www/html + ports: + - containerPort: 3000 + env: + - name: WORDPRESS_DB_HOST + value: mysql + - name: WORDPRESS_DB_NAME + value: wordpress + - name: WORDPRESS_DB_USER + value: wordpress + - name: WORDPRESS_DB_PASSWORD + value: "{{ wordpress_mysql_password }}" + volumes: + - name: data + persistentVolumeClaim: + claimName: wordpress + +- name: Create Service for WordPress + k8s: + state: present + definition: + apiVersion: v1 + kind: Service + metadata: + name: wordpress + namespace: www + spec: + selector: + app: wordpress ports: - port: 80 - name: www-80 + name: http type: ClusterIP + +- name: Create Ingress + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + annotations: + cert-manager.io/cluster-issuer: ca-issuer + name: wordpress + namespace: www + spec: + ingressClassName: nginx + rules: + - host: www.eom.dev + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: wordpress + port: + number: 80 + tls: + - hosts: + - www.eom.dev + secretName: wordpress