Merge branch 'main' of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private

roles/kube-master/tasks/main.yml

@@ -22,7 +22,7 @@
   replace:
     path: /tmp/kube-flannel.yml
     regexp: '10\.244\.0\.0/16'
-    replace: '10.244.0.0/16' # .3.
+    replace: '10.240.0.0/16' # .3.
 
 - name: Corrigir net-conf.json no manifest do Flannel
   become: true
@@ -55,8 +55,9 @@
     argv:
       - kubeadm
       - init
-      - --pod-network-cidr=10.244.0.0/16 # .3. 
-      - --apiserver-advertise-address=192.168.1.150
+      - --pod-network-cidr=10.240.0.0/16 # .3. 
+      - --apiserver-advertise-address=192.168.1.50
+      - --service-cidr=10.95.0.0/16
     creates: /etc/kubernetes/admin.conf 
 
 
@@ -102,6 +103,37 @@
   delay: 6
   become: yes
 
+
+- name: kubernetes untaint node-role.kubernetes.io/control-plane:NoSchedule
+  become: true
+  shell: |
+      kubectl taint nodes --all node-role.kubernetes.io/control-plane:NoSchedule-
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+  ignore_errors: yes
+
+
+- name: kubernetes unlabel node-role.kubernetes.io/control-plane
+  become: true
+  shell: |
+      kubectl label nodes --all node-role.kubernetes.io/control-plane-
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+  ignore_errors: yes
+
+- name: kubernetes unlabel node.kubernetes.io/exclude-from-external-load-balancers
+  become: true
+  shell: |
+      kubectl label nodes --all node.kubernetes.io/exclude-from-external-load-balancers-
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+  ignore_errors: yes
+
+
+
 - name: cat flannel
   become: true
   shell: |
@@ -161,6 +193,53 @@
     var: resultado_nfs.stdout_lines
 
 
+- name: Instalar MetalLB (manifest oficial)
+  shell: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.9/config/manifests/metallb-native.yaml
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+
+- name: Esperar pelo webhook do MetalLB
+  shell: kubectl get endpoints webhook-service -n metallb-system -o jsonpath='{.subsets[*].addresses[*].ip}'
+  register: webhook_ready
+  until: webhook_ready.stdout != ""
+  retries: 10
+  delay: 10
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+
+- name: Criar IP pool
+  shell: |
+    cat <<EOF | kubectl apply -f -
+    apiVersion: metallb.io/v1beta1
+    kind: IPAddressPool
+    metadata:
+      name: local-pool
+      namespace: metallb-system
+    spec:
+      addresses:
+        - 10.240.0.100-10.240.0.250
+    EOF
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+
+- name: Criar anúncio L2
+  shell: |
+    cat <<EOF | kubectl apply -f -
+    apiVersion: metallb.io/v1beta1
+    kind: L2Advertisement
+    metadata:
+      name: advert
+      namespace: metallb-system
+    EOF
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+
+
+
 - name: Get kubeadm join command
   become: true
   shell: kubeadm token create --print-join-command

roles/kube-master/tasks/patch_netconf.py

@@ -10,7 +10,7 @@ with open("/tmp/kube-flannel.yml", "r") as f:
 for doc in docs:
     if doc.get("kind") == "ConfigMap" and doc.get("metadata", {}).get("name") == "kube-flannel-cfg":
         doc["data"]["net-conf.json"] = '''{
-  "Network": "10.244.0.0/16",
+  "Network": "10.240.0.0/16",
   "Backend": {
     "Type": "vxlan"
   },

roles/stolon/files/stolon-proxy-service.yaml

@@ -11,4 +11,4 @@ spec:
     component: stolon-proxy
     stolon-cluster: kube-stolon
   type: LoadBalancer
-  loadBalancerIP: 192.168.1.105
+  #loadBalancerIP: 192.168.1.105

roles/stolon/tasks/main.yml

@@ -24,7 +24,9 @@
 
 - name: Obter várias notas do Bitwarden
   shell: |
-    BW_SESSION=(bw unlock {{ bw_password }} --raw)
+    echo "unlock"
+    BW_SESSION=$(bw unlock {{ bw_password }} --raw)
+    echo "get item"
     bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
   loop:
     - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
@@ -47,4 +49,22 @@
     kubectl apply -f /tmp/stolon/kubernetes-files/files/stolon-namespace.yaml
     kubectl apply -f /tmp/stolon/kubernetes-files/files/
   environment:
-    KUBECONFIG:  /home/fenix/.kube/config
+    KUBECONFIG:  /home/fenix/.kube/config
+
+- name: Verificar se o cluster Stolon já existe
+  shell: kubectl get configmap -n postgresql kube-stolon
+  register: stolon_cluster_check
+  failed_when: false
+  changed_when: false
+  become_user: fenix 
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+
+#- name: Aplicar o stolon
+#  become: yes
+#  become_user: fenix 
+#  shell: |
+#    kubectl run -i -n=postgresql -t stolonctl --image=sorintlab/stolon:master-pg10 --restart=Never --rm -- /usr/local/bin/stolonctl --cluster-name=kube-stolon --store-backend=kubernetes --kube-resource-kind=configmap init
+#  when: stolon_cluster_check.rc != 0
+#  environment:
+#    KUBECONFIG:  /home/fenix/.kube/config