diff --git a/.gitignore b/.gitignore index 335ec95..ad7e072 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ +vault *.tar.gz +roles/ diff --git a/eom.dev.yml b/eom.dev.yml index 3773623..6e9dd91 100644 --- a/eom.dev.yml +++ b/eom.dev.yml @@ -2,42 +2,9 @@ - name: Deploy eom.dev one service at a time hosts: alpha-control-plane become: true - pre_tasks: - - name: Create issuer for letsencrypt staging - k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: ClusterIssuer - metadata: - name: letsencrypt-staging - spec: - acme: - email: eric@eom.dev - server: https://acme-staging-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-staging-issuer-account-key - solvers: - - http01: - ingress: - ingressClassName: nginx - - name: Create issuer for letsencrypt production - k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: ClusterIssuer - metadata: - name: letsencrypt-production - spec: - acme: - email: eric@eom.dev - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-production-issuer-account-key - solvers: - - http01: - ingress: - ingressClassName: nginx + vars_files: + - vars/secrets.yaml roles: - - role: ericomeehan.eom.dev + - role: ericomeehan.eom + vars: + target_namespace: prod diff --git a/gondwanamc.com.yml b/gondwanamc.com.yml index 0eb4dbc..cc086c4 100644 --- a/gondwanamc.com.yml +++ b/gondwanamc.com.yml @@ -2,4 +2,6 @@ hosts: alpha-control-plane become: true roles: - - role: ericomeehan.gondwanamc + - role: ericomeehan.gondwana + vars: + target_namespace: prod diff --git a/host_vars/all.yaml b/host_vars/all.yaml new file mode 100644 index 0000000..21b5e09 --- /dev/null +++ b/host_vars/all.yaml @@ -0,0 +1 @@ +is_new_host: true diff --git a/inventories/attlocal.yml b/inventories/attlocal.yml index 43d15ba..5dfdd72 100644 --- a/inventories/attlocal.yml +++ b/inventories/attlocal.yml @@ -8,8 +8,8 @@ all: control_plane: hosts: alpha-control-plane: - ansible-host: 192.168.1.132 + ansible-host: 192.168.1.137 workers: hosts: alpha-worker-0: - ansible-host: 192.168.1.130 + ansible-host: 192.168.1.138 diff --git a/roles/ericomeehan.eom.dev/tasks/deploy-grafana.yml b/roles/ericomeehan.eom.dev/tasks/deploy-grafana.yml index 1eaca0f..d025a9c 100644 --- a/roles/ericomeehan.eom.dev/tasks/deploy-grafana.yml +++ b/roles/ericomeehan.eom.dev/tasks/deploy-grafana.yml @@ -64,8 +64,10 @@ spec: securityContext: runAsUser: 472 - fsGroup: 472 runAsGroup: 472 + fsGroup: 472 + supplementalGroups: + - 0 containers: - name: grafana image: grafana/grafana diff --git a/roles/ericomeehan.eom.dev/tasks/deploy-influxdb.yml b/roles/ericomeehan.eom.dev/tasks/deploy-influxdb.yml index 05b5a14..0fb016a 100644 --- a/roles/ericomeehan.eom.dev/tasks/deploy-influxdb.yml +++ b/roles/ericomeehan.eom.dev/tasks/deploy-influxdb.yml @@ -16,7 +16,7 @@ persistentVolumeReclaimPolicy: Retain storageClassName: standard hostPath: - path: "/data/vault-0/eom/influxdb" + path: "/data/store-0/eom/influxdb" nodeAffinity: required: nodeSelectorTerms: diff --git a/roles/ericomeehan.eom.dev/tasks/main.yml b/roles/ericomeehan.eom.dev/tasks/main.yml index 45538b4..2de5e29 100644 --- a/roles/ericomeehan.eom.dev/tasks/main.yml +++ b/roles/ericomeehan.eom.dev/tasks/main.yml @@ -24,6 +24,34 @@ - name: Deploy grafana include_tasks: deploy-grafana.yml +- name: Create network policy + k8s: + state: present + definition: + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: eom-private-services + namespace: eom + spec: + podSelector: + matchExpressions: + - key: app + operator: In + values: + - gitea + - grafana + - influxdb + - mediawiki + - nextcloud + - redmine + policyTypes: + - Ingress + ingress: + - from: + - ipBlock: + cidr: 192.168.1.0/24 + - name: Create ingress resource k8s: state: present @@ -94,5 +122,6 @@ - grafana.eom.dev - influxdb.eom.dev - mediawiki.eom.dev + - nextcloud.eom.dev - redmine.eom.dev secretName: eom-certs diff --git a/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml b/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml index fb56566..a876eca 100644 --- a/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml +++ b/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml @@ -3,13 +3,12 @@ - name: Install additional user packages apt: name: + - certbot - curl + - davfs2 - git - - gimp - gpsd - - mariadb-client - neovim - - openscad - passwordsafe - tmux - w3m @@ -41,5 +40,3 @@ copy: src: init.lua dest: /home/eric/.config/nvim/init.lua - -# TODO: ansible-galaxy collection install community.kubernetes diff --git a/roles/ericomeehan.gondwanamc/README.md b/roles/ericomeehan.gondwanamc/README.md deleted file mode 100644 index 225dd44..0000000 --- a/roles/ericomeehan.gondwanamc/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/ericomeehan.gondwanamc/defaults/main.yml b/roles/ericomeehan.gondwanamc/defaults/main.yml deleted file mode 100644 index abd0745..0000000 --- a/roles/ericomeehan.gondwanamc/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.gondwanamc/files/server.properties b/roles/ericomeehan.gondwanamc/files/server.properties deleted file mode 100644 index 8a904f8..0000000 --- a/roles/ericomeehan.gondwanamc/files/server.properties +++ /dev/null @@ -1,59 +0,0 @@ -#Minecraft server properties -#Mon May 27 13:39:37 UTC 2024 -allow-flight=false -allow-nether=true -broadcast-console-to-ops=true -broadcast-rcon-to-ops=true -difficulty=hard -enable-command-block=true -enable-jmx-monitoring=false -enable-query=false -enable-rcon=false -enable-status=true -enforce-secure-profile=true -enforce-whitelist=true -entity-broadcast-range-percentage=100 -force-gamemode=false -function-permission-level=2 -gamemode=survival -generate-structures=true -generator-settings={} -hardcore=false -hide-online-players=false -initial-disabled-packs= -initial-enabled-packs=vanilla -level-name=Gondwana -level-seed=-5079912890610012924 -level-type=minecraft\:large_biomes -log-ips=true -max-chained-neighbor-updates=1000000 -max-players=20 -max-tick-time=60000 -max-world-size=29999984 -motd=A Minecraft server by eom.dev -network-compression-threshold=256 -online-mode=true -op-permission-level=4 -player-idle-timeout=0 -prevent-proxy-connections=false -pvp=true -query.port=25565 -rate-limit=0 -rcon.password= -rcon.port=25575 -require-resource-pack=false -resource-pack= -resource-pack-prompt= -resource-pack-sha1= -server-ip= -server-port=25565 -simulation-distance=10 -spawn-animals=true -spawn-monsters=true -spawn-npcs=true -spawn-protection=16 -sync-chunk-writes=true -text-filtering-config= -use-native-transport=true -view-distance=10 -white-list=true diff --git a/roles/ericomeehan.gondwanamc/files/whitelist.json b/roles/ericomeehan.gondwanamc/files/whitelist.json deleted file mode 100644 index a395217..0000000 --- a/roles/ericomeehan.gondwanamc/files/whitelist.json +++ /dev/null @@ -1,27 +0,0 @@ -[ - { - "uuid": "94e6d0fc-bd44-4f50-ae67-cb9a7b3a4050", - "name": "TopHatRick" - }, - { - "uuid": "8f2a59e5-84ef-46a2-8eec-7988171e6e1f", - "name": "PVitamin" - }, - { - "uuid": "a7b53bb0-ed66-4129-9c41-d8b51d383978", - "name": "BloodRavenGhola" - }, - { - "uuid": "01188fed-cb2a-4fb7-b9a3-c43132bb8a30", - "name": "ThisNurseKills" - }, - { - "uuid": "29ace271-a0b8-44be-aa73-61826da768aa", - "name": "ActuallyItsLars" - }, - { - "uuid": "adac3ea5-bdd8-44d5-bc26-bf0e5f7790bf", - "name": "thegreatyamwar" - } -] - diff --git a/roles/ericomeehan.gondwanamc/handlers/main.yml b/roles/ericomeehan.gondwanamc/handlers/main.yml deleted file mode 100644 index 019ca4f..0000000 --- a/roles/ericomeehan.gondwanamc/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.gondwanamc/meta/main.yml b/roles/ericomeehan.gondwanamc/meta/main.yml deleted file mode 100644 index c572acc..0000000 --- a/roles/ericomeehan.gondwanamc/meta/main.yml +++ /dev/null @@ -1,52 +0,0 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/ericomeehan.gondwanamc/tasks/deploy-production.yml b/roles/ericomeehan.gondwanamc/tasks/deploy-production.yml deleted file mode 100644 index 3945f95..0000000 --- a/roles/ericomeehan.gondwanamc/tasks/deploy-production.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -# tasks file for deploy-production.yml -- name: Create persistent volume for gondwanamc production - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolume - metadata: - name: pv-gondwanamc-production - spec: - capacity: - storage: 8Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: /data/store-0/pv-gondwanamc-production - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 - -- name: Unpack gondwanamc world data to the production persistent volume - unpack: - src: Gondwana.tar.gz - dest: /data/store-0/pv-gondwanamc-production - copy: true - -- name: Copy server properties to production persistent volume - copy: - src: server.properties - dest: /data/store-0/pv-gondwanamc-production - -- name: Copy whitelist to production persistent volume - copy: - src: whitelist.json - dest: /data/store-0/pv-gondwanamc-production - -- name: Create persistent volume claim for gondwanamc production volume - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: pv-claim-gondwanamc-production - namespace: production - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi - storageClassName: standard - volumeName: pv-gondwanamc-production - -- name: Create a production Deployment - k8s: - definition: - apiVersion: apps/v1 - kind: Deployment - metadata: - name: minecraft-deployment - namespace: production - spec: - replicas: 1 - selector: - matchLabels: - app: gondwanamc.com - template: - metadata: - labels: - app: gondwanamc.com - spec: - containers: - - name: openminecraft - image: itzg/minecraft-server - volumeMounts: - - name: pv-gondwanamc-production - mountPath: /data - ports: - - containerPort: 25565 - - containerPort: 24454 - env: - - name: EULA - value: "TRUE" - - name: TYPE - value: "FABRIC" - - name: MODS - value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download" - volumes: - - name: pv-gondwanamc-production - persistentVolumeClaim: - claimName: pv-claim-gondwanamc-production - -- name: Expose Deployment as a Service in production - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: service-gondwanamc-com - namespace: production - spec: - selector: - app: gondwanamc.com - ports: - - port: 24454 - protocol: TCP - name: minecraft-port-24454 - nodePort: "{{ nodePorts[gondwanamc-24454] }}" - - port: 25565 - protocol: TCP - name: minecraft-port-25565 - nodePort: "{{ nodePorts[gondwanamc-25565] }}" - type: NodePort diff --git a/roles/ericomeehan.gondwanamc/tasks/deploy-testing.yml b/roles/ericomeehan.gondwanamc/tasks/deploy-testing.yml deleted file mode 100644 index 4c0a299..0000000 --- a/roles/ericomeehan.gondwanamc/tasks/deploy-testing.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -# tasks file for ericomeehan.minecraft.eom.dev -- name: Create persistent volume for gondwanamc testing - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolume - metadata: - name: pv-gondwanamc-testing - spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: standard - hostPath: - path: /data/store-0/pv-gondwanamc-testing - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - alpha-worker-0 - -- name: Create persistent volume claim for gondwanamc testing volume - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: pv-claim-gondwanamc-testing - namespace: testing - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: standard - volumeName: pv-gondwanamc-testing - -- name: Create a testing Deployment - k8s: - definition: - apiVersion: apps/v1 - kind: Deployment - metadata: - name: minecraft-deployment - namespace: testing - spec: - replicas: 1 - selector: - matchLabels: - app: gondwanamc.com - template: - metadata: - labels: - app: gondwanamc.com - spec: - containers: - - name: openminecraft - image: itzg/minecraft-server - volumeMounts: - - name: pv-gondwanamc-testing - mountPath: /data - ports: - - containerPort: 25565 - - containerPort: 24454 - env: - - name: EULA - value: "TRUE" - - name: TYPE - value: "FABRIC" - - name: MODS - value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download" - volumes: - - name: pv-gondwanamc-testing - persistentVolumeClaim: - claimName: pv-claim-gondwanamc-testing - -- name: Expose Deployment as a Service in testing - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: service-gondwanamc-com - namespace: testing - spec: - selector: - app: gondwanamc.com - ports: - - port: 24454 - protocol: TCP - name: minecraft-port-24454 - - port: 25565 - protocol: TCP - name: minecraft-port-25565 - type: ClusterIP diff --git a/roles/ericomeehan.gondwanamc/tasks/main.yml b/roles/ericomeehan.gondwanamc/tasks/main.yml deleted file mode 100644 index 5168673..0000000 --- a/roles/ericomeehan.gondwanamc/tasks/main.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -# tasks file for ericomeehan.gondwanamc -# TODO: Create configmaps for configurations -- name: Create gondwanamc namespace - k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: gondwanamc - -- name: Create persistent volume claim for gondwanamc volume - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: gondwanamc - namespace: gondwanamc - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi - storageClassName: alpha-0-store-0 - volumeName: gondwanamc - -- name: Manually copy world data to pvc - pause: - prompt: Press enter once world data has been manually copied - -- name: Create config map for server.properties - k8s: - state: present - api_version: v1 - kind: ConfigMap - name: properties - namespace: gondwanamc - definition: - data: - server.properties: "{{ lookup('file', 'server.properties') }}" - whitelist.json: "{{ lookup('file', 'whitelist.json') }}" - -- name: Create a Deployment - k8s: - definition: - apiVersion: apps/v1 - kind: Deployment - metadata: - name: gondwanamc - namespace: gondwanamc - spec: - replicas: 1 - selector: - matchLabels: - app: gondwanamc - template: - metadata: - labels: - app: gondwanamc - spec: - containers: - - name: minecraft - image: itzg/minecraft-server - volumeMounts: - - name: properties - mountPath: /data - - name: gondwanamc - mountPath: /data/Gondwana - ports: - - containerPort: 25565 - - containerPort: 24454 - env: - - name: EULA - value: "TRUE" - - name: TYPE - value: "FABRIC" - - name: MODS - value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download" - volumes: - - name: gondwanamc - persistentVolumeClaim: - claimName: gondwanamc - - name: properties - configMap: - name: properties - -- name: Expose Deployment as a Service - k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: gondwanamc - namespace: gondwanamc - spec: - selector: - app: gondwanamc - ports: - - port: 24454 - protocol: TCP - name: gondwanamc-port-24454 - - port: 25565 - protocol: TCP - name: gondwanamc-port-25565 - type: NodePort diff --git a/roles/ericomeehan.gondwanamc/tests/inventory b/roles/ericomeehan.gondwanamc/tests/inventory deleted file mode 100644 index 878877b..0000000 --- a/roles/ericomeehan.gondwanamc/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/roles/ericomeehan.gondwanamc/tests/test.yml b/roles/ericomeehan.gondwanamc/tests/test.yml deleted file mode 100644 index 30cc88a..0000000 --- a/roles/ericomeehan.gondwanamc/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.gondwanamc/vars/main.yml b/roles/ericomeehan.gondwanamc/vars/main.yml deleted file mode 100644 index 27e60e7..0000000 --- a/roles/ericomeehan.gondwanamc/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for ericomeehan.minecraft.eom.dev diff --git a/site.yml b/site.yml index 8659bd9..454cdec 100644 --- a/site.yml +++ b/site.yml @@ -1,25 +1,45 @@ --- # Master playbook for eom.dev -- name: Initialize systems + +- name: Initialize new nodes hosts: all become: true - pre_tasks: + vars: + is_new_host: false + tasks: + - name: Update apt + when: is_new_host == true + apt: + update_cache: yes - name: Install debconf-utils + when: is_new_host == true apt: name: debconf-utils state: present - name: Create preseed file - command: echo "#_preseed_V1" > /root/preseed.txt + when: is_new_host == true + shell: echo "#_preseed_V1" > /root/preseed.txt - name: Append installer's debconf database to the preseed file - command: debconf-get-selections --installer >> /root/preseed.txt + when: is_new_host == true + shell: debconf-get-selections --installer >> /root/preseed.txt - name: Append debconf database to the preseed file - command: debconf-get-selections >> /root/preseed.txt + when: is_new_host == true + shell: debconf-get-selections >> /root/preseed.txt - name: Append text from files/motd to the beginning of remote motd file + when: is_new_host == true blockinfile: path: /etc/motd marker: "" block: | {{ lookup('file', 'files/motd') }} + +- name: Initialize systems + hosts: all + become: true + pre_tasks: + - name: Update apt + apt: + update_cache: yes - name: Copy nftables configuration template template: src: "nftables.conf.j2" @@ -75,79 +95,15 @@ - role: ericomeehan.nvidia_driver_debian when: nvidia_driver_needed == true -- name: Prepare cluster environment - hosts: control_plane - become: true - tasks: - - name: Apply deploy.yaml from ingress-nginx release - k8s: - src: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/baremetal/deploy.yaml - apply: yes - - name: Wait 10 seconds for ingress-nginx to initialize - wait_for: - timeout: 10 - - name: Get the ingress-nginx-controller service ports - k8s_info: - kind: Service - name: ingress-nginx-controller - namespace: ingress-nginx - register: service_details - - name: Print ingress-nginx ports - debug: - var: service_details.resources[0].spec.ports - - name: Manually update port forwarding rules - pause: - prompt: Press enter once port forwarding rules are updated - - name: Apply cert-manager.yaml from cert-manager release - k8s: - src: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml - apply: yes - - name: Wait 10 seconds for cert-manager to initialize - wait_for: - timeout: 10 - - name: Create issuer for letsencrypt staging - k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: ClusterIssuer - metadata: - name: letsencrypt-staging - spec: - acme: - email: eric@eom.dev - server: https://acme-staging-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - http01: - ingress: - ingressClassName: nginx - - name: Create issuer for letsencrypt production - k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: ClusterIssuer - metadata: - name: letsencrypt-production - spec: - acme: - email: eric@eom.dev - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-production - solvers: - - http01: - ingress: - ingressClassName: nginx - - name: Wait 10 seconds for letsencrypt to initialize - wait_for: - timeout: 10 - - name: Deploy services hosts: alpha-control-plane + vars_files: + - vars/secrets.yaml become: true roles: - - role: ericomeehan.eom.dev - - role: ericomeehan.gondwanamc + - role: ericomeehan.eom + vars: + target_namespace: prod + - role: ericomeehan.gondwana + vars: + target_namespace: prod diff --git a/vars/all.yml b/vars/all.yml deleted file mode 100644 index 8272aab..0000000 --- a/vars/all.yml +++ /dev/null @@ -1,3 +0,0 @@ -nodePorts: - gondwanamc-24454: 30000 - gondwanamc-25565: 30000 diff --git a/vars/production.yml b/vars/production.yml deleted file mode 100644 index 600bcc0..0000000 --- a/vars/production.yml +++ /dev/null @@ -1 +0,0 @@ -namespace: production diff --git a/vars/testing.yml b/vars/testing.yml deleted file mode 100644 index aa2f90e..0000000 --- a/vars/testing.yml +++ /dev/null @@ -1 +0,0 @@ -target_namespace: testing