feat: Added k3s, metallb, tried adding traefik
This commit is contained in:
Lino Silva
@@ -0,0 +1,65 @@
|
||||
---
|
||||
# From repository
|
||||
- name: Add traefik helm repo
|
||||
kubernetes.core.helm_repository:
|
||||
name: jetstack
|
||||
repo_url: "https://charts.jetstack.io"
|
||||
|
||||
- name: Update the repository cache
|
||||
kubernetes.core.helm:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
name: dummy
|
||||
namespace: kube-system
|
||||
state: absent
|
||||
update_repo_cache: true
|
||||
|
||||
- name: Download cert-manager.crds manifest to the cluster.
|
||||
ansible.builtin.get_url:
|
||||
url: https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
|
||||
dest: /tmp/cert-manager.crds.yaml
|
||||
mode: "0664"
|
||||
|
||||
- name: Apply cert-manager.crds manifest to the cluster.
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
src: /tmp/cert-manager.crds.yaml
|
||||
|
||||
- name: Deploy latest version of cert-manager chart inside cert-manager namespace (and create it)
|
||||
kubernetes.core.helm:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
name: cert-manager
|
||||
chart_ref: jetstack/cert-manager
|
||||
release_namespace: cert-manager
|
||||
create_namespace: true
|
||||
values: "{{ lookup('template', 'values.yml') | from_yaml }}"
|
||||
|
||||
- name: Deploy cert-manager secret - Cloudflare
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'secret-cf-token.yml') | from_yaml }}"
|
||||
|
||||
- name: Deploy lets encrypt staging
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'letsencrypt-staging.yml') | from_yaml }}"
|
||||
|
||||
- name: Deploy cert-manager staging
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'lino-cooking.staging.yml') | from_yaml }}"
|
||||
|
||||
- name: Deploy lets encrypt production
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'letsencrypt-production.yml') | from_yaml }}"
|
||||
|
||||
- name: Deploy cert-manager production
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'lino-cooking.prod.yml') | from_yaml }}"
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-production
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: letsencrypt@lino.cooking
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-production
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
email: D5&YbHe&oKx82uuTQ^AfW#$*D8GsDE#K3x^446S^wvH#8T@W2C
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-token-secret
|
||||
key: cloudflare-token
|
||||
selector:
|
||||
dnsZones:
|
||||
- "lino.cooking"
|
||||
@@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email: letsencrypt@lino.cooking
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
email: okulto+cloudflare@gmail.com
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-api-token-secret
|
||||
key: api-token
|
||||
selector:
|
||||
dnsZones:
|
||||
- "lino.cooking"
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: lino-cooking
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: lino-cooking-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-production
|
||||
kind: ClusterIssuer
|
||||
commonName: "*.lino.cooking"
|
||||
dnsNames:
|
||||
- "lino.cooking"
|
||||
- "*.lino.cooking"
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: lino-cooking
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: lino-cooking-staging-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-staging
|
||||
kind: ClusterIssuer
|
||||
commonName: "*.lino.cooking"
|
||||
dnsNames:
|
||||
- "lino.cooking"
|
||||
- "*.lino.cooking"
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-api-token-secret
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
api-token: "{{ cloudflare_api_key }}"
|
||||
@@ -0,0 +1,10 @@
|
||||
installCRDs: false
|
||||
replicaCount: 3
|
||||
extraArgs:
|
||||
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
|
||||
- --dns01-recursive-nameservers-only
|
||||
podDnsPolicy: None
|
||||
podDnsConfig:
|
||||
nameservers:
|
||||
- "1.1.1.1"
|
||||
- "9.9.9.9"
|
||||
Reference in New Issue
Block a user