provisioning/ansible-5/roles/prod.k3s/tasks/main.yml

---
# provisioning services in k3s cluster

# mount gluster
#- include_tasks: gluster.fstab.yml

# add helm repositories
#- include_tasks: add_repos.yml


- include_tasks: cert_manager.yml

# https://artifacthub.io/packages/helm/twuni/docker-registry
#- name: Deploy latest version of docker-registry in dev-tools namespace
#  local_action:
#    module: kubernetes.core.helm
#    name: dkregistry
#    chart_ref: twuni/docker-registry
#    release_namespace: dev-tools
#    create_namespace: True
#    values:
#      replicaCount: 1
#      ingress:
#        enabled: true
#        hosts:
#          - dkregistry.xai-corp.net
#        className: traefik
#      secrets.htpassword: me1
#      extraVolumeMounts:
#        - name: registry-data
#          mountPath: /var/lib/registry-data
#        - name: registry-auth
#          mountPath: /auth
#        - name: registry-auth
#          mountPath: /etc/docker/registry/
#        - name: letsencrypt-data
#          mountPath: /certs
#        - name: letsencrypt-config
#          mountPath: /etc/letsencrypt
#      extraVolumes:
#        - name: registry-data
#          hostPath:
#            path: /opt/shared/dkregistry/data
#        - name: registry-auth
#          hostPath:
#            path: /opt/shared/dkregistry/auth
#        - name: registry-config
#          hostPath:
#            path: /opt/shared/dkregistry/config/
#        - name: letsencrypt-data
#          hostPath:
#            path: /opt/shared/letsencrypt-2
#        - name: letsencrypt-config
#          hostPath:
#            path: /opt/shared/letsencrypt-2
#      extraEnvVars:
#        - name: REGISTRY_HTTP_SECRET
#          value: aabuioqlwlcpp2
#        - name: REGISTRY_HTTP_TLS_CERTIFICATE
#          value: /certs/live/xai-corp.net/fullchain.pem
#        - name: REGISTRY_HTTP_TLS_KEY
#          value: /certs/live/xai-corp.net/privkey.pem


# k3s config file
#- name: Copy k3s config file to /etc/rancher/k3s/config.yaml
#  ansible.builtin.copy:
#    src: config.yaml
#    dest: /etc/rancher/k3s/config.yaml
#  become: true

# provision gitea

# provision argoCD

# provision graphana
#- name: Copy manifest for graphana
#  ansible.builtin.copy:
#    src: manifests/graphana.helm.yaml
#    dest: /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
#  become: true
#
#- name: Copy manifest for docker registry
#  ansible.builtin.copy:
#    src: manifests/registry.helm.yaml
#    dest: /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
#  become: true
#
#- name: Copy manifest for mariadb
#  ansible.builtin.copy:
#    src: manifests/mariadb.helm.yaml
#    dest: /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
#  become: true
#
#- name: remove manifests
#  ansible.builtin.file:
#    state: absent
#    path: "{{ item }}"
#  loop:
#    - /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
#    - /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
#    - /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
#  become: true