ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a569fe153b
playbooks/roles/vhosts/k3s_platform_addon/tasks/main.yml

134 lines
4.2 KiB
YAML
Raw Blame History

- name: Install external-secrets directly with Helm
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG="{{ k3s_platform_kubeconfig_path }}"
chart_dir="$(mktemp -d /tmp/external-secrets.XXXXXX)"
cleanup() {
rm -rf "$chart_dir"
}
trap cleanup EXIT
attempt=1
max_attempts=6
while true; do
rm -rf "$chart_dir"/*
if helm pull --repo "https://charts.external-secrets.io" \
--version "{{ k3s_platform_external_secrets_chart_version }}" \
--untar \
--untardir "$chart_dir" \
external-secrets; then
break
fi
if [ "$attempt" -ge "$max_attempts" ]; then
echo "failed to download external-secrets after $attempt attempts" >&2
exit 1
fi
sleep "$((attempt * 30))"
attempt=$((attempt + 1))
done
helm upgrade --install external-secrets "$chart_dir/external-secrets" \
--namespace platform \
--create-namespace \
--version "{{ k3s_platform_external_secrets_chart_version }}" \
--set installCRDs=true \
--wait \
--timeout 10m
args:
executable: /bin/bash
when:
- k3s_platform_values.components.externalSecrets.enabled | default(true)
- name: Ensure GHCR pull secret for PostgreSQL chart exists
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG="{{ k3s_platform_kubeconfig_path }}"
kubectl -n database create secret docker-registry postgresql-ghcr-pull \
--docker-server="{{ k3s_platform_ghcr_registry }}" \
--docker-username="{{ k3s_platform_ghcr_username }}" \
--docker-password="{{ k3s_platform_ghcr_token }}" \
--dry-run=client -o yaml | kubectl apply -f -
args:
executable: /bin/bash
when:
- k3s_platform_ghcr_username | length > 0
- k3s_platform_ghcr_token | length > 0
- name: Install reloader directly with Helm
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG="{{ k3s_platform_kubeconfig_path }}"
helm upgrade --install reloader stakater/reloader \
--namespace platform \
--create-namespace \
--version "{{ k3s_platform_reloader_chart_version }}" \
--wait \
--timeout 10m
args:
executable: /bin/bash
when:
- k3s_platform_values.components.reloader.enabled | default(true)
- name: Install caddy directly with Helm
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG="{{ k3s_platform_kubeconfig_path }}"
chart_dir="$(mktemp -d /tmp/caddy-ingress-controller.XXXXXX)"
cleanup() {
rm -rf "$chart_dir"
}
trap cleanup EXIT
attempt=1
max_attempts=6
while true; do
rm -rf "$chart_dir"/*
if helm pull --repo "https://caddyserver.github.io/ingress/" \
--version "{{ k3s_platform_caddy_chart_version }}" \
--untar \
--untardir "$chart_dir" \
caddy-ingress-controller; then
break
fi
if [ "$attempt" -ge "$max_attempts" ]; then
echo "failed to download caddy-ingress-controller after $attempt attempts" >&2
exit 1
fi
sleep "$((attempt * 30))"
attempt=$((attempt + 1))
done
helm upgrade --install "{{ k3s_platform_values.components.caddy.releaseName }}" "$chart_dir/caddy-ingress-controller" \
--namespace platform \
--create-namespace \
--version "{{ k3s_platform_caddy_chart_version }}" \
-f /tmp/platform-caddy-values.yaml \
--wait \
--timeout 10m
args:
executable: /bin/bash
when:
- k3s_platform_values.components.caddy.enabled | default(false)
- name: Install apisix directly with Helm
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG="{{ k3s_platform_kubeconfig_path }}"
helm upgrade --install "{{ k3s_platform_values.components.apisix.releaseName }}" apisix/apisix \
--namespace platform \
--create-namespace \
--version "{{ k3s_platform_apisix_chart_version }}" \
-f /tmp/platform-apisix-values.yaml \
--wait \
--timeout 10m
args:
executable: /bin/bash
when:
- k3s_platform_values.components.apisix.enabled | default(false)
- name: Addon | external-dns
ansible.builtin.import_tasks: addons/external-dns.yml
when:
- k3s_platform_values.components.externalDns.enabled | default(false)
tags: [addon, external-dns]
Reference in New Issue View Git Blame Copy Permalink