From 58f00230a3dfdabe1c940f60cd1a3f301420c80a Mon Sep 17 00:00:00 2001 From: richard Date: Tue, 4 Oct 2022 07:16:43 -0400 Subject: [PATCH] move stashapp to proper namespace --- ansible-5/roles/prod.k3s/defaults/main.yml | 5 +++ .../prod.k3s/files/stash/proxy-values.yaml | 40 +++++++++++++++++++ .../roles/prod.k3s/files/stash/pv-claim.yaml | 2 +- .../prod.k3s/tasks/deployments/stash.yaml | 28 ++++++++++++- 4 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml diff --git a/ansible-5/roles/prod.k3s/defaults/main.yml b/ansible-5/roles/prod.k3s/defaults/main.yml index b95f9e1..e28c07b 100644 --- a/ansible-5/roles/prod.k3s/defaults/main.yml +++ b/ansible-5/roles/prod.k3s/defaults/main.yml @@ -36,3 +36,8 @@ helm: repo_url: https://charts.bitnami.com/bitnami - name: cetic repo_url: https://cetic.github.io/helm-charts + +apps: + stash: + state: present + namespace: stashapp diff --git a/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml new file mode 100644 index 0000000..c97b34a --- /dev/null +++ b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml @@ -0,0 +1,40 @@ +--- +#oauth2-proxy values file for stash app +config: + # Add config annotations + annotations: {} + # OAuth client ID + clientID: "7b70fc0364e3f2da5d4b" + # OAuth client secret + clientSecret: "0359972eef425a4a0b7690b6c323214c26a04686" + configFile: |- + provider = "email" + email_domains = ["sympatico.ca"] + +# provider = "github" +# github_user = "rmorgan105" +# email_domains = [ "*" ] +# upstreams = [ "file:///dev/null" ] +ingress: + enabled: true +# className: traefic + path: / + # Only used if API capabilities (networking.k8s.io/v1) allow it + pathType: ImplementationSpecific + # Used to create an Ingress record. + hosts: + - stash.xai-corp.net + # - chart-example.local + # Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1) + extraPaths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: stash + port: + number: 9999 + # annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" diff --git a/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml b/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml index 0af8bb2..22d950e 100644 --- a/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml +++ b/ansible-5/roles/prod.k3s/files/stash/pv-claim.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: stash-pv-claim - namespace: testing + namespace: stashapp spec: storageClassName: manual accessModes: diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml index 154c767..7227832 100644 --- a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml +++ b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml @@ -36,12 +36,36 @@ - name: Install stash Chart local_action: module: kubernetes.core.helm - release_state: present + release_state: "{{ apps.stash.state }}" name: stash - namespace: testing + namespace: "{{ apps.stash.namespace }}" create_namespace: yes update_repo_cache: True chart_ref: k8s-at-home/stash values: "{{stash_values}}" wait: true +- name: Install oauth2-proxy in front of stash app + block: + - name: Add oauth2-proxy chart helm repo + local_action: + module: kubernetes.core.helm_repository + name: oauth2-proxy + repo_url: https://oauth2-proxy.github.io/manifests + + - name: load variables files/stash/proxy-values.yaml + ansible.builtin.include_vars: + file: files/stash/proxy-values.yaml + name: stash_values + + - name: Install oauth2-proxy Release + local_action: + module: kubernetes.core.helm + release_state: absent + name: stash-oauth2-proxy + namespace: "{{ apps.stash.namespace }}" + create_namespace: yes + update_repo_cache: True + chart_ref: oauth2-proxy/oauth2-proxy + values: "{{stash_values}}" + wait: true