2021-01-09 17:54:42 +00:00
|
|
|
- name: Create Let's Encrypt ISRG Root X1 CA secret
|
|
|
|
k8s:
|
|
|
|
state: present
|
|
|
|
definition:
|
|
|
|
apiVersion: v1
|
|
|
|
data:
|
|
|
|
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lSQUlJUXo3RFNRT05aUkdQZ3UyT0Npd0F3RFFZSktvWklodmNOQVFFTEJRQXcKVHpFTE1Ba0dBMVVFQmhNQ1ZWTXhLVEFuQmdOVkJBb1RJRWx1ZEdWeWJtVjBJRk5sWTNWeWFYUjVJRkpsYzJWaApjbU5vSUVkeWIzVndNUlV3RXdZRFZRUURFd3hKVTFKSElGSnZiM1FnV0RFd0hoY05NVFV3TmpBME1URXdORE00CldoY05NelV3TmpBME1URXdORE00V2pCUE1Rc3dDUVlEVlFRR0V3SlZVekVwTUNjR0ExVUVDaE1nU1c1MFpYSnUKWlhRZ1UyVmpkWEpwZEhrZ1VtVnpaV0Z5WTJnZ1IzSnZkWEF4RlRBVEJnTlZCQU1UREVsVFVrY2dVbTl2ZENCWQpNVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFLM29KSFAwRkRmem01NHJWeWdjCmg3N2N0OTg0a0l4dVBPWlhvSGozZGNLaS92VnFidllBVHlqYjNtaUdiRVNUdHJGai9SUVNhNzhmMHVveG15RisKMFRNOHVrajEzWG5mczdqL0V2RWhta3ZCaW9aeGFVcG1abXlQZmp4d3Y2MHBJZ2J6NU1EbWdLN2lTNCszbVg2VQpBNS9UUjVkOG1VZ2pVK2c0cms4S2I0TXUwVWxYaklCMHR0b3YwRGlOZXdOd0lSdDE4akE4K28rdTNkcGpxK3NXClQ4S09FVXQrend2by83VjNMdlN5ZTByZ1RCSWxESENOQXltZzRWTWs3QlBaN2htL0VMTktqRCtKbzJGUjNxeUgKQjVUMFkzSHNMdUp2VzVpQjRZbGNOSGxzZHU4N2tHSjU1dHVrbWk4bXhkQVE0UTdlMlJDT0Z2dTM5NmozeCtVQwpCNWlQTmdpVjUrSTNsZzAyZFo3N0RuS3hIWnU4QS9sSkJkaUIzUVcwS3RaQjZhd0JkcFVLRDlqZjFiMFNIelV2CktCZHMwcGpCcUFsa2QyNUhON3JPckZsZWFKMS9jdGFKeFFaQktUNVpQdDBtOVNUSkVhZGFvMHhBSDBhaG1iV24KT2xGdWhqdWVmWEtuRWdWNFdlMCtVWGdWQ3dPUGpkQXZCYkkrZTBvY1MzTUZFdnpHNnVCUUUzeERrM1N6eW5UbgpqaDhCQ05BdzFGdHhOclFIdXNFd01GeEl0NEk3bUtaOVlJcWlveW1DekxxOWd3UWJvb01EUWFIV0JmRWJ3cmJ3CnFIeUdPMGFvU0NxSTNIYWFkcjhmYXFVOUdZL3JPUE5rM3NnckRRb28vL2ZiNGhWQzFDTFFKMTNoZWY0WTUzQ0kKclU3bTJZczZ4dDBuVVc3L3ZHVDFNME5QQWdNQkFBR2pRakJBTUE0R0ExVWREd0VCL3dRRUF3SUJCakFQQmdOVgpIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSNXRGbm1lN2JsNUFGemdBaUl5QnBZOXVtYmJqQU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBVlI5WXFieXlxRkRRRExIWUdta2dKeWtJckdGMVhJcHUrSUxsYVMvVjlsWkwKdWJoekVGblRJWmQrNTB4eCs3TFNZSzA1cUF2cUZ5RldoZkZRRGxucnp1Qlo2YnJKRmUrR25ZK0VnUGJrNlpHUQozQmViWWh0RjhHYVYwbnh2d3VvNzd4L1B5OWF1Si9HcHNNaXUvWDErbXZvaUJPdi8yWC9xa1NzaXNSY09qL0tLCk5GdFkyUHdCeVZTNXVDYk1pb2d6aVV3dGhEeUMzKzZXVndXNkxMdjN4TGZIVGp1Q3ZqSElJbk56a3RIQ2dLUTUKT1JBekk0Sk1QSitHc2xXWUhiNHBob3dpbTU3aWF6dFhPb0p3VGR3Sng0bkxDZ2ROYk9oZGpzbnZ6cXZIdTdVcgpUa1hXU3RBbXpPVnl5Z2hxcFpYakZhSDNwTzNKTEYrbCsvK3NLQUl1dnRkN3UrTnhlNUFXMHdkZVJsTjhOd2RDCmpOUEVscHpWbWJVcTRKVWFnRWl1VERrSHpzeEhwRktWSzdxNCs2M1NNMU45NVIxTmJkV2hzY2RDYitaQUp6VmMKb3lpM0I0M25qVE9RNXlPZisxQ2NlV3hHMWJRVnM1WnVmcHNNbGpxNFVpMC8xbHZoK3dqQ2hQNGtxS09KMnF4cQo0Umdxc2FoRFlWdlRIOXc3alhieUxlaU5kZDhYTTJ3OVUvdDd5MEZmLzl5aTBHRTQ0WmE0ckYyTE45ZDExVFBBCm1SR3VuVUhCY25XRXZnSkJRbDluSkVpVTBac252Z2MvdWJoUGdYUlI0WHEzN1owajRyN2cxU2dFRXp3eEE1N2QKZW15UHhnY1l4bi9lUjQ0L0tKNEVCcytsVkRSM3ZleUptK2tYUTk5YjIxLytqaDVYb3MxQW5YNWlJdHJlR0NjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
|
|
|
kind: Secret
|
|
|
|
metadata:
|
|
|
|
name: "postgres.{{ domain }}-ca"
|
|
|
|
namespace: "{{ postgres_db_namespace | default(namespace) }}"
|
|
|
|
|
|
|
|
- name: Request cert for Postgres
|
|
|
|
k8s:
|
|
|
|
state: present
|
|
|
|
definition:
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
|
|
kind: Certificate
|
|
|
|
metadata:
|
|
|
|
name: "postgres.{{ domain }}-crt"
|
|
|
|
namespace: "{{ postgres_db_namespace | default(namespace) }}"
|
|
|
|
spec:
|
|
|
|
secretName: "postgres.{{ domain }}-secret"
|
|
|
|
dnsNames:
|
|
|
|
- "postgres.{{ domain }}"
|
|
|
|
issuerRef:
|
|
|
|
name: letsencrypt-prod
|
|
|
|
# We can reference ClusterIssuers by changing the kind here.
|
|
|
|
# The default value is Issuer (i.e. a locally namespaced Issuer)
|
|
|
|
kind: ClusterIssuer
|
|
|
|
group: cert-manager.io
|
|
|
|
|
|
|
|
- name: Allow Non SSL connections
|
|
|
|
k8s:
|
|
|
|
state: present
|
|
|
|
definition:
|
|
|
|
apiVersion: v1
|
|
|
|
kind: ConfigMap
|
|
|
|
metadata:
|
|
|
|
name: postgresql-pod-environment
|
|
|
|
namespace: "{{ postgres_db_namespace | default(namespace) }}"
|
|
|
|
data:
|
|
|
|
ALLOW_NOSSL: "true"
|
|
|
|
|
|
|
|
- set_fact:
|
2024-05-25 15:12:30 +00:00
|
|
|
postgres_operator_combined_values: "{{ postgres_operator_default_values | combine(postgres_operator_values | default({}), recursive=true) }}"
|
2024-05-06 00:00:42 +00:00
|
|
|
when: postgres_operator_enabled
|
2021-01-09 17:54:42 +00:00
|
|
|
|
2023-06-10 03:20:10 +00:00
|
|
|
- name: Deploy Postgres Operator
|
2022-07-12 13:48:14 +00:00
|
|
|
kubernetes.core.helm:
|
2021-01-09 17:54:42 +00:00
|
|
|
create_namespace: true
|
|
|
|
release_namespace: "{{ postgres_operator_namespace | default(namespace) }}"
|
|
|
|
release_name: "{{ postgres_operator_name | default('postgres-operator') }}"
|
2023-06-10 03:20:10 +00:00
|
|
|
chart_ref: "{{ postgres_operator_chart_ref }}"
|
2021-01-09 17:54:42 +00:00
|
|
|
chart_version: "{{ postgres_operator_version | default(omit) }}"
|
|
|
|
release_values: "{{ postgres_operator_combined_values | from_yaml }}"
|
|
|
|
wait: true
|
2024-05-06 00:00:42 +00:00
|
|
|
when: postgres_operator_enabled
|
2021-01-09 17:54:42 +00:00
|
|
|
|
|
|
|
- set_fact:
|
2024-05-25 15:12:30 +00:00
|
|
|
postgres_operator_ui_combined_values: "{{ postgres_operator_ui_default_values | combine(postgres_operator_ui_values | default({}), recursive=true) }}"
|
2024-05-06 00:00:42 +00:00
|
|
|
when: postgres_operator_ui_enabled
|
2021-01-09 17:54:42 +00:00
|
|
|
|
2023-06-10 03:20:10 +00:00
|
|
|
- name: Deploy Postgres Operator UI
|
2022-07-12 13:48:14 +00:00
|
|
|
kubernetes.core.helm:
|
2021-01-09 17:54:42 +00:00
|
|
|
create_namespace: true
|
|
|
|
release_namespace: "{{ postgres_operator_ui_namespace | default(postgres_operator_namespace) | default(namespace) }}"
|
|
|
|
release_name: "{{ postgres_operator_ui_name | default('postgres-operator-ui') }}"
|
2023-06-10 03:20:10 +00:00
|
|
|
chart_ref: "{{ postgres_operator_ui_chart_ref }}"
|
2021-01-09 17:54:42 +00:00
|
|
|
chart_version: "{{ postgres_operator_ui_version | default(omit) }}"
|
|
|
|
release_values: "{{ postgres_operator_ui_combined_values | from_yaml }}"
|
|
|
|
wait: true
|
2024-05-06 00:00:42 +00:00
|
|
|
when: postgres_operator_ui_enabled
|
2021-01-09 17:54:42 +00:00
|
|
|
|
|
|
|
- name: Create Postgres databases
|
|
|
|
k8s:
|
|
|
|
state: present
|
|
|
|
definition:
|
|
|
|
"{{ item.value }}"
|
|
|
|
wait: true
|
|
|
|
loop: "{{ postgres_db_definitions | dict2items }}"
|
|
|
|
|