diff --git a/.github/workflows/iac-pipeline-destroy.yml b/.github/workflows/iac-pipeline-destroy.yml new file mode 100644 index 00000000..635330cc --- /dev/null +++ b/.github/workflows/iac-pipeline-destroy.yml @@ -0,0 +1,199 @@ +name: Destroy Resources by IAC tools + +env: + STATE: "destroy" # 可以根据需要更改初始状态, 可选create,update, destroy + CLOUD: "gcp" # 选择云服务商, 可选: gcp, aws, ali, azure + +on: + pull_request: + push: + paths: + - '.github/workflows/iac-pipeline-destroy.yml' + workflow_dispatch: + branches: + - main + +jobs: + gcs: + runs-on: ubuntu-latest + needs: + - vhost + - network + - key_pair + - firewall + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Set up Google Cloud SDK + uses: 'google-github-actions/setup-gcloud@v1' + with: + version: '>= 363.0.0' + + - name: Delete Google Cloud Storage Bucket + run: | + gsutil -m rm -r gs://iac_gcp_terraform_state || true + gcloud storage buckets delete gs://iac_gcp_terraform_state --quiet || true + network: + runs-on: ubuntu-latest + needs: + - vhost + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Terraform Init And Apply + run: | + bash run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/network/ + vhost: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Fetch SSH Keys + run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub + working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ + + - name: Terraform Init And Apply + run: | + python3 scripts/init.py && bash scripts/run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ + + key_pair: + runs-on: ubuntu-latest + needs: + - vhost + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Set up Google Cloud SDK + uses: 'google-github-actions/setup-gcloud@v1' + with: + version: '>= 363.0.0' + + - name: Check if SSH Metadata exists + id: check_ssh_metadata + run: bash scripts/check_ssh_metadata.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ + + - name: Fetch SSH Keys + if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false' + run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub + working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ + + - name: Terraform Init And Apply + if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false' + run: | + python3 scripts/init.py && bash scripts/run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ + + firewall: + runs-on: ubuntu-latest + needs: + - vhost + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Terraform Init And Apply + run: | + python3 scripts/init.py && bash scripts/run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/firewall/ diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml new file mode 100644 index 00000000..a1510304 --- /dev/null +++ b/.github/workflows/pipeline.yml @@ -0,0 +1,360 @@ +name: Create Resources by IAC tools + +env: + STATE: "create" # 可以根据需要更改初始状态, 可选create,update, destroy + CLOUD: "gcp" # 选择云服务商, 可选: gcp, aws, ali, azure + TZ: Asia/Shanghai + REPO: "artifact.onwalk.net" + IMAGE: base/${{ github.repository }} + TAG: ${{ github.sha }} + DNS_AK: ${{ secrets.DNS_AK }} + DNS_SK: ${{ secrets.DNS_SK }} + OSS_AK: ${{ secrets.OSS_AK }} + OSS_SK: ${{ secrets.OSS_SK }} + ROOT_PASSWORD: ${{ secrets.ADMIN_INIT_PASSWORD }} + SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} + GITLAB_OIDC_CLIENT_TOKEN: ${{ secrets.GITLAB_OIDC_CLIENT_TOKEN }} + HARBOR_OIDC_CLIENT_TOKEN: ${{ secrets.HARBOR_OIDC_CLIENT_TOKEN }} + SSH_USER: ${{ secrets.HOST_USER }} + SSH_HOST_DOMAIN: ${{ secrets.HOST_DOMAIN }} + SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} + +on: + pull_request: + push: + paths: + - '.github/workflows/pipeline.yml' + workflow_dispatch: + branches: + - main + +jobs: + gcs: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Set up Google Cloud SDK + uses: 'google-github-actions/setup-gcloud@v1' + with: + version: '>= 363.0.0' + + - name: Check if GCS bucket exists + id: check_bucket + run: | + BUCKET_NAME="iac_gcp_terraform_state" + gsutil ls -b gs://${BUCKET_NAME} || echo "::set-output name=bucket_exists::false" + + - name: Terraform Init And Apply + if: steps.check_bucket.outputs.bucket_exists == 'false' + run: | + bash run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/gcs/ + network: + runs-on: ubuntu-latest + needs: + - gcs + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Terraform Init And Apply + run: | + bash run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/network/ + vhost: + runs-on: ubuntu-latest + needs: + - gcs + - network + - key_pair + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Fetch SSH Keys + run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub + working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ + + - name: Terraform Init And Apply + run: | + python3 scripts/init.py && bash scripts/run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ + + key_pair: + runs-on: ubuntu-latest + needs: + - gcs + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Set up Google Cloud SDK + uses: 'google-github-actions/setup-gcloud@v1' + with: + version: '>= 363.0.0' + + - name: Check if SSH Metadata exists + id: check_ssh_metadata + run: bash scripts/check_ssh_metadata.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ + + - name: Fetch SSH Keys + if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false' + run: echo "${{ secrets.SSH_PUBLIC_KEY }}" > ssh_keys.pub + working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ + + - name: Terraform Init And Apply + if: steps.check_ssh_metadata.outputs.ssh_metadata_exists == 'false' + run: | + python3 scripts/init.py && bash scripts/run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/key_pair/ + + firewall: + runs-on: ubuntu-latest + needs: + - gcs + - network + + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Terraform Init And Apply + run: | + python3 scripts/init.py && bash scripts/run_terraform.sh + working-directory: iac_modules/terraform/${{ env.CLOUD }}/firewall/ + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Sync aritfacts + run: echo "to do" + + test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Test aritfacts + run: echo "to do" + + setup-k3s: + runs-on: ubuntu-latest + needs: + - build + - test + - vhost + + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Set GitHub Actions output variables + id: terraform-output + run: | + python3 scripts/init.py && terraform init + terraform output | while read -r line; do + if [ -z "$line" ]; then + break + else + k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}') + echo "$k_v" >> $GITHUB_OUTPUT + fi + done + working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ + + - name: Update playbook hosts + run: | + bash pre_setup.sh + env: + SSH_HOST_IP: ${{ steps.terraform-output.outputs.server }} + working-directory: playbook/ + + - name: Setup K3S Cluster + shell: bash + run: | + export ANSIBLE_HOST_KEY_CHECKING=False + ansible-playbook -i hosts/inventory init_k3s_cluster_std -D + working-directory: playbook/ + deploy-Apps: + runs-on: ubuntu-latest + needs: + - setup-k3s + + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: 'recursive' + + - name: Pre Setup + run: | + sudo apt-get update + sudo apt-get install -y python3-pip jq + python -m pip install --upgrade pip jinja2 + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.6.4 + + - name: Authenticate with Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} + + - name: Set GitHub Actions output variables + id: terraform-output + run: | + python3 scripts/init.py && terraform init + terraform output | while read -r line; do + if [ -z "$line" ]; then + break + else + k_v=$(echo "$line" | tr -d ' ' | awk -F= '{print $1"="$2}') + echo "$k_v" >> $GITHUB_OUTPUT + fi + done + working-directory: iac_modules/terraform/${{ env.CLOUD }}/vhost/ + + - name: Update playbook hosts + run: | + bash pre_setup.sh + env: + SSH_HOST_IP: ${{ steps.terraform-output.outputs.server }} + working-directory: playbook/ + + - name: Deploy Gitlab + run: | + export ANSIBLE_HOST_KEY_CHECKING=False + ansible-playbook -i hosts/inventory init_gitlab -D + working-directory: playbook/ + + - name: Deploy Harbor + run: | + export ANSIBLE_HOST_KEY_CHECKING=False + ansible-playbook -i hosts/inventory init_harbor -D + working-directory: playbook/ + + - name: Deploy Chartmuseum + run: | + export ANSIBLE_HOST_KEY_CHECKING=False + ansible-playbook -i hosts/inventory init_chartmuseum -D + working-directory: playbook/ diff --git a/Architectures.uml b/Architectures.uml new file mode 100644 index 00000000..e3eb2c45 --- /dev/null +++ b/Architectures.uml @@ -0,0 +1,75 @@ +@startuml +!define RECTANGLE class + +RECTANGLE GitHubCI +RECTANGLE Pulumi +RECTANGLE GitHub +RECTANGLE Harbor +RECTANGLE Loki +RECTANGLE Deepflow +RECTANGLE Prometheus +RECTANGLE Alertmanager +RECTANGLE Clickhouse +RECTANGLE Grafana +RECTANGLE Nginx +RECTANGLE DNS +RECTANGLE APIGateway + +' 多环境定义 +folder "Development Environment" { + RECTANGLE Dev_Kubernetes + RECTANGLE Dev_k3s +} +folder "Testing Environment" { + RECTANGLE Test_Kubernetes + RECTANGLE Test_k3s +} +folder "Production Environment" { + RECTANGLE Prod_Kubernetes + RECTANGLE Prod_k3s +} + +GitHubCI --> GitHub : 使用 +GitHub --> Pulumi : 配置 +Pulumi --> Dev_Kubernetes +Pulumi --> Dev_k3s +Pulumi --> Test_Kubernetes +Pulumi --> Test_k3s +Pulumi --> Prod_Kubernetes +Pulumi --> Prod_k3s + +Dev_Kubernetes --> Harbor : 容器注册 +Dev_k3s --> Harbor : 容器注册 +Test_Kubernetes --> Harbor : 容器注册 +Test_k3s --> Harbor : 容器注册 +Prod_Kubernetes --> Harbor : 容器注册 +Prod_k3s --> Harbor : 容器注册 + +Dev_Kubernetes --> Nginx : Ingress +Dev_k3s --> Nginx : Ingress +Test_Kubernetes --> Nginx : Ingress +Test_k3s --> Nginx : Ingress +Prod_Kubernetes --> Nginx : Ingress +Prod_k3s --> Nginx : Ingress + +Dev_Kubernetes --> Loki : 日志 +Dev_k3s --> Loki : 日志 +Test_Kubernetes --> Loki : 日志 +Test_k3s --> Loki : 日志 +Prod_Kubernetes --> Loki : 日志 +Prod_k3s --> Loki : 日志 + +Loki --> Grafana : 可视化 +Deepflow --> Grafana : 可视化 +Prometheus --> Grafana : 可视化 +Alertmanager --> Prometheus : 通知 +Clickhouse --> Grafana : 数据存储 + +DNS --> APIGateway : 解析 +APIGateway --> Dev_Kubernetes : 路由 +APIGateway --> Dev_k3s : 路由 +APIGateway --> Test_Kubernetes : 路由 +APIGateway --> Test_k3s : 路由 +APIGateway --> Prod_Kubernetes : 路由 +APIGateway --> Prod_k3s : 路由 +@enduml diff --git a/Layered_Architecture.uml b/Layered_Architecture.uml new file mode 100644 index 00000000..2d59187c --- /dev/null +++ b/Layered_Architecture.uml @@ -0,0 +1,30 @@ +@startuml +!define RECTANGLE class + +' Central Container Platform +RECTANGLE ContainerPlatform { + RECTANGLE ServiceMeshSolutions +} + +' Microservices at the top +RECTANGLE Microservices + +' DevOps Solutions and Federated Identity Solutions on the left +RECTANGLE DevOpsSolutions +RECTANGLE FederatedIdentitySolutions + +' Observability Platform Solutions on the right +RECTANGLE ObservabilityPlatformSolutions + +' LangChainAI at the bottom +RECTANGLE LangChainAI + +' Define relationships +Microservices -down- ContainerPlatform : "Supported by\n" +DevOpsSolutions -right- ContainerPlatform : "Integrated with\n" +FederatedIdentitySolutions -right- ContainerPlatform : "Secured by\n" +ObservabilityPlatformSolutions -left- ContainerPlatform : "Monitored by\n" +LangChainAI -up- ContainerPlatform : "Enhanced by\n" +ServiceMeshSolutions -- ContainerPlatform : "Interconnected within\n" + +@enduml diff --git a/README.md b/README.md index 4b4de3ff..c421958d 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,9 @@ We define modern app architectures as those driven by four characteristics: scal - Resiliency – Can fail over to newly spun‑up clusters or virtual environments in different availability regions, clouds, or data centers. - Agility – Ability to update through automated CI/CD pipelines with higher code velocity and more frequent code pushes. +![PlantUML Diagram](https://www.plantuml.com/plantuml/png/XPL1JnD15CVlxrECN3nnwis3WPIcD9A6A7UpRL_BfhkpP6QsQ8o9qKXY0ke1HNlGH2NqOglnO3WGlWopYz_26RAbmylkq5Ft_N_px__jpBokI1K8bSOHtEbXF-J87ZRgMwljvaQ3TQD0Ie15eHcgzRHJRpcbpJHAun0eunJM0z59X5FOI8RkWZN4dNwKxBgc8ebHRMCgdU9gX4B50Gy6wBhLex0xt4vIYMu84VGDwLJQWv0_SN-r_SZrtcmr0uMxmLE0kqp_6ETlP_hRApqTNvo-WNuIzL2mfJKSOPJinCWLQ_1HA19klo-nPy3CnsrfzFX1sa71KQ4i4OSr2S-lVRTGgf0F_9uM8gP49Qxc9VRIhWeJxZUs734cQc4Cy-rdoyltYtrczzZ5sNb-E2b4AnLdmaZ_NX_aPrCeder4tWnLXZMtH5kc4iLf8rIoEDmCOCNYW9guUdggFq-oFnEzjmz57Wz1ujr6-ir8-5j8lrbfbrSNm80jFX0efTiVrKXd7gR2W7JZOIeCIZkmSyCWsT6nFZzoybE5fYydoXVJv5L4-MAmZxO-7q16qkzcboTxUlyZp0TT9R0OUvM8EmIl86UDkMylnldNOrYCHEAJVVYL7Kprpq_wvGJ0Z42hEyFF89SdtxClxs5HAxcs5lixomz_bs73MhLETyR7UOteBdcv6qOho7lstmx-0m00) + + ## Modern Container Application Reference Architectures This repository provides a reference architecture for modern container applications. It focuses on the following key principles: diff --git a/infrastructure/Pulumi.dev.yaml b/infrastructure/Pulumi.dev.yaml deleted file mode 100644 index cc192fc3..00000000 --- a/infrastructure/Pulumi.dev.yaml +++ /dev/null @@ -1 +0,0 @@ -encryptionsalt: v1:5xsaM2aqu0Q=:v1:SKSxqD3qXFYZl1I2:RCwJV1UL9uatyI/CtjvL+wFRY8bmQA== diff --git a/infrastructure/Pulumi.yaml b/infrastructure/Pulumi.yaml deleted file mode 100644 index f592741d..00000000 --- a/infrastructure/Pulumi.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: Modern-Container-Application-Reference-Architecture -runtime: - name: python - options: - virtualenv: venv -description: A minimal AWS Python Pulumi program diff --git a/infrastructure/__main__.py b/infrastructure/__main__.py deleted file mode 100644 index 498ebf51..00000000 --- a/infrastructure/__main__.py +++ /dev/null @@ -1,30 +0,0 @@ -"""An AWS Python Pulumi AWS Module""" -import aws -import config -import pulumi -import pulumi_command - -vpc_id = aws.vpc() -az_list = aws.availability_zones() -sg_id = aws.security_group( vpc_id ) -igw_id = aws.internet_gateway( vpc_id ) -route_table_id = aws.route_table( vpc_id, igw_id ) -subnets = aws.subnets(vpc_id, az_list, route_table_id, 'public' ) - -ssh_key = config.get_env('SSH_PUBLIC_KEY') -key_pair = aws.key_pair(resource_name="my_ssh_key", public_key=ssh_key) - -k3s_server = aws.ec2( - arch = 'arm64', - ec2_type = 't4g.small', - ec2_name = 'tky.onwalk.net', - key_name = key_pair, - subnet_id = subnets[0], - security_group_id = sg_id - ) - -pulumi.export("vpc", vpc_id) -pulumi.export("sg", sg_id) -pulumi.export("subnets", subnets) -pulumi.export("key_pair", key_pair) -pulumi.export("k3s_server_public_ip", k3s_server.public_ip ) diff --git a/infrastructure/cloud_manager/__init__.py b/infrastructure/cloud_manager/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/aws_provider.py b/infrastructure/cloud_manager/aws_provider.py deleted file mode 100644 index 0852010d..00000000 --- a/infrastructure/cloud_manager/aws_provider.py +++ /dev/null @@ -1,25 +0,0 @@ -import pulumi -from pulumi_aws import s3, ec2 - -class AWSProvider: - def __init__(self): - self.resources = {} - - def create_resources(self, resource_type, resource_config): - if resource_type == 's3': - self.resources['s3'] = s3.Bucket(resource_config['name']) - elif resource_type == 'ec2': - self.resources['ec2'] = ec2.Instance(resource_config['name'], - instance_type=resource_config['instance_type'], - ami=resource_config['ami']) - - def delete_resources(self): - for resource in self.resources.values(): - pulumi.destroy(resource) - - def update_resources(self): - print("Updating AWS resources...") - - def query_resources(self): - print("Querying AWS resources...") - return [] diff --git a/infrastructure/cloud_manager/main.py b/infrastructure/cloud_manager/main.py deleted file mode 100644 index 1d4e82c1..00000000 --- a/infrastructure/cloud_manager/main.py +++ /dev/null @@ -1,16 +0,0 @@ -from fastapi import FastAPI -from cloud_manager.models import ResourceConfig, CloudManager -from cloud_manager.providers.aws_provider import AWSProvider - -app = FastAPI() - -@app.post("/resources") -async def create_resource(resource: ResourceConfig): - if resource.provider == 'aws': - provider = AWSProvider() - else: - return {"error": "Unsupported provider"} - - manager = CloudManager(provider, resource.resource_type, resource.config) - manager.create_resources() - return {"message": "Resource created successfully"} diff --git a/infrastructure/cloud_manager/models.py b/infrastructure/cloud_manager/models.py deleted file mode 100644 index 9d5f8b44..00000000 --- a/infrastructure/cloud_manager/models.py +++ /dev/null @@ -1,30 +0,0 @@ -from pydantic import BaseModel - -class ResourceConfig(BaseModel): - provider: str - resource_type: str - config: dict - -class CloudManager: - def __init__(self, provider, resource_type, resource_config): - self.provider = provider - self.resource_type = resource_type - self.resource_config = resource_config - - def create_resources(self): - self.provider.create_resources(self.resource_type, self.resource_config) - - def delete_resources(self): - self.provider.delete_resources() - - def update_resources(self): - self.provider.update_resources() - - def query_resources(self): - return self.provider.query_resources() - - def migrate_resources(self, to_provider): - resources = self.query_resources() - to_provider.create_resources(resources) - self.delete_resources() - diff --git a/infrastructure/cloud_manager/providers/__init__.py b/infrastructure/cloud_manager/providers/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws/__init__.py b/infrastructure/cloud_manager/providers/aws/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws/ec2.py b/infrastructure/cloud_manager/providers/aws/ec2.py deleted file mode 100644 index 0ee18b45..00000000 --- a/infrastructure/cloud_manager/providers/aws/ec2.py +++ /dev/null @@ -1,18 +0,0 @@ -class EC2: - @staticmethod - def create(config): - # 创建 EC2 实例的代码... - pass - - def delete(self): - # 删除 EC2 实例的代码... - pass - - def update(self): - # 更新 EC2 实例的代码... - pass - - def query(self): - # 查询 EC2 实例的代码... - pass - diff --git a/infrastructure/cloud_manager/providers/aws/eks.py b/infrastructure/cloud_manager/providers/aws/eks.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws/iam.py b/infrastructure/cloud_manager/providers/aws/iam.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws/rds.py b/infrastructure/cloud_manager/providers/aws/rds.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws/s3.py b/infrastructure/cloud_manager/providers/aws/s3.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws/vpc.py b/infrastructure/cloud_manager/providers/aws/vpc.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/cloud_manager/providers/aws_provider.py b/infrastructure/cloud_manager/providers/aws_provider.py deleted file mode 100644 index 75c0a6a7..00000000 --- a/infrastructure/cloud_manager/providers/aws_provider.py +++ /dev/null @@ -1,27 +0,0 @@ -from .aws import ec2, s3, rds, iam, vpc, eks - -class AWSProvider: - def __init__(self): - self.resources = {} - - def create_resources(self, resource_type, resource_config): - if resource_type == 's3': - self.resources['s3'] = s3.create(resource_config) - elif resource_type == 'ec2': - self.resources['ec2'] = ec2.create(resource_config) - # ...其他服务的创建逻辑... - - def delete_resources(self): - for resource in self.resources.values(): - resource.delete() - - def update_resources(self): - for resource in self.resources.values(): - resource.update() - - def query_resources(self): - resources = {} - for name, resource in self.resources.items(): - resources[name] = resource.query() - return resources - diff --git a/infrastructure/config/__init__.py b/infrastructure/config/__init__.py deleted file mode 100644 index 4ed97b9f..00000000 --- a/infrastructure/config/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -from pulumi_command import local -from pulumi_command import remote - -def get_env( name ): - env = local.Command( - "command", - create=f"printenv {name}" - ) - return env.stdout - -def local_run( command: str ): - command = local.Command("local_command", create=command ) - return command.stdout diff --git a/infrastructure/main.py b/infrastructure/main.py deleted file mode 100644 index 1d4e82c1..00000000 --- a/infrastructure/main.py +++ /dev/null @@ -1,16 +0,0 @@ -from fastapi import FastAPI -from cloud_manager.models import ResourceConfig, CloudManager -from cloud_manager.providers.aws_provider import AWSProvider - -app = FastAPI() - -@app.post("/resources") -async def create_resource(resource: ResourceConfig): - if resource.provider == 'aws': - provider = AWSProvider() - else: - return {"error": "Unsupported provider"} - - manager = CloudManager(provider, resource.resource_type, resource.config) - manager.create_resources() - return {"message": "Resource created successfully"} diff --git a/infrastructure/requirements.txt b/infrastructure/requirements.txt deleted file mode 100644 index a9c63396..00000000 --- a/infrastructure/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -pulumi==3.58.0 -pulumi-aws==5.32.0 -pulumi_command==0.7.0 diff --git a/infrastructure/resource/aws/__init__.py b/infrastructure/resource/aws/__init__.py deleted file mode 100644 index 00b70cb3..00000000 --- a/infrastructure/resource/aws/__init__.py +++ /dev/null @@ -1,200 +0,0 @@ -import pulumi -import pulumi_aws - -#-----------global vars---------------# -stack_name = pulumi.get_stack() -project_name = pulumi.get_project() -#------------------------------------# -def vpc(): - vpc = pulumi_aws.ec2.Vpc( - resource_name=f"eks-{project_name}-{stack_name}", - cidr_block="10.100.0.0/16", - enable_dns_support=True, - enable_dns_hostnames=True, - instance_tenancy='default', - tags={ - "Project": project_name, - "Stack": stack_name - } - ) - return vpc.id -#------------------------------------# -def key_pair( resource_name: str, public_key: str ): - key_pair = pulumi_aws.ec2.KeyPair( resource_name=resource_name, public_key=public_key ) - return key_pair.key_name -#------------------------------------# -def ec2( arch, ec2_name, ec2_type, key_name, subnet_id, security_group_id ): - if arch == 'amd64': - ami = pulumi_aws.ec2.get_ami( - owners = ["099720109477"], - filters = [ - pulumi_aws.ec2.GetAmiFilterArgs( - name = "name", - values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] - )], - most_recent = True) - - if arch == 'arm64': - ami = pulumi_aws.ec2.get_ami( - owners = ["099720109477"], - filters = [ - pulumi_aws.ec2.GetAmiFilterArgs( - name = "name", - values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"] - )], - most_recent = True) - - root_ebs = { - "deleteOnTermination": True, - "volume_size": 100, - "volumeType": 'gp3', - "encrypted": False - } - - instance = pulumi_aws.ec2.Instance( - ami=ami.id, - resource_name = ec2_name, - instance_type = ec2_type, - key_name = key_name, - subnet_id = subnet_id, - root_block_device = root_ebs, - vpc_security_group_ids = [ security_group_id ], - tags = { - "Name": ec2_name - } - ) - return instance -#------------------------------------# -def availability_zones(): - az_list = pulumi_aws.get_availability_zones(state="available").names - return az_list -#------------------------------------# -def internet_gateway( vpc_id ): - igw = pulumi_aws.ec2.InternetGateway( - resource_name=f'vpc-igw-{project_name}-{stack_name}', - vpc_id=vpc_id, - tags={ - "Project": project_name, - "Stack": stack_name - } - ) - return igw.id - -#------------------------------------# -def route_table( vpc_id, igw_id ): - route_table = pulumi_aws.ec2.RouteTable( - resource_name = f'vpc-route-table-{project_name}-{stack_name}', - vpc_id = vpc_id, - routes = [ - pulumi_aws.ec2.RouteTableRouteArgs( - cidr_block='0.0.0.0/0', - gateway_id=igw_id - ) - ], - tags = { - "Project": project_name, - "Stack": stack_name - } - ) - return route_table.id - -#------------------------------------# -def security_group( vpc_id ): - security_group = pulumi_aws.ec2.SecurityGroup( - resource_name = f'ec2-default-sg-{project_name}-{stack_name}', - vpc_id = vpc_id, - description = "Allow all HTTP(s) traffic to EKS Cluster", - ingress = [ - pulumi_aws.ec2.SecurityGroupIngressArgs( - protocol='tcp', - from_port=22, - to_port=22, - cidr_blocks=['0.0.0.0/0'], - description='Allow sshd connect'), - pulumi_aws.ec2.SecurityGroupIngressArgs( - protocol='tcp', - from_port=80, - to_port=80, - cidr_blocks=['0.0.0.0/0'], - description='Allow http 80'), - pulumi_aws.ec2.SecurityGroupIngressArgs( - protocol='tcp', - from_port=389, - to_port=389, - cidr_blocks=['0.0.0.0/0'], - description='Allow LDAP 389'), - pulumi_aws.ec2.SecurityGroupIngressArgs( - protocol='tcp', - from_port=443, - to_port=443, - cidr_blocks=['0.0.0.0/0'], - description='Allow https 443') - ], - egress=[ - pulumi_aws.ec2.SecurityGroupEgressArgs( - from_port=0, - to_port=0, - protocol="-1", - cidr_blocks=["0.0.0.0/0"] - )], - tags = { - "Project": project_name, - "Stack": stack_name - } - ) - return security_group.id - -#------------------------------------# -def subnets( vpc_id, az_name, route_table_id, net_type='private' ): - -# If you wanted to double the number of subnets because you have few -# availability zones, you can redefine the variable below to something -# like: list(itertools.chain(azs, azs)) which would just repeat the -# same list of AZs twice. The iteration logic will pick it up for -# subnet creation and create unique names. - - subnets = [] - - az_list = availability_zones() - az_enum = list(az_list) - - if len(az_list) <= 0: - raise ValueError("There are no usable availability zones") - if len(az_list) == 1: - pulumi.log.warn("There is only a single usable availability zone") - elif len(az_list) == 2: - pulumi.log.warn("There are only two usable availability zones") - - for i, az in enumerate(az_enum): - - if net_type == 'public': - subnet_addr = i - map_eip=True - if net_type == 'private': - subnet_addr = (i + 1) * 16 - map_eip=False - - if not isinstance(az, str): - raise f'availability zone specified [{i}] is not a valid string value: [{az}]' - if az.strip() == "": - raise f'availability zone specified [{i}] is an empty string' - - subnet_instance = pulumi_aws.ec2.Subnet( - resource_name = f'{az}-{net_type}-{project_name}-{stack_name}-{i}', - vpc_id=vpc_id, - availability_zone=az, - cidr_block=f"10.100.{subnet_addr}.0/24", - map_public_ip_on_launch=map_eip, - tags={ - "Project": project_name, - "Stack": stack_name, - } - ) - pulumi_aws.ec2.RouteTableAssociation( - f"route-table-assoc-{net_type}-{az}-{i}", - route_table_id=route_table_id, - subnet_id=subnet_instance.id - ) - subnets.append(subnet_instance.id) - - return subnets diff --git a/infrastructure/scripts/create_resources.py b/infrastructure/scripts/create_resources.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/scripts/delete_resources.py b/infrastructure/scripts/delete_resources.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/scripts/migrate_resources.py b/infrastructure/scripts/migrate_resources.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/scripts/query_resources.py b/infrastructure/scripts/query_resources.py deleted file mode 100644 index e69de29b..00000000 diff --git a/infrastructure/scripts/update_resources.py b/infrastructure/scripts/update_resources.py deleted file mode 100644 index e69de29b..00000000 diff --git a/playbook/.gitignore b/playbook/.gitignore deleted file mode 100644 index b51fc974..00000000 --- a/playbook/.gitignore +++ /dev/null @@ -1 +0,0 @@ -osts/* diff --git a/playbook/Pulumi.dev.yaml b/playbook/Pulumi.dev.yaml deleted file mode 100644 index 83600e25..00000000 --- a/playbook/Pulumi.dev.yaml +++ /dev/null @@ -1 +0,0 @@ -encryptionsalt: v1:Yoj83pTAoq0=:v1:tLvk4ziwEsWJTRX7:Hxa7QbAwaerJCEBuuIZgDB0boChyDQ== diff --git a/playbook/Pulumi.yaml b/playbook/Pulumi.yaml deleted file mode 100644 index f592741d..00000000 --- a/playbook/Pulumi.yaml +++ /dev/null @@ -1,6 +0,0 @@ -name: Modern-Container-Application-Reference-Architecture -runtime: - name: python - options: - virtualenv: venv -description: A minimal AWS Python Pulumi program diff --git a/playbook/README.md b/playbook/README.md deleted file mode 100644 index 2026168c..00000000 --- a/playbook/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# playbook - -# Getting started - -## Delpoy Test -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring -D -C -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring_sit -D -C -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring_uat -D -C -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring_common -D -C - -## Deploy - -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring -D -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring_sit -D -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring_uat -D -ansible-playbook -i hosts/aws-hosts jobs/init_ec2_monitoring_common -D - -## Troubleshooting - -ansible -i hosts/aws-hosts sit -m shell -a 'sudo pkill -9 prometheus' diff --git a/playbook/__main__.py b/playbook/__main__.py deleted file mode 100644 index b22daf71..00000000 --- a/playbook/__main__.py +++ /dev/null @@ -1,55 +0,0 @@ -"""An AWS Python Pulumi AWS Module""" - -import os -import sys -import json -import stat -import jinja2 -import subprocess -import pulumi -import pulumi_command - -THIS_DIR = os.path.dirname(os.path.abspath(__file__)) - -def run_cmd(cmd): - retcode, output = subprocess.getstatusoutput( cmd ) - assert retcode == 0 - return output - -def render_template( template_source, template_result, template_vars ): - inventory_env = jinja2.Environment( loader=jinja2.FileSystemLoader(THIS_DIR), trim_blocks=True ) - inventory_template = inventory_env.get_template(template_source) - inventory_output = inventory_template.render(vars=template_vars) - with open(template_result, "w+") as f: - f.write(inventory_output) - -data = json.loads( - run_cmd('pulumi stack output --json') - ) - -vars = {} -vars['dns_ak'] = os.environ['DNS_AK'] -vars['dns_sk'] = os.environ['DNS_SK'] -vars['ssh_private_key'] = os.environ['SSH_PRIVATE_KEY'] -vars['db_server_public_ip'] = data['db_server_public_ip'] -vars['k3s_server_public_ip'] = data['k3s_server_public_ip'] - -render_template('templates/id_rsa', 'hosts/id_rsa', vars) -render_template('templates/inventory', 'hosts/inventory', vars) - -setup_permission = pulumi_command.local.Command( - "SetupPermission", - create="chmod 0400 hosts/id_rsa" - ) - -install_k3s_cluster = pulumi_command.local.Command( - "SetupK3S", - create="ansible-playbook -i hosts/inventory jobs/init_k3s_cluster -D", - opts=pulumi.ResourceOptions(depends_on=[setup_permission]) - ) - -install_log_agent = pulumi_command.local.Command( - "InstallAgent", - create="ansible-playbook -i hosts/inventory jobs/init_log_agent -D", - opts=pulumi.ResourceOptions(depends_on=[install_k3s_cluster]) - ) diff --git a/playbook/ansible.cfg b/playbook/ansible.cfg deleted file mode 100644 index be676397..00000000 --- a/playbook/ansible.cfg +++ /dev/null @@ -1,13 +0,0 @@ -[inventory] -cache: yes -cache_plugin: ansible.builtin.jsonfile - -[defaults] -timeout = 10 -forks = 10 -poll_interval = 10 -transport = smart -gathering = smart -stdout_callback = skippy -host_key_checking = False -deprecation_warnings = False diff --git a/playbook/hosts/id_rsa b/playbook/hosts/id_rsa deleted file mode 100755 index e69de29b..00000000 diff --git a/playbook/hosts/inventory b/playbook/hosts/inventory deleted file mode 100644 index e69de29b..00000000 diff --git a/playbook/jobs/init_bookinfo b/playbook/jobs/init_bookinfo deleted file mode 100644 index a6218aea..00000000 --- a/playbook/jobs/init_bookinfo +++ /dev/null @@ -1,19 +0,0 @@ -- name: set bookinfo with helm - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: bookinfo - vars: - group: master - domain: onwalk.net - namespace: bookinfo - auto_issuance: false - update_secret: true - storage_type: oss - tls: - - secret_name: bookinfo-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_chartmuseum b/playbook/jobs/init_chartmuseum deleted file mode 100644 index e51e73d9..00000000 --- a/playbook/jobs/init_chartmuseum +++ /dev/null @@ -1,19 +0,0 @@ -- name: setup harbor - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: chartmuseum - vars: - group: master - namespace: harbor - domain: onwalk.net - auto_issuance: true - update_secret: true - storage_type: oss - tls: - - secret_name: chartmuseum-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_chatwithgpt b/playbook/jobs/init_chatwithgpt deleted file mode 100644 index 978cf7c7..00000000 --- a/playbook/jobs/init_chatwithgpt +++ /dev/null @@ -1,18 +0,0 @@ -- name: setup chatwithgpt app in k3s - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: chatwithgpt - vars: - group: master - namespace: chatwithgpt - domain: onwalk.net - auto_issuance: true - update_secret: true - tls: - - secret_name: chatwithgpt-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_clickhouse b/playbook/jobs/init_clickhouse deleted file mode 100644 index 79c824da..00000000 --- a/playbook/jobs/init_clickhouse +++ /dev/null @@ -1,10 +0,0 @@ -- name: set k3s cluster with ec2 nodes - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: clickhouse - vars: - group: master diff --git a/playbook/jobs/init_datadog_agent b/playbook/jobs/init_datadog_agent deleted file mode 100644 index db851fa2..00000000 --- a/playbook/jobs/init_datadog_agent +++ /dev/null @@ -1,10 +0,0 @@ -- name: set datadog-agent with helm - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: datadog-agent - vars: - group: master diff --git a/playbook/jobs/init_fluxcd b/playbook/jobs/init_fluxcd deleted file mode 100644 index 9821edd6..00000000 --- a/playbook/jobs/init_fluxcd +++ /dev/null @@ -1,12 +0,0 @@ -- name: set k3s cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: fluxcd - vars: - group: master - version: '2.7.0' - namespace: fluxcd diff --git a/playbook/jobs/init_gitlab b/playbook/jobs/init_gitlab deleted file mode 100644 index 3e7411c7..00000000 --- a/playbook/jobs/init_gitlab +++ /dev/null @@ -1,23 +0,0 @@ -- name: setup gitlab - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: gitlab - vars: - group: master - gitlab_version: '7.0.4' - namespace: gitlab - db_namespace: database - domain: onwalk.net - auto_issuance: false - update_secret: true - tls: - - secret_name: gitlab-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem - gitlab_oidc_client_id: gitlab-oidc - gitlab_oidc_isser: 'https://keycloak.onwalk.net/realms/cloud-sso' - gitlab_oidc_redirect_uri: 'https://gitlab.onwalk.net/users/auth/openid_connect/callback' diff --git a/playbook/jobs/init_harbor b/playbook/jobs/init_harbor deleted file mode 100644 index 33c3c5b0..00000000 --- a/playbook/jobs/init_harbor +++ /dev/null @@ -1,20 +0,0 @@ -- name: setup harbor - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: harbor - vars: - group: master - namespace: harbor - domain: onwalk.net - db_namespace: database - auto_issuance: true - update_secret: true - storage_type: oss - tls: - - secret_name: harbor-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_jenkins b/playbook/jobs/init_jenkins deleted file mode 100644 index e68d0e0c..00000000 --- a/playbook/jobs/init_jenkins +++ /dev/null @@ -1,19 +0,0 @@ -- name: setup jenkins server - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: jenkins - vars: - group: master - namespace: jenkins - db_namespace: database - domain: onwalk.net - auto_issuance: false - update_secret: true - tls: - - secret_name: jenkins-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_k3s_cluster b/playbook/jobs/init_k3s_cluster deleted file mode 100644 index fdb0f9a2..00000000 --- a/playbook/jobs/init_k3s_cluster +++ /dev/null @@ -1,26 +0,0 @@ -- name: set k3s cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: k3s - vars: - group: master - namespace: ingress - domain: onwalk.net - auto_issuance: false - update_secret: false - version: 'v1.24.7+k3s1' - cni: kubeovn - ingress: nginx - external_dns: enable - pod_cidr: '10.10.0.0/16' - pod_gateway: '10.10.0.1' - svc_cidr: '172.16.0.0/16' - cluster_dns: '172.16.0.10' - cluster_reset: false - join_cidr: '100.64.0.0/16' - cni_iface: 'eth0' - cni_tunnel: 'geneve' diff --git a/playbook/jobs/init_k3s_cluster_apisix b/playbook/jobs/init_k3s_cluster_apisix deleted file mode 100644 index 6d7975e1..00000000 --- a/playbook/jobs/init_k3s_cluster_apisix +++ /dev/null @@ -1,54 +0,0 @@ -- name: set apisix cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: k3s-reset - vars: - group: master - cluster_reset: 'disable' - - include_role: - name: k3s - vars: - group: master - cni: default - version: 'v1.27.2+k3s1' - pod_cidr: '10.10.0.0/16' - pod_gateway: '10.10.0.1' - svc_cidr: '172.16.0.0/16' - cluster_dns: '172.16.0.10' - node_ip: '10.170.0.8' - join_cidr: '100.64.0.0/16' - - include_role: - name: k3s-addon - vars: - group: master - ingress: apisix - domain: onwalk.net - namespace: ingress - auto_issuance: true - update_secret: false - svc_discovery: enable - external_dns: disable - - include_role: - name: secret-manger - vars: - group: master - namespace: ingress - update_secret: true - tls: - - secret_name: apisix-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem - - include_role: - name: secret-manger - vars: - group: master - namespace: nginx - update_secret: true - tls: - - secret_name: nginx-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_k3s_cluster_artifact b/playbook/jobs/init_k3s_cluster_artifact deleted file mode 100644 index 8bf215d3..00000000 --- a/playbook/jobs/init_k3s_cluster_artifact +++ /dev/null @@ -1,34 +0,0 @@ -- name: set artifact cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: k3s-reset - vars: - group: master - cluster_reset: 'enable' - - include_role: - name: k3s - vars: - group: master - cni: default - version: 'v1.27.2+k3s1' - pod_cidr: '10.10.0.0/16' - pod_gateway: '10.10.0.1' - svc_cidr: '172.16.0.0/16' - cluster_dns: '172.16.0.10' - node_ip: '10.170.0.8' - join_cidr: '100.64.0.0/16' - - include_role: - name: k3s-addon - vars: - group: master - ingress: nginx - domain: onwalk.net - namespace: ingress - auto_issuance: true - external_dns: disable - svc_discovery: disable - update_secret: disable diff --git a/playbook/jobs/init_k3s_cluster_bookinfo b/playbook/jobs/init_k3s_cluster_bookinfo deleted file mode 100644 index 33b514db..00000000 --- a/playbook/jobs/init_k3s_cluster_bookinfo +++ /dev/null @@ -1,22 +0,0 @@ -- name: set apisix cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: k3s - vars: - group: master - cni: kubeovn - ingress: apisix - external_dns: disable - version: 'v1.24.7+k3s1' - pod_cidr: '10.20.0.0/16' - pod_gateway: '10.20.0.1' - svc_cidr: '172.16.0.0/16' - cluster_dns: '172.16.0.10' - cluster_domain: 'cluster.local' - join_cidr: '100.64.0.0/16' - cni_iface: 'eth0' - cni_tunnel: 'geneve' diff --git a/playbook/jobs/init_k3s_cluster_gitlab b/playbook/jobs/init_k3s_cluster_gitlab deleted file mode 100644 index c016995f..00000000 --- a/playbook/jobs/init_k3s_cluster_gitlab +++ /dev/null @@ -1,30 +0,0 @@ -- name: set artifact cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: k3s-reset - vars: - group: master - cluster_reset: 'enable' - - include_role: - name: k3s - vars: - group: master - cni: default - version: 'v1.27.2+k3s1' - pod_cidr: '10.10.0.0/16' - svc_cidr: '172.16.0.0/16' - - include_role: - name: k3s-addon - vars: - group: master - ingress: default - domain: onwalk.net - namespace: ingress - external_dns: enable - auto_issuance: false - update_secret: false - svc_discovery: disable diff --git a/playbook/jobs/init_k3s_cluster_std b/playbook/jobs/init_k3s_cluster_std deleted file mode 100644 index 1a9f0cc1..00000000 --- a/playbook/jobs/init_k3s_cluster_std +++ /dev/null @@ -1,30 +0,0 @@ -- name: set artifact cluster with vhosts - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: k3s-reset - vars: - group: master - cluster_reset: 'enable' - - include_role: - name: k3s - vars: - group: master - cni: default - version: 'v1.27.2+k3s1' - pod_cidr: '10.10.0.0/16' - svc_cidr: '172.16.0.0/16' - - include_role: - name: k3s-addon - vars: - group: master - ingress: nginx - domain: onwalk.net - namespace: ingress - external_dns: enable - auto_issuance: false - update_secret: false - svc_discovery: disable diff --git a/playbook/jobs/init_keycloak b/playbook/jobs/init_keycloak deleted file mode 100644 index 742e7201..00000000 --- a/playbook/jobs/init_keycloak +++ /dev/null @@ -1,19 +0,0 @@ -- name: setup keycloak - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: keycloak - vars: - group: master - namespace: itsm - db_namespace: database - domain: onwalk.net - auto_issuance: true - update_secret: true - tls: - - secret_name: keycloak-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_log_agent b/playbook/jobs/init_log_agent deleted file mode 100644 index 7344c791..00000000 --- a/playbook/jobs/init_log_agent +++ /dev/null @@ -1,13 +0,0 @@ -- name: set log agent for common group ec2 nodes - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: promtail-agent - vars: - group: all - label: "env: dev" - loki_host: "data-gateway.onwalk.net" - loki_port: "3100" diff --git a/playbook/jobs/init_metric_agent b/playbook/jobs/init_metric_agent deleted file mode 100644 index 368e4f90..00000000 --- a/playbook/jobs/init_metric_agent +++ /dev/null @@ -1,16 +0,0 @@ -- name: set metric agent for all ec2 nodes - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: common - vars: - group: all - - include_role: - name: prometheus-agent - vars: - group: all - label: "cluster: dev" - remote_write: 'https://prometheus.onwalk.net/api/v1/write' diff --git a/playbook/jobs/init_mysql b/playbook/jobs/init_mysql deleted file mode 100644 index fd6af4d6..00000000 --- a/playbook/jobs/init_mysql +++ /dev/null @@ -1,10 +0,0 @@ -- name: set k3s cluster with ec2 nodes - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: mysql - vars: - group: master diff --git a/playbook/jobs/init_nginx_oss b/playbook/jobs/init_nginx_oss deleted file mode 100644 index 8e24f307..00000000 --- a/playbook/jobs/init_nginx_oss +++ /dev/null @@ -1,18 +0,0 @@ -- name: setup nginx-oss - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: nginx-oss - vars: - group: master - namespace: nginx - domain: onwalk.net - auto_issuance: true - update_secret: true - tls: - - secret_name: nginx-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_observability-agent b/playbook/jobs/init_observability-agent deleted file mode 100644 index 4b86335e..00000000 --- a/playbook/jobs/init_observability-agent +++ /dev/null @@ -1,15 +0,0 @@ -- name: setup observability agent - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: observability-agent - vars: - group: master - namespace: monitoring - observableserver: prometheus.onwalk.net - port: 3100 - deepflowserverip: 34.85.43.134 - deepflowserverid: d-N5rfICv2PS diff --git a/playbook/jobs/init_observability-server b/playbook/jobs/init_observability-server deleted file mode 100644 index 12817230..00000000 --- a/playbook/jobs/init_observability-server +++ /dev/null @@ -1,19 +0,0 @@ -- name: setup observability server - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: observability-server - vars: - group: master - namespace: monitoring - db_namespace: database - domain: onwalk.net - auto_issuance: true - update_secret: true - tls: - - secret_name: obs-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/init_openldap b/playbook/jobs/init_openldap deleted file mode 100644 index fc9fdc38..00000000 --- a/playbook/jobs/init_openldap +++ /dev/null @@ -1,17 +0,0 @@ -- name: setup openldap - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: openldap - vars: - group: master - namespace: itsm - domain: onwalk.net - auto_issuance: true - tls: - - secret_name: openldap-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc.ssl/onwalk.net.pem diff --git a/playbook/jobs/init_postgresql b/playbook/jobs/init_postgresql deleted file mode 100644 index e019a8dd..00000000 --- a/playbook/jobs/init_postgresql +++ /dev/null @@ -1,11 +0,0 @@ -- name: set postgresql - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: postgresql - vars: - group: master - db_namespace: database diff --git a/playbook/jobs/init_redis b/playbook/jobs/init_redis deleted file mode 100644 index e4726d10..00000000 --- a/playbook/jobs/init_redis +++ /dev/null @@ -1,10 +0,0 @@ -- name: setup redis - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: redis - vars: - group: master diff --git a/playbook/jobs/init_ssl_cert b/playbook/jobs/init_ssl_cert deleted file mode 100644 index 51663648..00000000 --- a/playbook/jobs/init_ssl_cert +++ /dev/null @@ -1,12 +0,0 @@ -- name: create ssl cert - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: cert-manager - vars: - group: master - domain: onwalk.net - auto_issuance: true diff --git a/playbook/jobs/init_ssl_certs b/playbook/jobs/init_ssl_certs deleted file mode 100644 index 8e24f307..00000000 --- a/playbook/jobs/init_ssl_certs +++ /dev/null @@ -1,18 +0,0 @@ -- name: setup nginx-oss - hosts: all - user: root - become: yes - gather_facts: yes - tasks: - - include_role: - name: nginx-oss - vars: - group: master - namespace: nginx - domain: onwalk.net - auto_issuance: true - update_secret: true - tls: - - secret_name: nginx-tls - keyfile: /etc/ssl/onwalk.net.key - certfile: /etc/ssl/onwalk.net.pem diff --git a/playbook/jobs/roles b/playbook/jobs/roles deleted file mode 120000 index d8c4472c..00000000 --- a/playbook/jobs/roles +++ /dev/null @@ -1 +0,0 @@ -../roles \ No newline at end of file diff --git a/playbook/requirements.txt b/playbook/requirements.txt deleted file mode 100644 index e2914821..00000000 --- a/playbook/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -pulumi==3.58.0 -pulumi-aws==5.32.0 -pulumi_command==0.7.0 -jinja2==3.1.2 diff --git a/playbook/roles/alerting/files/setup-observable-server.sh b/playbook/roles/alerting/files/setup-observable-server.sh deleted file mode 100644 index 848ebe09..00000000 --- a/playbook/roles/alerting/files/setup-observable-server.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash - -export domain=$1 -export secret=$2 -export namespace=$3 -export mysql_db_password=$4 - -kubectl label nodes k3s-server prometheus=true --overwrite - -cat > values.yaml << EOF -deepflow: - enabled: true - clickhouse: - enabled: false - mysql: - enabled: false - grafana: - enabled: true - ingress: - enabled: true - ingressClassName: nginx - hosts: - - grafana.${domain} - tls: - - secretName: ${secret} - hosts: - - grafana.${domain} - global: - externalClickHouse: - enabled: true - type: ep - clusterName: default - storagePolicy: default - username: default - password: '' - hosts: - - ip: 10.1.2.3 - port: 9000 - - ip: 10.1.2.4 - port: 9000 - - ip: 10.1.2.5 - port: 9000 - externalMySQL: - enabled: true - ip: mysql.database.svc.cluster.local - port: 3306 - username: root - password: {{ mysql_db_password }} -prometheus: - enabled: true - alertmanager: - enabled: false - prometheus-pushgateway: - enabled: false - kube-state-metrics: - enabled: false - server: - ingress: - ingressClassName: nginx - hosts: - - prometheus.${domain} - tls: - - secretName: ${secret} - hosts: - - prometheus.${domain} - alertmanagers: - - static_configs: - - targets: - - alertmanager.${domain} - serverFiles: - prometheus.yml: - rule_files: - - /etc/config/recording_rules.yml - - /etc/config/alerting_rules.yml -alertmanager: - configmapReload: - enabled: false - config: - global: - resolve_timeout: 5m - smtp_smarthost: 'smtp.qq.com:465' - smtp_from: '11111111@qq.com' - smtp_auth_username: '11111111@qq.com' - smtp_auth_password: '123456' - smtp_require_tls: false - templates: - - '/etc/alertmanager/*.tmpl' - receivers: - - name: 'default-receiver' - email_configs: - - to: '{{ template "email.to" . }}' - html: '{{ template "email.to.html" . }}' - route: - group_wait: 10s - group_interval: 5m - receiver: default-receiver - repeat_interval: 1h -EOF - -helm repo add stable https://artifact.onwalk.net/chartrepo/public/ || echo true -helm repo update -helm upgrade --install observable-server stable/observableserver -n ${namspace} -f values.yaml diff --git a/playbook/roles/alerting/meta/main.yml b/playbook/roles/alerting/meta/main.yml deleted file mode 100644 index 83cef7b5..00000000 --- a/playbook/roles/alerting/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: cert-manager diff --git a/playbook/roles/alerting/tasks/main.yml b/playbook/roles/alerting/tasks/main.yml deleted file mode 100755 index cd7f06e3..00000000 --- a/playbook/roles/alerting/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -roles/alerting/tasks/main.yml- name: get db password - shell: 'kubectl get secret --namespace database postgresql -o jsonpath="{.data.postgres-password}" | base64 -d' - register: command_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command - set_fact: - mysql_db_password : "{{ command_raw.stdout_lines[0] }}" - when: inventory_hostname in groups[group][0] - -- name: Setup OpenLdap Server - script: files/setup-observable-server.sh {{ domain }} {{ secret }} {{ namespace }} {{ mysql_db_password }} - when: inventory_hostname in groups[group] - -- name: Check alerting rules config - shell: promtool check rules /path/to/example.rules.yml - when: inventory_hostname in groups[group] diff --git a/playbook/roles/alerting/templates/alerting_rules b/playbook/roles/alerting/templates/alerting_rules deleted file mode 100644 index 6b8a01e9..00000000 --- a/playbook/roles/alerting/templates/alerting_rules +++ /dev/null @@ -1,37 +0,0 @@ -data: - alerting_rules.yml: | - groups: - - name: host-monitoring - rules: - - alert: HighLoad - expr: node_load1 > 2.0 - for: 5m - labels: - severity: warning - annotations: - summary: High load on {{ $labels.instance }} - description: "Load is {{ $value }} (threshold: 2.0)" - - alert: HighCpuUsage - expr: 100 - (avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 90 - for: 5m - labels: - severity: critical - annotations: - summary: High CPU usage on {{ $labels.instance }} - description: "CPU usage is {{ $value }}%" - - alert: HighMemoryUsage - expr: (node_memory_MemTotal_bytes - node_memory_MemFree_bytes - node_memory_Buffers_bytes - node_memory_Cached_bytes) / node_memory_MemTotal_bytes * 100 > 90 - for: 5m - labels: - severity: warning - annotations: - summary: High memory usage on {{ $labels.instance }} - description: "Memory usage is {{ $value }}%" - - alert: HighDiskUsage - expr: node_filesystem_avail_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"} * 100 < 10 - for: 5m - labels: - severity: critical - annotations: - summary: High disk usage on {{ $labels.instance }} - description: "Disk usage is {{ $value }}% diff --git a/playbook/roles/alerting/templates/recording_rules b/playbook/roles/alerting/templates/recording_rules deleted file mode 100644 index 061e1c5e..00000000 --- a/playbook/roles/alerting/templates/recording_rules +++ /dev/null @@ -1,55 +0,0 @@ -data: - recording_rules.yml: | - groups: - - name: host-monitoring - rules: - - record: node_load1 - expr: node_load1 - - record: node_cpu_usage - expr: 100 - (avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) - - record: node_memory_usage - expr: (node_memory_MemTotal_bytes - node_memory_MemFree_bytes - node_memory_Buffers_bytes - node_memory_Cached_bytes) / node_memory_MemTotal_bytes * 100 - - record: node_disk_usage - expr: 100 - (avg by (instance) (node_filesystem_avail_bytes{fstype="ext4"} / node_filesystem_size_bytes{fstype="ext4"}) * 100) -groups: -- name: 实例存活告警规则 - rules: - - alert: 实例存活告警 - expr: up == 0 - for: 1m - labels: - user: prometheus - severity: warning - annotations: - summary: "主机宕机 !!!" - description: "该实例主机已经宕机超过一分钟了。" -- name: 内存报警规则 - rules: - - alert: 内存使用率告警 - expr: (1 - (node_memory_MemAvailable_bytes / (node_memory_MemTotal_bytes))) * 100 > 50 - for: 1m - labels: - severity: warning - annotations: - summary: "服务器可用内存不足。" - description: "内存使用率已超过50%(当前值:{{ $value }}%)" -- name: CPU报警规则 - rules: - - alert: CPU使用率告警 - expr: 100 - (avg by (instance)(irate(node_cpu_seconds_total{mode="idle"}[1m]) )) * 100 > 50 - for: 1m - labels: - severity: warning - annotations: - summary: "CPU使用率正在飙升。" - description: "CPU使用率超过50%(当前值:{{ $value }}%)" -- name: 磁盘使用率报警规则 - rules: - - alert: 磁盘使用率告警 - expr: 100 - node_filesystem_free_bytes{fstype=~"xfs|ext4"} / node_filesystem_size_bytes{fstype=~"xfs|ext4"} * 100 > 80 - for: 20m - labels: - severity: warning - annotations: - summary: "硬盘分区使用率过高" - description: "分区使用大于80%(当前值:{{ $value }}%)" diff --git a/playbook/roles/bookinfo/meta/main.yml b/playbook/roles/bookinfo/meta/main.yml deleted file mode 100644 index 6fc3ce8b..00000000 --- a/playbook/roles/bookinfo/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/bookinfo/tasks/main.yml b/playbook/roles/bookinfo/tasks/main.yml deleted file mode 100755 index 935ec33f..00000000 --- a/playbook/roles/bookinfo/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: Prep DIR - shell: "mkdir -pv /tmp/bookinfo/datadog-apm/" - -- name: Prep NameSpace - shell: "kubectl create namespace default || echo true" - -- name: Sync bookinfo deploy yaml - template: src=templates/{{ item }} dest=/tmp/bookinfo/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - datadog-apm/apline-cli.yaml - - datadog-apm/bookinfo-productpage-python.yaml - - datadog-apm/bookinfo-reviews.yaml - - datadog-apm/bookinfo-details.yaml - - datadog-apm/bookinfo-ratings.yaml - - datadog-apm/bookinfo-ingress.yaml - -- name: Setup bookinfo app - shell: "kubectl apply -f /tmp/bookinfo/{{ item }}" - when: inventory_hostname in groups[group] - with_items: - - datadog-apm/apline-cli.yaml - - datadog-apm/bookinfo-productpage-python.yaml - - datadog-apm/bookinfo-reviews.yaml - - datadog-apm/bookinfo-details.yaml - - datadog-apm/bookinfo-ratings.yaml - - datadog-apm/bookinfo-ingress.yaml diff --git a/playbook/roles/bookinfo/templates/.gitignore b/playbook/roles/bookinfo/templates/.gitignore deleted file mode 100644 index a194b200..00000000 --- a/playbook/roles/bookinfo/templates/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/clickhouse-keeper-k8s.iml -/.idea/ diff --git a/playbook/roles/bookinfo/templates/datadog-apm/apline-cli.yaml b/playbook/roles/bookinfo/templates/datadog-apm/apline-cli.yaml deleted file mode 100644 index 1c457c54..00000000 --- a/playbook/roles/bookinfo/templates/datadog-apm/apline-cli.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bookinfo ---- -apiVersion: v1 -kind: Pod -metadata: - name: alpine - namespace: bookinfo -spec: - containers: - - image: alpine:3.13 - command: - - /bin/sh - - "-c" - - "sleep 600m" - imagePullPolicy: IfNotPresent - name: alpine - restartPolicy: Always diff --git a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-details.yaml b/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-details.yaml deleted file mode 100644 index e2200560..00000000 --- a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-details.yaml +++ /dev/null @@ -1,55 +0,0 @@ -################################################################################################## -# Details service -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: details - namespace: bookinfo - labels: - app: details - service: details -spec: - ports: - - port: 9080 - name: http - selector: - app: details ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-details - namespace: bookinfo - labels: - account: details ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: details-v1 - namespace: bookinfo - labels: - app: details - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: details - version: v1 - template: - metadata: - labels: - app: details - version: v1 - spec: - serviceAccountName: bookinfo-details - containers: - - name: details - image: docker.io/istio/examples-bookinfo-details-v1:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - securityContext: - runAsUser: 1000 diff --git a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-ingress.yaml b/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-ingress.yaml deleted file mode 100644 index a9b01f81..00000000 --- a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bookinfo - namespace: bookinfo -spec: - ingressClassName: nginx - rules: - - host: bookinfo.onwalk.net - http: - paths: - - backend: - service: - name: productpage - port: - number: 9080 - path: / - pathType: Prefix - tls: - - hosts: - - bookinfo.onwalk.net - secretName: bookinfo-tls ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixRoute -metadata: - name: bookinfo - namespace: bookinfo -spec: - http: - - name: root - match: - hosts: - - bookinfo.onwalk.net - paths: - - '/*' - backends: - - serviceName: productpage - servicePort: 9080 - plugins: - - config: - http_to_https: true - enable: true - name: redirect ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixTls -metadata: - name: bookinfo - namespace: bookinfo -spec: - hosts: - - bookinfo.onwalk.net - secret: - name: bookinfo-tls - namespace: bookinfo diff --git a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-productpage-python.yaml b/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-productpage-python.yaml deleted file mode 100644 index 8e6888ff..00000000 --- a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-productpage-python.yaml +++ /dev/null @@ -1,93 +0,0 @@ -################################################################################################## -# Productpage services -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: productpage - namespace: bookinfo - labels: - app: productpage - service: productpage -spec: - ports: - - port: 9080 - name: http - selector: - app: productpage ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-productpage - namespace: bookinfo - labels: - account: productpage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: productpage-v1 - namespace: bookinfo - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "productpage" - tags.datadoghq.com/version: "v1" - app: productpage - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: productpage - version: v1 - template: - metadata: - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "productpage" - tags.datadoghq.com/version: "v1" - admission.datadoghq.com/enabled: "true" - app: productpage - version: v1 - annotations: - admission.datadoghq.com/python-lib.version: v1.12.0 - spec: - serviceAccountName: bookinfo-productpage - containers: - - name: productpage - image: docker.io/istio/examples-bookinfo-productpage-v1:1.17.0 - imagePullPolicy: IfNotPresent - env: - - name: DATADOG_HOST - value: datadog-agent - - name: DD_LOGS_INJECTION - value: "true" - - name: DD_AGENT_HOST - value: datadog-agent - - name: DD_TRACE_AGENT_PORT - value: "8126" - - name: DD_TRACE_SAMPLE_RATE - value: "1" - - name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] - - name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] - - name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - securityContext: - runAsUser: 1000 - volumes: - - name: tmp - emptyDir: {} diff --git a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-ratings.yaml b/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-ratings.yaml deleted file mode 100644 index 9557b505..00000000 --- a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-ratings.yaml +++ /dev/null @@ -1,86 +0,0 @@ -################################################################################################## -# Ratings service -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: ratings - namespace: bookinfo - labels: - app: ratings - service: ratings -spec: - ports: - - port: 9080 - name: http - selector: - app: ratings ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-ratings - namespace: bookinfo - labels: - account: ratings ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ratings-v1 - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "ratings" - tags.datadoghq.com/version: "v1" - app: ratings - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: ratings - version: v1 - template: - metadata: - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "ratings" - tags.datadoghq.com/version: "v1" - admission.datadoghq.com/enabled: "true" - app: ratings - version: v1 - annotations: - admission.datadoghq.com/js-lib.version: v3.17.1 - spec: - serviceAccountName: bookinfo-ratings - containers: - - name: ratings - image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - securityContext: - runAsUser: 1000 - env: - - name: DD_LOGS_INJECTION - value: "true" - - name: DD_AGENT_HOST - value: datadog-agent - - name: DD_TRACE_AGENT_PORT - value: "8126" - - name: DD_TRACE_SAMPLE_RATE - value: "1" - - name: DATADOG_HOST - value: datadog-agent - - name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] - - name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] - - name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] diff --git a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-reviews.yaml b/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-reviews.yaml deleted file mode 100644 index 7d6f5d0f..00000000 --- a/playbook/roles/bookinfo/templates/datadog-apm/bookinfo-reviews.yaml +++ /dev/null @@ -1,245 +0,0 @@ -################################################################################################## -# Reviews service -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: reviews - namespace: bookinfo - labels: - app: reviews - service: reviews -spec: - ports: - - port: 9080 - name: http - selector: - app: reviews ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-reviews - namespace: bookinfo - labels: - account: reviews ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: reviews-v1 - namespace: bookinfo - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "reviews" - tags.datadoghq.com/version: "v1" - app: reviews - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: reviews - version: v1 - template: - metadata: - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "reviews" - tags.datadoghq.com/version: "v1" - admission.datadoghq.com/enabled: "true" - app: reviews - version: v1 - annotations: - admission.datadoghq.com/java-lib.version: v1.12.1 - spec: - serviceAccountName: bookinfo-reviews - containers: - - name: reviews - image: docker.io/istio/examples-bookinfo-reviews-v1:1.17.0 - imagePullPolicy: IfNotPresent - env: - - name: LOG_DIR - value: "/tmp/logs" - - name: DD_LOGS_INJECTION - value: "true" - - name: DD_AGENT_HOST - value: datadog-agent - - name: DD_TRACE_AGENT_PORT - value: "8126" - - name: DD_TRACE_SAMPLE_RATE - value: "1" - - name: DATADOG_HOST - value: datadog-agent - - name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] - - name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] - - name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: wlp-output - mountPath: /opt/ibm/wlp/output - securityContext: - runAsUser: 1000 - volumes: - - name: wlp-output - emptyDir: {} - - name: tmp - emptyDir: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: reviews-v2 - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "reviews" - tags.datadoghq.com/version: "v2" - app: reviews - version: v2 -spec: - replicas: 1 - selector: - matchLabels: - app: reviews - version: v2 - template: - metadata: - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "reviews" - tags.datadoghq.com/version: "v2" - admission.datadoghq.com/enabled: "true" - app: reviews - version: v2 - annotations: - admission.datadoghq.com/java-lib.version: v1.12.1 - spec: - serviceAccountName: bookinfo-reviews - containers: - - name: reviews - image: docker.io/istio/examples-bookinfo-reviews-v2:1.17.0 - imagePullPolicy: IfNotPresent - env: - - name: DD_LOGS_INJECTION - value: "true" - - name: LOG_DIR - value: "/tmp/logs" - - name: DD_AGENT_HOST - value: datadog-agent - - name: DD_TRACE_AGENT_PORT - value: "8126" - - name: DD_TRACE_SAMPLE_RATE - value: "1" - - name: DATADOG_HOST - value: datadog-agent - - name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] - - name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] - - name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: wlp-output - mountPath: /opt/ibm/wlp/output - securityContext: - runAsUser: 1000 - volumes: - - name: wlp-output - emptyDir: {} - - name: tmp - emptyDir: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: reviews-v3 - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "reviews" - tags.datadoghq.com/version: "v3" - app: reviews - version: v3 -spec: - replicas: 1 - selector: - matchLabels: - app: reviews - version: v3 - template: - metadata: - labels: - tags.datadoghq.com/env: "dev" - tags.datadoghq.com/service: "reviews" - tags.datadoghq.com/version: "v3" - admission.datadoghq.com/enabled: "true" - app: reviews - version: v3 - annotations: - admission.datadoghq.com/java-lib.version: v1.12.1 - spec: - serviceAccountName: bookinfo-reviews - containers: - - name: reviews - image: docker.io/istio/examples-bookinfo-reviews-v3:1.17.0 - imagePullPolicy: IfNotPresent - env: - - name: LOG_DIR - value: "/tmp/logs" - - name: DATADOG_HOST - value: datadog-agent - - name: DD_AGENT_HOST - value: datadog-agent - - name: DD_TRACE_AGENT_PORT - value: "8126" - - name: DD_LOGS_INJECTION - value: "true" - - name: DD_TRACE_SAMPLE_RATE - value: "1" - - name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] - - name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] - - name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: wlp-output - mountPath: /opt/ibm/wlp/output - securityContext: - runAsUser: 1000 - volumes: - - name: wlp-output - emptyDir: {} - - name: tmp - emptyDir: {} diff --git a/playbook/roles/bookinfo/templates/deepflow-apm/apline-cli.yaml b/playbook/roles/bookinfo/templates/deepflow-apm/apline-cli.yaml deleted file mode 100644 index 1c457c54..00000000 --- a/playbook/roles/bookinfo/templates/deepflow-apm/apline-cli.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bookinfo ---- -apiVersion: v1 -kind: Pod -metadata: - name: alpine - namespace: bookinfo -spec: - containers: - - image: alpine:3.13 - command: - - /bin/sh - - "-c" - - "sleep 600m" - imagePullPolicy: IfNotPresent - name: alpine - restartPolicy: Always diff --git a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-details.yaml b/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-details.yaml deleted file mode 100644 index e2200560..00000000 --- a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-details.yaml +++ /dev/null @@ -1,55 +0,0 @@ -################################################################################################## -# Details service -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: details - namespace: bookinfo - labels: - app: details - service: details -spec: - ports: - - port: 9080 - name: http - selector: - app: details ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-details - namespace: bookinfo - labels: - account: details ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: details-v1 - namespace: bookinfo - labels: - app: details - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: details - version: v1 - template: - metadata: - labels: - app: details - version: v1 - spec: - serviceAccountName: bookinfo-details - containers: - - name: details - image: docker.io/istio/examples-bookinfo-details-v1:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - securityContext: - runAsUser: 1000 diff --git a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-ingress.yaml b/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-ingress.yaml deleted file mode 100644 index a9b01f81..00000000 --- a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bookinfo - namespace: bookinfo -spec: - ingressClassName: nginx - rules: - - host: bookinfo.onwalk.net - http: - paths: - - backend: - service: - name: productpage - port: - number: 9080 - path: / - pathType: Prefix - tls: - - hosts: - - bookinfo.onwalk.net - secretName: bookinfo-tls ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixRoute -metadata: - name: bookinfo - namespace: bookinfo -spec: - http: - - name: root - match: - hosts: - - bookinfo.onwalk.net - paths: - - '/*' - backends: - - serviceName: productpage - servicePort: 9080 - plugins: - - config: - http_to_https: true - enable: true - name: redirect ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixTls -metadata: - name: bookinfo - namespace: bookinfo -spec: - hosts: - - bookinfo.onwalk.net - secret: - name: bookinfo-tls - namespace: bookinfo diff --git a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-productpage-python.yaml b/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-productpage-python.yaml deleted file mode 100644 index c2801378..00000000 --- a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-productpage-python.yaml +++ /dev/null @@ -1,61 +0,0 @@ -################################################################################################## -# Productpage services -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: productpage - namespace: bookinfo - labels: - app: productpage - service: productpage -spec: - ports: - - port: 9080 - name: http - selector: - app: productpage ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-productpage - namespace: bookinfo - labels: - account: productpage ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: productpage-v1 - namespace: bookinfo - labels: - app: productpage - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: productpage - version: v1 - template: - metadata: - labels: - app: productpage - version: v1 - spec: - serviceAccountName: bookinfo-productpage - containers: - - name: productpage - image: docker.io/istio/examples-bookinfo-productpage-v1:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - securityContext: - runAsUser: 1000 - volumes: - - name: tmp - emptyDir: {} diff --git a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-ratings.yaml b/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-ratings.yaml deleted file mode 100644 index bc0bbf7b..00000000 --- a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-ratings.yaml +++ /dev/null @@ -1,55 +0,0 @@ -################################################################################################## -# Ratings service -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: ratings - namespace: bookinfo - labels: - app: ratings - service: ratings -spec: - ports: - - port: 9080 - name: http - selector: - app: ratings ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-ratings - namespace: bookinfo - labels: - account: ratings ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ratings-v1 - namespace: bookinfo - labels: - app: ratings - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: ratings - version: v1 - template: - metadata: - labels: - app: ratings - version: v1 - spec: - serviceAccountName: bookinfo-ratings - containers: - - name: ratings - image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - securityContext: - runAsUser: 1000 diff --git a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-reviews.yaml b/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-reviews.yaml deleted file mode 100644 index a3fe6e0e..00000000 --- a/playbook/roles/bookinfo/templates/deepflow-apm/bookinfo-reviews.yaml +++ /dev/null @@ -1,145 +0,0 @@ -################################################################################################## -# Reviews service -################################################################################################## -apiVersion: v1 -kind: Service -metadata: - name: reviews - namespace: bookinfo - labels: - app: reviews - service: reviews -spec: - ports: - - port: 9080 - name: http - selector: - app: reviews ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bookinfo-reviews - namespace: bookinfo - labels: - account: reviews ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: reviews-v1 - namespace: bookinfo - labels: - app: reviews - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: reviews - version: v1 - template: - metadata: - labels: - app: reviews - version: v1 - spec: - serviceAccountName: bookinfo-reviews - containers: - - name: reviews - image: docker.io/istio/examples-bookinfo-reviews-v1:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: wlp-output - mountPath: /opt/ibm/wlp/output - securityContext: - runAsUser: 1000 - volumes: - - name: wlp-output - emptyDir: {} - - name: tmp - emptyDir: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: reviews-v2 - namespace: bookinfo - labels: - app: reviews - version: v2 -spec: - replicas: 1 - selector: - matchLabels: - app: reviews - version: v2 - template: - metadata: - labels: - app: reviews - version: v2 - spec: - serviceAccountName: bookinfo-reviews - containers: - - name: reviews - image: docker.io/istio/examples-bookinfo-reviews-v2:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: wlp-output - mountPath: /opt/ibm/wlp/output - securityContext: - runAsUser: 1000 - volumes: - - name: wlp-output - emptyDir: {} - - name: tmp - emptyDir: {} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: reviews-v3 - namespace: bookinfo - labels: - app: reviews - version: v3 -spec: - replicas: 1 - selector: - matchLabels: - app: reviews - version: v3 - template: - metadata: - labels: - app: reviews - version: v3 - spec: - serviceAccountName: bookinfo-reviews - containers: - - name: reviews - image: docker.io/istio/examples-bookinfo-reviews-v3:1.17.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9080 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: wlp-output - mountPath: /opt/ibm/wlp/output - securityContext: - runAsUser: 1000 - volumes: - - name: wlp-output - emptyDir: {} - - name: tmp - emptyDir: {} diff --git a/playbook/roles/cert-manager/files/certs_automated_issuance.sh b/playbook/roles/cert-manager/files/certs_automated_issuance.sh deleted file mode 100644 index d316f860..00000000 --- a/playbook/roles/cert-manager/files/certs_automated_issuance.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - - -#!/bin/bash -set -x -export domain=$1 -export Ali_Key=$2 -export Ali_Secret=$3 - -rm -rvf ${Domain}.* -f -rm -rvf /etc/ssl/${Domain}.* -f - -# Try to issue a certificate from ZeroSSL. If it fails, try Let's Encrypt. - -curl https://get.acme.sh | sh -s email=156405189@qq.com -sh ~/.acme.sh/acme.sh --set-default-ca --server zerossl --issue --force --dns dns_ali -d ${domain} -d "*.${domain}"; -if [ $? -eq 0 ]; then - echo "Certificate from zerossl successfully issued" -else - sh ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --issue --force --dns dns_ali -d ${domain} -d "*.${domain}" - if [ $? -eq 0 ]; then - echo "Certificate from letsencrypt successfully issued" - else - echo "Command failed" - exit 1 - fi -fi - -cat ~/.acme.sh/${domain}_ecc/${domain}.cer > ${domain}.pem -cat ~/.acme.sh/${domain}_ecc/ca.cer >> ${domain}.pem -cat ~/.acme.sh/${domain}_ecc/${domain}.key > ${domain}.key -sudo cp ${domain}.pem /etc/ssl/ -f && sudo cp ${domain}.key /etc/ssl/ -f diff --git a/playbook/roles/cert-manager/files/update-certs-secret.sh b/playbook/roles/cert-manager/files/update-certs-secret.sh deleted file mode 100644 index d7af4296..00000000 --- a/playbook/roles/cert-manager/files/update-certs-secret.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -export secret=$1 -export key_file=$2 -export cert_file=$3 -export namespace=$4 - -kubectl create namespace $namespace || echo true -kubectl delete secret tls $secret -n $namespace || echo true -kubectl create secret tls $secret --cert=$cert_file --key=$key_file -n $namespace diff --git a/playbook/roles/cert-manager/meta/main.yml b/playbook/roles/cert-manager/meta/main.yml deleted file mode 100644 index 9711b330..00000000 --- a/playbook/roles/cert-manager/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/playbook/roles/cert-manager/tasks/main.yml b/playbook/roles/cert-manager/tasks/main.yml deleted file mode 100755 index 1b109f6c..00000000 --- a/playbook/roles/cert-manager/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: certs automated issuance - script: files/certs_automated_issuance.sh {{ domain }} {{ dns_ak }} {{ dns_sk }} - when: (inventory_hostname in groups[group]) and (auto_issuance == true) diff --git a/playbook/roles/chartmuseum/files/setup.sh b/playbook/roles/chartmuseum/files/setup.sh deleted file mode 100644 index f1f870f4..00000000 --- a/playbook/roles/chartmuseum/files/setup.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -domain=$1 -namespace=$2 -admin_password=$3 -secret_name=$4 -storage_type=$5 - -cat > values.yaml << EOF -env: - open: - STORAGE: local - DISABLE_API: false - AUTH_ANONYMOUS_GET: true - secret: - BASIC_AUTH_USER: admin - BASIC_AUTH_PASS: '$admin_password' -ingress: - enabled: true - hosts: - - name: charts.$domain - path: / - tls: true - tlsSecret: $secret_name - ingressClassName: nginx -persistence: - enabled: true - accessMode: ReadWriteOnce - size: 8Gi - path: /storage - storageClass: "local-path" -EOF - -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml -helm repo add chartmuseum https://chartmuseum.github.io/charts -helm repo update -helm upgrade --install chartmuseum chartmuseum/chartmuseum -f values.yaml -n $namespace diff --git a/playbook/roles/chartmuseum/meta/main.yml b/playbook/roles/chartmuseum/meta/main.yml deleted file mode 100644 index 6fc3ce8b..00000000 --- a/playbook/roles/chartmuseum/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/chartmuseum/tasks/main.yml b/playbook/roles/chartmuseum/tasks/main.yml deleted file mode 100755 index 02d9e659..00000000 --- a/playbook/roles/chartmuseum/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Setup Chartmuseum Server - script: files/setup.sh {{ domain }} {{ namespace }} {{ admin_password }} {{ item.secret_name }} - loop: "{{ tls }}" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/chatwithgpt/meta/main.yml b/playbook/roles/chatwithgpt/meta/main.yml deleted file mode 100644 index 6fc3ce8b..00000000 --- a/playbook/roles/chatwithgpt/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/chatwithgpt/tasks/main.yml b/playbook/roles/chatwithgpt/tasks/main.yml deleted file mode 100755 index 2d260410..00000000 --- a/playbook/roles/chatwithgpt/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Pre setup - shell: "kubectl create namespace chatwithgpt || echo true; rm -f /tmp/chatwithgpt.yaml || echo true" - -- name: Sync chatwithgpt deploy yaml - template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - chatwithgpt.yaml - -- name: Setup ChatWithGPT Server - shell: "kubectl apply -f /tmp/chatwithgpt.yaml" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/chatwithgpt/templates/.gitignore b/playbook/roles/chatwithgpt/templates/.gitignore deleted file mode 100644 index a194b200..00000000 --- a/playbook/roles/chatwithgpt/templates/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/clickhouse-keeper-k8s.iml -/.idea/ diff --git a/playbook/roles/chatwithgpt/templates/chatwithgpt.yaml b/playbook/roles/chatwithgpt/templates/chatwithgpt.yaml deleted file mode 100644 index 11da71df..00000000 --- a/playbook/roles/chatwithgpt/templates/chatwithgpt.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - meta.helm.sh/release-name: chatwithgpt - meta.helm.sh/release-namespace: chatwithgpt - labels: - app.kubernetes.io/name: chargpt - app.kubernetes.io/version: 0.2.0 - app.kubernetes.io/instance: chatwithgpt - name: chatwithgpt - namespace: chatwithgpt -spec: - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 3000 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/name: chatwithgpt - app.kubernetes.io/instance: chatwithgpt - sessionAffinity: None - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: chatwithgpt - app.kubernetes.io/name: chatwithgpt - name: chatwithgpt - namespace: chatwithgpt -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/name: chatwithgpt - app.kubernetes.io/instance: chatwithgpt - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: chatwithgpt - app.kubernetes.io/instance: chatwithgpt - spec: - containers: - - name: chatwithgpt - image: artifact.onwalk.net/public/chatwithgpt:latest - imagePullPolicy: Always - env: - - name: PORT - value: "3000" - - name: WEBAPP_PORT - value: "3000" - ports: - - containerPort: 3000 - name: http - protocol: TCP - resources: {} - securityContext: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/name: chatwithgpt - app.kubernetes.io/instance: chatwithgpt - name: chatwithgpt - namespace: chatwithgpt -spec: - ingressClassName: nginx - rules: - - host: chatwithgpt.onwalk.net - http: - paths: - - backend: - service: - name: chatwithgpt - port: - number: 3000 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - chatwithgpt.onwalk.net - secretName: chatwithgpt-tls diff --git a/playbook/roles/clickhouse/tasks/main.yml b/playbook/roles/clickhouse/tasks/main.yml deleted file mode 100755 index 096259ce..00000000 --- a/playbook/roles/clickhouse/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ -- name: Prep DIR - shell: "mkdir -pv /tmp/clickhouse-cluster/ && mkdir -pv /tmp/qryn" - -- name: Prep NameSpace - shell: "kubectl create namespace clickhouse || echo true" - -- name: sync clickhouse deploy yaml - template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - clickhouse-cluster/clickhouse-config.yaml - - clickhouse-cluster/clickhouse-service.yaml - - clickhouse-cluster/clickhouse-user-config.yaml - - clickhouse-cluster/clickhouse-statefulset.yml - -- name: Setup ClickHouse Server - shell: "cd /tmp/clickhouse-cluster && kubectl apply -f ." - when: inventory_hostname in groups[group] - -- name: get clickhouse node ip - shell: "kubectl get pods -n clickhouse -o wide | grep clickhouse | awk '{print $6}'" - register: ck_node_ip_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command for ck_node_ip - set_fact: - ck_node_ip : "{{ ck_node_ip_raw.stdout_lines[0] }}" - when: inventory_hostname in groups[group][0] - -- name: sync clickhouse deploy yaml - template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - qryn/qryn-deployment.yaml - - qryn/qryn-service.yaml - - qryn/qryn-ingress.yaml - -- name: Setup Qryn Server - shell: "cd /tmp/qryn && kubectl apply -f ." - when: inventory_hostname in groups[group] diff --git a/playbook/roles/clickhouse/templates/.gitignore b/playbook/roles/clickhouse/templates/.gitignore deleted file mode 100644 index a194b200..00000000 --- a/playbook/roles/clickhouse/templates/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/clickhouse-keeper-k8s.iml -/.idea/ diff --git a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-config.yaml b/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-config.yaml deleted file mode 100644 index 0a92affa..00000000 --- a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-config.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: clickhouse-config - namespace: clickhouse -data: - keeper.xml: | - - - 0.0.0.0 - - trace - 1 - - - - - - - - - 2181 - - /var/lib/clickhouse/coordination/log - /var/lib/clickhouse/coordination/snapshots - - 10000 - 30000 - trace - 10000 - - - - 0 - clickhouse-0.clickhouse-service.clickhouse - 9444 - - - 1 - clickhouse-1.clickhouse-service.clickhouse - 9444 - - - 2 - clickhouse-2.clickhouse-service.clickhouse - 9444 - - - - - - clickhouse-0.clickhouse-service.clickhouse - 2181 - - - clickhouse-1.clickhouse-service.clickhouse - 2181 - - - clickhouse-2.clickhouse-service.clickhouse - 2181 - - - - - cluster.xml: | - - - - - - - clickhouse-0.clickhouse-service.clickhouse - 9000 - - - - - clickhouse-1.clickhouse-service.clickhouse - 9000 - - - - - - macros.xml: | - - - - testcluster - - 1 - - diff --git a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-ingress.yaml b/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-ingress.yaml deleted file mode 100644 index e8a0864f..00000000 --- a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: clickhouse - namespace: clickhouse -spec: - ingressClassName: nginx - rules: - - host: clickhouse.onwalk.net - http: - paths: - - backend: - service: - name: clickhouse-service - port: - number: 8123 - path: / - pathType: Prefix diff --git a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-service.yaml b/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-service.yaml deleted file mode 100644 index eeb1728f..00000000 --- a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - labels: - app: clickhouse - name: clickhouse-service - namespace: clickhouse -spec: - ports: - - name: rest - port: 8123 - - name: keeper - port: 2181 - - name: replica-a - port: 9000 - - name: replica-b - port: 9009 - - name: raft - port: 9444 - - clusterIP: None - selector: - app: clickhouse diff --git a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-statefulset.yml b/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-statefulset.yml deleted file mode 100644 index 7bd5f7b0..00000000 --- a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-statefulset.yml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: clickhouse - namespace: clickhouse -spec: - selector: - matchLabels: - app: clickhouse - serviceName: clickhouse-service - replicas: 3 - podManagementPolicy: "Parallel" - # podManagementPolicy: OrderedReady - template: - metadata: - labels: - app: clickhouse - spec: - containers: - - name: clickhouse - image: clickhouse/clickhouse-server:22.4.5 - imagePullPolicy: IfNotPresent - workingDir: / - command: - - /bin/bash - - -c - - |- - export CK_INDEX=${HOSTNAME##*-} - echo CK_INDEX=${CK_INDEX} - ./entrypoint.sh - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: metadata.name - ports: - - name: rest - containerPort: 8123 - - name: keeper - containerPort: 2181 - - name: replica-a - containerPort: 9000 - - name: replica-b - containerPort: 9009 - - name: raft - containerPort: 9444 - volumeMounts: - - name: clickhouse-config - mountPath: /etc/clickhouse-server/config.d/ - - name: clickhouse-user-config - mountPath: /etc/clickhouse-server/users.d/ - - name: clickhouse-meta - mountPath: /var/lib/clickhouse/coordination/ - - name: clickhouse-data - mountPath: /var/lib/clickhouse/ - volumes: - - name: clickhouse-config - configMap: - name: clickhouse-config - items: - - key: keeper.xml - path: keeper.xml - - key: cluster.xml - path: cluster.xml - - key: macros.xml - path: macros.xml - - name: clickhouse-user-config - configMap: - name: clickhouse-user-config - items: - - key: user.xml - path: user.xml - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - labels: - app.kubernetes.io/component: clickhouse - app.kubernetes.io/instance: clickhouse - app.kubernetes.io/name: clickhouse - name: clickhouse-meta - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - volumeMode: Filesystem - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - labels: - app.kubernetes.io/component: clickhouse - app.kubernetes.io/instance: clickhouse - app.kubernetes.io/name: clickhouse - name: clickhouse-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - volumeMode: Filesystem diff --git a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-user-config.yaml b/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-user-config.yaml deleted file mode 100644 index 88e41b3f..00000000 --- a/playbook/roles/clickhouse/templates/clickhouse-cluster/clickhouse-user-config.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: clickhouse-user-config - namespace: clickhouse -data: - user.xml: | - - - - - 10000000000 - 4000 - 4096 - 4096 - random - - - diff --git a/playbook/roles/clickhouse/templates/qryn/qryn-deployment.yaml b/playbook/roles/clickhouse/templates/qryn/qryn-deployment.yaml deleted file mode 100644 index 9a551db4..00000000 --- a/playbook/roles/clickhouse/templates/qryn/qryn-deployment.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: qryn - namespace: clickhouse - labels: - io.metrico.service: qryn -spec: - replicas: 2 - selector: - matchLabels: - io.metrico.service: qryn - strategy: {} - template: - metadata: - annotations: - qryn.cmd: qryn.dev - creationTimestamp: null - labels: - io.metrico.service: qryn - spec: - containers: - - env: - - name: CLICKHOUSE_AUTH - value: "default" - - name: CLICKHOUSE_PORT - value: "8123" - - name: CLICKHOUSE_SERVER - value: "{{ hostvars[groups[group][0]].ck_node_ip }}" - image: qxip/qryn - name: qryn - ports: - - containerPort: 3100 - resources: {} - restartPolicy: Always -status: {} diff --git a/playbook/roles/clickhouse/templates/qryn/qryn-ingress.yaml b/playbook/roles/clickhouse/templates/qryn/qryn-ingress.yaml deleted file mode 100644 index 423e71ac..00000000 --- a/playbook/roles/clickhouse/templates/qryn/qryn-ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: data-gateway - namespace: clickhouse -spec: - ingressClassName: nginx - rules: - - host: data-gateway.onwalk.net - http: - paths: - - backend: - service: - name: qryn - port: - number: 3100 - path: / - pathType: Prefix diff --git a/playbook/roles/clickhouse/templates/qryn/qryn-service.yaml b/playbook/roles/clickhouse/templates/qryn/qryn-service.yaml deleted file mode 100644 index 3ac7c397..00000000 --- a/playbook/roles/clickhouse/templates/qryn/qryn-service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - io.metrico.service: qryn - name: qryn - namespace: clickhouse -spec: - ports: - - name: "3100" - port: 3100 - nodePort: 3100 - targetPort: 3100 - selector: - io.metrico.service: qryn - type: NodePort -status: - loadBalancer: {} diff --git a/playbook/roles/common/tasks/main.yml b/playbook/roles/common/tasks/main.yml deleted file mode 100755 index 7792ff20..00000000 --- a/playbook/roles/common/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -- name: Set timezone - shell: "timedatectl set-timezone Asia/Shanghai" - -- name: Set hostname - shell: "hostname -F /etc/hostname" - -- name: update /etc/hostname - template: src=templates/hostname dest=/etc/hostname owner=root group=root mode=0644 unsafe_writes=yes - -- name: Update /etc/hosts - template: src=templates/hosts dest=/etc/hosts owner=root group=root mode=0644 force=yes unsafe_writes=yes - -#- name: enable ip_forward -# shell: 'echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf; echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf ; sysctl -p /etc/sysctl.conf' - -#- name: Install packages -# shell: "apt update && apt install -y auditd" -# when: (ansible_facts['distribution'] == "Ubuntu") or (ansible_facts['distribution'] == "Debian") -# -#- name: Install packages -# shell: "yum makecache && yum install -y audit container-selinux" -# when: (ansible_facts['distribution'] != "Ubuntu") or (ansible_facts['distribution'] != "Debian") diff --git a/playbook/roles/common/templates/authorized_keys b/playbook/roles/common/templates/authorized_keys deleted file mode 100755 index f7bb4d56..00000000 --- a/playbook/roles/common/templates/authorized_keys +++ /dev/null @@ -1,3 +0,0 @@ -{% for item in ssh_keys %} -{{ item }} -{% endfor %} diff --git a/playbook/roles/common/templates/hostname b/playbook/roles/common/templates/hostname deleted file mode 100755 index 1fad51f6..00000000 --- a/playbook/roles/common/templates/hostname +++ /dev/null @@ -1 +0,0 @@ -{{ inventory_hostname }} diff --git a/playbook/roles/common/templates/hosts b/playbook/roles/common/templates/hosts deleted file mode 100755 index 374810a8..00000000 --- a/playbook/roles/common/templates/hosts +++ /dev/null @@ -1,12 +0,0 @@ -127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 - -{% for item in groups[group] %} -{{ hostvars[item]['ansible_host'] }} {{ item }} -{% endfor %} - -{% if extra_domain is defined %} -{% for ip, domain_name in extra_domain.items() %} -{{ ip }} {{ domain_name }} -{% endfor %} -{% endif %} diff --git a/playbook/roles/common/templates/logrotate-monitor-agent b/playbook/roles/common/templates/logrotate-monitor-agent deleted file mode 100644 index b4120cee..00000000 --- a/playbook/roles/common/templates/logrotate-monitor-agent +++ /dev/null @@ -1,8 +0,0 @@ -/var/log/prometheus-agent.log -/var/log/prometheus-transfer.log { - rotate 12 - monthly - compress - missingok - notifempty -} diff --git a/playbook/roles/datadog-agent/files/setup.sh b/playbook/roles/datadog-agent/files/setup.sh deleted file mode 100644 index 27e9f80c..00000000 --- a/playbook/roles/datadog-agent/files/setup.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -export token=$1 - -helm repo add datadog https://helm.datadoghq.com -helm repo update -cat > datadog-values.yaml << EOF -#registry: artifact.onwalk.net/public/datadog -targetSystem: "linux" -clusterAgent: - enabled: true - admissionController: - enabled: true - mutateUnlabelled: true -datadog: - site: 'datadoghq.eu' - apiKeyExistingSecret: datadog-agent - apm: - portEnabled: true - networkMonitoring: - enabled: false - logs: - enabled: false - containerCollectAll: false -EOF -kubectl create namespace datadog || echo true -kubectl delete secret datadog-agent --namespace=datadog || echo true -kubectl create secret generic datadog-agent --from-literal api-key=$token --namespace=datadog -helm upgrade --install datadog-agent -n datadog --create-namespace -f datadog-values.yaml datadog/datadog diff --git a/playbook/roles/datadog-agent/meta/main.yml b/playbook/roles/datadog-agent/meta/main.yml deleted file mode 100644 index 9711b330..00000000 --- a/playbook/roles/datadog-agent/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/playbook/roles/datadog-agent/tasks/main.yml b/playbook/roles/datadog-agent/tasks/main.yml deleted file mode 100755 index 2e80f381..00000000 --- a/playbook/roles/datadog-agent/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Setup Datadog Agent - script: files/setup.sh {{ datadog_token }} - when: inventory_hostname in groups[group] diff --git a/playbook/roles/deepflow-agent/tasks/main.yml b/playbook/roles/deepflow-agent/tasks/main.yml deleted file mode 100755 index 13178a6c..00000000 --- a/playbook/roles/deepflow-agent/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/deepflow-agent; rm -f /tmp/deepflow-agent.tar.gz" - when: inventory_hostname in groups[group] - -- name: Download prometheus binary - shell: 'curl -Lo /tmp/deepflow-agent.tar.gz https://deepflow-ce.oss-cn-beijing.aliyuncs.com/bin/agent/stable/linux/amd64/deepflow-agent.tar.gz && \ - tar -zxvf /tmp/deepflow-agent.tar.gz -C /usr/sbin/' - when: inventory_hostname in groups[group] - -- name: Create deepflow-agent service - template: src=templates/deepflow-agent.service dest=/etc/systemd/system/deepflow-agent.service owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Create prometheus-agent config - template: src=templates/deepflow-agent.yaml dest=/etc/deepflow-agent.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init prometheus-agent service - shell: "systemctl enable deepflow-agent && systemctl daemon-reload && systemctl restart deepflow-agent" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/deepflow-agent/templates/deepflow-agent.service b/playbook/roles/deepflow-agent/templates/deepflow-agent.service deleted file mode 100644 index fe040a8e..00000000 --- a/playbook/roles/deepflow-agent/templates/deepflow-agent.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=deepflow-agent.service -After=syslog.target network-online.target - -[Service] -Environment=GOTRACEBACK=single -LimitCORE=1G -ExecStart=/usr/sbin/deepflow-agent -Restart=always -RestartSec=10 -LimitNOFILE=1024:4096 - -[Install] -WantedBy=multi-user.target diff --git a/playbook/roles/deepflow-agent/templates/deepflow-agent.yaml b/playbook/roles/deepflow-agent/templates/deepflow-agent.yaml deleted file mode 100644 index 34ad178c..00000000 --- a/playbook/roles/deepflow-agent/templates/deepflow-agent.yaml +++ /dev/null @@ -1,3 +0,0 @@ -controller-ips: - - {{ cluster_node }} -vtap-group-id-request: "{{ cluster_id }}" diff --git a/playbook/roles/dts-data-x/create_keys.sh b/playbook/roles/dts-data-x/create_keys.sh deleted file mode 100644 index 44c39a84..00000000 --- a/playbook/roles/dts-data-x/create_keys.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -export name=$1 -export server_key=$2 -export server_ip=$3 -export client_ip=$4 - -sudo rm -rvf /etc/wireguard/keys/$name -sudo mkdir -pv /etc/wireguard/keys/$name -cd /etc/wireguard/keys/$name -wg genkey > ${name}.key -wg pubkey < ${name}.key > ${name}.pub - -KEY=`cat ${name}.key` -PUBKEY=`cat ${name}.pub` - -cat > ${name}-wg0.conf << EOF -[Interface] -PrivateKey = ${KEY} -ListenPort = 54321 -Address = ${client_ip}/24 -DNS = 10.1.0.2, 114.114.114.114 -MTU = 1420 -[Peer] -PublicKey = ${server_key} -AllowedIPs = 10.255.0.0/24, 10.1.0.0/16 -Endpoint = ${server_ip}:51820 -PersistentKeepalive = 25 -EOF - - -# brew install wireguard-tools && sudo wg-quick up wg0 -# apt install qrencode --assume-yes qrencode --read-from=client-wg0.conf --type=UTF8 - -cat >> /etc/wireguard/wg0.conf << EOF -[Peer] - # ${name} - PublicKey = ${PUBKEY} - AllowedIPs = ${client_ip}/32 -EOF diff --git a/playbook/roles/dts-data-x/tasks/main.yml b/playbook/roles/dts-data-x/tasks/main.yml deleted file mode 100755 index fcbc572d..00000000 --- a/playbook/roles/dts-data-x/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init Wireguard Service - shell: 'apt update && apt install wireguard-tools wireguard-dkms -y' - when: inventory_hostname in groups[group] - -- name: Remove fluent-bit service - shell: "systemctl disable fluent-bit && systemctl stop fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/dts-data-x/templates/config.json b/playbook/roles/dts-data-x/templates/config.json deleted file mode 100644 index 494ffc26..00000000 --- a/playbook/roles/dts-data-x/templates/config.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "log": { - "loglevel": "warning" - }, - "routing": { - "domainStrategy": "IPIfNonMatch", - "rules": [ - { - "type": "field", - "ip": [ - "geoip:cn" - ], - "outboundTag": "block" - } - ] - }, - "inbounds": [ - { - "listen": "0.0.0.0", - "port": 1443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "18d270a9-533d-4b13-b3f1-e7f55540a9b2", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "8001", - "xver": 1 - }, - { - "alpn": "h2", - "dest": "8002", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "rejectUnknownSni": true, - "minVersion": "1.2", - "certificates": [ - { - "ocspStapling": 3600, - "certificateFile": "/etc/ssl/onwalk.net.pem", - "keyFile": "/etc/ssl/onwalk.net.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "tag": "direct" - }, - { - "protocol": "blackhole", - "tag": "block" - } - ], - "policy": { - "levels": { - "0": { - "handshake": 2, - "connIdle": 120 - } - } - } -} diff --git a/playbook/roles/dts-flink-cdc/create_keys.sh b/playbook/roles/dts-flink-cdc/create_keys.sh deleted file mode 100644 index 44c39a84..00000000 --- a/playbook/roles/dts-flink-cdc/create_keys.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -export name=$1 -export server_key=$2 -export server_ip=$3 -export client_ip=$4 - -sudo rm -rvf /etc/wireguard/keys/$name -sudo mkdir -pv /etc/wireguard/keys/$name -cd /etc/wireguard/keys/$name -wg genkey > ${name}.key -wg pubkey < ${name}.key > ${name}.pub - -KEY=`cat ${name}.key` -PUBKEY=`cat ${name}.pub` - -cat > ${name}-wg0.conf << EOF -[Interface] -PrivateKey = ${KEY} -ListenPort = 54321 -Address = ${client_ip}/24 -DNS = 10.1.0.2, 114.114.114.114 -MTU = 1420 -[Peer] -PublicKey = ${server_key} -AllowedIPs = 10.255.0.0/24, 10.1.0.0/16 -Endpoint = ${server_ip}:51820 -PersistentKeepalive = 25 -EOF - - -# brew install wireguard-tools && sudo wg-quick up wg0 -# apt install qrencode --assume-yes qrencode --read-from=client-wg0.conf --type=UTF8 - -cat >> /etc/wireguard/wg0.conf << EOF -[Peer] - # ${name} - PublicKey = ${PUBKEY} - AllowedIPs = ${client_ip}/32 -EOF diff --git a/playbook/roles/dts-flink-cdc/tasks/main.yml b/playbook/roles/dts-flink-cdc/tasks/main.yml deleted file mode 100755 index fcbc572d..00000000 --- a/playbook/roles/dts-flink-cdc/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init Wireguard Service - shell: 'apt update && apt install wireguard-tools wireguard-dkms -y' - when: inventory_hostname in groups[group] - -- name: Remove fluent-bit service - shell: "systemctl disable fluent-bit && systemctl stop fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/dts-flink-cdc/templates/config.json b/playbook/roles/dts-flink-cdc/templates/config.json deleted file mode 100644 index 494ffc26..00000000 --- a/playbook/roles/dts-flink-cdc/templates/config.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "log": { - "loglevel": "warning" - }, - "routing": { - "domainStrategy": "IPIfNonMatch", - "rules": [ - { - "type": "field", - "ip": [ - "geoip:cn" - ], - "outboundTag": "block" - } - ] - }, - "inbounds": [ - { - "listen": "0.0.0.0", - "port": 1443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "18d270a9-533d-4b13-b3f1-e7f55540a9b2", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "8001", - "xver": 1 - }, - { - "alpn": "h2", - "dest": "8002", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "rejectUnknownSni": true, - "minVersion": "1.2", - "certificates": [ - { - "ocspStapling": 3600, - "certificateFile": "/etc/ssl/onwalk.net.pem", - "keyFile": "/etc/ssl/onwalk.net.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "tag": "direct" - }, - { - "protocol": "blackhole", - "tag": "block" - } - ], - "policy": { - "levels": { - "0": { - "handshake": 2, - "connIdle": 120 - } - } - } -} diff --git a/playbook/roles/dts-flink-x/create_keys.sh b/playbook/roles/dts-flink-x/create_keys.sh deleted file mode 100644 index 44c39a84..00000000 --- a/playbook/roles/dts-flink-x/create_keys.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -export name=$1 -export server_key=$2 -export server_ip=$3 -export client_ip=$4 - -sudo rm -rvf /etc/wireguard/keys/$name -sudo mkdir -pv /etc/wireguard/keys/$name -cd /etc/wireguard/keys/$name -wg genkey > ${name}.key -wg pubkey < ${name}.key > ${name}.pub - -KEY=`cat ${name}.key` -PUBKEY=`cat ${name}.pub` - -cat > ${name}-wg0.conf << EOF -[Interface] -PrivateKey = ${KEY} -ListenPort = 54321 -Address = ${client_ip}/24 -DNS = 10.1.0.2, 114.114.114.114 -MTU = 1420 -[Peer] -PublicKey = ${server_key} -AllowedIPs = 10.255.0.0/24, 10.1.0.0/16 -Endpoint = ${server_ip}:51820 -PersistentKeepalive = 25 -EOF - - -# brew install wireguard-tools && sudo wg-quick up wg0 -# apt install qrencode --assume-yes qrencode --read-from=client-wg0.conf --type=UTF8 - -cat >> /etc/wireguard/wg0.conf << EOF -[Peer] - # ${name} - PublicKey = ${PUBKEY} - AllowedIPs = ${client_ip}/32 -EOF diff --git a/playbook/roles/dts-flink-x/tasks/main.yml b/playbook/roles/dts-flink-x/tasks/main.yml deleted file mode 100755 index fcbc572d..00000000 --- a/playbook/roles/dts-flink-x/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init Wireguard Service - shell: 'apt update && apt install wireguard-tools wireguard-dkms -y' - when: inventory_hostname in groups[group] - -- name: Remove fluent-bit service - shell: "systemctl disable fluent-bit && systemctl stop fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/dts-flink-x/templates/config.json b/playbook/roles/dts-flink-x/templates/config.json deleted file mode 100644 index 494ffc26..00000000 --- a/playbook/roles/dts-flink-x/templates/config.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "log": { - "loglevel": "warning" - }, - "routing": { - "domainStrategy": "IPIfNonMatch", - "rules": [ - { - "type": "field", - "ip": [ - "geoip:cn" - ], - "outboundTag": "block" - } - ] - }, - "inbounds": [ - { - "listen": "0.0.0.0", - "port": 1443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "18d270a9-533d-4b13-b3f1-e7f55540a9b2", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "8001", - "xver": 1 - }, - { - "alpn": "h2", - "dest": "8002", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "rejectUnknownSni": true, - "minVersion": "1.2", - "certificates": [ - { - "ocspStapling": 3600, - "certificateFile": "/etc/ssl/onwalk.net.pem", - "keyFile": "/etc/ssl/onwalk.net.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "tag": "direct" - }, - { - "protocol": "blackhole", - "tag": "block" - } - ], - "policy": { - "levels": { - "0": { - "handshake": 2, - "connIdle": 120 - } - } - } -} diff --git a/playbook/roles/fluent-bit-agent/tasks/main.yml b/playbook/roles/fluent-bit-agent/tasks/main.yml deleted file mode 100755 index 2c045bd6..00000000 --- a/playbook/roles/fluent-bit-agent/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Install pkgs - shell: 'curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh' - when: inventory_hostname in groups[group] - -- name: Create fluent-bit config - template: src=templates/fluent-bit.conf dest=/etc/fluent-bit/fluent-bit.conf owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init fluent-bit service - shell: "systemctl enable fluent-bit && systemctl daemon-reload && systemctl restart fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/fluent-bit-agent/templates/fluent-bit.conf b/playbook/roles/fluent-bit-agent/templates/fluent-bit.conf deleted file mode 100644 index c1ce480d..00000000 --- a/playbook/roles/fluent-bit-agent/templates/fluent-bit.conf +++ /dev/null @@ -1,57 +0,0 @@ -[SERVICE] - flush 1 - daemon Off - log_level info - parsers_file parsers.conf - plugins_file plugins.conf - http_server Off - http_listen 0.0.0.0 - http_port 2020 - - storage.metrics on - # storage.path /tmp/storage - # storage.sync normal - # storage.checksum off - # storage.backlog.mem_limit 5M - -[INPUT] - Name tail - Tag syslog - Path /var/log/syslog - Parser syslog-rfc5424 - Mem_Buf_Limit 5MB - Skip_Long_Lines On - Refresh_Interval 10 - -[INPUT] - Name tail - Tag authlog - Path /var/log/auth.log - Parser syslog-rfc5424 - Mem_Buf_Limit 5MB - Skip_Long_Lines On - Refresh_Interval 10 - -[INPUT] - Name systemd - Tag agent - Systemd_Filter _SYSTEMD_UNIT=prometheus-agent.service - -[OUTPUT] - name loki - match syslog - host {{ loki_host }} - port {{ loki_port }} - labels {{ label }} -[OUTPUT] - name loki - match agent - host {{ loki_host }} - port {{ loki_port }} - labels job=agent -[OUTPUT] - name loki - match authlog - host {{ loki_host }} - port {{ loki_port }} - labels job=auth diff --git a/playbook/roles/fluxcd/files/setup.sh b/playbook/roles/fluxcd/files/setup.sh deleted file mode 100644 index a48b8397..00000000 --- a/playbook/roles/fluxcd/files/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -export version=$1 -export namespace=$2 - -cat > flux-values.yaml << EOF -imagePullSecrets: - - name: artifact-registry-tls -cli: - image: flux-cli - tag: v0.31.3-customized -helmcontroller: - create: true - image: flux-helm-controller - tag: v0.22.1-customized -imageautomationcontroller: - image: flux-image-automation-controller - tag: v0.23.4-customized -imagereflectorcontroller: - create: true - image: flux-image-reflector-controller - tag: v0.19.2-customized -kustomizecontroller: - create: true - image: flux-kustomize-controller - tag: v0.26.2-customized -notificationcontroller: - create: true - image: flux-notification-controller - tag: v0.24.0-customized -sourcecontroller: - create: true - image: flux-source-controller - tag: v0.24.0-customized -EOF - -helm repo add fluxcd https://fluxcd-community.github.io/helm-charts -helm repo update -kubectl create namespace $namespace || echo true -helm upgrade --install fluxcd fluxcd/flux2 -n $namespace --version=$version diff --git a/playbook/roles/fluxcd/meta/main.yml b/playbook/roles/fluxcd/meta/main.yml deleted file mode 100644 index 9711b330..00000000 --- a/playbook/roles/fluxcd/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/playbook/roles/fluxcd/tasks/main.yml b/playbook/roles/fluxcd/tasks/main.yml deleted file mode 100755 index 15d66257..00000000 --- a/playbook/roles/fluxcd/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Setup FluxCD Chart - script: files/setup.sh {{ version }} {{ namespace }} - when: inventory_hostname in groups[group] diff --git a/playbook/roles/gitlab/files/post-setup.sh b/playbook/roles/gitlab/files/post-setup.sh deleted file mode 100755 index c9942714..00000000 --- a/playbook/roles/gitlab/files/post-setup.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -kubectl delete hpa --all -A - -# 获取所有部署 -DEPLOYMENTS=$(kubectl get deploy -n gitlab -o jsonpath='{.items[*].metadata.name}') - -# 遍历部署并设置副本数为1 -for DEPLOY in $DEPLOYMENTS -do - echo "Setting replicas=1 for deployment $DEPLOY" - kubectl scale deploy/$DEPLOY -n gitlab --replicas=1 -done - -# 遍历部署并获取 CPU 和内存配置 -for DEPLOY in $DEPLOYMENTS -do - echo "Deployment: $DEPLOY" - echo "====================" - kubectl get deploy $DEPLOY -n gitlab -o=jsonpath='{range .spec.template.spec.containers[*]}{.name}:{"\n"}{"\t"}cpu: {.resources.requests.cpu}{"\n"}{"\t"}mem: {.resources.requests.memory}{"\n"}{end}' - echo "====================" -done - -# 遍历部署并设置 CPU 和内存请求 -#for DEPLOY in $DEPLOYMENTS -#do -# echo "Setting cpu=0.1 and mem=100m for deployment $DEPLOY" -# kubectl patch deployment $DEPLOY -n gitlab -p '{"spec": {"template": {"spec": {"containers": [{"name": "'$DEPLOY'", "resources": {"requests": {"cpu": "0.1", "memory": "100m"}}}]}}}}' -# echo "====================" -#done diff --git a/playbook/roles/gitlab/files/pre-setup.sh b/playbook/roles/gitlab/files/pre-setup.sh deleted file mode 100755 index 34a5c712..00000000 --- a/playbook/roles/gitlab/files/pre-setup.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -set +x - -export namespace=$1 -export POSTGRES_PASSWORD=$(kubectl get secret --namespace $namespace postgresql -o jsonpath="{.data.postgres-password}" | base64 -d) - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432 -w -c "CREATE DATABASE gitlabhq_production OWNER postgres;" || echo true - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d gitlabhq_production -p 5432 -w -c "CREATE EXTENSION IF NOT EXISTS plpgsql; CREATE EXTENSION IF NOT EXISTS pg_trgm; CREATE EXTENSION IF NOT EXISTS btree_gist;" || echo true diff --git a/playbook/roles/gitlab/files/setup-with-oidc.sh b/playbook/roles/gitlab/files/setup-with-oidc.sh deleted file mode 100644 index b9948876..00000000 --- a/playbook/roles/gitlab/files/setup-with-oidc.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash - -domain=$1 -namespace=$2 -object_bucket=$3 -gitlab_secret=$4 -gitlab_stmp_secret=$5 -smtp_port=$7 -smtp_domain=$8 -smtp_address=$9 -smtp_username=$10 -smtp_emailfrom=$11 -smtp_display_name=$12 -oidc_issuer_url=$13 -oidc_client_id=$14 -oidc_client_token=$15 - -cat > gitlab-values.yaml < gitlab-values.yaml < gitlab-values.yaml < harbor-config.yaml << EOF -exposureType: ingress -ingress: - core: - ingressClassName: "nginx" - hostname: artifact.${domain} - extraTls: - - hosts: - - artifact.${domain} - secretName: "$secret_name" -externalURL: https://artifact.${domain} - -postgresql: - enabled: false -redis: - enabled: false -notary: - enabled: false -trivy: - enabled: false - -externalDatabase: - host: postgresql.database.svc.cluster.local - user: postgres - port: 5432 - password: "$pg_db_password" - sslmode: disable - coreDatabase: harbor_core - clairDatabase: harbor_clair - clairUsername: "postgres" - clairPassword: "$pg_db_password" - notaryServerDatabase: harbor_notary_server - notaryServerUsername: "postgres" - notaryServerPassword: "$pg_db_password" - notarySignerDatabase: harbor_notary_signer - notarySignerUsername: "postgres" - notarySignerPassword: "$pg_db_password" -externalRedis: - host: redis-master.redis.svc.cluster.local - port: 6379 - password: "$redis_password" -persistence: - enabled: true - imageChartStorage: - type: $storage_type - oss: - accesskeyid: $ak - accesskeysecret: $sk - region: "oss-cn-wulanchabu" - bucket: "oss-artifacts" - endpoint: "oss-cn-wulanchabu.aliyuncs.com" - s3: - region: ap-east-1 - bucket: artifact-s3 - accesskey: $ak - secretkey: $sk -EOF - -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml -helm repo add bitnami https://charts.bitnami.com/bitnami -helm repo update -helm upgrade --install artifact bitnami/harbor --version=16.7.0 -f harbor-config.yaml -n $namespace diff --git a/playbook/roles/harbor/files/setup-office-harbor.sh b/playbook/roles/harbor/files/setup-office-harbor.sh deleted file mode 100644 index 97b1a9a9..00000000 --- a/playbook/roles/harbor/files/setup-office-harbor.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash - -ak=$1 -sk=$2 -domain=$3 -namespace=$4 -secret_name=$5 -redis_password=$6 -pg_db_password=$7 -storage_type=$8 - -cat > harbor-arm-config.yaml << EOF -portal: - image: - repository: ghcr.io/octohelm/harbor/harbor-portal - tag: v2.7.0@sha256:b3f4e0e990500362b554338579497ad89af5473e024564731563704ceab9305b -core: - image: - repository: ghcr.io/octohelm/harbor/harbor-core - tag: v2.7.0@sha256:dd7f3898f32caf8e03cee046596f03034f4297231458d4de39775dd58709b55a -jobservice: - image: - repository: ghcr.io/octohelm/harbor/harbor-jobservice - tag: v2.7.0@sha256:7abd6694f546172ffec4a87e389e8ba425fa6ee82479782693c120a89a291435 -registry: - registry: - image: - repository: ghcr.io/octohelm/harbor/registry-photon - tag: v2.7.0@sha256:d5f23b2bc4271b2eb1ec002eb0c0c51e708015944316e5bd17c61de73ea54415 - controller: - image: - repository: ghcr.io/svc-design/harbor-multi-arch-images/harbor-registryctl - tag: v2.7.0@sha256:ba2412c1a629ca1c2ca4584ba51eb05e964c7eef7b1f9f6ddb39d67512debaf5 -chartmuseum: - enabled: true - image: - repository: ghcr.io/octohelm/harbor/chartmuseum-photon - tag: v2.7.0@sha256:0815066d46474b9403b2d2e5f6f9e2ae44d067d8d2f8523b95ea3d3f20f3d058 -trivy: - enabled: false -notary: - enabled: false -expose: - type: ingress - tls: - enabled: true - certSource: secret - secret: - secretName: $secret_name - notarySecretName: $secret_name - ingress: - hosts: - core: artifact.${domain} - notary: artifact-notary.${domain} - className: "nginx" -externalURL: https://artifact.${domain} -database: - type: external - external: - host: "postgresql.database.svc.cluster.local" - port: "5432" - username: "postgres" - password: "$pg_db_password" - coreDatabase: "registry" - notaryServerDatabase: "notary_server" - notarySignerDatabase: "notary_signer" -redis: - type: external - external: - addr: "redis-master.redis.svc.cluster.local:6379" - password: "$redis_password" -persistence: - imageChartStorage: - type: $storage_type - oss: - accesskeyid: $ak - accesskeysecret: $sk - region: "oss-cn-wulanchabu" - bucket: "harbor-s3" - endpoint: "oss-cn-wulanchabu.aliyuncs.com" - s3: - region: ap-east-1 - bucket: artifact-s3 - accesskey: $ak - secretkey: $sk -EOF - -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml -helm repo add harbor https://helm.goharbor.io -helm repo update -helm upgrade --install artifact harbor/harbor -f harbor-arm-config.yaml --version 1.11.1 -n $namespace diff --git a/playbook/roles/harbor/meta/main.yml b/playbook/roles/harbor/meta/main.yml deleted file mode 100644 index 6e0c32a9..00000000 --- a/playbook/roles/harbor/meta/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -dependencies: - - role: redis - - role: postgresql - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/harbor/tasks/main.yml b/playbook/roles/harbor/tasks/main.yml deleted file mode 100755 index 4cbd893b..00000000 --- a/playbook/roles/harbor/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ -- name: get redis password - shell: 'kubectl get secret --namespace redis redis -o jsonpath="{.data.redis-password}" | base64 -d' - register: redis_command_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command for redis - set_fact: - redis_password : "{{ redis_command_raw.stdout }}" - -- name: get db password - shell: 'kubectl get secret --namespace database postgresql -o jsonpath="{.data.postgres-password}" | base64 -d' - register: db_command_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command for pg_db - set_fact: - pg_db_password : "{{ db_command_raw.stdout }}" - when: inventory_hostname in groups[group][0] - -#- name: Show Debug Info -# debug: var=command_raw verbosity=0 - -- name: Pre Setup harbor DB - script: files/pre-setup.sh {{ namespace }} - when: inventory_hostname in groups[group] - -- name: Setup harbor Server - script: files/setup-bitnami-harbor.sh {{ oss_ak }} {{ oss_sk }} {{ domain }} {{ namespace }} {{ item.secret_name }} {{ hostvars[groups[group][0]].redis_password }} {{ hostvars[groups[group][0]].pg_db_password }} {{ storage_type }} - loop: "{{ tls }}" - when: inventory_hostname in groups[group] - -- name: Sync harbor-oidc-config.json - template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - harbor-oidc-config.json - -- name: Setup harbor oidc config - script: files/post-setup.sh {{ admin_password }} diff --git a/playbook/roles/harbor/templates/harbor-oidc-config.json b/playbook/roles/harbor/templates/harbor-oidc-config.json deleted file mode 100644 index a42d602e..00000000 --- a/playbook/roles/harbor/templates/harbor-oidc-config.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "auth_mode": "oidc_auth", - "oidc_name": "Keycloak-sso", - "oidc_endpoint": "https://keycloak.onwalk.net/realms/cloud-sso", - "oidc_client_id": "harbor-oidc", - "oidc_client_secret": '{{ harbor_oidc_client_token }}', - "oidc_scope": "openid,profile,email", - "oidc_groups_claim": "groups", - "oidc_auto_onboard": true, - "oidc_user_claim": "preferred_username" -} diff --git a/playbook/roles/jenkins/files/pre-setup.sh b/playbook/roles/jenkins/files/pre-setup.sh deleted file mode 100644 index 1da41acd..00000000 --- a/playbook/roles/jenkins/files/pre-setup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -export namespace=$1 - -export MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace $namespace mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d) - -kubectl run mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.32-debian-11-r14 --namespace $namespace --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash -c "mysql -h mysql.database.svc.cluster.local -uroot -p$MYSQL_ROOT_PASSWORD -e 'create database IF NOT EXISTS jenkins;'" diff --git a/playbook/roles/jenkins/files/setup-with-jcasc.sh b/playbook/roles/jenkins/files/setup-with-jcasc.sh deleted file mode 100644 index 768ae615..00000000 --- a/playbook/roles/jenkins/files/setup-with-jcasc.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash -set -x -export domain=$1 -export secret=$2 -export namespace=$3 -export mysql_db_password=$4 - -cat > values.yaml << EOF - -controller: - adminUser: "admin" - adminPassword: "jenkins" - jenkinsUrlProtocol: "https" - jenkinsHome: "/var/jenkins_home" - jenkinsUrl: https://jenkins.$domain - ingress: - enabled: true - annotations: - kubernetes.io/tls-acme: "false" - ingressClassName: nginx - hostName: jenkins.$domain - path: '/' - tls: - - secretName: $secret - hosts: - - jenkins.$domain - installLatestPlugins: true - installPlugins: - - git:5.1.0 - - database-mysql:1.4 - - database:191.vd5981b_97a_5fa_ - - locale:314.v22ce953dfe9e - - kubernetes:4029.v5712230ccb_f8 - - workflow-job:1308.v58d48a_763b_31 - - workflow-aggregator:596.v8c21c963d92d - - credentials-binding:636.v55f1275c7b_27 - - configuration-as-code:1670.v564dc8b_982d0 - JCasC: - enabled: true - defaultConfig: true - configScripts: - database: | - unclassified: - globalDatabaseConfiguration: - database: - mysql: - hostname: mysql.database.svc.cluster.local - port: '3306' - username: "root" - database: "jenkins" - password: $mysql_db_password - properties: "?useSSL=false" - validationQuery: "SELECT 1" -agent: - enabled: true - replicas: 3 - numExecutors: 1 - jenkinsUrl: https://jenkins.$domain - -persistence: - enabled: true - storageClass: "local-path" - size: "10Gi" -networkPolicy: - enabled: false -backup: - enabled: false -additionalConfig: {} -EOF - -helm repo add jenkins https://charts.jenkins.io -helm repo update -#helm upgrade --install jenkins jenkins/jenkins --version 4.1.1 -f values.yaml -helm upgrade --install jenkins jenkins/jenkins -n $namespace --create-namespace -f values.yaml diff --git a/playbook/roles/jenkins/files/setup.sh b/playbook/roles/jenkins/files/setup.sh deleted file mode 100644 index b7e33214..00000000 --- a/playbook/roles/jenkins/files/setup.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -set -x -export domain=$1 -export secret=$2 -export namespace=$3 -export mysql_db_password=$4 - -cat > values.yaml << EOF - -controller: - adminUser: "admin" - adminPassword: "jenkins" - jenkinsUrlProtocol: "https" - jenkinsHome: "/var/jenkins_home" - jenkinsUrl: https://jenkins.$domain - ingress: - enabled: true - annotations: - kubernetes.io/tls-acme: "false" - ingressClassName: nginx - hostName: jenkins.$domain - path: '/' - tls: - - secretName: $secret - hosts: - - jenkins.$domain - installLatestPlugins: true - installPlugins: - - git:5.2.0 - - database-mysql:1.4 - - gitlab-plugin:1.7.16 - - pipeline-stage-view:2.33 - - database:191.vd5981b_97a_5fa_ - - locale:314.v22ce953dfe9e - - kubernetes:4029.v5712230ccb_f8 - - workflow-job:1326.ve643e00e9220 - - workflow-aggregator:596.v8c21c963d92d - - credentials-binding:636.v55f1275c7b_27 - - configuration-as-code:1670.v564dc8b_982d0 -agent: - enabled: true - replicas: 3 - numExecutors: 1 - jenkinsUrl: https://jenkins.$domain - -persistence: - enabled: true - storageClass: "local-path" - size: "10Gi" -networkPolicy: - enabled: false -backup: - enabled: false -additionalConfig: {} -EOF - -helm repo add jenkins https://charts.jenkins.io -helm repo update -#helm upgrade --install jenkins jenkins/jenkins --version 4.1.1 -f values.yaml -helm upgrade --install jenkins jenkins/jenkins -n $namespace --create-namespace -f values.yaml diff --git a/playbook/roles/jenkins/howto.md b/playbook/roles/jenkins/howto.md deleted file mode 100644 index fe7f3ea6..00000000 --- a/playbook/roles/jenkins/howto.md +++ /dev/null @@ -1,18 +0,0 @@ - -# GitLab to trigger Jenkins - -GitLab和Jenkins的集成可以让你在GitLab中的代码更新后自动触发Jenkins的构建任务。以下是配置GitLab插件和Jenkins以实现GitLab触发Jenkins的步骤: - -在Jenkins中安装GitLab插件 -首先,你需要在Jenkins中安装GitLab插件。登录到Jenkins的管理界面,然后转到“Manage Jenkins” > “Manage Plugins” > “Available”,在搜索框中输入“GitLab”,找到并安装“GitLab Plugin”。 - -在Jenkins中配置GitLab连接 -安装完插件后,你需要配置GitLab的连接。转到“Manage Jenkins” > “Configure System”,滚动到“GitLab”部分,点击“Add GitLab Server” > “Server”,输入你的GitLab服务器URL,并生成并输入一个与你的GitLab账户相关联的API Token。 - -在Jenkins中创建一个新的任务 -创建一个新的任务,并在源代码管理部分选择“Git”,输入你的GitLab项目的URL。在构建触发器部分,选择“Build when a change is pushed to GitLab”。 - -在GitLab中配置Webhook -在你的GitLab项目中,转到“Settings” > “Integrations”,在URL中输入你的Jenkins服务器的URL,后面加上/gitlab-webhook/。例如,如果你的Jenkins服务器的URL是http://jenkins.example.com,那么你应该输入http://jenkins.example.com/gitlab-webhook/。选择你想要触发Jenkins任务的事件(例如,当代码被推送时),然后点击“Add Webhook”。 - -以上就是配置GitLab插件和Jenkins以实现GitLab触发Jenkins的步骤。在完成这些步骤后,每当你的GitLab项目有更新时,都会自动触发对应的Jenkins构建任务。 diff --git a/playbook/roles/jenkins/meta/main.yml b/playbook/roles/jenkins/meta/main.yml deleted file mode 100644 index 924395da..00000000 --- a/playbook/roles/jenkins/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - role: mysql - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/jenkins/tasks/main.yml b/playbook/roles/jenkins/tasks/main.yml deleted file mode 100755 index 2bd1ab0a..00000000 --- a/playbook/roles/jenkins/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: get mysql db password - shell: 'kubectl get secret --namespace database mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d' - register: mysql_db_password_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command - set_fact: - mysql_db_password : "{{ mysql_db_password_raw.stdout }}" - when: inventory_hostname in groups[group][0] - -- name: DB Pre Setup for Jenkins Server - script: files/pre-setup.sh {{ db_namespace }} - when: inventory_hostname in groups[group] - -- name: Setup Jenkins Cluster - script: files/setup.sh {{ domain }} {{ item.secret_name }} {{ namespace }} {{ mysql_db_password }} - when: inventory_hostname in groups[group] and ( tls is defined) - loop: "{{ tls }}" diff --git a/playbook/roles/k3s-addon/files/setup-dns-provider.sh b/playbook/roles/k3s-addon/files/setup-dns-provider.sh deleted file mode 100644 index af469aaf..00000000 --- a/playbook/roles/k3s-addon/files/setup-dns-provider.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -ak=$1 -sk=$2 - -cat > external-dns-values.yaml << EOF -clusterDomain: admin.local -sources: - - service - - ingress -domainFilters: - - onwalk.net -policy: upsert-only -provider: alibabacloud -alibabacloud: - accessKeyId: $ak - accessKeySecret: $sk - regionId: rg-acfm2akhd255pgi - zoneType: public -EOF - -helm repo add bitnami https://charts.bitnami.com/bitnami || echo true -helm repo update -kubectl create namespace external-dns || echo true -helm upgrade --install external-dns -f external-dns-values.yaml bitnami/external-dns -n external-dns diff --git a/playbook/roles/k3s-addon/files/setup-egress.sh b/playbook/roles/k3s-addon/files/setup-egress.sh deleted file mode 100644 index 998b079f..00000000 --- a/playbook/roles/k3s-addon/files/setup-egress.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -ip=$1 -namespace=$2 - -cat > /tmp/egress.yaml << EOF -apiVersion: cilium.io/v2 -kind: CiliumEgressGatewayPolicy -metadata: - name: egress-nat-policy -spec: - selectors: - - podSelector: - matchLabels: - role: egress-gateway - io.kubernetes.pod.namespace: $namespace - destinationCIDRs: - - "0.0.0.0/0" - egressGateway: - nodeSelector: - matchLabels: - node.kubernetes.io/name: tky-connector.onwalk.net - egressIP: $ip -EOF -kubectl apply -f /tmp/egress.yaml diff --git a/playbook/roles/k3s-addon/files/setup-ingress.sh b/playbook/roles/k3s-addon/files/setup-ingress.sh deleted file mode 100644 index 4199ddd0..00000000 --- a/playbook/roles/k3s-addon/files/setup-ingress.sh +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/bash -ingress=$1 -ingress_ip=$2 - -if [[ $ingress == "default" ]]; then -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml -helm repo add stable https://kubernetes.github.io/ingress-nginx -helm repo up - -cat > value.yaml < svc-patch.yaml < value.yaml < nginx-cm.yaml << EOF -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-nginx-ingress - namespace: ingress -data: - use-ssl-certificate-for-ingress: "false" - external-status-address: $ingress_ip - proxy-connect-timeout: 10s - proxy-read-timeout: 10s - client-header-buffer-size: 64k - client-body-buffer-size: 64k - client-max-body-size: 1000m - proxy-buffers: 8 32k - proxy-body-size: 1024m - proxy-buffer-size: 32k - proxy-connect-timeout: 10s - proxy-read-timeout: 10s -EOF - -cat > nginx-svc-patch.yaml << EOF -spec: - ports: - - name: http - nodePort: 80 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - nodePort: 443 - port: 443 - protocol: TCP - targetPort: 443 -EOF - -helm repo add nginx-stable https://helm.nginx.com/stable || echo true -helm repo up -kubectl create namespace ingress || echo true -helm upgrade --install nginx nginx-stable/nginx-ingress --version=0.15.0 --namespace ingress -f value.yaml -kubectl apply -f nginx-cm.yaml -kubectl patch svc nginx-nginx-ingress -n ingress --patch-file nginx-svc-patch.yaml - -elif [[ $ingress == "apisix" ]]; then - -helm repo add apisix https://charts.apiseven.com || echo true -helm repo update -kubectl create ns ingress || echo true -cat > values.yaml << EOF -ingress-controller: - enabled: true - config: - apisix: - serviceNamespace: ingress -etcd: - replicaCount: 1 -gateway: - enabled: true - type: NodePort - http: - enabled: true - nodePort: 80 - tls: - enabled: true - nodePort: 443 - externalIPs: - - $ingress_ip -discovery: - enabled: true -admin: - enabled: true - ingress: - className: apisix - enabled: true - hosts: - - host: apisix-admin.onwalk.net - paths: - - "/apisix" - tls: - - secretName: apisix-tls - hosts: - - apisix-admin.onwalk.net -EOF -helm upgrade --install apisix apisix/apisix --namespace ingress -f values.yaml -fi diff --git a/playbook/roles/k3s-addon/meta/main.yml b/playbook/roles/k3s-addon/meta/main.yml deleted file mode 100644 index 6fc3ce8b..00000000 --- a/playbook/roles/k3s-addon/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/k3s-addon/tasks/main.yml b/playbook/roles/k3s-addon/tasks/main.yml deleted file mode 100755 index 380fcc09..00000000 --- a/playbook/roles/k3s-addon/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ -- name: Sync kubernetes-discovery config - template: src=templates/kubernetes-discovery-serviceaccount.yaml dest=/tmp/ owner=root group=root mode=0644 - when: inventory_hostname in groups[group] and ( svc_discovery == 'enable' ) - -- name: Setup kubernetes-discovery for cluster - shell: 'kubectl apply -f /tmp/kubernetes-discovery-serviceaccount.yaml' - when: inventory_hostname in groups[group] and ( svc_discovery == 'enable' ) - -- name: Set K3S Ingress - script: files/setup-ingress.sh {{ ingress }} {{ ingress_ip }} - when: inventory_hostname in groups[group] and ( ingress == 'nginx' ) - -- name: Sync K3S Ingress Deploy yaml - template: src=templates/ingress-apisix-values.yaml dest=/tmp/ owner=root group=root mode=0644 - when: inventory_hostname in groups[group] and ( ingress == 'apisix' ) -- name: Setup K3S Ingress - shell: 'helm repo add apisix https://charts.apiseven.com || echo true; \ - helm repo update; \ - kubectl create ns ingress || echo true; \ - helm upgrade --install apisix apisix/apisix --namespace ingress -f /tmp/ingress-apisix-values.yaml' - when: inventory_hostname in groups[group] and ( ingress == 'apisix' ) - -- name: Sync Apisix Ingress Dashboard yaml - template: src=templates/ingress-apisix-dashboard.yaml dest=/tmp/ owner=root group=root mode=0644 - when: inventory_hostname in groups[group] and ( ingress == 'apisix' ) -- name: Setup Apisix Ingress Dashboard - shell: 'kubectl apply -f /tmp/ingress-apisix-dashboard.yaml' - when: inventory_hostname in groups[group] and ( ingress == 'apisix' ) - -- name: Setup DNS Provider - script: files/setup-dns-provider.sh {{ dns_ak }} {{ dns_sk }} - when: ( inventory_hostname in groups[group] ) and (external_dns == 'enable' ) -- name: Remove DNS Provider - shell: 'helm delete external-dns -n external-dns' - when: ( inventory_hostname in groups[group] ) and (external_dns == 'disable' ) - ignore_errors: yes diff --git a/playbook/roles/k3s-addon/templates/ingress-apisix-dashboard.yaml b/playbook/roles/k3s-addon/templates/ingress-apisix-dashboard.yaml deleted file mode 100644 index b43c0e04..00000000 --- a/playbook/roles/k3s-addon/templates/ingress-apisix-dashboard.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apisix.apache.org/v2 -kind: ApisixRoute -metadata: - name: apisix-dashboard - namespace: ingress -spec: - http: - - name: root - match: - hosts: - - apisix-dashboard.onwalk.net - paths: - - '/*' - backends: - - serviceName: apisix-dashboard - servicePort: 80 - plugins: - - config: - http_to_https: true - enable: true - name: redirect ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixTls -metadata: - name: apisix - namespace: ingress -spec: - hosts: - - apisix-dashboard.onwalk.net - secret: - name: apisix-tls - namespace: ingress diff --git a/playbook/roles/k3s-addon/templates/ingress-apisix-values.yaml b/playbook/roles/k3s-addon/templates/ingress-apisix-values.yaml deleted file mode 100644 index 24f386a8..00000000 --- a/playbook/roles/k3s-addon/templates/ingress-apisix-values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -ingress-controller: - enabled: true - config: - apisix: - serviceNamespace: ingress -etcd: - replicaCount: 1 -discovery: - enabled: true -admin: - enabled: true -gateway: - enabled: true - type: NodePort - http: - enabled: true - nodePort: 80 - tls: - enabled: true - nodePort: 443 - externalIPs: - - {{ ingress_ip }} -dashboard: - enabled: true diff --git a/playbook/roles/k3s-addon/templates/kubernetes-discovery-config.yaml b/playbook/roles/k3s-addon/templates/kubernetes-discovery-config.yaml deleted file mode 100644 index d382fcb0..00000000 --- a/playbook/roles/k3s-addon/templates/kubernetes-discovery-config.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apisix.apache.org/v2 -kind: ApisixUpstream -metadata: - name: bookinfo-upstream - namespace: bookinfo -spec: - discovery: - type: kubernetes - serviceName: apisix/bookinfo/productpage:9080 ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixRoute -metadata: - name: bookinfo - namespace: bookinfo -spec: - http: - - name: root - match: - hosts: - - bookinfo.onwalk.net - paths: - - /* - upstreams: - - name: bookinfo-upstream - plugins: - - config: - http_to_https: true - enable: true - name: redirect ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixTls -metadata: - name: bookinfo - namespace: bookinfo -spec: - hosts: - - bookinfo.onwalk.net - secret: - name: bookinfo-tls - namespace: bookinfo ---- -curl -k --header "Authorization: Bearer tokenxxxxx" https://10.170.0.8:6443/api ---- -kubectl get secret kubernetes-discovery-token -o jsonpath={.data.token} | base64 -d ---- -kubectl edit cm -n ingress apisix - discovery: - kubernetes: - - id: apisix - service: - schema: https - host: "10.170.0.6" - port: "6443" - client: - token: |- - #xxxxxxxxxxxxxxx - default_weight: 50 - namespace_selector: - match: - - bookinfo - - nginx - shared_size: 1m ---- diff --git a/playbook/roles/k3s-addon/templates/kubernetes-discovery-serviceaccount.yaml b/playbook/roles/k3s-addon/templates/kubernetes-discovery-serviceaccount.yaml deleted file mode 100644 index 734f0df8..00000000 --- a/playbook/roles/k3s-addon/templates/kubernetes-discovery-serviceaccount.yaml +++ /dev/null @@ -1,40 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: kubernetes-discovery ---- -apiVersion: v1 -kind: Secret -metadata: - name: kubernetes-discovery-token - annotations: - kubernetes.io/service-account.name: "kubernetes-discovery" -type: kubernetes.io/service-account-token ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kubernetes-discovery -rules: -- apiGroups: [""] - resources: ["endpoints" ] - verbs: ["get", "list", "watch" ] -- apiGroups: [""] - resources: [ "namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["services", "endpoints"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-discovery -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-discovery -subjects: -- kind: ServiceAccount - name: kubernetes-discovery - namespace: default diff --git a/playbook/roles/k3s-addon/templates/kubernetes-discovery.yaml b/playbook/roles/k3s-addon/templates/kubernetes-discovery.yaml deleted file mode 100644 index 3c5cca9f..00000000 --- a/playbook/roles/k3s-addon/templates/kubernetes-discovery.yaml +++ /dev/null @@ -1,47 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: kubernetes-discovery - namespace: default ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kubernetes-discovery -rules: -- apiGroups: [ "" ] - resources: [ endpoints ] - verbs: [ get,list,watch ] ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-discovery -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: apisix-test -subjects: - - kind: ServiceAccount - name: kubernetes-discovery - namespace: default ---- -#discovery: -# kubernetes: -# - id: release # a custom name refer to the cluster, pattern ^[a-z0-9]{1,8} -# service: -# schema: https #default https -# host: "1.cluster.com" -# port: "6443" -# client: -# #token: |- -# # eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEif -# # 6Ikx5ME1DNWdnbmhQNkZCNlZYMXBsT3pYU3BBS2swYzBPSkN3ZnBESGpkUEEifeyJhbGciOiJSUzI1NiIsImtpZCI -# default_weight: 50 # weight assigned to each discovered endpoint. default 50, minimum 0 -# namespace_selector: -# equal: default -# label_selector: |- -# first="a",second="b" -# shared_size: 1m #default 1m diff --git a/playbook/roles/k3s-reset/files/reset-k3s.sh b/playbook/roles/k3s-reset/files/reset-k3s.sh deleted file mode 100644 index 719a657e..00000000 --- a/playbook/roles/k3s-reset/files/reset-k3s.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.10/dist/images/cleanup.sh -bash cleanup.sh - -rm -rf /var/run/openvswitch -rm -rf /var/run/ovn -rm -rf /etc/origin/openvswitch/ -rm -rf /etc/origin/ovn/ -rm -rf /etc/cni/net.d/00-kube-ovn.conflist -rm -rf /etc/cni/net.d/01-kube-ovn.conflist -rm -rf /var/log/openvswitch -rm -rf /var/log/ovn -rm -fr /var/log/kube-ovn - -/usr/local/bin/k3s-uninstall.sh -rm -rvf /opt/rancher/ /etc/rancher/ /var/lib/rancher/ ~/.kube - -rm -rvf /etc/cni/net.d/* - -# 移除cni命名空间 -ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete -# 移除cnio网卡 -ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do - iface=${iface%%@*} - [ -z "$iface" ] || ip link delete $iface -done -ip link delete cni0 -ip link delete flannel.1 -rm -rf /var/lib/cni/ -# 清理iptables -iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore diff --git a/playbook/roles/k3s-reset/tasks/main.yml b/playbook/roles/k3s-reset/tasks/main.yml deleted file mode 100755 index f500dec1..00000000 --- a/playbook/roles/k3s-reset/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Reset K3S Cluster - script: files/reset-k3s.sh - when: (inventory_hostname in groups[group] ) and ( cluster_reset == 'enanble' ) - diff --git a/playbook/roles/k3s/files/setup-cni-cilium.sh b/playbook/roles/k3s/files/setup-cni-cilium.sh deleted file mode 100644 index 34c9ac2f..00000000 --- a/playbook/roles/k3s/files/setup-cni-cilium.sh +++ /dev/null @@ -1,19 +0,0 @@ - -# 移除cni命名空间 -ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete -# 移除cnio网卡 -ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do - iface=${iface%%@*} - [ -z "$iface" ] || ip link delete $iface -done -ip link delete cni0 -ip link delete flannel.1 -rm -rf /var/lib/cni/ -# 清理iptables -iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore - -helm repo add cilium https://helm.cilium.io/ -helm install cilium cilium/cilium --version 1.10.4 \ - --namespace kube-system\ - --set hubble.relay.enabled=true \ - --set hubble.ui.enabled=true diff --git a/playbook/roles/k3s/files/setup-cni-kubeovn.sh b/playbook/roles/k3s/files/setup-cni-kubeovn.sh deleted file mode 100644 index b1f8139a..00000000 --- a/playbook/roles/k3s/files/setup-cni-kubeovn.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -export NodeIP=$1 -node_name=`hostname` - -modprobe geneve -modprobe openvswitch -modprobe ip_tables -modprobe iptable_nat - -rm -rvf /etc/cni/net.d/* - -kubectl taint node $node_name node-role.kubernetes.io/control-plane:NoSchedule- -kubectl label node $node_name kubernetes.io/os=linux --overwrite -kubectl label node $node_name kube-ovn/role=master --overwrite -helm repo add kubeovn https://kubeovn.github.io/kube-ovn/ -helm repo up -helm upgrade --install kube-ovn kubeovn/kube-ovn --set MASTER_NODES=${NodeIP} -n kube-system diff --git a/playbook/roles/k3s/files/setup-k3s.sh b/playbook/roles/k3s/files/setup-k3s.sh deleted file mode 100644 index cbb67aa1..00000000 --- a/playbook/roles/k3s/files/setup-k3s.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -set -x - -export version=$1 -export cni=$2 -export pod_cidr=$3 -export svc_cidr=$4 - -disable_proxy="--disable-kube-proxy" -disable_cni="--flannel-backend=none --disable-network-policy" -default="--disable=traefik,servicelb --data-dir=/opt/rancher/k3s --kube-apiserver-arg service-node-port-range=0-50000" - -function setup_k3s() -{ - local extra_opts=$1 - mkdir -pv /opt/rancher/k3s - - ping -c 1 google.com > /dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "当前主机在国际网络上" - curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=$version sh -s - $extra_opts - else - echo "当前主机在大陆网络上" - curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_VERSION=$version INSTALL_K3S_MIRROR=cn sh -s - $extra_opts - fi - mkdir -pv ~/.kube/ && cp /etc/rancher/k3s/k3s.yaml ~/.kube/config -} - -function setup_helm() -{ - ping -c 1 google.com > /dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "当前主机在国际网络上" - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - else - echo "当前主机在大陆网络上" - case `uname -m` in - x86_64) ARCH=amd64; ;; - aarch64) ARCH=arm64; ;; - loongarch64) ARCH=loongarch64; ;; - *) echo "un-supported arch, exit ..."; exit 1; ;; - esac - rm -rf helm.tar.gz* /usr/local/bin/helm || echo true - sudo wget --no-check-certificate https://mirrors.onwalk.net/tools/linux-${ARCH}/helm.tar.gz && sudo tar -xvpf helm.tar.gz -C /usr/local/bin/ - sudo chmod 755 /usr/local/bin/helm - fi -} - - -case $cni in - 'default') opts="$default" ;; - 'kubeovn') opts="$default $disable_cni" ;; - 'cilium') opts="$default $disable_cni $disable_proxy" ;; - *) echo "error args" ;; -esac - -setup_k3s "$opts" -setup_helm diff --git a/playbook/roles/k3s/meta/main.yml b/playbook/roles/k3s/meta/main.yml deleted file mode 100644 index 9711b330..00000000 --- a/playbook/roles/k3s/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/playbook/roles/k3s/tasks/main.yml b/playbook/roles/k3s/tasks/main.yml deleted file mode 100755 index c75dff1b..00000000 --- a/playbook/roles/k3s/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Setup K3S Server - script: files/setup-k3s.sh {{ version }} {{ cni }} {{ pod_cidr }} {{ svc_cidr }} - when: inventory_hostname in groups[group] - -- name: Sync K3S CNI Config - template: src=templates/cni_install.sh dest=/tmp/ owner=root group=root mode=0644 - when: ( inventory_hostname in groups[group] ) and (cni == 'kubeovn' ) -- name: Setup K3S CNI - shell: 'bash /tmp/cni_install.sh' - when: ( inventory_hostname in groups[group] ) and (cni == 'kubeovn' ) - ignore_errors: yes diff --git a/playbook/roles/keycloak/files/setup-keycloak.sh b/playbook/roles/keycloak/files/setup-keycloak.sh deleted file mode 100644 index 606ab9ab..00000000 --- a/playbook/roles/keycloak/files/setup-keycloak.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -export domain=$1 -export secret=$2 -export namespace=$3 -export keycloak_ui_password=$4 -export keycloak_db_password=$5 - -cat > keycloak-values.yaml << EOF -postgresql: - enabled: false -ingress: - enabled: true - ingressClassName: "nginx" - hostname: keycloak.${domain} - tls: true - extraTls: - - hosts: - - keycloak.${domain} - secretName: $secret -auth: - adminPassword: "$keycloak_ui_password" -externalDatabase: - host: "postgresql.database.svc.cluster.local" - port: 5432 - user: postgres - database: keycloak - password: "$keycloak_db_password" -EOF - -helm repo add bitnami https://charts.bitnami.com/bitnami || echo true -helm repo add stable https://artifact.onwalk.net/chartrepo/public/ || echo true -helm repo update -kubectl create ns ${namespace} || echo true -helm upgrade --install keycloak bitnami/keycloak -n $namespace -f keycloak-values.yaml diff --git a/playbook/roles/keycloak/meta/main.yml b/playbook/roles/keycloak/meta/main.yml deleted file mode 100644 index 099ad76a..00000000 --- a/playbook/roles/keycloak/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -dependencies: - - role: postgresql - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/keycloak/tasks/main.yml b/playbook/roles/keycloak/tasks/main.yml deleted file mode 100755 index 753838af..00000000 --- a/playbook/roles/keycloak/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: get db password - shell: 'kubectl get secret --namespace database postgresql -o jsonpath="{.data.postgres-password}" | base64 -d' - register: command_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command - set_fact: - keycloak_db_password : "{{ command_raw.stdout }}" - when: inventory_hostname in groups[group][0] - -#- name: Show Debug Info -# debug: var=command_raw verbosity=0 - -- name: Setup Keycloak Server - script: files/setup-keycloak.sh {{ domain }} {{ item.secret_name }} {{ namespace }} {{ admin_password }} {{ hostvars[groups[group][0]].keycloak_db_password }} - loop: "{{ tls }}" - when: inventory_hostname in groups[group] - -#- name: Sync aws-gloabl-oidc-broker deploy yaml -# template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes -# with_items: -# - aws-gloabl-oidc-broker.yaml - -#- name: Setup aws-gloabl-oidc-broker -# shell: "kubectl apply -f /tmp/aws-gloabl-oidc-broker.yaml" -# when: inventory_hostname in groups[group] diff --git a/playbook/roles/keycloak/templates/aws-gloabl-oidc-broker.yaml b/playbook/roles/keycloak/templates/aws-gloabl-oidc-broker.yaml deleted file mode 100644 index 0aa9fd23..00000000 --- a/playbook/roles/keycloak/templates/aws-gloabl-oidc-broker.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: aws-global-oidc-broker - namespace: itsm - labels: - io.metrico.service: aws-global-oidc-broker -spec: - replicas: 1 - selector: - matchLabels: - io.metrico.service: aws-global-oidc-broker - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - io.metrico.service: aws-global-oidc-broker - spec: - containers: - - name: aws-global-oidc-broker - image: artifact.onwalk.net/public/aws-global-oidc-broker:1.2.0 - ports: - - containerPort: 5000 - resources: {} - env: - - name: KEYCLOAK_CLIENT_ID - value: "aws-oidc" - - name: KEYCLOAK_WELLKNOWN - value: "https://keycloak.apollo-ev.com/realms/cloud-sso/.well-known/openid-configuration" - - name: KEYCLOAK_CLIENT_SECRET - value: "WYyZJGUOOiwooIp700PtykmjYkrsPJPi" - - name: TITLE - value: "aws-oidc" - restartPolicy: Always ---- -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - name: aws-global-oidc-broker - namespace: itsm -spec: - ports: - - name: "5000" - port: 5000 - nodePort: 5000 - targetPort: 5000 - selector: - io.metrico.service: aws-global-oidc-broker - type: NodePort ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: aws-global-oidc-broker - namespace: itsm -spec: - ingressClassName: nginx - rules: - - host: loki.apollo-ev.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: aws-global-oidc-broker - port: - number: 5000 - tls: - - hosts: - - loki.apollo-ev.com - secretName: keycloak-tls diff --git a/playbook/roles/mysql/files/post-setup.sh b/playbook/roles/mysql/files/post-setup.sh deleted file mode 100644 index a12840b1..00000000 --- a/playbook/roles/mysql/files/post-setup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -export namespace=$1 - -export MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace $namespace mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d) - -kubectl run mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.0.32-debian-11-r14 --namespace $namespace --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash -c "mysql -h mysql.database.svc.cluster.local -uroot -p$MYSQL_ROOT_PASSWORD -e 'create database IF NOT EXISTS grafana;'" diff --git a/playbook/roles/mysql/files/setup-mysql.sh b/playbook/roles/mysql/files/setup-mysql.sh deleted file mode 100644 index 563a99eb..00000000 --- a/playbook/roles/mysql/files/setup-mysql.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -helm repo add bitnami https://charts.bitnami.com/bitnami || echo true -helm repo up -kubectl create ns database || echo true -helm upgrade --install mysql bitnami/mysql -n database diff --git a/playbook/roles/mysql/tasks/main.yml b/playbook/roles/mysql/tasks/main.yml deleted file mode 100755 index de83aaa3..00000000 --- a/playbook/roles/mysql/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Setup MySQL Server - script: files/setup-mysql.sh - when: inventory_hostname in groups[group] - -- name: Post Setup MySQL Server - script: files/post-setup.sh {{ db_namespace }} - when: inventory_hostname in groups[group] - ignore_errors: yes diff --git a/playbook/roles/nginx-oss/meta/main.yml b/playbook/roles/nginx-oss/meta/main.yml deleted file mode 100644 index 6fc3ce8b..00000000 --- a/playbook/roles/nginx-oss/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/nginx-oss/tasks/main.yml b/playbook/roles/nginx-oss/tasks/main.yml deleted file mode 100755 index e84e0015..00000000 --- a/playbook/roles/nginx-oss/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Prep NameSpace - shell: "kubectl create namespace nginx || echo true" - -- name: Sync deploy yaml - template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - mirrors-nginx.yaml - - mirrors-nginx-ingress.yaml - - mirrors-nginx-apisix.yaml - -- name: Setup Mirrors Server - shell: "kubectl apply -f /tmp/{{ item }}" - with_items: - - mirrors-nginx.yaml - - mirrors-nginx-ingress.yaml - when: inventory_hostname in groups[group] diff --git a/playbook/roles/nginx-oss/templates/.gitignore b/playbook/roles/nginx-oss/templates/.gitignore deleted file mode 100644 index a194b200..00000000 --- a/playbook/roles/nginx-oss/templates/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/clickhouse-keeper-k8s.iml -/.idea/ diff --git a/playbook/roles/nginx-oss/templates/mirrors-nginx-apisix.yaml b/playbook/roles/nginx-oss/templates/mirrors-nginx-apisix.yaml deleted file mode 100644 index b0bb24f5..00000000 --- a/playbook/roles/nginx-oss/templates/mirrors-nginx-apisix.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apisix.apache.org/v2 -kind: ApisixRoute -metadata: - name: mirrors - namespace: nginx -spec: - http: - - name: root - match: - hosts: - - mirrors.onwalk.net - paths: - - '/*' - backends: - - serviceName: mirrors-nginx - servicePort: 80 - plugins: - - config: - http_to_https: true - enable: true - name: redirect ---- -apiVersion: apisix.apache.org/v2 -kind: ApisixTls -metadata: - name: nginx-tls - namespace: nginx -spec: - hosts: - - mirrors.onwalk.net - secret: - name: nginx-tls - namespace: nginx diff --git a/playbook/roles/nginx-oss/templates/mirrors-nginx-ingress.yaml b/playbook/roles/nginx-oss/templates/mirrors-nginx-ingress.yaml deleted file mode 100644 index 97185e2f..00000000 --- a/playbook/roles/nginx-oss/templates/mirrors-nginx-ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/instance: mirrors - app.kubernetes.io/name: nginx - name: mirrors-nginx - namespace: nginx -spec: - ingressClassName: nginx - rules: - - host: mirrors.onwalk.net - http: - paths: - - backend: - service: - name: mirrors-nginx - port: - number: 80 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - mirrors.onwalk.net - secretName: nginx-tls diff --git a/playbook/roles/nginx-oss/templates/mirrors-nginx.yaml b/playbook/roles/nginx-oss/templates/mirrors-nginx.yaml deleted file mode 100644 index 0156a58e..00000000 --- a/playbook/roles/nginx-oss/templates/mirrors-nginx.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - meta.helm.sh/release-name: mirrors - meta.helm.sh/release-namespace: nginx - labels: - app.kubernetes.io/instance: mirrors - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nginx - app.kubernetes.io/version: 1.16.0 - helm.sh/chart: nginx-0.1.0 - name: mirrors-nginx - namespace: nginx -spec: - internalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app.kubernetes.io/instance: mirrors - app.kubernetes.io/name: nginx - sessionAffinity: None - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: mirrors - app.kubernetes.io/name: nginx - name: mirrors-nginx - namespace: nginx -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: mirrors - app.kubernetes.io/name: nginx - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: mirrors - app.kubernetes.io/name: nginx - spec: - containers: - - image: nginx:latest - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - protocol: TCP - resources: {} - securityContext: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/nginx/ - name: nginx-config - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 - volumes: - - configMap: - defaultMode: 420 - name: nginx-config - name: nginx-config ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-config - namespace: nginx -data: - nginx.conf: | - user nginx; - worker_processes auto; - error_log /var/log/nginx/error.log notice; - pid /var/run/nginx.pid; - events { - worker_connections 1024; - } - http { - server { - listen 80; - server_name mirrors.onwalk.net; - autoindex on; - index index.html index.htm index.nginx-debian.html; - location / { - proxy_set_header Host nginx-s3.oss-cn-shanghai.aliyuncs.com; - proxy_pass http://nginx-s3.oss-cn-shanghai.aliyuncs.com; - } - } - } diff --git a/playbook/roles/node-exporter/tasks/main.yml b/playbook/roles/node-exporter/tasks/main.yml deleted file mode 100755 index 13898d74..00000000 --- a/playbook/roles/node-exporter/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -- name: create user prometheus - shell: "useradd prometheus -s /sbin/nologin | echo true" - when: inventory_hostname in groups[group] - -- name: clean old file - shell: "rm -f /usr/bin/node_exporter" - when: inventory_hostname in groups[group] - -- name: download node_exporter binary - shell: "curl -Lo /usr/bin/node_exporter https://mirrors.onwalk.net/tools/linux-amd64/node_exporter && chmod 755 /usr/bin/node_exporter" - when: inventory_hostname in groups[group] - -- name: create node-exporter.service - template: src=templates/node-exporter.service dest=/etc/systemd/system/node-exporter.service owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: reload node-exporter service - shell: 'systemctl daemon-reload' - when: inventory_hostname in groups[group] - -- name: init node-exporter service - shell: 'systemctl restart node-exporter.service' - when: inventory_hostname in groups[group] diff --git a/playbook/roles/node-exporter/templates/node-exporter.service b/playbook/roles/node-exporter/templates/node-exporter.service deleted file mode 100755 index f05a15ba..00000000 --- a/playbook/roles/node-exporter/templates/node-exporter.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Prometheus Node Exporter -After=network.target - -[Service] -Type=simple -User=prometheus -ExecStart=/usr/bin/node_exporter -Restart=on-failure -RestartSec=30 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target diff --git a/playbook/roles/observability-agent/files/setup.sh b/playbook/roles/observability-agent/files/setup.sh deleted file mode 100644 index 04e1b744..00000000 --- a/playbook/roles/observability-agent/files/setup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -set -x -export observableserver=$1 -export port=$2 -export deepflowserverip=$3 -export deepflowserverid=$4 - -cat > values.yaml << EOF -kube-state-metrics: - enabled: true -deepflow-agent: - enabled: true - deepflowServerNodeIPS: - - $deepflowserverip - deepflowK8sClusterID: $deepflowserverid -prometheus: - enabled: true - server: - extraFlags: - - enable-feature=expand-external-labels - - web.enable-lifecycle - remoteWrite: - - name: remote_prometheus - url: 'https://${observableserver}/api/v1/write' - alertmanager: - enabled: false - rometheus-pushgateway: - enabled: false -fluent-bit: - enabled: true - logLevel: debug - config: - outputs: | - [OUTPUT] - Name loki - Match kube.* - Host $observableserver - port $port - tls on - tls.verify on -EOF - -node_name=`kubectl get nodes | awk 'NR>1 {print $1}'` -kubectl create namespace monitoring || echo true -kubectl label nodes $node prometheus=true --overwrite || echo true -helm repo add stable https://artifact.onwalk.net/chartrepo/public/ || echo true -helm repo update -helm upgrade --install observableagent stable/observabilityagent -n monitoring -f values.yaml diff --git a/playbook/roles/observability-agent/meta/main.yml b/playbook/roles/observability-agent/meta/main.yml deleted file mode 100644 index 9711b330..00000000 --- a/playbook/roles/observability-agent/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/playbook/roles/observability-agent/tasks/main.yml b/playbook/roles/observability-agent/tasks/main.yml deleted file mode 100755 index 232bac9e..00000000 --- a/playbook/roles/observability-agent/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Setup Observability Agent - script: files/setup.sh {{ observableserver }} {{ port }} {{ deepflowserverip }} {{ deepflowserverid }} - when: inventory_hostname in groups[group] diff --git a/playbook/roles/observability-server/files/setup-observable-server.sh b/playbook/roles/observability-server/files/setup-observable-server.sh deleted file mode 100644 index 6e057092..00000000 --- a/playbook/roles/observability-server/files/setup-observable-server.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -set -x -export domain=$1 -export secret=$2 -export namespace=$3 -export mysql_db_password=$4 -export ck_node_ip1=$5 -export ck_node_ip2=$6 -export ck_node_ip3=$7 - -node_name=`kubectl get nodes | awk '{print $1}' | tail -n 1` -kubectl label nodes $node_name app=prometheus --overwrite - -cat > values.yaml << EOF -deepflow: - enabled: true - clickhouse: - enabled: true - mysql: - enabled: false - grafana: - enabled: true - ingress: - enabled: true - ingressClassName: nginx - hosts: - - grafana.${domain} - tls: - - secretName: ${secret} - hosts: - - grafana.${domain} - global: - #externalClickHouse: - # enabled: true - # type: ep - # clusterName: default - # storagePolicy: default - # username: default - # password: '' - # hosts: - # - ip: $ck_node_ip1 - # port: 9000 - # - ip: $ck_node_ip2 - # port: 9000 - # - ip: $ck_node_ip3 - # port: 9000 - externalMySQL: - enabled: true - ip: mysql.database.svc.cluster.local - port: 3306 - username: root - password: $mysql_db_password -prometheus: - enabled: true - alertmanager: - enabled: false - prometheus-pushgateway: - enabled: false - kube-state-metrics: - enabled: true - server: - extraArgs: - enable-feature: remote-write-receiver - ingress: - enabled: true - ingressClassName: nginx - hosts: - - prometheus.${domain} - tls: - - secretName: ${secret} - hosts: - - prometheus.${domain} - alertmanagers: - - static_configs: - - targets: - - alertmanager.${domain} - serverFiles: - prometheus.yml: - rule_files: - - /etc/config/recording_rules.yml - - /etc/config/alerting_rules.yml -alertmanager: - configmapReload: - enabled: true - ingress: - enabled: true - className: "nginx" - hosts: - - host: alertmanager.$domain - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: ${secret} - hosts: - - alertmanager.$domain - config: - global: - resolve_timeout: 5m - smtp_smarthost: 'smtp.qq.com:465' - smtp_from: '11111111@qq.com' - smtp_auth_username: '11111111@qq.com' - smtp_auth_password: '123456' - smtp_require_tls: false - templates: - - '/etc/alertmanager/*.tmpl' - receivers: - - name: 'default-receiver' - email_configs: - - to: '{{ template "email.to" . }}' - html: '{{ template "email.to.html" . }}' - route: - group_wait: 10s - group_interval: 5m - receiver: default-receiver - repeat_interval: 1h -EOF - -helm repo add stable https://artifact.onwalk.net/chartrepo/public/ || echo true -helm repo update -kubectl delete deploy observability-server-prometheus-server -n ${namespace} || echo true -helm upgrade --install observability-server stable/observableserver -n ${namespace} -f values.yaml diff --git a/playbook/roles/observability-server/meta/main.yml b/playbook/roles/observability-server/meta/main.yml deleted file mode 100644 index d2b36e36..00000000 --- a/playbook/roles/observability-server/meta/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -dependencies: - - role: mysql - - role: clickhouse - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/observability-server/tasks/main.yml b/playbook/roles/observability-server/tasks/main.yml deleted file mode 100755 index 02e6cb47..00000000 --- a/playbook/roles/observability-server/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: get mysql db password - shell: 'kubectl get secret --namespace database mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d' - register: mysql_db_password_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command - set_fact: - mysql_db_password : "{{ mysql_db_password_raw.stdout }}" - when: inventory_hostname in groups[group][0] - -- name: get clickhouse node ips - shell: "kubectl get pods -n clickhouse -o wide | grep clickhouse | awk '{print $6}'" - register: ck_node_ips_raw - when: inventory_hostname in groups[group][0] - -- name: set fact join command for ck_node_ip1 - set_fact: - ck_node_ip1 : "{{ ck_node_ips_raw.stdout_lines[0] }}" - when: inventory_hostname in groups[group][0] - -- name: set fact join command for ck_node_ip2 - set_fact: - ck_node_ip2 : "{{ ck_node_ips_raw.stdout_lines[1] }}" - when: inventory_hostname in groups[group][0] - -- name: set fact join command for ck_node_ip3 - set_fact: - ck_node_ip3 : "{{ ck_node_ips_raw.stdout_lines[2] }}" - when: inventory_hostname in groups[group][0] - -- name: Setup OpenLdap Server - script: files/setup-observable-server.sh {{ domain }} {{ item.secret_name }} {{ namespace }} {{ mysql_db_password }} {{ ck_node_ip1 }} {{ ck_node_ip2 }} {{ ck_node_ip3 }} - when: inventory_hostname in groups[group] and ( tls is defined) - loop: "{{ tls }}" diff --git a/playbook/roles/openldap/files/setup-openldap.sh b/playbook/roles/openldap/files/setup-openldap.sh deleted file mode 100644 index a477995f..00000000 --- a/playbook/roles/openldap/files/setup-openldap.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -export domain=$1 -export secret=$2 -export namespace=$3 -export password=$4 - -cat > openldap-vaules.yaml << EOF -global: - ldapDomain: $domain - adminPassword: $password - configPassword: $password -service: - type: NodePort - ldapPortNodePort: 389 - sslLdapPortNodePort: 636 -phpldapadmin: - enabled: true - ingress: - enabled: true - ingressClassName: nginx - hosts: - - openldap-admin.${domain} - tls: - - secretName: ${secret} - hosts: - - openldap-admin.${domain} -ltb-passwd: - enabled: true - ingress: - enabled: true - ingressClassName: nginx - hosts: - - openldap-ltb.${domain} - tls: - - secretName: ${secret} - hosts: - - openldap-ltb.${domain} -EOF - -helm repo add stable https://artifact.onwalk.net/chartrepo/public/ -helm repo up -kubectl create ns ${namespace} || echo true -helm upgrade --install openldap stable/openldap-stack-ha -n ${namespace} --create-namespace -f openldap-vaules.yaml diff --git a/playbook/roles/openldap/meta/main.yml b/playbook/roles/openldap/meta/main.yml deleted file mode 100644 index 6fc3ce8b..00000000 --- a/playbook/roles/openldap/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: cert-manager - - role: secret-manger diff --git a/playbook/roles/openldap/tasks/main.yml b/playbook/roles/openldap/tasks/main.yml deleted file mode 100755 index 71a4b442..00000000 --- a/playbook/roles/openldap/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Setup OpenLdap Server - script: files/setup-openldap.sh {{ domain }} {{ secret }} {{ namespace }} {{ admin_password }} - when: inventory_hostname in groups[group] - -- name: sync ldap ingress config - template: src=templates/{{ item }} dest=/tmp/{{ item }} owner=root group=root mode=0644 force=yes unsafe_writes=yes - with_items: - - ingress.yaml - -- name: Setup ldap ingress - shell: "cd /tmp/ && kubectl apply -f ingress.yaml" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/openldap/templates/.gitignore b/playbook/roles/openldap/templates/.gitignore deleted file mode 100644 index a194b200..00000000 --- a/playbook/roles/openldap/templates/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/clickhouse-keeper-k8s.iml -/.idea/ diff --git a/playbook/roles/openldap/templates/ingress.yaml b/playbook/roles/openldap/templates/ingress.yaml deleted file mode 100644 index 7afd5f1f..00000000 --- a/playbook/roles/openldap/templates/ingress.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: openldap - namespace: itsm -spec: - ingressClassName: nginx - rules: - - host: ldap.onwalk.net - http: - paths: - - backend: - service: - name: openldap-headless - port: - name: http - path: / - pathType: ImplementationSpecific ---- -apiVersion: k8s.nginx.org/v1alpha1 -kind: GlobalConfiguration -metadata: - name: nginx-configuration - namespace: ingress -spec: - listeners: - - name: ldap-tcp - port: 389 - protocol: TCP ---- -apiVersion: k8s.nginx.org/v1alpha1 -kind: TransportServer -metadata: - name: ldap-tcp - namespace: itsm -spec: - listener: - name: ldap-tcp - protocol: TCP - upstreams: - - name: ldap-app - service: openldap-headless - port: 389 - action: - pass: ldap-app diff --git a/playbook/roles/postgresql/files/post-setup.sh b/playbook/roles/postgresql/files/post-setup.sh deleted file mode 100644 index 9e984b8d..00000000 --- a/playbook/roles/postgresql/files/post-setup.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -export namespace=$1 -export POSTGRES_PASSWORD=$(kubectl get secret --namespace $namespace postgresql -o jsonpath="{.data.postgres-password}" | base64 -d) - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432 -w -c "CREATE EXTENSION IF NOT EXISTS pg_trgm; CREATE EXTENSION IF NOT EXISTS btree_gist; CREATE DATABASE gitlabhq_production OWNER gitlab;" || echo true - -#create user gitlab with encrypted password 'xxxxxx' -#grant all privileges on database gitlabhq_production to gitlab; - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432 -w -c "CREATE DATABASE keycloak;" || echo true - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432 -w -c "CREATE DATABASE registry;" || echo true - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432 -w -c "CREATE DATABASE notary_server;" || echo true - -kubectl run postgresql-client --rm --tty -i --restart='Never' --namespace $namespace --image docker.io/bitnami/postgresql:15.2.0-debian-11-r11 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgresql -U postgres -d postgres -p 5432 -w -c "CREATE DATABASE notary_signer;" || echo true diff --git a/playbook/roles/postgresql/files/setup-postgresql.sh b/playbook/roles/postgresql/files/setup-postgresql.sh deleted file mode 100644 index 1861e97e..00000000 --- a/playbook/roles/postgresql/files/setup-postgresql.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -export namespace=$1 - -helm repo add bitnami https://charts.bitnami.com/bitnami || echo true -helm repo up -kubectl create ns $namespace || echo true -helm upgrade --install postgresql bitnami/postgresql --version 12.2.3 -n $namespace diff --git a/playbook/roles/postgresql/tasks/main.yml b/playbook/roles/postgresql/tasks/main.yml deleted file mode 100755 index ff253303..00000000 --- a/playbook/roles/postgresql/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Install PostgreSQL Server - script: files/setup-postgresql.sh {{ db_namespace }} - when: inventory_hostname in groups[group] diff --git a/playbook/roles/prometheus-agent/meta/main.yml b/playbook/roles/prometheus-agent/meta/main.yml deleted file mode 100644 index 38124f94..00000000 --- a/playbook/roles/prometheus-agent/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - role: node-exporter diff --git a/playbook/roles/prometheus-agent/tasks/main.yml b/playbook/roles/prometheus-agent/tasks/main.yml deleted file mode 100755 index 8ac50507..00000000 --- a/playbook/roles/prometheus-agent/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/prometheus; mkdir -pv /etc/prometheus/; mkdir -pv /opt/prometheus/data-agent/ && chown prometheus:prometheus /opt/prometheus/data-agent/" - when: inventory_hostname in groups[group] - -- name: Download prometheus binary - shell: 'curl -Lo /usr/bin/prometheus https://mirrors.onwalk.net/tools/linux-amd64/prometheus && chmod 755 /usr/bin/prometheus' - when: inventory_hostname in groups[group] - -- name: Create prometheus-agent service - template: src=templates/prometheus-agent.service dest=/etc/systemd/system/prometheus-agent.service owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Create prometheus-agent config - template: src=templates/prometheus.yml dest=/etc/prometheus/prometheus.yml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Create prometheus-agent start script - template: src=templates/start-prometheus-agent-service.sh dest=/usr/bin/start-prometheus-agent-service.sh owner=root group=root mode=0755 - when: inventory_hostname in groups[group] - -- name: Create prometheus-agent stop script - template: src=templates/stop-prometheus-agent-service.sh dest=/usr/bin/stop-prometheus-agent-service.sh owner=root group=root mode=0755 - when: inventory_hostname in groups[group] - -- name: Init prometheus-agent service - shell: "systemctl enable prometheus-agent && systemctl daemon-reload && systemctl restart prometheus-agent" - when: inventory_hostname in groups[group] - diff --git a/playbook/roles/prometheus-agent/templates/prometheus-agent.service b/playbook/roles/prometheus-agent/templates/prometheus-agent.service deleted file mode 100644 index 7335d895..00000000 --- a/playbook/roles/prometheus-agent/templates/prometheus-agent.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Prometheus -Documentation=https://prometheus.io/ -After=network.target - -[Service] -Type=simple -User=prometheus -ExecStart=/usr/bin/start-prometheus-agent-service.sh -ExecStop=/usr/bin/stop-prometheus-agent-service.sh -Restart=on-failure -RestartSec=30 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target diff --git a/playbook/roles/prometheus-agent/templates/prometheus.yml b/playbook/roles/prometheus-agent/templates/prometheus.yml deleted file mode 100644 index 7558ee40..00000000 --- a/playbook/roles/prometheus-agent/templates/prometheus.yml +++ /dev/null @@ -1,10 +0,0 @@ -global: - scrape_interval: 15s - external_labels: - {{ label }} -scrape_configs: - - job_name: 'node_exporter' - static_configs: - - targets: ['{{ ansible_default_ipv4.address }}:9100'] -remote_write: - - url: '{{ remote_write }}' diff --git a/playbook/roles/prometheus-agent/templates/start-prometheus-agent-service.sh b/playbook/roles/prometheus-agent/templates/start-prometheus-agent-service.sh deleted file mode 100755 index 08fae2a4..00000000 --- a/playbook/roles/prometheus-agent/templates/start-prometheus-agent-service.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --web.listen-address="0.0.0.0:9091" --web.enable-lifecycle --enable-feature=agent --storage.agent.path="/opt/prometheus/data-agent/" diff --git a/playbook/roles/prometheus-agent/templates/stop-prometheus-agent-service.sh b/playbook/roles/prometheus-agent/templates/stop-prometheus-agent-service.sh deleted file mode 100755 index bb2b3914..00000000 --- a/playbook/roles/prometheus-agent/templates/stop-prometheus-agent-service.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -pkill -9 prometheus diff --git a/playbook/roles/prometheus-transfer/meta/main.yml b/playbook/roles/prometheus-transfer/meta/main.yml deleted file mode 100644 index cfa117fc..00000000 --- a/playbook/roles/prometheus-transfer/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: node-exporter diff --git a/playbook/roles/prometheus-transfer/tasks/main.yml b/playbook/roles/prometheus-transfer/tasks/main.yml deleted file mode 100755 index dd139d32..00000000 --- a/playbook/roles/prometheus-transfer/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/prometheus; mkdir -pv /opt/prometheus/data/ && chown prometheus:prometheus /opt/prometheus/data/" - -- name: download prometheus binary - shell: 'curl -Lo /usr/bin/prometheus https://mirrors.onwalk.net/tools/linux-amd64/prometheus && chmod 755 /usr/bin/prometheus' - -- name: create prometheus-transfer service - template: src=templates/prometheus-transfer.service dest=/etc/systemd/system/prometheus-transfer.service owner=root group=root mode=0644 - -- name: create prometheus-transfer config - template: src=templates/prometheus-transfer.yml dest=/etc/prometheus/prometheus-transfer.yml owner=root group=root mode=0644 - -- name: create prometheus-transfer start script - template: src=templates/start-prometheus-transfer-service.sh dest=/usr/bin/start-prometheus-transfer-service.sh owner=root group=root mode=0755 - -- name: create prometheus-transfer stop script - template: src=templates/stop-prometheus-transfer-service.sh dest=/usr/bin/stop-prometheus-transfer-service.sh owner=root group=root mode=0755 - -- name: init prometheus-transfer service - shell: "systemctl enable prometheus-transfer && systemctl daemon-reload && systemctl restart prometheus-transfer" - diff --git a/playbook/roles/prometheus-transfer/templates/prometheus-transfer.service b/playbook/roles/prometheus-transfer/templates/prometheus-transfer.service deleted file mode 100644 index 99b2750a..00000000 --- a/playbook/roles/prometheus-transfer/templates/prometheus-transfer.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Prometheus -Documentation=https://prometheus.io/ -After=network.target - -[Service] -Type=simple -User=prometheus -ExecStart=/usr/bin/start-prometheus-transfer-service.sh -ExecStop=/usr/bin/stop-prometheus-transfer-service.sh -Restart=on-failure -RestartSec=30 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target diff --git a/playbook/roles/prometheus-transfer/templates/prometheus-transfer.yml b/playbook/roles/prometheus-transfer/templates/prometheus-transfer.yml deleted file mode 100644 index f3b536bc..00000000 --- a/playbook/roles/prometheus-transfer/templates/prometheus-transfer.yml +++ /dev/null @@ -1,9 +0,0 @@ -global: - scrape_interval: 3s - evaluation_interval: 3s -remote_read: - - url: '{{ remote_read }}' - read_recent: true - basic_auth: - username: '{{ remote_user }}' - password: '{{ remote_token }}' diff --git a/playbook/roles/prometheus-transfer/templates/start-prometheus-transfer-service.sh b/playbook/roles/prometheus-transfer/templates/start-prometheus-transfer-service.sh deleted file mode 100755 index f9c01a30..00000000 --- a/playbook/roles/prometheus-transfer/templates/start-prometheus-transfer-service.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/bin/prometheus --config.file=/etc/prometheus/prometheus-transfer.yml --web.listen-address="0.0.0.0:9092" --web.enable-lifecycle --storage.tsdb.path="/opt/prometheus/data/" diff --git a/playbook/roles/prometheus-transfer/templates/stop-prometheus-transfer-service.sh b/playbook/roles/prometheus-transfer/templates/stop-prometheus-transfer-service.sh deleted file mode 100755 index bb2b3914..00000000 --- a/playbook/roles/prometheus-transfer/templates/stop-prometheus-transfer-service.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -pkill -9 prometheus diff --git a/playbook/roles/promtail-agent/meta/main.yml b/playbook/roles/promtail-agent/meta/main.yml deleted file mode 100644 index 9711b330..00000000 --- a/playbook/roles/promtail-agent/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/playbook/roles/promtail-agent/tasks/main.yml b/playbook/roles/promtail-agent/tasks/main.yml deleted file mode 100755 index 4fa017f0..00000000 --- a/playbook/roles/promtail-agent/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Download promtail binary - shell: 'curl -Lo /usr/bin/promtail https://mirrors.onwalk.net/tools/linux-amd64/promtail && chmod 755 /usr/bin/promtail' - when: inventory_hostname in groups[group] - -- name: Create promtail-agent service - template: src=templates/promtail-agent.service dest=/lib/systemd/system/promtail-agent.service owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init promtail-agent service - shell: "systemctl enable promtail-agent && systemctl daemon-reload && systemctl restart promtail-agent" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/promtail-agent/templates/promtail-agent.service b/playbook/roles/promtail-agent/templates/promtail-agent.service deleted file mode 100644 index 4d27b40b..00000000 --- a/playbook/roles/promtail-agent/templates/promtail-agent.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Prometheus -Documentation=https://grafana.io/ -After=network.target - -[Service] -Type=simple -User=root -ExecStart=/usr/bin/promtail -config.file=/etc/promtail/promtail.yaml -Restart=on-failure -RestartSec=30 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target diff --git a/playbook/roles/promtail-agent/templates/promtail.yaml b/playbook/roles/promtail-agent/templates/promtail.yaml deleted file mode 100644 index 8bdb778d..00000000 --- a/playbook/roles/promtail-agent/templates/promtail.yaml +++ /dev/null @@ -1,38 +0,0 @@ -server: - http_listen_port: 9080 - grpc_listen_port: 0 - -clients: - - url: http://{{ loki_host }}:{{ loki_port }}/loki/api/v1/push - -positions: - filename: /var/log/positions.yaml - -scrape_configs: -- job_name: system-auth-log - static_configs: - - targets: - - localhost - labels: - instance: {{ inventory_hostname }} - {{ label }} - job: secure - __path__: /var/log/auth.log -- job_name: system-os-log - static_configs: - - targets: - - localhost - labels: - instance: {{ inventory_hostname }} - {{ label }} - job: syslog - __path__: /var/log/syslog -- job_name: system-audit-log - static_configs: - - targets: - - localhost - labels: - instance: {{ inventory_hostname }} - {{ label }} - job: audit - __path__: /var/log/audit/audit.log diff --git a/playbook/roles/redis/files/setup-redis.sh b/playbook/roles/redis/files/setup-redis.sh deleted file mode 100644 index b68ae13c..00000000 --- a/playbook/roles/redis/files/setup-redis.sh +++ /dev/null @@ -1,4 +0,0 @@ -helm repo add bitnami https://charts.bitnami.com/bitnami -helm repo up -kubectl create ns redis -helm upgrade --install redis bitnami/redis --set architecture=standalone -n redis diff --git a/playbook/roles/redis/tasks/main.yml b/playbook/roles/redis/tasks/main.yml deleted file mode 100755 index 98200ff7..00000000 --- a/playbook/roles/redis/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Setup Redis Server - script: files/setup-redis.sh - when: inventory_hostname in groups[group] diff --git a/playbook/roles/secret-manger/tasks/main.yml b/playbook/roles/secret-manger/tasks/main.yml deleted file mode 100755 index f12b12b9..00000000 --- a/playbook/roles/secret-manger/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ -- name: "cluster {{ ClusterContext }} : Create namespace" - shell: "kubectl create ns {{ namespace }} || echo true" - -# Create General Secret for K8S form File - -- name: "cluster {{ ClusterContext }} : Clean OLD Secret" - shell: "kubectl delete secret {{ item.secret_name }} -n {{ namespace }}" - ignore_errors: yes - loop: "{{ generic }}" - when: generic is defined - -- name: "cluster {{ ClusterContext }} Create New Generic Secret from Key/Vaule" - shell: 'kubectl create secret generic {{ item.secret_name }} \ - --from-literal={{ item.sercet_key }}="{{ item.secret_value }}" \ - -n {{ namespace }}' - loop: "{{ generic }}" - when: generic is defined - -# Create General Secret for K8S From Key/Value - -- name: "cluster {{ ClusterContext }} : Clean OLD Secret" - shell: "kubectl delete secret {{ item.secret_name }} -n {{ namespace }}" - ignore_errors: yes - loop: "{{ secret }}" - when: secret is defined - -- name: "cluster {{ ClusterContext }} Create New Generic Secret from Key/Vaule" - shell: 'kubectl create secret generic {{ item.secret_name }} \ - --from-literal={{ item.sercet_key }}="{{ item.secret_value }}" \ - -n {{ namespace }}' - loop: "{{ secrets }}" - when: secrets is defined - -# TLS Secret for K8S key/cert - -- name: "cluster {{ ClusterContext }} : Clean OLD Secret" - shell: "kubectl delete secret {{ item.secret_name }} -n {{ namespace }}" - ignore_errors: yes - loop: "{{ tls }}" - when: tls is defined - -- name: "cluster {{ ClusterContext }} : Create New tls secret" - shell: 'kubectl create secret tls {{ item.secret_name }} \ - --key={{ item.keyfile }} \ - --cert={{ item.certfile }} \ - -n {{ namespace }}' - loop: "{{ tls }}" - when: tls is defined diff --git a/playbook/roles/wireguard-client/create_keys.sh b/playbook/roles/wireguard-client/create_keys.sh deleted file mode 100644 index 44c39a84..00000000 --- a/playbook/roles/wireguard-client/create_keys.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -export name=$1 -export server_key=$2 -export server_ip=$3 -export client_ip=$4 - -sudo rm -rvf /etc/wireguard/keys/$name -sudo mkdir -pv /etc/wireguard/keys/$name -cd /etc/wireguard/keys/$name -wg genkey > ${name}.key -wg pubkey < ${name}.key > ${name}.pub - -KEY=`cat ${name}.key` -PUBKEY=`cat ${name}.pub` - -cat > ${name}-wg0.conf << EOF -[Interface] -PrivateKey = ${KEY} -ListenPort = 54321 -Address = ${client_ip}/24 -DNS = 10.1.0.2, 114.114.114.114 -MTU = 1420 -[Peer] -PublicKey = ${server_key} -AllowedIPs = 10.255.0.0/24, 10.1.0.0/16 -Endpoint = ${server_ip}:51820 -PersistentKeepalive = 25 -EOF - - -# brew install wireguard-tools && sudo wg-quick up wg0 -# apt install qrencode --assume-yes qrencode --read-from=client-wg0.conf --type=UTF8 - -cat >> /etc/wireguard/wg0.conf << EOF -[Peer] - # ${name} - PublicKey = ${PUBKEY} - AllowedIPs = ${client_ip}/32 -EOF diff --git a/playbook/roles/wireguard-client/tasks/main.yml b/playbook/roles/wireguard-client/tasks/main.yml deleted file mode 100755 index dea103e8..00000000 --- a/playbook/roles/wireguard-client/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init Xtls service - shell: 'bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @install' - when: inventory_hostname in groups[group] - -- name: Remove fluent-bit service - shell: "systemctl disable fluent-bit && systemctl stop fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/wireguard-client/templates/config.json b/playbook/roles/wireguard-client/templates/config.json deleted file mode 100644 index 494ffc26..00000000 --- a/playbook/roles/wireguard-client/templates/config.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "log": { - "loglevel": "warning" - }, - "routing": { - "domainStrategy": "IPIfNonMatch", - "rules": [ - { - "type": "field", - "ip": [ - "geoip:cn" - ], - "outboundTag": "block" - } - ] - }, - "inbounds": [ - { - "listen": "0.0.0.0", - "port": 1443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "18d270a9-533d-4b13-b3f1-e7f55540a9b2", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "8001", - "xver": 1 - }, - { - "alpn": "h2", - "dest": "8002", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "rejectUnknownSni": true, - "minVersion": "1.2", - "certificates": [ - { - "ocspStapling": 3600, - "certificateFile": "/etc/ssl/onwalk.net.pem", - "keyFile": "/etc/ssl/onwalk.net.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "tag": "direct" - }, - { - "protocol": "blackhole", - "tag": "block" - } - ], - "policy": { - "levels": { - "0": { - "handshake": 2, - "connIdle": 120 - } - } - } -} diff --git a/playbook/roles/wireguard-dateway/create_keys.sh b/playbook/roles/wireguard-dateway/create_keys.sh deleted file mode 100644 index 44c39a84..00000000 --- a/playbook/roles/wireguard-dateway/create_keys.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -export name=$1 -export server_key=$2 -export server_ip=$3 -export client_ip=$4 - -sudo rm -rvf /etc/wireguard/keys/$name -sudo mkdir -pv /etc/wireguard/keys/$name -cd /etc/wireguard/keys/$name -wg genkey > ${name}.key -wg pubkey < ${name}.key > ${name}.pub - -KEY=`cat ${name}.key` -PUBKEY=`cat ${name}.pub` - -cat > ${name}-wg0.conf << EOF -[Interface] -PrivateKey = ${KEY} -ListenPort = 54321 -Address = ${client_ip}/24 -DNS = 10.1.0.2, 114.114.114.114 -MTU = 1420 -[Peer] -PublicKey = ${server_key} -AllowedIPs = 10.255.0.0/24, 10.1.0.0/16 -Endpoint = ${server_ip}:51820 -PersistentKeepalive = 25 -EOF - - -# brew install wireguard-tools && sudo wg-quick up wg0 -# apt install qrencode --assume-yes qrencode --read-from=client-wg0.conf --type=UTF8 - -cat >> /etc/wireguard/wg0.conf << EOF -[Peer] - # ${name} - PublicKey = ${PUBKEY} - AllowedIPs = ${client_ip}/32 -EOF diff --git a/playbook/roles/wireguard-dateway/tasks/main.yml b/playbook/roles/wireguard-dateway/tasks/main.yml deleted file mode 100755 index fcbc572d..00000000 --- a/playbook/roles/wireguard-dateway/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init Wireguard Service - shell: 'apt update && apt install wireguard-tools wireguard-dkms -y' - when: inventory_hostname in groups[group] - -- name: Remove fluent-bit service - shell: "systemctl disable fluent-bit && systemctl stop fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/wireguard-dateway/templates/create-vpn-config.sh b/playbook/roles/wireguard-dateway/templates/create-vpn-config.sh deleted file mode 100644 index a962cdf1..00000000 --- a/playbook/roles/wireguard-dateway/templates/create-vpn-config.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -export server_public_key=$1 -export server_ip=$2 -export client_name=$3 -export client_ip=$4 - -sudo rm -rvf /etc/wireguard/keys/$client_name -sudo mkdir -pv /etc/wireguard/keys/$client_name -cd /etc/wireguard/keys/$client_name -wg genkey > ${client_name}.key -wg pubkey < ${client_name}.key > ${client_name}.pub - -CLIENT_KEY=`cat ${client_name}.key` -CLIENT_PUBLIC_KEY=`cat ${client_name}.pub` - -cat > ${client_name}-wg0.conf << EOF -[Interface] -PrivateKey = ${CLIENT_KEY} -ListenPort = 54321 -Address = ${client_ip}/24 -DNS = 114.114.114.114 -MTU = 1420 -EOF - - -# brew install wireguard-tools && sudo wg-quick up wg0 -# apt install qrencode --assume-yes qrencode --read-from=client-wg0.conf --type=UTF8 - -cat >> /etc/wireguard/wg0.conf << EOF -[Peer] - # ${client_name} - PublicKey = ${CLIENT_PUBLIC_KEY} - AllowedIPs = ${client_ip}/32 -EOF diff --git a/playbook/roles/xtls-server/tasks/main.yml b/playbook/roles/xtls-server/tasks/main.yml deleted file mode 100755 index dea103e8..00000000 --- a/playbook/roles/xtls-server/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Pre setting - shell: "rm -f /usr/bin/promtail; mkdir -pv /etc/promtail/ && touch /var/log/positions.yaml" - when: inventory_hostname in groups[group] - -- name: Create promtail-agent config - template: src=templates/promtail.yaml dest=/etc/promtail/promtail.yaml owner=root group=root mode=0644 - when: inventory_hostname in groups[group] - -- name: Init Xtls service - shell: 'bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @install' - when: inventory_hostname in groups[group] - -- name: Remove fluent-bit service - shell: "systemctl disable fluent-bit && systemctl stop fluent-bit" - when: inventory_hostname in groups[group] diff --git a/playbook/roles/xtls-server/templates/config.json b/playbook/roles/xtls-server/templates/config.json deleted file mode 100644 index 494ffc26..00000000 --- a/playbook/roles/xtls-server/templates/config.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "log": { - "loglevel": "warning" - }, - "routing": { - "domainStrategy": "IPIfNonMatch", - "rules": [ - { - "type": "field", - "ip": [ - "geoip:cn" - ], - "outboundTag": "block" - } - ] - }, - "inbounds": [ - { - "listen": "0.0.0.0", - "port": 1443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "18d270a9-533d-4b13-b3f1-e7f55540a9b2", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "8001", - "xver": 1 - }, - { - "alpn": "h2", - "dest": "8002", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "rejectUnknownSni": true, - "minVersion": "1.2", - "certificates": [ - { - "ocspStapling": 3600, - "certificateFile": "/etc/ssl/onwalk.net.pem", - "keyFile": "/etc/ssl/onwalk.net.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "tag": "direct" - }, - { - "protocol": "blackhole", - "tag": "block" - } - ], - "policy": { - "levels": { - "0": { - "handshake": 2, - "connIdle": 120 - } - } - } -} diff --git a/playbook/templates/id_rsa b/playbook/templates/id_rsa deleted file mode 100644 index 39cdaff3..00000000 --- a/playbook/templates/id_rsa +++ /dev/null @@ -1 +0,0 @@ -{{ vars.ssh_private_key }} diff --git a/playbook/templates/inventory b/playbook/templates/inventory deleted file mode 100644 index 96285c5b..00000000 --- a/playbook/templates/inventory +++ /dev/null @@ -1,14 +0,0 @@ -[master] -k3s-server ansible_host={{ vars.k3s_server_public_ip }} - -[node] -db-server ansible_host={{ vars.db_server_public_ip }} - -[all:vars] -ansible_port=22 -ansible_ssh_user=ubuntu -ansible_ssh_private_key_file=hosts/id_rsa -ansible_host_key_checking=False -dns_ak={{ vars.dns_ak }} -dns_sk={{ vars.dns_sk }} -lb_ip={{ vars.k3s_server_ip }}