From 4dc0961cc829fa0b07c4c0e66a678b6f4f26cfdc Mon Sep 17 00:00:00 2001 From: richard Date: Tue, 20 Dec 2022 17:30:42 -0500 Subject: [PATCH] use oauth2-proxy in front of hello-world --- ansible-5/roles/prod.k3s/defaults/main.yml | 11 +++-- .../prod.k3s/files/hello-world/values.yaml | 43 +++++++++++++++++++ .../tasks/deployments/hello-world.yaml | 41 ++++++++++++++++++ .../roles/prod.k3s/tasks/hello-world.yaml | 14 ------ ansible-5/roles/prod.k3s/tasks/main.yml | 3 +- 5 files changed, 94 insertions(+), 18 deletions(-) create mode 100644 ansible-5/roles/prod.k3s/files/hello-world/values.yaml create mode 100644 ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml delete mode 100644 ansible-5/roles/prod.k3s/tasks/hello-world.yaml diff --git a/ansible-5/roles/prod.k3s/defaults/main.yml b/ansible-5/roles/prod.k3s/defaults/main.yml index f38f36a..961c06b 100644 --- a/ansible-5/roles/prod.k3s/defaults/main.yml +++ b/ansible-5/roles/prod.k3s/defaults/main.yml @@ -45,7 +45,7 @@ helm: apps: stash: - enabled: true + enabled: false state: present namespace: stashapp @@ -65,13 +65,18 @@ apps: state: present dkregistry: - enabled: true + enabled: false namespace: default pvc: data-dkregistry-0 state: present nextcloud: - enabled: true + enabled: false namespace: nextcloud state: present + + hello_world: + enabled: true + namespace: default + state: present diff --git a/ansible-5/roles/prod.k3s/files/hello-world/values.yaml b/ansible-5/roles/prod.k3s/files/hello-world/values.yaml new file mode 100644 index 0000000..ae1dae7 --- /dev/null +++ b/ansible-5/roles/prod.k3s/files/hello-world/values.yaml @@ -0,0 +1,43 @@ +--- +# values file for hello-world oauth2-proxy helm chart + +image: + tag: "v7.2.0" + +config: + clientID: ab3b5b5f-cb5b-4e89-9453-d1fb318399c8 + clientSecret: gto_mjzrf23bvu5ohu7dub6r7ti5daoa7vw2wpafum7i4qcb4emwqrza + +#configFile: |- +# email_domains = [ "*" ] +# upstreams = [ "file:///dev/null" ] +# provider = "github" +# redirect-url = "https://www.xai-corp.net/oauth2/callback" +# login-url = "https://git.xai-corp.net/login/oauth/authorize" +# redeem-url = "https://git.xai-corp.net/login/oauth/access_token" +# validate-url = "https://git.xai-corp.net/api/v1" + +extraArgs: + upstream: "http://hello-world/" + provider: "github" + provider-display-name: "Gitea" + redirect-url: "https://www.xai-corp.net/oauth2/callback" + login-url: "https://git.xai-corp.net/login/oauth/authorize" + redeem-url: "https://git.xai-corp.net/login/oauth/access_token" + validate-url: "https://git.xai-corp.net/api/v1" + + +ingress: + enabled: true + path: / + pathType: Prefix + annotations: + hosts: + - www.xai-corp.net +# hosts: +# - host: www.xai-corp.net +# paths: +# - path: / +# pathType: Prefix + tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames + - secretName: xai-corp-production-tls diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml new file mode 100644 index 0000000..84c8677 --- /dev/null +++ b/ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml @@ -0,0 +1,41 @@ +--- +# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik + +- name: create hello world resources + kubernetes.core.k8s: + kubeconfig: "/etc/rancher/k3s/k3s.yaml" + state: "{{apps.hello_world.state}}" + definition: "{{ lookup('file', item) | from_yaml }}" + loop: + - hello-world/configmap.yaml +# - hello-world/ingress.yaml + - hello-world/service.yaml + - hello-world/deployment.yaml + become: true + + +- name: Install oauth-proxy for hello-world + block: + + - name: Add oauth-proxy chart helm repo + local_action: + module: kubernetes.core.helm_repository + name: oauth2-proxy + repo_url: https://oauth2-proxy.github.io/manifests + + - name: load variables files/hello-world/values.yaml + ansible.builtin.include_vars: + file: files/hello-world/values.yaml + name: release_values + + - name: Install oauth2-proxy Release + local_action: + module: kubernetes.core.helm + release_state: "{{apps.hello_world.state}}" + name: oauth2-proxy + namespace: "{{apps.hello_world.namespace}}" + create_namespace: yes + update_repo_cache: True + chart_ref: oauth2-proxy/oauth2-proxy + values: "{{release_values}}" + wait: true diff --git a/ansible-5/roles/prod.k3s/tasks/hello-world.yaml b/ansible-5/roles/prod.k3s/tasks/hello-world.yaml deleted file mode 100644 index dee582f..0000000 --- a/ansible-5/roles/prod.k3s/tasks/hello-world.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik - -- name: create hello world resources - kubernetes.core.k8s: - kubeconfig: "/etc/rancher/k3s/k3s.yaml" - state: present - definition: "{{ lookup('file', item) | from_yaml }}" - loop: - - hello-world/configmap.yaml - - hello-world/ingress.yaml - - hello-world/service.yaml - - hello-world/deployment.yaml - become: true diff --git a/ansible-5/roles/prod.k3s/tasks/main.yml b/ansible-5/roles/prod.k3s/tasks/main.yml index f136b63..b8da6fb 100644 --- a/ansible-5/roles/prod.k3s/tasks/main.yml +++ b/ansible-5/roles/prod.k3s/tasks/main.yml @@ -11,7 +11,8 @@ include_tasks: cert_manager.yml - name: deploy hello-world - include_tasks: hello-world.yaml + include_tasks: deployments/hello-world.yaml + when: apps.hello_world.enabled - name: deploy stash include_tasks: deployments/stash.yaml