use oauth2-proxy in front of hello-world

2022-12-20 17:30:42 -05:00
parent 0e1aee55b4
commit 4dc0961cc8
5 changed files with 94 additions and 18 deletions
--- a/ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml
@@ -0,0 +1,41 @@
+---
+# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
+
+- name: create hello world resources
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: "{{apps.hello_world.state}}"
+    definition: "{{ lookup('file', item) | from_yaml }}"
+  loop:
+    - hello-world/configmap.yaml
+#    - hello-world/ingress.yaml
+    - hello-world/service.yaml
+    - hello-world/deployment.yaml
+  become: true
+
+
+- name: Install oauth-proxy for hello-world
+  block:
+
+    - name: Add oauth-proxy chart helm repo
+      local_action:
+        module: kubernetes.core.helm_repository
+        name: oauth2-proxy
+        repo_url: https://oauth2-proxy.github.io/manifests
+
+    - name: load variables files/hello-world/values.yaml
+      ansible.builtin.include_vars:
+        file: files/hello-world/values.yaml
+        name: release_values
+
+    - name: Install oauth2-proxy Release
+      local_action:
+        module: kubernetes.core.helm
+        release_state: "{{apps.hello_world.state}}"
+        name: oauth2-proxy
+        namespace: "{{apps.hello_world.namespace}}"
+        create_namespace: yes
+        update_repo_cache: True
+        chart_ref: oauth2-proxy/oauth2-proxy
+        values: "{{release_values}}"
+        wait: true
--- a/ansible-5/roles/prod.k3s/tasks/hello-world.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/hello-world.yaml
@@ -1,14 +0,0 @@
---
-# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
-
- name: create hello world resources
-  kubernetes.core.k8s:
-    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
-    state: present
-    definition: "{{ lookup('file', item) | from_yaml }}"
-  loop:
-    - hello-world/configmap.yaml
-    - hello-world/ingress.yaml
-    - hello-world/service.yaml
-    - hello-world/deployment.yaml
-  become: true
--- a/ansible-5/roles/prod.k3s/tasks/main.yml
+++ b/ansible-5/roles/prod.k3s/tasks/main.yml
@@ -11,7 +11,8 @@
  include_tasks: cert_manager.yml

 - name: deploy hello-world
-  include_tasks: hello-world.yaml
+  include_tasks: deployments/hello-world.yaml
+  when: apps.hello_world.enabled

 - name: deploy stash
  include_tasks: deployments/stash.yaml