ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mass update and migrate to networking.k8s.io/v1 api

Browse Source
This commit is contained in:
ace
2022-07-31 06:28:07 +03:00
parent 6db00394ad
commit 3d09476cce
16 changed files with 139 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/adguard-home/defaults/main.yaml
View File

@ -171,18 +171,19 @@ adguard_default_values:
timezone: "UTC"
ingress:
enabled: true
className: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
path: /
hosts:
- "{{ adguard_short_name }}.{{ domain }}"
- host: "{{ adguard_short_name }}.{{ domain }}"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ adguard_short_name }}.{{ domain }}-tls"
hosts:
- "{{ adguard_short_name }}adguard.{{ domain }}"
- "{{ adguard_short_name }}.{{ domain }}"
service:
type: ClusterIP
# externalTrafficPolicy: Local

6
roles/bitwarden/defaults/main.yaml
View File

@ -79,13 +79,15 @@ bitwarden_default_values:
type: deployment
ingress:
enabled: true
className: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
hosts:
- host: "{{ bitwarden_short_name }}.{{ domain }}"
paths: ["/"]
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ bitwarden_short_name }}.{{ domain }}-tls"
hosts:

2
roles/drone/defaults/main.yaml
View File

@ -8,8 +8,8 @@ drone_default_values:
port: 80
ingress:
enabled: true
className: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: "{{ drone_short_name }}.{{ domain }}"

2
roles/gitea/defaults/main.yaml
View File

@ -12,12 +12,12 @@ gitea_default_values:
clusterIP:
ingress:
enabled: true
className: "{{ gitea_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
kubernetes.io/tls-acme: "true"
hosts:
- host: "{{ gitea_short_name }}.{{ domain }}"

25
roles/harbor/defaults/main.yaml
View File

@ -10,11 +10,11 @@ harbor_default_values:
secretName: "{{ harbor_short_name }}.{{ domain }}-tls"
notarySecretName: "notary.{{ harbor_short_name }}.{{ domain }}-tls"
ingress:
className: "{{ external_ingress_class if harbor_publish else internal_ingress_class }}"
hosts:
core: "{{ harbor_short_name }}.{{ domain }}"
notary: "notary.{{ harbor_short_name }}.{{ domain }}"
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if harbor_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
@ -123,12 +123,11 @@ harbor_default_values:
notarySignerDatabase: "harbor_notary_signer"
harbor_readonly_ingress_definition: |
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
@ -136,22 +135,30 @@ harbor_readonly_ingress_definition: |
name: harbor-public-ingress
namespace: "{{ harbor_namespace | default(namespace) }}"
spec:
ingressClassName: "{{ external_ingress_class }}"
rules:
- host: "{{ harbor_readonly_ingress }}"
http:
paths:
- backend:
serviceName: harbor-core
servicePort: 80
service:
name: harbor-core
port:
number: 80
path: /v2
pathType: ImplementationSpecific
- backend:
serviceName: harbor-core
servicePort: 80
service:
name: harbor-core
port:
number: 80
path: /chartrepo
pathType: ImplementationSpecific
- backend:
serviceName: harbor-core
servicePort: 80
service:
name: harbor-core
port:
number: 80
path: /api
pathType: ImplementationSpecific
tls:

7
roles/mastodon/defaults/main.yaml
View File

@ -7,17 +7,18 @@ mastodon_admin_email: "mastodon@{{ mail_domain | default(domain) }}"
mastodon_default_values:
ingress:
enabled: true
className: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
hosts:
- host: "{{ mastodon_short_name }}.{{ domain }}"
paths:
- path: '/'
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"
hosts:

2
roles/nextcloud/defaults/main.yaml
View File

@ -5,9 +5,9 @@ nextcloud_short_name: "nextcloud"
nextcloud_default_values:
ingress:
enabled: true
className: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"

10
roles/peertube/defaults/main.yaml
View File

@ -97,16 +97,18 @@ peertube_default_values:
value: "{{ peertube_admin_password }}"
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class if peertube_publish else internal_ingress_class }}"
className: "{{ external_ingress_class if peertube_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- host: "{{ peertube_short_name }}.{{ domain }}"
paths: ["/"]
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ peertube_short_name }}.{{ domain }}-tls"
hosts:

9
roles/playmaker/defaults/main.yaml
View File

@ -52,20 +52,23 @@ playmaker_default_values:
service:
type: ClusterIP
port: 80
ingress:
enabled: true
className: "{{ external_ingress_class if playmaker_publish else internal_ingress_class }}"
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if playmaker_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
hosts:
- host: "{{ playmaker_short_name }}.{{ domain }}"
paths: ["/"]
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ playmaker_short_name }}.{{ domain }}-tls"
hosts:
- "{{ playmaker_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ playmaker_storage | default('nfs-hdd') }}"

2
roles/postgres/defaults/main.yaml
View File

@ -19,9 +19,9 @@ postgres_operator_ui_default_values:
# configure UI ingress. If needed: "enabled: true"
ingress:
enabled: true
ingressClassName: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
hosts:
- host: "{{ postgres_operator_ui_short_name }}.{{ domain }}"
paths: [""]

22
roles/pypiserver/defaults/main.yaml
View File

@ -15,20 +15,22 @@ pypiserver_default_values:
pypiserver_admin: "{{ pypiserver_admin_htpasswd_hash }}"
ingress:
enabled: true
labels: {}
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if pypiserver_publish else internal_ingress_class }}"
className: "{{ external_ingress_class if pypiserver_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
path: "/"
hosts:
- "{{ pypiserver_short_name }}.{{ domain }}"
tls:
- secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls"
hosts:
- "{{ pypiserver_short_name }}.{{ domain }}"
hosts:
- host: "{{ pypiserver_short_name }}.{{ domain }}"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls"
hosts:
- "{{ pypiserver_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ pypiserver_storage | default('nfs-hdd') }}"

8
roles/roundcube/defaults/main.yaml
View File

@ -30,16 +30,18 @@ roundcube_default_values:
value: "archive,zipdownload,managesieve"
ingress:
enabled: true
className: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
path: /
hosts:
- "{{ roundcube_short_name }}.{{ domain }}"
- host: "{{ roundcube_short_name }}.{{ domain }}"
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ roundcube_short_name }}.{{ domain }}-tls"
hosts:

24
roles/wikijs/defaults/main.yaml
View File

@ -6,12 +6,18 @@ wikijs_default_values:
fullnameOverride: "wikijs"
ingress:
enabled: true
annotations:
className: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- host: "{{ wikijs_short_name }}.{{ domain }}"
paths: ["/"]
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: "{{ wikijs_short_name }}.{{ domain }}-tls"
hosts:
@ -25,28 +31,32 @@ wikijs_default_values:
postgresqlDatabase: "{{ wikijs_db_name | default('wikijs') }}"
wikijs_readonly_ingress_definition: |
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
name: wikijs-public
namespace: "{{ wikijs_namespace | default(namespace) }}"
spec:
ingressClassName: "{{ external_ingress_class }}"
rules:
- host: "{{ wikijs_readonly_ingress }}"
http:
paths:
- backend:
serviceName: wikijs
servicePort: 80
service:
name: wikijs
port:
number: 80
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- "{{ wikijs_readonly_ingress }}"
secretName: "{{ wikijs_readonly_ingress }}-tls"