diff --git a/playbook.yml b/playbook.yml index d4a2958..16a6ac6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -3,9 +3,9 @@ become: yes roles: - common - - vaultwarden - kubernetes - kube-master + - stolon - name: Configure Kubernetes Nodes hosts: workers diff --git a/roles/stolon/kubernetes-files/docker-secrets.yaml b/roles/stolon/kubernetes-files/docker-secrets.yaml new file mode 100644 index 0000000..6de6310 --- /dev/null +++ b/roles/stolon/kubernetes-files/docker-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: postgresql +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ== +type: kubernetes.io/dockerconfigjson diff --git a/roles/stolon/kubernetes-files/stolon-keeper b/roles/stolon/kubernetes-files/stolon-keeper new file mode 100644 index 0000000..0281fa6 --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-keeper @@ -0,0 +1,109 @@ +# PetSet was renamed to StatefulSet in k8s 1.5 +# apiVersion: apps/v1alpha1 +# kind: PetSet +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: stolon-keeper + namespace: postgresql +spec: + serviceName: "stolon-keeper" + replicas: 3 + selector: + matchLabels: + component: stolon-keeper + stolon-cluster: kube-stolon + template: + metadata: + labels: + component: stolon-keeper + stolon-cluster: kube-stolon + annotations: + pod.alpha.kubernetes.io/initialized: "true" + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + spec: + imagePullSecrets: + - name: regcred + terminationGracePeriodSeconds: 10 + containers: + - name: stolon-keeper + image: sorintlab/stolon:master-pg15 + command: + - "/bin/bash" + - "-ec" + - | + id stolon + # Generate our keeper uid using the pod index + IFS='-' read -ra ADDR <<< "$(hostname)" + export STKEEPER_UID="keeper${ADDR[-1]}" + export POD_IP=$(hostname -i) + export STKEEPER_PG_LISTEN_ADDRESS=$POD_IP + mkdir -p /stolon-data/data + export STOLON_DATA=/stolon-data/data + chown stolon:stolon /stolon-data + chown stolon:stolon $STOLON_DATA + exec gosu stolon stolon-keeper --data-dir $STOLON_DATA + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STKEEPER_CLUSTER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['stolon-cluster'] + - name: STKEEPER_STORE_BACKEND + value: "kubernetes" + - name: STKEEPER_KUBE_RESOURCE_KIND + value: "configmap" + - name: STKEEPER_PG_REPL_USERNAME + #value: "repluser" + valueFrom: + secretKeyRef: + name: stolon-repl-secret + key: username + - name: STKEEPER_PG_REPL_PASSWORD + #value: "replpassword" + valueFrom: + secretKeyRef: + name: stolon-repl-secret + key: password + - name: STKEEPER_PG_SU_USERNAME + #value: "stolon" + valueFrom: + secretKeyRef: + name: stolon-secret + key: username + - name: STKEEPER_PG_SU_PASSWORDFILE + value: "/etc/secrets/stolon/password" + - name: STKEEPER_METRICS_LISTEN_ADDRESS + value: "0.0.0.0:8080" + # Uncomment this to enable debug logs + #- name: STKEEPER_DEBUG + # value: "true" + ports: + - containerPort: 5432 + - containerPort: 8080 + volumeMounts: + - mountPath: /stolon-data + name: data + - mountPath: /etc/secrets/stolon + name: stolon + volumes: + - name: stolon + secret: + secretName: stolon-secret + volumeClaimTemplates: + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: data + namespace: postgresql + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: stolon-nfs-csi \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-nfs-csi.yaml b/roles/stolon/kubernetes-files/stolon-nfs-csi.yaml new file mode 100644 index 0000000..88ee029 --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-nfs-csi.yaml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: stolon-nfs-csi + namespace: postgresql +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.34 + share: /mnt/pool/data/k8s-Volumes/postgress_stolon/keepers +allowVolumeExpansion: true +reclaimPolicy: Retain \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-proxy-service.yaml b/roles/stolon/kubernetes-files/stolon-proxy-service.yaml new file mode 100644 index 0000000..16e431e --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-proxy-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: stolon-proxy-service + namespace: postgresql +spec: + ports: + - port: 5432 + targetPort: 5432 + selector: + component: stolon-proxy + stolon-cluster: kube-stolon + type: LoadBalancer + loadBalancerIP: 192.168.1.100 \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-proxy.yaml b/roles/stolon/kubernetes-files/stolon-proxy.yaml new file mode 100644 index 0000000..459e342 --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-proxy.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stolon-proxy + namespace: postgresql +spec: + replicas: 3 + selector: + matchLabels: + component: stolon-proxy + stolon-cluster: kube-stolon + template: + metadata: + labels: + component: stolon-proxy + stolon-cluster: kube-stolon + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + spec: + imagePullSecrets: + - name: regcred + containers: + - name: stolon-proxy + image: sorintlab/stolon:master-pg10 + command: + - "/bin/bash" + - "-ec" + - | + exec gosu stolon stolon-proxy + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STPROXY_CLUSTER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['stolon-cluster'] + - name: STPROXY_STORE_BACKEND + value: "kubernetes" + - name: STPROXY_KUBE_RESOURCE_KIND + value: "configmap" + - name: STPROXY_LISTEN_ADDRESS + value: "0.0.0.0" + - name: STPROXY_METRICS_LISTEN_ADDRESS + value: "0.0.0.0:8080" + ## Uncomment this to enable debug logs + #- name: STPROXY_DEBUG + # value: "true" + ports: + - containerPort: 5432 + - containerPort: 8080 + readinessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 10 + timeoutSeconds: 5 \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-repl-secret.yaml b/roles/stolon/kubernetes-files/stolon-repl-secret.yaml new file mode 100644 index 0000000..c7e0f5c --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-repl-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: stolon-repl-secret + namespace: postgresql +type: Opaque +data: + username: asOndDQ5aWZqa2w0aW85 + password: asOndDQ5aWZqa2w0aW85 \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-role-binding.yaml b/roles/stolon/kubernetes-files/stolon-role-binding.yaml new file mode 100644 index 0000000..53e067b --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stolon-role-binding + namespace: postgresql +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stolon-role +subjects: +- kind: ServiceAccount + name: default + namespace: postgresql \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-role.yaml b/roles/stolon/kubernetes-files/stolon-role.yaml new file mode 100644 index 0000000..372a69e --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stolon-role + namespace: postgresql +rules: +- apiGroups: + - "" + resources: + - pods + - configmaps + - events + verbs: + - "*" \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-secret.yaml b/roles/stolon/kubernetes-files/stolon-secret.yaml new file mode 100644 index 0000000..cbe9c4b --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: stolon-secret + namespace: postgresql +type: Opaque +data: + username: asOndDQ5aWZqa2w0aW85 + password: asOndDQ5aWZqa2w0aW85 \ No newline at end of file diff --git a/roles/stolon/kubernetes-files/stolon-sentinel.yaml b/roles/stolon/kubernetes-files/stolon-sentinel.yaml new file mode 100644 index 0000000..5e6583e --- /dev/null +++ b/roles/stolon/kubernetes-files/stolon-sentinel.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stolon-sentinel + namespace: postgresql +spec: + replicas: 3 + selector: + matchLabels: + component: stolon-sentinel + stolon-cluster: kube-stolon + template: + metadata: + labels: + component: stolon-sentinel + stolon-cluster: kube-stolon + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + spec: + imagePullSecrets: + - name: regcred + containers: + - name: stolon-sentinel + image: sorintlab/stolon:master-pg10 + command: + - "/bin/bash" + - "-ec" + - | + exec gosu stolon stolon-sentinel + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: STSENTINEL_CLUSTER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['stolon-cluster'] + - name: STSENTINEL_STORE_BACKEND + value: "kubernetes" + - name: STSENTINEL_KUBE_RESOURCE_KIND + value: "configmap" + - name: STSENTINEL_METRICS_LISTEN_ADDRESS + value: "0.0.0.0:8080" + ## Uncomment this to enable debug logs + #- name: STSENTINEL_DEBUG + # value: "true" + ports: + - containerPort: 8080 \ No newline at end of file diff --git a/roles/stolon/tasks/main.yml b/roles/stolon/tasks/main.yml index e69de29..3d208a3 100644 --- a/roles/stolon/tasks/main.yml +++ b/roles/stolon/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Criar diretório temporário no remoto + file: + path: /tmp/stolon/kubernetes-files + state: directory + mode: '0755' + +- name: Copiar arquivos YAML para o remoto + copy: + src: ./roles/stolon/kubernetes-files + dest: /tmp/stolon/kubernetes-files + mode: '0644' + +- name: Aplicar os YAMLs com kubectl + command: kubectl apply -f /tmp/k8s_yamls/ \ No newline at end of file diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml deleted file mode 100644 index 2c8db91..0000000 --- a/roles/vaultwarden/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Buscar secret do Vaultwarden - command: "bw get item 'nome-do-secret'" - register: secret_raw - #no_log: true \ No newline at end of file