uptimekuma for kubernetes

roles/mariadb/files/docker-secrets.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+  namespace: mariadb
+data:
+  .dockerconfigjson: >-
+    eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ==
+type: kubernetes.io/dockerconfigjson

roles/mariadb/files/mariadb-configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-config
+  namespace: mariadb
+data:
+  my.cnf: |
+    [mysqld]
+    innodb_use_native_aio=0
+    innodb_flush_method=fsync

roles/mariadb/files/mariadb-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mariadb

roles/mariadb/files/mariadb-nfs-csi.yaml

@@ -0,0 +1,11 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: mariadb-nfs-csi
+  namespace: mariadb
+provisioner: nfs.csi.k8s.io
+parameters:
+  server: 192.168.1.22
+  share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/mariadb
+allowVolumeExpansion: true
+reclaimPolicy: Retain

roles/mariadb/files/mariadb-pvcs.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mariadb-pv-0
+  namespace: mariadb
+spec:
+  capacity:
+    storage: 50Gi
+  storageClassName: mariadb-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: 192.168.1.22
+    path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/mariadb
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-data-mariadb-statefulset-0
+  namespace: mariadb
+spec:
+  storageClassName: mariadb-nfs-csi
+  accessModes:
+    - ReadWriteOnce
+  volumeName: mariadb-pv-0
+  resources:
+    requests:
+      storage: 50Gi
+---
+

roles/mariadb/files/mariadb-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: mariadb-secret
+    namespace: mariadb
+type: Opaque
+data:
+    MARIADB_ROOT_PASSWORD: TUFSSUFEQl9ST09UX1BBU1NXT1JE
+    MARIADB_DATABASE: TUFSSUFEQl9EQVRBQkFTRQ==
+    MARIADB_USER: TUFSSUFEQl9VU0VS
+    MARIADB_PASSWORD: TUFSSUFEQl9QQVNTV09SRA==

roles/mariadb/files/mariadb-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-service
+  namespace: mariadb
+spec:
+  ports:
+    - port: 3306
+      targetPort: 3306
+  selector:
+    app: mariadb-statefulset
+  type: LoadBalancer
+  loadBalancerIP: 10.240.0.102

roles/mariadb/files/mariadb-statefulset.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mariadb-statefulset
+  namespace: mariadb
+spec:
+  serviceName: "mariadb-statefulset"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mariadb-statefulset
+  template:
+    metadata:
+      labels:
+        app: mariadb-statefulset
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+        - name: mariadb-statefulset
+          image: mariadb:11
+          ports:
+            - containerPort: 3306
+          envFrom:
+            - secretRef:
+                name: mariadb-secret
+          volumeMounts:
+            - mountPath: /var/lib/mysql
+              name: mariadb-data
+            - mountPath: /etc/mysql/conf.d/my.cnf
+              name: mariadb-config
+              subPath: my.cnf
+      volumes:
+        - name: mariadb-config
+          configMap:
+            name: mariadb-config
+
+  volumeClaimTemplates:
+    - kind: PersistentVolumeClaim
+      apiVersion: v1
+      metadata:
+        name: mariadb-data
+        namespace: mariadb
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 50Gi
+

roles/mariadb/tasks/main.yml

@@ -0,0 +1,52 @@
+- name: Remover o diretório /tmp/mariadb/kubernetes-files
+  ansible.builtin.file:
+    path: /tmp/mariadb/kubernetes-files
+    state: absent
+
+- name: Criar diretório temporário no remoto
+  file:
+    path: /tmp/mariadb/kubernetes-files
+    state: directory
+    mode: '0755'
+
+- name: Copy file with owner and permissions
+  ansible.builtin.copy:
+    src: ../files
+    dest: /tmp/mariadb/kubernetes-files
+    owner: fenix
+    group: root
+    mode: '0644'
+
+- name: Listar conteúdo do diretório remoto
+  shell: ls -l /tmp/mariadb/kubernetes-files/files
+  register: resultado_ls
+
+
+- name: Obter várias notas do Bitwarden
+  shell: |
+    echo "unlock"
+    BW_SESSION=$(bw unlock {{ bw_password }} --raw)
+    echo "get item"
+    bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
+  loop:
+    - { id: "iac.ansible.dockersecrets", dest: "/tmp/mariadb/kubernetes-files/files/docker-secrets.yaml" }
+    - { id: "iac.ansible.mariadb.secret", dest: "/tmp/mariadb/kubernetes-files/files/mariadb-secret.yaml" }
+  args:
+    executable: /bin/bash
+  environment:
+    BW_PASSWORD: "{{ BW_PASSWORD }}"
+
+
+- name: Mostrar resultado do ls
+  debug:
+    var: resultado_ls.stdout_lines
+
+- name: Aplicar o mariadb
+  become: yes
+  become_user: fenix 
+  shell: |
+    kubectl apply -f /tmp/mariadb/kubernetes-files/files/mariadb-namespace.yaml
+    kubectl apply -f /tmp/mariadb/kubernetes-files/files/
+  environment:
+    KUBECONFIG:  /home/fenix/.kube/config
+

roles/mariadb/vars/main.yml

@@ -0,0 +1,4 @@
+bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
+VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
+BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
+BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"