Added longhorn and switched to wildcard dns

ansible/playbooks/site.yml

@@ -31,3 +31,7 @@
       vars:
         longhorn_enabled: true
         standard_user: debian
+    - role: ../roles/longhorn
+      vars:
+        longhorn_enabled: true
+        standard_user: debian

ansible/roles/kubernetes/templates/cloudflare-updater.yaml

@@ -27,7 +27,7 @@ spec:
         - name: ZONE_NAME
           value: "codywimer.com"
         - name: RECORD_TO_MODIFY
-          value: "test"
+          value: "*.test"
         resources:
           limits:
             cpu: "0.1"

ansible/roles/kubernetes/templates/test-app.yaml

@@ -60,7 +60,7 @@ metadata:
     kubernetes.io/tls-acme: "true"
 spec:
   rules:
-  - host: test.codywimer.com
+  - host: helloworld.test.codywimer.com
     http:
       paths:
       - path: /
@@ -69,5 +69,5 @@ spec:
           servicePort: 80
   tls:
     - hosts:
-      - test.codywimer.com
+      - helloworld.test.codywimer.com
       secretName: letsencrypt-prod-test

ansible/roles/longhorn/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+longhorn_version: v1.0.2

ansible/roles/longhorn/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+- name: Create Longhorn config Directory
+  file:
+    path: "{{ rke_directory }}/longhorn"
+    state: directory
+  delegate_to: localhost
+  run_once: true
+
+- name: Get Longhorn Install
+  get_url:
+    url: https://raw.githubusercontent.com/longhorn/longhorn/{{ longhorn_version }}/deploy/longhorn.yaml
+    dest: "{{ rke_directory }}/longhorn/longhorn.yaml"
+  delegate_to: localhost
+  run_once: true
+
+- name: Put other Longhorn yaml in place
+  template:
+    src: ../templates/{{ item }}
+    dest: "{{ rke_directory }}/longhorn/{{ item }}"
+  with_items:
+    - longhorn-ingress.yaml
+  delegate_to: localhost
+  run_once: true
+
+- name: Install Longhorn
+  command: kubectl apply -f {{ rke_directory }}/longhorn/longhorn.yaml
+  environment:
+    KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml"
+  delegate_to: localhost
+  run_once: true
+
+- name: Create Longhorn Ingress basic auth secret
+  command: kubectl -n longhorn-system create secret generic basic-auth --from-file={{ rke_directory }}/auth
+  environment:
+    KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml"
+  delegate_to: localhost
+  run_once: true
+
+- name: Install Longhorn Extras
+  command: kubectl apply -f {{ rke_directory }}/longhorn/
+  environment:
+    KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml"
+  delegate_to: localhost
+  run_once: true
+
+- name: Set default storageclass
+  command: >
+    kubectl patch storageclass longhorn -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+  environment:
+    KUBECONFIG: "{{ rke_directory }}/kube_config_rke-k8s.yaml"
+  delegate_to: localhost
+  run_once: true

ansible/roles/longhorn/templates/longhorn-ingress.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: longhorn-system
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    kubernetes.io/tls-acme: "true"
+    # type of authentication
+    nginx.ingress.kubernetes.io/auth-type: basic
+    # prevent the controller from redirecting (308) to HTTPS
+    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
+    # name of the secret that contains the user/password definitions
+    nginx.ingress.kubernetes.io/auth-secret: basic-auth
+    # message to display with an appropriate context why the authentication is required
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: longhorn.test.codywimer.com
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: longhorn-frontend
+          servicePort: 80
+  tls:
+    - hosts:
+      - longhorn.test.codywimer.com
+      secretName: longhorn-ssl

destroy.sh

@@ -11,4 +11,4 @@ ${project_dir}/terraform destroy -force \
   -var "ramnode_password=${RAMNODE_PASSWORD}" \
   -var "do_token=${DIGITALOCEAN_ACCESS_TOKEN}"
 
-rm -rf ${project_dir}/rke
+rm -rf ${project_dir}/rke/*

example-longhorn-basic-auth.sh

@@ -0,0 +1 @@
+USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> rke/auth