feat: reverse proxy and certs working
This commit is contained in:
Lino Silva
@@ -0,0 +1 @@
|
||||
---
|
||||
@@ -1,5 +1,20 @@
|
||||
---
|
||||
- name: Add helm chart
|
||||
ansible.builtin.shell: |
|
||||
helm repo add authelia https://charts.authelia.com
|
||||
helm repo update
|
||||
- name: Add traefik helm repo
|
||||
kubernetes.core.helm_repository:
|
||||
name: authelia
|
||||
repo_url: "https://charts.authelia.com"
|
||||
|
||||
- name: Update the repository cache
|
||||
kubernetes.core.helm:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
name: dummy
|
||||
namespace: kube-system
|
||||
state: absent
|
||||
update_repo_cache: true
|
||||
|
||||
- name: Deploy latest version of Authelia chart inside
|
||||
kubernetes.core.helm:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
name: authelia
|
||||
chart_ref: authelia/authelia
|
||||
values: "{{ lookup('template', 'values.yml') | from_yaml }}"
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -15,7 +15,7 @@
|
||||
|
||||
- name: Download cert-manager.crds manifest to the cluster.
|
||||
ansible.builtin.get_url:
|
||||
url: https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
|
||||
url: https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.crds.yaml
|
||||
dest: /tmp/cert-manager.crds.yaml
|
||||
mode: "0664"
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
cloudflare:
|
||||
email: D5&YbHe&oKx82uuTQ^AfW#$*D8GsDE#K3x^446S^wvH#8T@W2C
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-token-secret
|
||||
name: cloudflare-api-token-secret
|
||||
key: cloudflare-token
|
||||
selector:
|
||||
dnsZones:
|
||||
|
||||
@@ -6,4 +6,4 @@ metadata:
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
api-token: "{{ cloudflare_api_key }}"
|
||||
cloudflare-token: "{{ cloudflare_api_key }}"
|
||||
|
||||
@@ -1,28 +1,24 @@
|
||||
---
|
||||
- name: Add cgroup rule
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
|
||||
state: present
|
||||
line: lxc.apparmor.profile{{":"}} unconfined
|
||||
validate: /usr/sbin/visudo -cf %s
|
||||
|
||||
- name: Add cgroup rule
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
|
||||
state: present
|
||||
line: lxc.cap.drop{{":"}}
|
||||
validate: /usr/sbin/visudo -cf %s
|
||||
|
||||
- name: Add cgroup rule
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
|
||||
state: present
|
||||
line: lxc.mount.auto"{{":"}}" "proc{{":"}}rw sys{{":"}}rw"
|
||||
validate: /usr/sbin/visudo -cf %s
|
||||
|
||||
- name: Add cgroup rule
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
|
||||
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
|
||||
state: present
|
||||
line: lxc.cgroup2.devices.allow{{":"}} c 10{{":"}}200 rwm
|
||||
validate: /usr/sbin/visudo -cf %s
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
state: stopped
|
||||
loop: "{{ groups['baremetal'] }}"
|
||||
ignore_errors: true
|
||||
timeout: 90
|
||||
|
||||
- name: Remove containers
|
||||
community.general.proxmox:
|
||||
@@ -18,6 +19,7 @@
|
||||
state: absent
|
||||
loop: "{{ groups['baremetal'] }}"
|
||||
ignore_errors: true
|
||||
timeout: 90
|
||||
|
||||
- name: Remove .ssh/known_hosts lines
|
||||
ansible.builtin.lineinfile:
|
||||
|
||||
@@ -22,25 +22,25 @@
|
||||
create_namespace: true
|
||||
values: "{{ lookup('template', 'values.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
- name: Deploy traefik default headers
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'default-headers.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
- name: Deploy secret for traefik dashboard
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'secret-dashboard.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
- name: Deploy dashboard middleware for auth
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'dashboard-middleware.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
- name: Create dashboard ingress
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
|
||||
@@ -17,5 +17,5 @@ spec:
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
tls:
|
||||
secretName: lino-cooking-staging-tls
|
||||
# tls:
|
||||
# secretName: lino-cooking-staging-tls
|
||||
|
||||
@@ -45,6 +45,6 @@ service:
|
||||
annotations: {}
|
||||
labels: {}
|
||||
spec:
|
||||
loadBalancerIP: 10.1.1.3 # this should be an IP in the MetalLB range
|
||||
loadBalancerIP: 10.0.4.1 # this should be an IP in the MetalLB range
|
||||
loadBalancerSourceRanges: []
|
||||
externalIPs: []
|
||||
|
||||
Reference in New Issue
Block a user