-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yaml
162 lines (136 loc) · 5.37 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
---
- import_tasks: tasks/docker-reset-leave-images.yml
- import_tasks: tasks/helm.yml
- name: delete ~/.kube
file:
path: "{{ kube_home }}"
state: absent
- name: create ~/.kube
file:
path: "{{ kube_home }}"
state: directory
recurse: true
- name: rke - Create rke template with external TLS
template:
src: k8s_rancher_with_external_tls.yaml
dest: "{{ kube_home }}/{{ kubernetes_cluster_yaml }}"
when: USING_EXTERNAL_TLS
- name: rke - Create rke template without external TLS
template:
src: k8s_rancher_with_no_external_tls.yaml
dest: "{{ kube_home }}/{{ kubernetes_cluster_yaml }}"
when: not USING_EXTERNAL_TLS
- name: rke - Create cluster
shell: rke up --config {{ kube_home }}/{{ kubernetes_cluster_yaml }}
- name: kubectl - Make kubeconfig file default
copy:
src: "{{ kube_home }}/{{ kubeconfig_yaml }}"
dest: "{{ kube_home }}/config"
remote_src: yes
force: yes
- name: kubectl - Copy kubeconfig locally
fetch:
src: "{{ kube_home }}/{{ kubeconfig_yaml }}"
dest: "~/.kube/config"
flat: yes
#- name: kubectl - remove {{ kubeconfig }}
# file:
# path: "{{ kube_home }}/{{ kubernetes_cluster_yaml }}"
# state: absent
- name: letsencrypt - production
set_fact:
LETSENCRYPT_SERVER: https://acme-v02.api.letsencrypt.org/directory
LETSENCRYPT_STAGE_OR_PROD: prod
when: PROD
- name: letsencrypt - staging
set_fact:
LETSENCRYPT_SERVER: https://acme-staging-v02.api.letsencrypt.org/directory
LETSENCRYPT_STAGE_OR_PROD: staging
when: not PROD
- name: cert-manager - Create namespace ({{ CERT_MANAGER_NAMESPACE }})
shell: kubectl create namespace {{ CERT_MANAGER_NAMESPACE }}
ignore_errors: yes
- name: cert-manager - Install with regular manifests ({{ CERT_MANAGER_VERSION }})
shell: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/{{ CERT_MANAGER_VERSION }}/cert-manager.yaml
when: not CERT_MANGER_HELM_INSTALL
- name: cert-manager - Install with helm 3 ({{ CERT_MANAGER_VERSION }})
shell: |
# install CustomResourceDefinition resources
kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/{{ CERT_MANAGER_VERSION }}/deploy/manifests/00-crds.yaml
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace {{ CERT_MANAGER_NAMESPACE }} \
--version {{ CERT_MANAGER_VERSION }}
when: CERT_MANGER_HELM_INSTALL
- name: cert-manager - Wait for cert-manager
shell: kubectl -n cert-manager rollout status deploy/cert-manager
register: kubectl
changed_when: kubectl.stdout == 'deployment "cert-manager" successfully rolled out'
delay: 5
retries: 50
- name: cert-manager - Get pods
shell: kubectl get pods --namespace cert-manager
# https://cert-manager.io/docs/configuration/acme/
- name: cert-manager - Create ACME ({{ ACME_ISSUER_TYPE }})
template:
src: cert-manager-acme.yaml
dest: "{{ kube_home }}/{{ acme_issuer_yaml }}"
- name: cert-manager - Install ACME Issuer
shell: kubectl apply --validate=false -f {{ kube_home }}/{{ acme_issuer_yaml }}
register: acme
until: '"failed calling webhook" not in acme.stderr'
changed_when: '"failed calling webhook" not in acme.stderr'
delay: 5
retries: 50
- name: rancher - Add rancher helm ({{ RANCHER_VERSION }})
shell: helm repo add rancher-{{ RANCHER_VERSION }} https://releases.rancher.com/server-charts/{{ RANCHER_VERSION }}
- name: rancher - Create rancher namespace ({{ RANCHER_NAMESPACE }})
shell: kubectl create namespace {{ RANCHER_NAMESPACE }}
ignore_errors: yes
- name: rancher - Install Rancher with External TLS
shell: |
helm install rancher rancher-{{ RANCHER_VERSION }}/rancher \
--set replicas={{ RANCHER_REPLICAS }} \
--namespace {{ RANCHER_NAMESPACE }} \
--set hostname={{ RANCHER_HOSTNAME }} \
--set tls=external --wait
when: LETSENCRYPT
register: helm
changed_when: '"cannot re-use a name that is still in use" in helm.stderr'
delay: 5
retries: 10
- name: rancher - Install Rancher with Letsencrypt
shell: |
helm install rancher rancher-{{ RANCHER_VERSION }}/rancher \
--set replicas={{ RANCHER_REPLICAS }} \
--namespace {{ RANCHER_NAMESPACE }} \
--set hostname={{ RANCHER_HOSTNAME }} \
--set ingress.tls.source=letsEncrypt \
--set letsEncrypt.email={{ ADMIN_EMAIL }} \
--set letsEncrypt.environment={{ LETSENCRYPT_STAGE_OR_PROD }} --wait
when: LETSENCRYPT
register: helm
changed_when: '"cannot re-use a name that is still in use" in helm.stderr'
delay: 5
retries: 10
- name: rancher - Install Rancher
shell: |
helm install rancher rancher-{{ RANCHER_VERSION }}/rancher \
--set replicas={{ RANCHER_REPLICAS }} \
--namespace {{ RANCHER_NAMESPACE }} \
--set hostname={{ RANCHER_HOSTNAME }} \
--set ingress.tls.source=rancher --wait
when: not LETSENCRYPT
register: helm
changed_when: '"cannot re-use a name that is still in use" in helm.stderr'
delay: 5
retries: 10
- name: rancher - Scale rancher to ({{ RANCHER_REPLICAS }})
shell: kubectl scale -n {{ RANCHER_NAMESPACE }} deploy/rancher --replicas={{ RANCHER_REPLICAS }}
- name: rancher - Wait for rancher
shell: kubectl -n cattle-system rollout status deploy/rancher
register: kubectl
changed_when: kubectl.stdout == 'deployment "rancher" successfully rolled out'
delay: 5
retries: 15