Update .gitea/workflows/deploy-k8s.yml

2026-03-22 12:29:47 +00:00 · 2025-10-24 18:43:35 +00:00
18 changed files with 3 additions and 473 deletions
--- a/.gitea/workflows/deploy-k8s.yml
+++ b/.gitea/workflows/deploy-k8s.yml
@ -2,7 +2,7 @@ name: IACAnsible

 on: 
  push:
-    branches: [ main ]
+    branches: [ kubernetes-vazio ]
  workflow_dispatch:

 jobs:
@ -35,7 +35,7 @@ jobs:
          bw login --apikey
          echo "session"
          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          echo "BW_SESSION=$BW_SESSION" >> $GITEA_ENV
+          

      - name: Cloning ansible repository
        uses: actions/checkout@v4
@ -55,6 +55,4 @@ jobs:
      - name: Run Ansible Playbook
        working-directory: ansible/iac
        run: |
-          ansible-playbook -i inventory.ini playbook.yml -e "BW_CLIENTID=$BW_CLIENTID BW_CLIENTSECRET=$BW_CLIENTSECRET BW_PASSWORD=$BW_PASSWORD BW_EMAIL=$BW_EMAIL"
-        env:
-          BW_SESSION: ${{ env.BW_SESSION }}
+          ansible-playbook -i inventory.ini playbook.yml
--- a/playbook.yml
+++ b/playbook.yml
@ -3,16 +3,13 @@
  become: yes
  roles:
    - common
-    - vaultwarden
    - kubernetes
    - kube-master
-    - stolon

 - name: Configure Kubernetes Nodes
  hosts: workers
  become: yes
  roles:
    - common
-    - vaultwarden
    - kubernetes
    - kube-node
--- a/roles/kube-master/tasks/main.yml
+++ b/roles/kube-master/tasks/main.yml
@ -133,34 +133,6 @@
  delay: 6
  become: yes

- name: Instalar Helm no nó master
-  become: true
-  shell: |
-    curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-  args:
-    creates: /usr/local/bin/helm
-    
- name: Adicionar repositório Helm do CSI NFS
-  command: >
-    helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
-  args:
-    creates: /root/.cache/helm/repository/csi-driver-nfs-index.yaml
-
- name: Atualizar repositórios Helm
-  command: helm repo update
-  
- name: Instalar CSI NFS Driver via Helm
-  command: helm upgrade --install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --version 4.12.0
-  register: resultado_nfs
-  environment:
-    KUBECONFIG:  /home/fenix/.kube/config
-
- 
- name: Mostrar resultado do nfs csi driver
-  debug:
-    var: resultado_nfs.stdout_lines
-
-
 - name: Get kubeadm join command
  become: true
  shell: kubeadm token create --print-join-command
--- a/roles/stolon/files/docker-secrets.yaml
+++ b/roles/stolon/files/docker-secrets.yaml
@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: regcred
-  namespace: postgresql
-data:
-  .dockerconfigjson: >-
-    eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ==
-type: kubernetes.io/dockerconfigjson
--- a/roles/stolon/files/stolon-keeper.yaml
+++ b/roles/stolon/files/stolon-keeper.yaml
@ -1,109 +0,0 @@
-# PetSet was renamed to StatefulSet in k8s 1.5
-# apiVersion: apps/v1alpha1
-# kind: PetSet
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: stolon-keeper
-  namespace: postgresql
-spec:
-  serviceName: "stolon-keeper"
-  replicas: 3
-  selector:
-    matchLabels:
-      component: stolon-keeper
-      stolon-cluster: kube-stolon
-  template:
-    metadata:
-      labels:
-        component: stolon-keeper
-        stolon-cluster: kube-stolon
-      annotations:
-        pod.alpha.kubernetes.io/initialized: "true"
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8080"
-    spec:
-      imagePullSecrets:
-      - name: regcred
-      terminationGracePeriodSeconds: 10
-      containers:
-        - name: stolon-keeper
-          image: sorintlab/stolon:master-pg15
-          command:
-            - "/bin/bash"
-            - "-ec"
-            - |
-              id stolon
-              # Generate our keeper uid using the pod index
-              IFS='-' read -ra ADDR <<< "$(hostname)"
-              export STKEEPER_UID="keeper${ADDR[-1]}"
-              export POD_IP=$(hostname -i)
-              export STKEEPER_PG_LISTEN_ADDRESS=$POD_IP
-              mkdir -p /stolon-data/data
-              export STOLON_DATA=/stolon-data/data
-              chown stolon:stolon /stolon-data
-              chown stolon:stolon $STOLON_DATA
-              exec gosu stolon stolon-keeper --data-dir $STOLON_DATA
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: STKEEPER_CLUSTER_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.labels['stolon-cluster']
-            - name: STKEEPER_STORE_BACKEND
-              value: "kubernetes"
-            - name: STKEEPER_KUBE_RESOURCE_KIND
-              value: "configmap"
-            - name: STKEEPER_PG_REPL_USERNAME
-              #value: "repluser"
-              valueFrom:
-                secretKeyRef:
-                  name: stolon-repl-secret
-                  key: username
-            - name: STKEEPER_PG_REPL_PASSWORD
-              #value: "replpassword"
-              valueFrom:
-                secretKeyRef:
-                  name: stolon-repl-secret
-                  key: password
-            - name: STKEEPER_PG_SU_USERNAME
-              #value: "stolon"
-              valueFrom:
-                secretKeyRef:
-                  name: stolon-secret
-                  key: username
-            - name: STKEEPER_PG_SU_PASSWORDFILE
-              value: "/etc/secrets/stolon/password"
-            - name: STKEEPER_METRICS_LISTEN_ADDRESS
-              value: "0.0.0.0:8080"
-            # Uncomment this to enable debug logs
-            #- name: STKEEPER_DEBUG
-            #  value: "true"
-          ports:
-            - containerPort: 5432
-            - containerPort: 8080
-          volumeMounts:
-            - mountPath: /stolon-data
-              name: data
-            - mountPath: /etc/secrets/stolon
-              name: stolon
-      volumes:
-        - name: stolon
-          secret:
-            secretName: stolon-secret
-  volumeClaimTemplates:
-    - kind: PersistentVolumeClaim
-      apiVersion: v1
-      metadata:
-        name: data
-        namespace: postgresql
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 10Gi
-        storageClassName: stolon-nfs-csi
--- a/roles/stolon/files/stolon-namespace.yaml
+++ b/roles/stolon/files/stolon-namespace.yaml
@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: postgresql
--- a/roles/stolon/files/stolon-nfs-csi.yaml
+++ b/roles/stolon/files/stolon-nfs-csi.yaml
@ -1,11 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: stolon-nfs-csi
-  namespace: postgresql
-provisioner: nfs.csi.k8s.io
-parameters:
-  server: 192.168.1.22
-  share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/postgresql-stolon
-allowVolumeExpansion: true
-reclaimPolicy: Retain
--- a/roles/stolon/files/stolon-proxy-service.yaml
+++ b/roles/stolon/files/stolon-proxy-service.yaml
@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: stolon-proxy-service
-  namespace: postgresql
-spec:
-  ports:
-    - port: 5432
-      targetPort: 5432
-  selector:
-    component: stolon-proxy
-    stolon-cluster: kube-stolon
-  type: LoadBalancer
-  loadBalancerIP: 192.168.1.105
--- a/roles/stolon/files/stolon-proxy.yaml
+++ b/roles/stolon/files/stolon-proxy.yaml
@ -1,58 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: stolon-proxy
-  namespace: postgresql
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      component: stolon-proxy
-      stolon-cluster: kube-stolon
-  template:
-    metadata:
-      labels:
-        component: stolon-proxy
-        stolon-cluster: kube-stolon
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8080"
-    spec:
-      imagePullSecrets:
-      - name: regcred
-      containers:
-        - name: stolon-proxy
-          image: sorintlab/stolon:master-pg10
-          command:
-            - "/bin/bash"
-            - "-ec"
-            - |
-              exec gosu stolon stolon-proxy
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: STPROXY_CLUSTER_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.labels['stolon-cluster']
-            - name: STPROXY_STORE_BACKEND
-              value: "kubernetes"
-            - name: STPROXY_KUBE_RESOURCE_KIND
-              value: "configmap"
-            - name: STPROXY_LISTEN_ADDRESS
-              value: "0.0.0.0"
-            - name: STPROXY_METRICS_LISTEN_ADDRESS
-              value: "0.0.0.0:8080"
-            ## Uncomment this to enable debug logs
-            #- name: STPROXY_DEBUG
-            #  value: "true"
-          ports:
-            - containerPort: 5432
-            - containerPort: 8080
-          readinessProbe:
-            tcpSocket:
-              port: 5432
-            initialDelaySeconds: 10
-            timeoutSeconds: 5
--- a/roles/stolon/files/stolon-repl-secret.yaml
+++ b/roles/stolon/files/stolon-repl-secret.yaml
@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: stolon-repl-secret
-    namespace: postgresql
-type: Opaque
-data:
-    username: asOndDQ5aWZqa2w0aW85
-    password: asOndDQ5aWZqa2w0aW85
--- a/roles/stolon/files/stolon-role-binding.yaml
+++ b/roles/stolon/files/stolon-role-binding.yaml
@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: stolon-role-binding
-  namespace: postgresql
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: stolon-role
-subjects:
- kind: ServiceAccount
-  name: default
-  namespace: postgresql
--- a/roles/stolon/files/stolon-role.yaml
+++ b/roles/stolon/files/stolon-role.yaml
@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: stolon-role
-  namespace: postgresql
-rules:
- apiGroups:
-  - ""
-  resources:
-  - pods
-  - configmaps
-  - events
-  verbs:
-  - "*"
--- a/roles/stolon/files/stolon-secret.yaml
+++ b/roles/stolon/files/stolon-secret.yaml
@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: stolon-secret
-    namespace: postgresql
-type: Opaque
-data:
-    username: asOndDQ5aWZqa2w0aW85
-    password: asOndDQ5aWZqa2w0aW85
--- a/roles/stolon/files/stolon-sentinel.yaml
+++ b/roles/stolon/files/stolon-sentinel.yaml
@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: stolon-sentinel
-  namespace: postgresql
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      component: stolon-sentinel
-      stolon-cluster: kube-stolon
-  template:
-    metadata:
-      labels:
-        component: stolon-sentinel
-        stolon-cluster: kube-stolon
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "8080"
-    spec:
-      imagePullSecrets:
-      - name: regcred
-      containers:
-        - name: stolon-sentinel
-          image: sorintlab/stolon:master-pg10
-          command:
-            - "/bin/bash"
-            - "-ec"
-            - |
-              exec gosu stolon stolon-sentinel
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: STSENTINEL_CLUSTER_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.labels['stolon-cluster']
-            - name: STSENTINEL_STORE_BACKEND
-              value: "kubernetes"
-            - name: STSENTINEL_KUBE_RESOURCE_KIND
-              value: "configmap"
-            - name: STSENTINEL_METRICS_LISTEN_ADDRESS
-              value: "0.0.0.0:8080"
-            ## Uncomment this to enable debug logs
-            #- name: STSENTINEL_DEBUG
-            #  value: "true"
-          ports:
-            - containerPort: 8080
--- a/roles/stolon/tasks/main.yml
+++ b/roles/stolon/tasks/main.yml
@ -1,52 +0,0 @@
- name: Remover o diretório /tmp/stolon/kubernetes-files
-  ansible.builtin.file:
-    path: /tmp/stolon/kubernetes-files
-    state: absent
-
- name: Criar diretório temporário no remoto
-  file:
-    path: /tmp/stolon/kubernetes-files
-    state: directory
-    mode: '0755'
-
- name: Copy file with owner and permissions
-  ansible.builtin.copy:
-    src: ../files
-    dest: /tmp/stolon/kubernetes-files
-    owner: fenix
-    group: root
-    mode: '0644'
-
- name: Listar conteúdo do diretório remoto
-  shell: ls -l /tmp/stolon/kubernetes-files/files
-  register: resultado_ls
-
-
- name: Obter várias notas do Bitwarden
-  shell: |
-    echo "unlock"
-    BW_SESSION=$(bw unlock {{ bw_password }} --raw)
-    echo "get item"
-    bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
-  loop:
-    - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
-    - { id: "iac.ansible.stolon.repl.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml" }
-    - { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" }
-  args:
-    executable: /bin/bash
-  environment:
-    BW_PASSWORD: "{{ BW_PASSWORD }}"
-
-
- name: Mostrar resultado do ls
-  debug:
-    var: resultado_ls.stdout_lines
-
- name: Aplicar o stolon
-  become: yes
-  become_user: fenix 
-  shell: |
-    kubectl apply -f /tmp/stolon/kubernetes-files/files/stolon-namespace.yaml
-    kubectl apply -f /tmp/stolon/kubernetes-files/files/
-  environment:
-    KUBECONFIG:  /home/fenix/.kube/config
--- a/roles/stolon/vars/main.yml
+++ b/roles/stolon/vars/main.yml
@ -1,4 +0,0 @@
-bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
-VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
-BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
-BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"
--- a/roles/vaultwarden/tasks/main.yml
+++ b/roles/vaultwarden/tasks/main.yml
@ -1,77 +0,0 @@
- name: Atualizar pacotes e instalar dependências básicas
-  become: true
-  apt:
-    name:
-      - curl
-      - git
-      - unzip
-      - jq
-      - gnupg
-      - ca-certificates
-    state: present
-    update_cache: true
-
- name: Adicionar repositório NodeSource para Node.js 20
-  become: true
-  shell: curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
-  args:
-    executable: /bin/bash
-
- name: Instalar Node.js 20
-  become: true
-  apt:
-    name: nodejs
-    state: present
-    update_cache: true
-
- name: Verificar versão do Node.js
-  command: node -v
-  register: node_version
-  changed_when: false
-
- name: Verificar versão do npm
-  command: npm -v
-  register: npm_version
-  changed_when: false
-  
- name: Instalar Bitwarden CLI via npm
-  become: true
-  shell: npm install -g @bitwarden/cli
-  args:
-    executable: /bin/bash
-
- name: Verificar instalação do Bitwarden CLI
-  command: bw --version
-  register: bw_version
-  failed_when: bw_version.rc != 0
-
- name: Garantir logout do Bitwarden antes de configurar
-  shell: bw logout
-  ignore_errors: true
-
- name: Fazer login no Bitwarden
-  shell: | 
-    echo "config"
-    echo "VAULTWARDEN_LINK: {{ VAULTWARDEN_LINK }}"
-    bw config server {{ VAULTWARDEN_LINK }}
-    echo $BW_CLIENTID
-    echo $BW_CLIENTSECRET
-    echo "login"
-    bw login --apikey
-  environment:
-    BW_CLIENTID: "{{ BW_CLIENTID }}"
-    BW_CLIENTSECRET: "{{ BW_CLIENTSECRET }}"
-    VAULTWARDEN_LINK: "{{ VAULTWARDEN_LINK }}"
-  args:
-    executable: /bin/bash
-  register: bw_login
-
- name: Desbloquear cofre e guardar sessão
-  shell: bw unlock {{ bw_password }} --raw
-  register: bw_session
-  environment:
-    BW_PASSWORD: "{{ BW_PASSWORD }}"
-
- name: Exportar sessão para ambiente local
-  shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh
-  become: true
--- a/roles/vaultwarden/vars/main.yml
+++ b/roles/vaultwarden/vars/main.yml
@ -1,4 +0,0 @@
-bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
-VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
-BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
-BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"