From 0adbca7988de803a3c2910c73956ee249c28b3e6 Mon Sep 17 00:00:00 2001 From: alex Date: Thu, 14 Mar 2024 19:34:36 +0100 Subject: [PATCH] WIP: add Takahe "S3" not working yet --- .../playbooks/roles/takahe/tasks/main.yaml | 186 ++++++++++++++++++ personal_infra/playbooks/site.yaml | 11 ++ personal_infra/puppet/site/h1.pdp7.net.pp | 4 + .../puppet/site/pg.h1.int.pdp7.net.pp | 1 + 4 files changed, 202 insertions(+) create mode 100644 personal_infra/playbooks/roles/takahe/tasks/main.yaml diff --git a/personal_infra/playbooks/roles/takahe/tasks/main.yaml b/personal_infra/playbooks/roles/takahe/tasks/main.yaml new file mode 100644 index 0000000..44ad0c4 --- /dev/null +++ b/personal_infra/playbooks/roles/takahe/tasks/main.yaml @@ -0,0 +1,186 @@ +--- +- k8s: + context: "{{ context }}" + state: present + name: "{{ takahe.namespace }}" + kind: Namespace + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: takahe-secrets + kind: Secret + definition: + metadata: + namespace: "{{ takahe.namespace }}" + data: + TAKAHE_SECRET_KEY: "{{ takahe.secret_key | b64encode }}" + TAKAHE_EMAIL_SERVER: "{{ ('smtp://' + mail.ses_username + ':' + mail.ses_password + '@' + mail.ses_endpoint + ':25?tls=true') | b64encode }}" + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: takahe-config + kind: ConfigMap + definition: + metadata: + namespace: "{{ takahe.namespace }}" + data: + PGHOST: "{{ takahe.database_host }}" + PGUSER: "{{ takahe.database_user }}" + PGDATABASE: "{{ takahe.database }}" + TAKAHE_MEDIA_BACKEND: "{{ takahe.s3 }}" + TAKAHE_MAIN_DOMAIN: "{{ takahe.main_domain }}" + TAKAHE_EMAIL_FROM: "{{ takahe.email_from }}" + TAKAHE_USE_PROXY_HEADERS: "true" + TAKAHE_AUTO_ADMIN_EMAIL: "{{ takahe.admin_email }}" + TAKAHE_CSRF_HOSTS: "{{ ['https://' + takahe.main_domain] | to_json }}" + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: webserver + kind: Deployment + definition: + metadata: + namespace: "{{ takahe.namespace }}" + spec: + selector: + matchLabels: + run: webserver + template: + metadata: + labels: + run: webserver + spec: + containers: + - name: webserver + image: "jointakahe/takahe:{{ takahe.version }}" + args: + - "gunicorn" + - "takahe.wsgi:application" + - "-w" + - "6" + - "-b" + - "0.0.0.0:8000" + ports: + - containerPort: 8000 + envFrom: + - configMapRef: + name: takahe-config + - secretRef: + name: takahe-secrets + livenessProbe: + httpGet: + path: / + port: 8000 + readinessProbe: + httpGet: + path: / + port: 8000 + startupProbe: + httpGet: + path: / + port: 8000 + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: webserver + kind: Service + definition: + metadata: + namespace: "{{ takahe.namespace }}" + labels: + run: webserver + spec: + ports: + - port: 80 + targetPort: 8000 + name: web + selector: + run: webserver + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: webserver + kind: Ingress + definition: + metadata: + namespace: "{{ takahe.namespace }}" + spec: + rules: + - host: "{{ takahe.main_domain }}" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: webserver + port: + name: web + - host: "*.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: webserver + port: + name: web + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: stator + kind: Deployment + definition: + metadata: + namespace: "{{ takahe.namespace }}" + spec: + selector: + matchLabels: + run: stator + template: + metadata: + labels: + run: stator + spec: + containers: + - name: stator + image: "jointakahe/takahe:{{ takahe.version }}" + args: + - python3 + - manage.py + - runstator + envFrom: + - configMapRef: + name: takahe-config + - secretRef: + name: takahe-secrets + delegate_to: 127.0.0.1 +- k8s: + context: "{{ context }}" + state: present + name: migrate + kind: Job + definition: + metadata: + namespace: "{{ takahe.namespace }}" + spec: + template: + spec: + restartPolicy: Never + containers: + - name: webserver + image: "jointakahe/takahe:{{ takahe.version }}" + args: ["python3", "manage.py", "migrate"] + envFrom: + - configMapRef: + name: takahe-config + - secretRef: + name: takahe-secrets + delegate_to: 127.0.0.1 diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml index b9852a4..274af8e 100644 --- a/personal_infra/playbooks/site.yaml +++ b/personal_infra/playbooks/site.yaml @@ -61,3 +61,14 @@ vars: context: "admin@{{ talos_host.talos_cluster }}" definition: "{{ weight }}" + +- name: deploy takahe + hosts: k8s-test.h1.int.pdp7.net + tags: + - k8s + - takahe + gather_facts: false + roles: + - role: takahe + vars: + context: "admin@{{ talos_host.talos_cluster }}" diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp index 0bdb5b9..c9bab2d 100644 --- a/personal_infra/puppet/site/h1.pdp7.net.pp +++ b/personal_infra/puppet/site/h1.pdp7.net.pp @@ -72,6 +72,10 @@ node 'h1.pdp7.net' { target => 'http://grafana.h1.int.pdp7.net:3000/', } + proxmox::proxy_host {'takahe.pdp7.net': + target => 'http://k8s-test.h1.int.pdp7.net/', + } + package {'haproxy':} -> file {'/etc/haproxy/haproxy.cfg': diff --git a/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp b/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp index 79d4130..7256501 100644 --- a/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp +++ b/personal_infra/puppet/site/pg.h1.int.pdp7.net.pp @@ -9,6 +9,7 @@ node 'pg.h1.int.pdp7.net' { host weight nagios nagios.h1.int.pdp7.net trust host miniflux miniflux miniflux.h1.int.pdp7.net trust host nextcloud nextcloud nextcloud.h1.int.pdp7.net trust + host takahe k8s_test k8s-test.h1.int.pdp7.net trust | EOT , } -- 2.47.3