WIP: add Takahe

"S3" not working yet

diff --git a/personal_infra/playbooks/roles/takahe/tasks/main.yaml b/personal_infra/playbooks/roles/takahe/tasks/main.yaml
new file mode 100644 (file)
index 0000000..44ad0c4
--- /dev/null
+++ b/personal_infra/playbooks/roles/takahe/tasks/main.yaml
@@ -0,0 +1,186 @@
+---
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: "{{ takahe.namespace }}"
+    kind: Namespace
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: takahe-secrets
+    kind: Secret
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+      data:
+        TAKAHE_SECRET_KEY: "{{ takahe.secret_key | b64encode }}"
+        TAKAHE_EMAIL_SERVER: "{{ ('smtp://' + mail.ses_username + ':' + mail.ses_password + '@' + mail.ses_endpoint + ':25?tls=true') | b64encode }}"
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: takahe-config
+    kind: ConfigMap
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+      data:
+        PGHOST: "{{ takahe.database_host }}"
+        PGUSER: "{{ takahe.database_user }}"
+        PGDATABASE: "{{ takahe.database }}"
+        TAKAHE_MEDIA_BACKEND: "{{ takahe.s3 }}"
+        TAKAHE_MAIN_DOMAIN: "{{ takahe.main_domain }}"
+        TAKAHE_EMAIL_FROM: "{{ takahe.email_from }}"
+        TAKAHE_USE_PROXY_HEADERS: "true"
+        TAKAHE_AUTO_ADMIN_EMAIL: "{{ takahe.admin_email }}"
+        TAKAHE_CSRF_HOSTS: "{{ ['https://' + takahe.main_domain] | to_json }}"
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: webserver
+    kind: Deployment
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+      spec:
+        selector:
+          matchLabels:
+            run: webserver
+        template:
+          metadata:
+            labels:
+              run: webserver
+          spec:
+            containers:
+              - name: webserver
+                image: "jointakahe/takahe:{{ takahe.version }}"
+                args:
+                  - "gunicorn"
+                  - "takahe.wsgi:application"
+                  - "-w"
+                  - "6"
+                  - "-b"
+                  - "0.0.0.0:8000"
+                ports:
+                  - containerPort: 8000
+                envFrom:
+                  - configMapRef:
+                      name: takahe-config
+                  - secretRef:
+                      name: takahe-secrets
+                livenessProbe:
+                  httpGet:
+                    path: /
+                    port: 8000
+                readinessProbe:
+                  httpGet:
+                    path: /
+                    port: 8000
+                startupProbe:
+                  httpGet:
+                    path: /
+                    port: 8000
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: webserver
+    kind: Service
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+        labels:
+          run: webserver
+      spec:
+        ports:
+          - port: 80
+            targetPort: 8000
+            name: web
+        selector:
+          run: webserver
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: webserver
+    kind: Ingress
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+      spec:
+        rules:
+          - host: "{{ takahe.main_domain }}"
+            http:
+              paths:
+                - path: /
+                  pathType: Prefix
+                  backend:
+                    service:
+                      name: webserver
+                      port:
+                        name: web
+          - host: "*.example.com"
+            http:
+              paths:
+                - path: /
+                  pathType: Prefix
+                  backend:
+                    service:
+                      name: webserver
+                      port:
+                        name: web
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: stator
+    kind: Deployment
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+      spec:
+        selector:
+          matchLabels:
+            run: stator
+        template:
+          metadata:
+            labels:
+              run: stator
+          spec:
+            containers:
+              - name: stator
+                image: "jointakahe/takahe:{{ takahe.version }}"
+                args:
+                  - python3
+                  - manage.py
+                  - runstator
+                envFrom:
+                  - configMapRef:
+                      name: takahe-config
+                  - secretRef:
+                      name: takahe-secrets
+  delegate_to: 127.0.0.1
+- k8s:
+    context: "{{ context }}"
+    state: present
+    name: migrate
+    kind: Job
+    definition:
+      metadata:
+        namespace: "{{ takahe.namespace }}"
+      spec:
+        template:
+          spec:
+            restartPolicy: Never
+            containers:
+              - name: webserver
+                image: "jointakahe/takahe:{{ takahe.version }}"
+                args: ["python3", "manage.py", "migrate"]
+                envFrom:
+                  - configMapRef:
+                      name: takahe-config
+                  - secretRef:
+                      name: takahe-secrets
+  delegate_to: 127.0.0.1

diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml
index b9852a440309c61f51b03d53ce36cc1fa0a11139..274af8ef86279a96191489041777b251a136e130 100644 (file)
--- a/personal_infra/playbooks/site.yaml
+++ b/personal_infra/playbooks/site.yaml
@@ -61,3 +61,14 @@
       vars:
         context: "admin@{{ talos_host.talos_cluster }}"
         definition: "{{ weight }}"
+
+- name: deploy takahe
+  hosts: k8s-test.h1.int.pdp7.net
+  tags:
+    - k8s
+    - takahe
+  gather_facts: false
+  roles:
+    - role: takahe
+      vars:
+        context: "admin@{{ talos_host.talos_cluster }}"

diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp
index 0bdb5b9754d4b5e889d04a5bc30c013bbcc8afa2..c9bab2d3fa396d579c07f5cab2421e6746e69a5b 100644 (file)
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -72,6 +72,10 @@ node 'h1.pdp7.net' {
     target => 'http://grafana.h1.int.pdp7.net:3000/',
   }
 
+  proxmox::proxy_host {'takahe.pdp7.net':
+    target => 'http://k8s-test.h1.int.pdp7.net/',
+  }
+
   package {'haproxy':}
   ->
   file {'/etc/haproxy/haproxy.cfg':

diff --git a/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp b/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp
index 79d4130e3dc48973fd9c02b7cd7e10fb34fc4921..7256501ef84ccc3f20f403c602ac0e8bcdc3daf5 100644 (file)
--- a/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp
+++ b/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp
@@ -9,6 +9,7 @@ node 'pg.h1.int.pdp7.net' {
       host    weight          nagios          nagios.h1.int.pdp7.net    trust
       host    miniflux        miniflux        miniflux.h1.int.pdp7.net  trust
       host    nextcloud       nextcloud       nextcloud.h1.int.pdp7.net trust
+      host    takahe          k8s_test        k8s-test.h1.int.pdp7.net  trust
       | EOT
     ,
   }