ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GHP publish

Browse Source
This commit is contained in:
ace
2021-01-09 20:54:42 +03:00
commit b4b740a239
173 changed files with 5392 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
roles/postgres/defaults/main.yaml Normal file
View File

@ -0,0 +1,89 @@
postgres_operator_default_values:
image:
registry: "{{ docker_registry }}"
repository: postgres-operator
tag: v1.5.0-72-g49158ecb
pullPolicy: "IfNotPresent"
configKubernetes:
pod_environment_configmap: "{{ postgres_db_namespace | default(namespace) }}/postgresql-pod-environment"
storage_resize_mode: pvc
watched_namespace: "{{ postgres_operator_watch_namespace | default(namespace) }}"
postgres_operator_ui_default_values:
replicaCount: 1
image:
registry: "{{ docker_registry }}"
repository: postgres-operator-ui
tag: v1.5.0-72-g49158ecb
pullPolicy: "IfNotPresent"
envs:
# IMPORTANT: While operator chart and UI chart are idendependent, this is the interface between
# UI and operator API. Insert the service name of the operator API here!
operatorApiUrl: "http://postgres-operator:8080"
operatorClusterNameLabel: "cluster-name"
resourcesVisible: "False"
targetNamespace: "{{ namespace }}"
# configure UI ingress. If needed: "enabled: true"
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/acme-dns01-provider: "rfc2136"
cert-manager.io/acme-challenge-type: "dns01"
kubernetes.io/ingress.class: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
hosts:
- host: postgres-operator-ui.{{ domain }}
paths: [""]
tls:
- secretName: postgres-operator-ui.{{ domain }}-tls
hosts:
- postgres-operator-ui.{{ domain }}
postgres_db_definitions:
ghp-postgres: |
kind: "postgresql"
apiVersion: "acid.zalan.do/v1"
metadata:
name: "{{ postgres_db_team | default(namespace) }}-postgres"
namespace: "{{ postgres_db_namespace | default(namespace) }}"
labels:
team: "{{ postgres_db_team | default(namespace) }}"
spec:
teamId: "{{ postgres_db_team | default(namespace) }}"
postgresql:
version: "12"
numberOfInstances: 2
volume:
size: "{{ postgres_size | default('10Gi') }}"
users:
gitea: []
drone: []
bitwarden: []
wikijs: []
nextcloud: []
roundcube: []
databases:
gitea: gitea
drone: drone
bitwarden: bitwarden
wikijs: wikijs
nextcloud: nextcloud
roundcube: roundcube
preparedDatabases:
peertube:
defaultUsers: true
extensions:
pg_trgm: pg_catalog
unaccent: public
allowedSourceRanges: []
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi

78
roles/postgres/tasks/main.yaml Normal file
View File

@ -0,0 +1,78 @@
- name: Create Let's Encrypt ISRG Root X1 CA secret
k8s:
state: present
definition:
apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZhekNDQTFPZ0F3SUJBZ0lSQUlJUXo3RFNRT05aUkdQZ3UyT0Npd0F3RFFZSktvWklodmNOQVFFTEJRQXcKVHpFTE1Ba0dBMVVFQmhNQ1ZWTXhLVEFuQmdOVkJBb1RJRWx1ZEdWeWJtVjBJRk5sWTNWeWFYUjVJRkpsYzJWaApjbU5vSUVkeWIzVndNUlV3RXdZRFZRUURFd3hKVTFKSElGSnZiM1FnV0RFd0hoY05NVFV3TmpBME1URXdORE00CldoY05NelV3TmpBME1URXdORE00V2pCUE1Rc3dDUVlEVlFRR0V3SlZVekVwTUNjR0ExVUVDaE1nU1c1MFpYSnUKWlhRZ1UyVmpkWEpwZEhrZ1VtVnpaV0Z5WTJnZ1IzSnZkWEF4RlRBVEJnTlZCQU1UREVsVFVrY2dVbTl2ZENCWQpNVENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFLM29KSFAwRkRmem01NHJWeWdjCmg3N2N0OTg0a0l4dVBPWlhvSGozZGNLaS92VnFidllBVHlqYjNtaUdiRVNUdHJGai9SUVNhNzhmMHVveG15RisKMFRNOHVrajEzWG5mczdqL0V2RWhta3ZCaW9aeGFVcG1abXlQZmp4d3Y2MHBJZ2J6NU1EbWdLN2lTNCszbVg2VQpBNS9UUjVkOG1VZ2pVK2c0cms4S2I0TXUwVWxYaklCMHR0b3YwRGlOZXdOd0lSdDE4akE4K28rdTNkcGpxK3NXClQ4S09FVXQrend2by83VjNMdlN5ZTByZ1RCSWxESENOQXltZzRWTWs3QlBaN2htL0VMTktqRCtKbzJGUjNxeUgKQjVUMFkzSHNMdUp2VzVpQjRZbGNOSGxzZHU4N2tHSjU1dHVrbWk4bXhkQVE0UTdlMlJDT0Z2dTM5NmozeCtVQwpCNWlQTmdpVjUrSTNsZzAyZFo3N0RuS3hIWnU4QS9sSkJkaUIzUVcwS3RaQjZhd0JkcFVLRDlqZjFiMFNIelV2CktCZHMwcGpCcUFsa2QyNUhON3JPckZsZWFKMS9jdGFKeFFaQktUNVpQdDBtOVNUSkVhZGFvMHhBSDBhaG1iV24KT2xGdWhqdWVmWEtuRWdWNFdlMCtVWGdWQ3dPUGpkQXZCYkkrZTBvY1MzTUZFdnpHNnVCUUUzeERrM1N6eW5UbgpqaDhCQ05BdzFGdHhOclFIdXNFd01GeEl0NEk3bUtaOVlJcWlveW1DekxxOWd3UWJvb01EUWFIV0JmRWJ3cmJ3CnFIeUdPMGFvU0NxSTNIYWFkcjhmYXFVOUdZL3JPUE5rM3NnckRRb28vL2ZiNGhWQzFDTFFKMTNoZWY0WTUzQ0kKclU3bTJZczZ4dDBuVVc3L3ZHVDFNME5QQWdNQkFBR2pRakJBTUE0R0ExVWREd0VCL3dRRUF3SUJCakFQQmdOVgpIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSNXRGbm1lN2JsNUFGemdBaUl5QnBZOXVtYmJqQU5CZ2txCmhraUc5dzBCQVFzRkFBT0NBZ0VBVlI5WXFieXlxRkRRRExIWUdta2dKeWtJckdGMVhJcHUrSUxsYVMvVjlsWkwKdWJoekVGblRJWmQrNTB4eCs3TFNZSzA1cUF2cUZ5RldoZkZRRGxucnp1Qlo2YnJKRmUrR25ZK0VnUGJrNlpHUQozQmViWWh0RjhHYVYwbnh2d3VvNzd4L1B5OWF1Si9HcHNNaXUvWDErbXZvaUJPdi8yWC9xa1NzaXNSY09qL0tLCk5GdFkyUHdCeVZTNXVDYk1pb2d6aVV3dGhEeUMzKzZXVndXNkxMdjN4TGZIVGp1Q3ZqSElJbk56a3RIQ2dLUTUKT1JBekk0Sk1QSitHc2xXWUhiNHBob3dpbTU3aWF6dFhPb0p3VGR3Sng0bkxDZ2ROYk9oZGpzbnZ6cXZIdTdVcgpUa1hXU3RBbXpPVnl5Z2hxcFpYakZhSDNwTzNKTEYrbCsvK3NLQUl1dnRkN3UrTnhlNUFXMHdkZVJsTjhOd2RDCmpOUEVscHpWbWJVcTRKVWFnRWl1VERrSHpzeEhwRktWSzdxNCs2M1NNMU45NVIxTmJkV2hzY2RDYitaQUp6VmMKb3lpM0I0M25qVE9RNXlPZisxQ2NlV3hHMWJRVnM1WnVmcHNNbGpxNFVpMC8xbHZoK3dqQ2hQNGtxS09KMnF4cQo0Umdxc2FoRFlWdlRIOXc3alhieUxlaU5kZDhYTTJ3OVUvdDd5MEZmLzl5aTBHRTQ0WmE0ckYyTE45ZDExVFBBCm1SR3VuVUhCY25XRXZnSkJRbDluSkVpVTBac252Z2MvdWJoUGdYUlI0WHEzN1owajRyN2cxU2dFRXp3eEE1N2QKZW15UHhnY1l4bi9lUjQ0L0tKNEVCcytsVkRSM3ZleUptK2tYUTk5YjIxLytqaDVYb3MxQW5YNWlJdHJlR0NjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
kind: Secret
metadata:
name: "postgres.{{ domain }}-ca"
namespace: "{{ postgres_db_namespace | default(namespace) }}"
- name: Request cert for Postgres
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: "postgres.{{ domain }}-crt"
namespace: "{{ postgres_db_namespace | default(namespace) }}"
spec:
secretName: "postgres.{{ domain }}-secret"
dnsNames:
- "postgres.{{ domain }}"
issuerRef:
name: letsencrypt-prod
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: ClusterIssuer
group: cert-manager.io
- name: Allow Non SSL connections
k8s:
state: present
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: postgresql-pod-environment
namespace: "{{ postgres_db_namespace | default(namespace) }}"
data:
ALLOW_NOSSL: "true"
- set_fact:
postgres_operator_combined_values: "{{ postgres_operator_default_values | combine(postgres_operator_values, recursive=true) }}"
- name: Deploy Postgres-operator
community.kubernetes.helm:
create_namespace: true
release_namespace: "{{ postgres_operator_namespace | default(namespace) }}"
release_name: "{{ postgres_operator_name | default('postgres-operator') }}"
chart_ref: "{{ postgres_operator_chart | default('ghp/postgres-operator') }}"
chart_version: "{{ postgres_operator_version | default(omit) }}"
release_values: "{{ postgres_operator_combined_values | from_yaml }}"
wait: true
- set_fact:
postgres_operator_ui_combined_values: "{{ postgres_operator_ui_default_values | combine(postgres_operator_ui_values, recursive=true) }}"
- name: Deploy Postgres-operator UI
community.kubernetes.helm:
create_namespace: true
release_namespace: "{{ postgres_operator_ui_namespace | default(postgres_operator_namespace) | default(namespace) }}"
release_name: "{{ postgres_operator_ui_name | default('postgres-operator-ui') }}"
chart_ref: "{{ postgres_operator_ui_chart | default('ghp/postgres-operator-ui') }}"
chart_version: "{{ postgres_operator_ui_version | default(omit) }}"
release_values: "{{ postgres_operator_ui_combined_values | from_yaml }}"
wait: true
- name: Create Postgres databases
k8s:
state: present
definition:
"{{ item.value }}"
wait: true
loop: "{{ postgres_db_definitions | dict2items }}"