provisioning/ansible-5/roles/prod.k3s/tasks/main.yml

---
# provisioning services in k3s cluster

# mount gluster
- name: Create glusterfs fstab entries
  ansible.posix.mount:
    path: "{{item.path}}"
    src: "gluster:/{{item.name}}"
    fstype: "glusterfs"
    boot: false
    opts: "direct-io-mode=disable,_netdev,x-systemd.automount 0 0"
    state: "{{item.state}}"
  with_items: "{{fstab.gluster}}"
  become: true

# provision docker image registry
- include_tasks: add_repos.yml

# https://artifacthub.io/packages/helm/twuni/docker-registry
- name: Deploy latest version of docker-registry in dev-tools namespace
  local_action:
    module: kubernetes.core.helm
    name: dkregistry
    chart_ref: twuni/docker-registry
    release_namespace: dev-tools
    create_namespace: True
    values:
      replicaCount: 1
      ingress:
        enabled: true
        hosts:
          - dkregistry.xai-corp.net
        className: traefik
      secrets.htpassword: me1
      extraVolumeMounts:
        - name: registry-data
          mountPath: /var/lib/registry-data
        - name: registry-auth
          mountPath: /auth
        - name: registry-auth
          mountPath: /etc/docker/registry/
        - name: letsencrypt-data
          mountPath: /certs
        - name: letsencrypt-config
          mountPath: /etc/letsencrypt
      extraVolumes:
        - name: registry-data
          hostPath:
            path: /opt/shared/dkregistry/data
        - name: registry-auth
          hostPath:
            path: /opt/shared/dkregistry/auth
        - name: registry-config
          hostPath:
            path: /opt/shared/dkregistry/config/
        - name: letsencrypt-data
          hostPath:
            path: /opt/shared/letsencrypt-2
        - name: letsencrypt-config
          hostPath:
            path: /opt/shared/letsencrypt-2
#      extraEnvVars:
#        - name: REGISTRY_HTTP_SECRET
#          value: aabuioqlwlcpp2
#        - name: REGISTRY_HTTP_TLS_CERTIFICATE
#          value: /certs/live/xai-corp.net/fullchain.pem
#        - name: REGISTRY_HTTP_TLS_KEY
#          value: /certs/live/xai-corp.net/privkey.pem


# k3s config file
#- name: Copy k3s config file to /etc/rancher/k3s/config.yaml
#  ansible.builtin.copy:
#    src: config.yaml
#    dest: /etc/rancher/k3s/config.yaml
#  become: true

# provision gitea

# provision argoCD

# provision graphana
- name: Copy manifest for graphana
  ansible.builtin.copy:
    src: manifests/graphana.helm.yaml
    dest: /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
  become: true

- name: Copy manifest for docker registry
  ansible.builtin.copy:
    src: manifests/registry.helm.yaml
    dest: /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
  become: true

- name: Copy manifest for mariadb
  ansible.builtin.copy:
    src: manifests/mariadb.helm.yaml
    dest: /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
  become: true

- name: remove manifests
  ansible.builtin.file:
    state: absent
    path: "{{ item }}"
  loop:
    - /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
    - /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
    - /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
  become: true