lino/k3s-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: added argocd and arr

Browse Source
This commit is contained in:
Lino Silva
2023-02-13 14:58:21 +00:00
parent 5fab069837
commit fbd6e53083
15 changed files with 17345 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/argocd/tasks/main.yml
+27
View File
@@ -0,0 +1,27 @@
---
- name: Create argocd namespace
kubernetes.core.k8s:
name: argocd
kubeconfig: /Users/lino.silva/.kube/config
api_version: v1
kind: Namespace
state: present
- name: Install argocd
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
namespace: argocd
definition: "{{ lookup('template', 'install.yml') | from_yaml }}"
- name: Deploy forwardauth middleware
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'middleware-forwardauth.yml') | from_yaml }}"
- name: Deploy argocd - ingress
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'ingress.yml') | from_yaml }}"
roles/argocd/templates/ingress.yml
+37
View File
@@ -0,0 +1,37 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd
namespace: argocd
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.lino.cooking`)
kind: Rule
services:
- name: argocd-server
port: 80
middlewares:
- name: argocd-forwardauth
namespace: argocd
- match: Host(`argocd.lino.cooking`) && Headers(`Content-Type`, `application/grpc`)
kind: Rule
services:
- name: argocd-server
port: 80
scheme: h2c
- match: "Host(`argocd.lino.cooking`) && PathPrefix(`/outpost.goauthentik.io/`)"
kind: Rule
priority: 15
services:
- kind: Service
# Or, to use an external Outpost, create an ExternalName service and reference that here.
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
name: authentik
port: 9000
tls:
secretName: lino-cooking-tls
roles/argocd/templates/install.yml
+17056
View File
File diff suppressed because it is too large Load Diff
roles/argocd/templates/middleware-forwardauth.yml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: argocd-forwardauth
namespace: argocd
spec:
forwardAuth:
address: https://argocd.lino.cooking/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
roles/arr/tasks/main.yml
+64
View File
@@ -0,0 +1,64 @@
---
# - name: Create a arr-apps namespace
# kubernetes.core.k8s:
# name: arr-apps
# kubeconfig: /Users/lino.silva/.kube/config
# api_version: v1
# kind: Namespace
# state: present
- name: Deploy arr - deployment
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'deployment.yml') | from_yaml }}"
loop:
- { name: 'radarr', port: 7878 }
- { name: 'prowlarr', port: 9696 }
- { name: 'sonarr', port: 8989 }
- { name: 'overseerr', port: 5055 }
- { name: 'transmission', port: 9091 }
- { name: 'bazarr', port: 6767 }
- { name: 'lidarr', port: 8686 }
- name: Deploy arr services
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'service.yml') | from_yaml }}"
loop:
- { name: 'radarr', port: 7878 }
- { name: 'prowlarr', port: 9696 }
- { name: 'sonarr', port: 8989 }
- { name: 'overseerr', port: 5055 }
- { name: 'transmission', port: 9091 }
- { name: 'bazarr', port: 6767 }
- { name: 'lidarr', port: 8686 }
- name: Deploy forwardauth middleware
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'middleware-forwardauth.yml') | from_yaml }}"
loop:
- radarr
- prowlarr
- sonarr
- overseerr
- transmission
- bazarr
- lidarr
- name: Deploy arr - ingress
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'ingress.yml') | from_yaml }}"
loop:
- { name: 'radarr', port: 7878 }
- { name: 'prowlarr', port: 9696 }
- { name: 'sonarr', port: 8989 }
- { name: 'overseerr', port: 5055 }
- { name: 'transmission', port: 9091 }
- { name: 'bazarr', port: 6767 }
- { name: 'lidarr', port: 8686 }
roles/arr/templates/deployment.yml
+30
View File
@@ -0,0 +1,30 @@
---
- kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ item.name }}
namespace: default
labels:
app: {{ item.name }}
spec:
replicas: 1
progressDeadlineSeconds: 600
revisionHistoryLimit: 2
strategy:
type: Recreate
selector:
matchLabels:
app: {{ item.name }}
template:
metadata:
labels:
app: {{ item.name }}
spec:
containers:
- name: {{ item.name }}
image: linuxserver/{{ item.name }}
ports:
- name: app-port
containerPort: {{ item.port }}
hostPort: {{ item.port }}
protocol: TCP
roles/arr/templates/ingress.yml
+32
View File
@@ -0,0 +1,32 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ item.name }}
namespace: default
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`{{ item.name }}.lino.cooking`)
kind: Rule
services:
- name: {{ item.name }}
port: {{ item.port }}
middlewares:
- name: default-headers
- name: {{ item.name }}-forwardauth
namespace: traefik
- match: "Host(`{{ item.name }}.lino.cooking`) && PathPrefix(`/outpost.goauthentik.io/`)"
kind: Rule
priority: 15
services:
- kind: Service
# Or, to use an external Outpost, create an ExternalName service and reference that here.
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
name: authentik
port: 9000
tls:
secretName: lino-cooking-tls
roles/arr/templates/middleware-forwardauth.yml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ item }}-forwardauth
namespace: traefik
spec:
forwardAuth:
address: https://{{ item }}.lino.cooking/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
roles/arr/templates/service.yml
+13
View File
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ item.name }}
namespace: default
spec:
selector:
app: {{ item.name }}
ports:
- name: http
targetPort: {{ item.port }}
port: {{ item.port }}
roles/k3s/dashboard/tasks/main.yml
+12
View File
@@ -0,0 +1,12 @@
---
- name: Deploy admin user
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'dashboard.admin-user.yml') | from_yaml }}"
- name: Deploy admin user role
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
definition: "{{ lookup('template', 'dashboard.admin-user-role.yml') | from_yaml }}"
roles/nginx/tasks/main.yml
-1
View File
@@ -15,7 +15,6 @@
kubernetes.core.k8s:
kubeconfig: /Users/lino.silva/.kube/config
state: present
namespace: traefik
definition: "{{ lookup('template', 'middleware-forwardauth.yml') | from_yaml }}"
- name: Deploy nginx - ingress
roles/nginx/templates/ingress.yml
-5
View File
@@ -10,11 +10,6 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`www.nginx.lino.cooking`)
kind: Rule
services:
- name: nginx
port: 80
- match: Host(`nginx.lino.cooking`)
kind: Rule
services:
roles/nginx/templates/middleware-forwardauth.yml
+1
View File
@@ -2,6 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nginx-middleware-forwardauth
namespace: traefik
spec:
forwardAuth:
address: https://nginx.lino.cooking/outpost.goauthentik.io/auth/traefik