--- # extra setup: # # - create the postgres database # # weed shell # - s3.configure -access_key=... -secret_key=... -buckets=takahe -user=... -actions=Read,Write,List,Tagging,Admin -apply # - s3.configure -buckets=takahe -user=anonymous -actions=Read -apply # - name: create CNAMEs local_action: module: amazon.aws.route53 zone: "{{ takahe.dns_zone }}" record: "{{ item }}" type: CNAME value: "{{ takahe.cnames.target }}" wait: true state: present tags: dns loop: "{{ takahe.cnames.domains }}" - name: create main domain local_action: module: amazon.aws.route53 zone: "{{ takahe.dns_zone }}" record: "{{ takahe.main_domain.name }}" type: "{{ takahe.main_domain.dns_record_type }}" value: "{{ takahe.main_domain.target }}" wait: true state: present tags: dns - name: create namespace k8s: context: "{{ context }}" state: present name: "{{ takahe.namespace }}" kind: Namespace delegate_to: 127.0.0.1 - name: create secret k8s: context: "{{ context }}" state: present name: takahe-secrets kind: Secret definition: metadata: namespace: "{{ takahe.namespace }}" data: TAKAHE_SECRET_KEY: "{{ takahe.secret_key | b64encode }}" TAKAHE_EMAIL_SERVER: "{{ ('smtp://' + mail.ses_username + ':' + mail.ses_password + '@' + mail.ses_endpoint + ':25?tls=true') | b64encode }}" TAKAHE_MEDIA_BACKEND: "{{ (takahe.s3_proto + '://' + takahe.s3_access_key + ':' + takahe.s3_secret_key + '@' + takahe.s3_endpoint + '/' + takahe.s3_bucket) | b64encode }}" delegate_to: 127.0.0.1 - name: create config map k8s: context: "{{ context }}" state: present name: takahe-config kind: ConfigMap definition: metadata: namespace: "{{ takahe.namespace }}" data: PGHOST: "{{ takahe.database_host }}" PGUSER: "{{ takahe.database_user }}" PGDATABASE: "{{ takahe.database }}" TAKAHE_MAIN_DOMAIN: "{{ takahe.main_domain.name }}" TAKAHE_EMAIL_FROM: "{{ takahe.email_from }}" TAKAHE_USE_PROXY_HEADERS: "true" TAKAHE_AUTO_ADMIN_EMAIL: "{{ takahe.admin_email }}" TAKAHE_CSRF_HOSTS: "{{ ['https://femto.pub', 'https://alex.femto.pub'] | to_json }}" TAKAHE_ERROR_EMAILS: "{{ [takahe.admin_email] | to_json }}" delegate_to: 127.0.0.1 - name: create deployment k8s: context: "{{ context }}" state: present name: webserver kind: Deployment definition: metadata: namespace: "{{ takahe.namespace }}" spec: selector: matchLabels: run: webserver template: metadata: labels: run: webserver spec: containers: - name: webserver image: "docker.io/avaraline/incarnator:{{ takahe.version }}" imagePullPolicy: Always args: - "gunicorn" - "takahe.wsgi:application" - "-w" - "6" - "-b" - "0.0.0.0:8000" ports: - containerPort: 8000 envFrom: - configMapRef: name: takahe-config - secretRef: name: takahe-secrets livenessProbe: httpGet: path: / port: 8000 readinessProbe: httpGet: path: / port: 8000 startupProbe: httpGet: path: / port: 8000 delegate_to: 127.0.0.1 - name: create service k8s: context: "{{ context }}" state: present name: webserver kind: Service definition: metadata: namespace: "{{ takahe.namespace }}" labels: run: webserver spec: ports: - port: 80 targetPort: 8000 name: web selector: run: webserver delegate_to: 127.0.0.1 - name: create ingress k8s: context: "{{ context }}" state: present name: webserver kind: Ingress definition: metadata: namespace: "{{ takahe.namespace }}" spec: rules: - host: "{{ takahe.main_domain.name }}" http: paths: - path: / pathType: Prefix backend: service: name: webserver port: name: web - host: "*.femto.pub" http: paths: - path: / pathType: Prefix backend: service: name: webserver port: name: web delegate_to: 127.0.0.1 - name: create stator deployment k8s: context: "{{ context }}" state: present name: stator kind: Deployment definition: metadata: namespace: "{{ takahe.namespace }}" spec: selector: matchLabels: run: stator template: metadata: labels: run: stator spec: containers: - name: stator image: "docker.io/avaraline/incarnator:{{ takahe.version }}" imagePullPolicy: Always args: - python3 - manage.py - runstator envFrom: - configMapRef: name: takahe-config - secretRef: name: takahe-secrets delegate_to: 127.0.0.1 - name: create migrate job k8s: context: "{{ context }}" state: present name: migrate kind: Job definition: metadata: namespace: "{{ takahe.namespace }}" spec: template: spec: restartPolicy: Never containers: - name: webserver image: "docker.io/avaraline/incarnator:{{ takahe.version }}" args: ["python3", "manage.py", "migrate"] envFrom: - configMapRef: name: takahe-config - secretRef: name: takahe-secrets delegate_to: 127.0.0.1