fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2025-12-17 03:34:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private

Browse Source
This commit is contained in:
Tomás Limpinho
2025-11-09 14:12:56 +00:00
parent b981b12635 5441e7852e
commit 07698ad8a3
4 changed files with 106 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
roles/kube-master/tasks/main.yml
View File

@ -22,7 +22,7 @@
replace: replace:
path: /tmp/kube-flannel.yml path: /tmp/kube-flannel.yml
regexp: '10\.244\.0\.0/16' regexp: '10\.244\.0\.0/16'
replace: '10.244.0.0/16' # .3. replace: '10.240.0.0/16' # .3.
- name: Corrigir net-conf.json no manifest do Flannel - name: Corrigir net-conf.json no manifest do Flannel
become: true become: true
@ -55,8 +55,9 @@
argv: argv:
- kubeadm - kubeadm
- init - init
- --pod-network-cidr=10.244.0.0/16 # .3. - --pod-network-cidr=10.240.0.0/16 # .3.
- --apiserver-advertise-address=192.168.1.150 - --apiserver-advertise-address=192.168.1.50
- --service-cidr=10.95.0.0/16
creates: /etc/kubernetes/admin.conf creates: /etc/kubernetes/admin.conf
@ -102,6 +103,37 @@
delay: 6 delay: 6
become: yes become: yes
- name: kubernetes untaint node-role.kubernetes.io/control-plane:NoSchedule
become: true
shell: |
kubectl taint nodes --all node-role.kubernetes.io/control-plane:NoSchedule-
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
ignore_errors: yes
- name: kubernetes unlabel node-role.kubernetes.io/control-plane
become: true
shell: |
kubectl label nodes --all node-role.kubernetes.io/control-plane-
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
ignore_errors: yes
- name: kubernetes unlabel node.kubernetes.io/exclude-from-external-load-balancers
become: true
shell: |
kubectl label nodes --all node.kubernetes.io/exclude-from-external-load-balancers-
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
ignore_errors: yes
- name: cat flannel - name: cat flannel
become: true become: true
shell: | shell: |
@ -161,6 +193,53 @@
var: resultado_nfs.stdout_lines var: resultado_nfs.stdout_lines
- name: Instalar MetalLB (manifest oficial)
shell: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.9/config/manifests/metallb-native.yaml
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
- name: Esperar pelo webhook do MetalLB
shell: kubectl get endpoints webhook-service -n metallb-system -o jsonpath='{.subsets[*].addresses[*].ip}'
register: webhook_ready
until: webhook_ready.stdout != ""
retries: 10
delay: 10
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
- name: Criar IP pool
shell: |
cat <<EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: local-pool
namespace: metallb-system
spec:
addresses:
- 10.240.0.100-10.240.0.250
EOF
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
- name: Criar anúncio L2
shell: |
cat <<EOF | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: advert
namespace: metallb-system
EOF
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
- name: Get kubeadm join command - name: Get kubeadm join command
become: true become: true
shell: kubeadm token create --print-join-command shell: kubeadm token create --print-join-command

2
roles/kube-master/tasks/patch_netconf.py
View File

@ -10,7 +10,7 @@ with open("/tmp/kube-flannel.yml", "r") as f:
for doc in docs: for doc in docs:
if doc.get("kind") == "ConfigMap" and doc.get("metadata", {}).get("name") == "kube-flannel-cfg": if doc.get("kind") == "ConfigMap" and doc.get("metadata", {}).get("name") == "kube-flannel-cfg":
doc["data"]["net-conf.json"] = '''{ doc["data"]["net-conf.json"] = '''{
"Network": "10.244.0.0/16", "Network": "10.240.0.0/16",
"Backend": { "Backend": {
"Type": "vxlan" "Type": "vxlan"
}, },

2
roles/stolon/files/stolon-proxy-service.yaml
View File

@ -11,4 +11,4 @@ spec:
component: stolon-proxy component: stolon-proxy
stolon-cluster: kube-stolon stolon-cluster: kube-stolon
type: LoadBalancer type: LoadBalancer
loadBalancerIP: 192.168.1.105 #loadBalancerIP: 192.168.1.105

24
roles/stolon/tasks/main.yml
View File

@ -24,7 +24,9 @@
- name: Obter várias notas do Bitwarden - name: Obter várias notas do Bitwarden
shell: | shell: |
BW_SESSION=(bw unlock {{ bw_password }} --raw) echo "unlock"
BW_SESSION=$(bw unlock {{ bw_password }} --raw)
echo "get item"
bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
loop: loop:
- { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" } - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
@ -47,4 +49,22 @@
kubectl apply -f /tmp/stolon/kubernetes-files/files/stolon-namespace.yaml kubectl apply -f /tmp/stolon/kubernetes-files/files/stolon-namespace.yaml
kubectl apply -f /tmp/stolon/kubernetes-files/files/ kubectl apply -f /tmp/stolon/kubernetes-files/files/
environment: environment:
KUBECONFIG: /home/fenix/.kube/config KUBECONFIG: /home/fenix/.kube/config
- name: Verificar se o cluster Stolon já existe
shell: kubectl get configmap -n postgresql kube-stolon
register: stolon_cluster_check
failed_when: false
changed_when: false
become_user: fenix
environment:
KUBECONFIG: /home/fenix/.kube/config
#- name: Aplicar o stolon
# become: yes
# become_user: fenix
# shell: |
# kubectl run -i -n=postgresql -t stolonctl --image=sorintlab/stolon:master-pg10 --restart=Never --rm -- /usr/local/bin/stolonctl --cluster-name=kube-stolon --store-backend=kubernetes --kube-resource-kind=configmap init
# when: stolon_cluster_check.rc != 0
# environment:
# KUBECONFIG: /home/fenix/.kube/config