diff --git a/ansible/playbooks/site.yml b/ansible/playbooks/site.yml index 4c071c9..47c0723 100644 --- a/ansible/playbooks/site.yml +++ b/ansible/playbooks/site.yml @@ -31,3 +31,7 @@ vars: longhorn_enabled: true standard_user: debian + - role: ../roles/longhorn + vars: + longhorn_enabled: true + standard_user: debian \ No newline at end of file diff --git a/ansible/roles/kubernetes/templates/cloudflare-updater.yaml b/ansible/roles/kubernetes/templates/cloudflare-updater.yaml index c0c7058..65d3f75 100644 --- a/ansible/roles/kubernetes/templates/cloudflare-updater.yaml +++ b/ansible/roles/kubernetes/templates/cloudflare-updater.yaml @@ -27,7 +27,7 @@ spec: - name: ZONE_NAME value: "codywimer.com" - name: RECORD_TO_MODIFY - value: "test" + value: "*.test" resources: limits: cpu: "0.1" diff --git a/ansible/roles/kubernetes/templates/test-app.yaml b/ansible/roles/kubernetes/templates/test-app.yaml index de9e397..639f826 100644 --- a/ansible/roles/kubernetes/templates/test-app.yaml +++ b/ansible/roles/kubernetes/templates/test-app.yaml @@ -60,7 +60,7 @@ metadata: kubernetes.io/tls-acme: "true" spec: rules: - - host: test.codywimer.com + - host: helloworld.test.codywimer.com http: paths: - path: / @@ -69,5 +69,5 @@ spec: servicePort: 80 tls: - hosts: - - test.codywimer.com + - helloworld.test.codywimer.com secretName: letsencrypt-prod-test \ No newline at end of file diff --git a/ansible/roles/longhorn/defaults/main.yml b/ansible/roles/longhorn/defaults/main.yml new file mode 100644 index 0000000..b028973 --- /dev/null +++ b/ansible/roles/longhorn/defaults/main.yml @@ -0,0 +1,2 @@ +--- +longhorn_version: v1.0.2 \ No newline at end of file diff --git a/ansible/roles/longhorn/tasks/main.yml b/ansible/roles/longhorn/tasks/main.yml new file mode 100644 index 0000000..ba5928f --- /dev/null +++ b/ansible/roles/longhorn/tasks/main.yml @@ -0,0 +1,52 @@ +--- +- name: Create Longhorn config Directory + file: + path: "{{ rke_directory }}/longhorn" + state: directory + delegate_to: localhost + run_once: true + +- name: Get Longhorn Install + get_url: + url: https://raw.githubusercontent.com/longhorn/longhorn/{{ longhorn_version }}/deploy/longhorn.yaml + dest: "{{ rke_directory }}/longhorn/longhorn.yaml" + delegate_to: localhost + run_once: true + +- name: Put other Longhorn yaml in place + template: + src: ../templates/{{ item }} + dest: "{{ rke_directory }}/longhorn/{{ item }}" + with_items: + - longhorn-ingress.yaml + delegate_to: localhost + run_once: true + +- name: Install Longhorn + command: kubectl apply -f {{ rke_directory }}/longhorn/longhorn.yaml + environment: + KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml" + delegate_to: localhost + run_once: true + +- name: Create Longhorn Ingress basic auth secret + command: kubectl -n longhorn-system create secret generic basic-auth --from-file={{ rke_directory }}/auth + environment: + KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml" + delegate_to: localhost + run_once: true + +- name: Install Longhorn Extras + command: kubectl apply -f {{ rke_directory }}/longhorn/ + environment: + KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml" + delegate_to: localhost + run_once: true + +- name: Set default storageclass + command: > + kubectl patch storageclass longhorn -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' + environment: + KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml" + delegate_to: localhost + run_once: true \ No newline at end of file diff --git a/ansible/roles/longhorn/templates/longhorn-ingress.yaml b/ansible/roles/longhorn/templates/longhorn-ingress.yaml new file mode 100644 index 0000000..56ec579 --- /dev/null +++ b/ansible/roles/longhorn/templates/longhorn-ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: longhorn-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/tls-acme: "true" + # type of authentication + nginx.ingress.kubernetes.io/auth-type: basic + # prevent the controller from redirecting (308) to HTTPS + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + # name of the secret that contains the user/password definitions + nginx.ingress.kubernetes.io/auth-secret: basic-auth + # message to display with an appropriate context why the authentication is required + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required ' + kubernetes.io/ingress.class: "nginx" +spec: + rules: + - host: longhorn.test.codywimer.com + http: + paths: + - path: / + backend: + serviceName: longhorn-frontend + servicePort: 80 + tls: + - hosts: + - longhorn.test.codywimer.com + secretName: longhorn-ssl \ No newline at end of file diff --git a/destroy.sh b/destroy.sh index 330308b..cef1409 100644 --- a/destroy.sh +++ b/destroy.sh @@ -11,4 +11,4 @@ ${project_dir}/terraform destroy -force \ -var "ramnode_password=${RAMNODE_PASSWORD}" \ -var "do_token=${DIGITALOCEAN_ACCESS_TOKEN}" -rm -rf ${project_dir}/rke \ No newline at end of file +rm -rf ${project_dir}/rke/* \ No newline at end of file diff --git a/example-longhorn-basic-auth.sh b/example-longhorn-basic-auth.sh new file mode 100644 index 0000000..d67b928 --- /dev/null +++ b/example-longhorn-basic-auth.sh @@ -0,0 +1 @@ +USER=; PASSWORD=; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> rke/auth \ No newline at end of file