diff --git a/jenkins/defaults/main.yml b/jenkins/defaults/main.yml new file mode 100644 index 0000000..c3398ba --- /dev/null +++ b/jenkins/defaults/main.yml @@ -0,0 +1 @@ +HOSTNAME: jenkins.jhcloud.kr diff --git a/jenkins/tasks/main.yml b/jenkins/tasks/main.yml new file mode 100644 index 0000000..93fc672 --- /dev/null +++ b/jenkins/tasks/main.yml @@ -0,0 +1,7 @@ +--- + - name: Jenkins Helm Chart Install + kubernetes.core.helm: + name: jenkins + chart_ref: /root/kubespray/roles/kubernetes-apps/jenkins/templates/ + namespace: jenkins + create_namespace: true diff --git a/jenkins/templates b/jenkins/templates new file mode 160000 index 0000000..5d17197 --- /dev/null +++ b/jenkins/templates @@ -0,0 +1 @@ +Subproject commit 5d17197d2380acedd967805c132fe38140d4d48a diff --git a/nfs_external_provisioner/defaults/main.yml b/nfs_external_provisioner/defaults/main.yml new file mode 100644 index 0000000..99820f0 --- /dev/null +++ b/nfs_external_provisioner/defaults/main.yml @@ -0,0 +1,9 @@ +--- +# defaults file for nfs_external_provisioner +nfs_external_provisioner_enabled: true +# replace with namespace where provisioner will be deployed +nfs_namespace: nfs +# replace with your nfs server +nfs_server: 192.168.7.17 +# replace with your nfs exported path +nfs_path: /root/test diff --git a/nfs_external_provisioner/tasks/main.yml b/nfs_external_provisioner/tasks/main.yml new file mode 100644 index 0000000..03c9051 --- /dev/null +++ b/nfs_external_provisioner/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# tasks file for nfs_external_provisioner +#- name: NFS External Provisioner | Install Pre-Packages +# yum: +# name: "{{ item }}" +# state: present +# update_cache: True +# with_items: +# - nfs-utils.x86_64 +# when: +# - not is_this_offline +- name: NFS External Provisioner | Generate Manifests + template: + src: "{{ item }}.j2" + dest: "{{ kube_config_dir }}/{{ item }}" + with_items: ["nfs-namespace.yml", "nfs-rbac.yml", "nfs-deployment.yml", "nfs-storageclass.yml"] + register: nfs_provisioner_manifests + when: inventory_hostname == groups['kube_control_plane'][0] + +- name: NFS External Provisioner | Apply Manifests + kube: + kubectl: "{{ bin_dir }}/kubectl" + filename: "{{ kube_config_dir }}/{{ item.item }}" + state: "latest" + wait: true + with_items: + - "{{ nfs_provisioner_manifests.results }}" + when: + - inventory_hostname == groups['kube_control_plane'][0] + loop_control: + label: "{{ item.item }}" + +- name: NFS External Provisioner | Default Storage Class + shell: >- + {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf + patch storageclass nfs + -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' diff --git a/nfs_external_provisioner/templates/nfs-deployment.yml.j2 b/nfs_external_provisioner/templates/nfs-deployment.yml.j2 new file mode 100644 index 0000000..ac4432f --- /dev/null +++ b/nfs_external_provisioner/templates/nfs-deployment.yml.j2 @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + namespace: {{ nfs_namespace }} +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: >- + gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0 + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: k8s-sigs.io/nfs-subdir-external-provisioner + - name: NFS_SERVER + value: {{ nfs_server }} + - name: NFS_PATH + value: {{ nfs_path }} + volumes: + - name: nfs-client-root + nfs: + server: {{ nfs_server }} + path: {{ nfs_path }} diff --git a/nfs_external_provisioner/templates/nfs-namespace.yml.j2 b/nfs_external_provisioner/templates/nfs-namespace.yml.j2 new file mode 100644 index 0000000..3ff8485 --- /dev/null +++ b/nfs_external_provisioner/templates/nfs-namespace.yml.j2 @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ nfs_namespace }} diff --git a/nfs_external_provisioner/templates/nfs-rbac.yml.j2 b/nfs_external_provisioner/templates/nfs-rbac.yml.j2 new file mode 100644 index 0000000..9487446 --- /dev/null +++ b/nfs_external_provisioner/templates/nfs-rbac.yml.j2 @@ -0,0 +1,62 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner + namespace: {{ nfs_namespace }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: nfs +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner + namespace: {{ nfs_namespace }} +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner + namespace: {{ nfs_namespace }} +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: {{ nfs_namespace }} +roleRef: + kind: Role + name: leader-locking-nfs-client-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/nfs_external_provisioner/templates/nfs-storageclass.yml.j2 b/nfs_external_provisioner/templates/nfs-storageclass.yml.j2 new file mode 100644 index 0000000..c8f9bea --- /dev/null +++ b/nfs_external_provisioner/templates/nfs-storageclass.yml.j2 @@ -0,0 +1,9 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: nfs +provisioner: k8s-sigs.io/nfs-subdir-external-provisioner +parameters: + onDelete: delete + pathPattern: "${.PVC.namespace}/${.PVC.name}" diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml new file mode 100644 index 0000000..bb4ffcf --- /dev/null +++ b/roles/kubernetes-apps/meta/main.yml @@ -0,0 +1,140 @@ +--- +dependencies: + - role: kubernetes-apps/ansible + when: + - inventory_hostname == groups['kube_control_plane'][0] + + - role: kubernetes-apps/helm + when: + - helm_enabled + tags: + - helm + + - role: kubernetes-apps/krew + when: + - krew_enabled + tags: + - krew + + - role: kubernetes-apps/registry + when: + - registry_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - registry + + - role: kubernetes-apps/metrics_server + when: + - metrics_server_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - metrics_server + + - role: kubernetes-apps/csi_driver/csi_crd + when: + - cinder_csi_enabled or csi_snapshot_controller_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - csi-driver + + - role: kubernetes-apps/csi_driver/cinder + when: + - cinder_csi_enabled + tags: + - cinder-csi-driver + - csi-driver + + - role: kubernetes-apps/csi_driver/aws_ebs + when: + - aws_ebs_csi_enabled + tags: + - aws-ebs-csi-driver + - csi-driver + + - role: kubernetes-apps/csi_driver/azuredisk + when: + - azure_csi_enabled + tags: + - azure-csi-driver + - csi-driver + + - role: kubernetes-apps/csi_driver/gcp_pd + when: + - gcp_pd_csi_enabled + tags: + - gcp-pd-csi-driver + - csi-driver + + - role: kubernetes-apps/csi_driver/upcloud + when: + - upcloud_csi_enabled + tags: + - upcloud-csi-driver + - csi-driver + + - role: kubernetes-apps/csi_driver/vsphere + when: + - vsphere_csi_enabled + tags: + - vsphere-csi-driver + - csi-driver + + - role: kubernetes-apps/persistent_volumes + when: + - persistent_volumes_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - persistent_volumes + + - role: kubernetes-apps/snapshots + when: inventory_hostname == groups['kube_control_plane'][0] + tags: + - snapshots + - csi-driver + + - role: kubernetes-apps/container_runtimes + when: + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - container-runtimes + + - role: kubernetes-apps/container_engine_accelerator + when: nvidia_accelerator_enabled + tags: + - container_engine_accelerator + + - role: kubernetes-apps/cloud_controller/oci + when: + - cloud_provider is defined + - cloud_provider == "oci" + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - oci + + - role: kubernetes-apps/metallb + when: + - metallb_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - metallb + + - role: kubernetes-apps/argocd + when: + - argocd_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - argocd + + - role: kubernetes-apps/nfs_external_provisioner + when: + - nfs_external_provisioner_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - nfs_external_provisioner + + - role: kubernetes-apps/jenkins + when: + - jenkins_enabled + - inventory_hostname == groups['kube_control_plane'][0] + tags: + - jenkins