add ansible; embed templates (#1)

assets/assets.go

@@ -0,0 +1,11 @@
+package assets
+
+import (
+	"embed"
+)
+
+//go:embed playbooks/*
+var PlaybookFiles embed.FS
+
+//go:embed templates/*
+var TemplateFiles embed.FS

assets/playbooks/aistor-edge.yml

@@ -0,0 +1,18 @@
+- name: Deploy aistor
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: Deploy aistor CRDs
+      shell: |
+        kubectl --kubeconfig={{ kubeconfig }} apply -f http://ns-3.k1.min.dev/dev/crds.yaml
+
+    - name: Deploy aistor resources
+      shell: |
+        kubectl --kubeconfig={{ kubeconfig }} apply -f http://ns-3.k1.min.dev/dev/aistor.yaml
+
+    - name: Create aistor ingress
+      kubernetes.core.k8s:
+        state: present
+        kubeconfig: "{{ kubeconfig }}"
+        template: aistor-ingress.yaml.j2

assets/playbooks/aistor-ingress.yaml.j2

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: aistor-ingress
+  namespace: aistor
+  annotations:
+{% if cert_manager_enable | default(false) | bool %}
+    cert-manager.io/cluster-issuer: "letsencrypt-{{ letsencrypt_environment }}"
+{% endif %}
+    nginx.ingress.kubernetes.io/proxy-body-size: 1g
+spec:
+  tls:
+  - hosts:
+    - aistor.{{ lab_name }}.{{ domain_name }}
+    secretName: aistor-tls
+  rules:
+  - host: aistor.{{ lab_name }}.{{ domain_name }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: aistor
+            port:
+              number: 8444

assets/playbooks/aistor-ingress.yml

@@ -0,0 +1,10 @@
+- name: Deploy aistor ingress
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: Create aistor ingress
+      kubernetes.core.k8s:
+        state: present
+        kubeconfig: "{{ kubeconfig }}"
+        template: aistor-ingress.yaml.j2

assets/playbooks/aistor-release.yml

@@ -0,0 +1,14 @@
+- name: Deploy aistor
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: Deploy aistor release
+      shell: |
+        kubectl --kubeconfig={{ kubeconfig }} apply -k https://min.io/k8s/aistor
+
+    - name: Create aistor ingress
+      kubernetes.core.k8s:
+        state: present
+        kubeconfig: "{{ kubeconfig }}"
+        template: aistor-ingress.yaml.j2

assets/playbooks/cert-manager.yml

@@ -0,0 +1,57 @@
+- name: Install cert-manager and configure HTTP-01 ClusterIssuer
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: Add Jetstack Helm repo
+      kubernetes.core.helm_repository:
+        name: jetstack
+        repo_url: https://charts.jetstack.io
+
+    - name: Install cert-manager using Helm
+      kubernetes.core.helm:
+        name: cert-manager
+        chart_ref: jetstack/cert-manager
+        release_namespace: cert-manager
+        create_namespace: true
+        kubeconfig: "{{ kubeconfig }}"
+        values:
+          crds:
+            enabled: true
+        wait: true
+        context: "{{ kubernetes_context }}"
+
+    - name: Wait for cert-manager webhook to be ready
+      kubernetes.core.k8s_info:
+        api_version: apps/v1
+        kind: Deployment
+        name: cert-manager-webhook
+        namespace: cert-manager
+        kubeconfig: "{{ kubeconfig }}"
+        wait: true
+        wait_timeout: 300
+        wait_condition:
+          type: Available
+          status: "True"
+        context: "{{ kubernetes_context }}"
+
+    - name: Create ClusterIssuer for Let's Encrypt with HTTP-01 challenge for {{ letsencrypt_environment }} environment
+      kubernetes.core.k8s:
+        state: present
+        kubeconfig: "{{ kubeconfig }}"
+        definition:
+          apiVersion: cert-manager.io/v1
+          kind: ClusterIssuer
+          metadata:
+            name: "letsencrypt-{{ letsencrypt_environment }}"
+          spec:
+            acme:
+              email: "{{ email }}"
+              server: "{{ 'https://acme-v02.api.letsencrypt.org/directory' if letsencrypt_environment == 'prod' else 'https://acme-staging-v02.api.letsencrypt.org/directory' }}"
+              privateKeySecretRef:
+                name: "letsencrypt-{{ letsencrypt_environment }}"
+              solvers:
+                - http01:
+                    ingress:
+                      class: nginx
+        context: "{{ kubernetes_context }}"

assets/playbooks/directpv.yml

@@ -0,0 +1,18 @@
+- name: Deploy directpv
+  hosts: localhost
+  gather_facts: false
+  vars:
+    drives_file: "{{ playbook_dir }}/drives.yaml"
+
+  tasks:
+    - name: Install directpv
+      ansible.builtin.command:
+        cmd: kubectl directpv install --kubeconfig={{ kubeconfig }} --node-selector directpv=yes
+
+    - name: Discover directpv drives
+      ansible.builtin.command:
+        cmd: kubectl directpv discover --kubeconfig={{ kubeconfig }} --output-file={{ drives_file }}
+
+    - name: Initialize directpv drives
+      ansible.builtin.command:
+        cmd: kubectl directpv init --kubeconfig={{ kubeconfig }} --dangerous {{ drives_file }}

assets/playbooks/group_vars/all.yml

@@ -0,0 +1,12 @@
+email: "[email protected]"
+kubernetes_context: "default"
+kubeconfig: "{{ playbook_dir }}/{{ lab_name }}-kubeconfig"
+base_packages:
+- curl
+- apt-transport-https
+- ca-certificates
+- software-properties-common
+- python3
+- python3-pip
+- iptables
+- ntp

assets/playbooks/ingress-nginx.yml

@@ -0,0 +1,27 @@
+- name: Install ingress-nginx
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: Add ingress-nginx Helm repo
+      kubernetes.core.helm_repository:
+        name: ingress-nginx
+        repo_url: https://kubernetes.github.io/ingress-nginx
+        kubeconfig: "{{ kubeconfig }}"
+        context: "{{ kubernetes_context }}"
+
+    - name: Install ingress-nginx using Helm
+      kubernetes.core.helm:
+        name: ingress-nginx
+        namespace: ingress-nginx
+        create_namespace: true
+        chart_ref: ingress-nginx/ingress-nginx
+        chart_version: 4.11.4
+        kubeconfig: "{{ kubeconfig }}"
+        context: "{{ kubernetes_context }}"
+        values:
+          controller:
+            replicaCount: 1
+            ingressClassResource:
+              default: true
+        wait: true

assets/playbooks/k3s.yml

@@ -0,0 +1,114 @@
+---
+- name: Install K3s Control Plane
+  hosts: control_plane
+  become: true
+  tasks:
+    - name: Download K3s install script
+      ansible.builtin.get_url:
+        url: https://get.k3s.io
+        dest: /tmp/k3s_install.sh
+        mode: "0700"
+
+    - name: Install K3s server
+      ansible.builtin.shell: /tmp/k3s_install.sh
+      environment:
+        INSTALL_K3S_EXEC: "server --disable traefik"
+
+    - name: Get node token
+      ansible.builtin.shell: cat /var/lib/rancher/k3s/server/node-token
+      register: node_token
+
+- name: Install K3s Agents
+  hosts: nodes
+  become: true
+  tasks:
+    - name: Download K3s install script
+      ansible.builtin.get_url:
+        url: https://get.k3s.io
+        dest: /tmp/k3s_install.sh
+        mode: "0700"
+
+    - name: Install K3s agent
+      ansible.builtin.shell: /tmp/k3s_install.sh
+      environment:
+        K3S_URL: "https://{{ hostvars[groups['control_plane'][0]]['ansible_host'] }}:6443"
+        K3S_TOKEN: "{{ hostvars[groups['control_plane'][0]]['node_token']['stdout'] }}"
+
+- name: Configure kubectl on control plane
+  hosts: control_plane[0]
+  become: true
+  tasks:
+    - name: Create .kube directory
+      ansible.builtin.file:
+        path: /home/{{ ansible_user }}/.kube
+        state: directory
+        mode: "0755"
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+
+    - name: Copy kubeconfig to user home
+      ansible.builtin.copy:
+        src: /etc/rancher/k3s/k3s.yaml
+        dest: /home/{{ ansible_user }}/.kube/config
+        remote_src: yes
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0600"
+
+    - name: Update kubeconfig server address
+      ansible.builtin.replace:
+        path: /home/{{ ansible_user }}/.kube/config
+        regexp: "https://127.0.0.1:6443"
+        replace: "https://{{ inventory_hostname }}:6443"
+
+    - name: Fetch kubeconfig to Ansible control host
+      ansible.builtin.fetch:
+        src: /home/{{ ansible_user }}/.kube/config
+        dest: "./{{ lab_name }}-kubeconfig"
+        flat: yes
+      become: false
+
+- name: Apply labels and taints to Kubernetes nodes
+  hosts: localhost
+  connection: local
+  become: no
+
+  tasks:
+    - name: Print kubeconfig path
+      debug:
+        var: kubeconfig
+
+    - name: Print deployment name
+      debug:
+        var: lab_name
+
+    - name: Check if kubeconfig file exists
+      stat:
+        path: "{{ kubeconfig }}"
+      register: kubeconfig_file
+
+    - name: Fail if kubeconfig file does not exist
+      fail:
+        msg: "Kubeconfig file not found at {{ kubeconfig }}"
+      when: not kubeconfig_file.stat.exists
+
+    - name: Apply labels to Kubernetes nodes
+      kubernetes.core.k8s:
+        kind: Node
+        name: "{{ item }}"
+        kubeconfig: "{{ kubeconfig }}"
+        definition:
+          api_version: v1
+          metadata:
+            labels:
+              directpv: "yes"
+      loop: "{{ groups['nodes'] }}"
+
+    - name: Apply taint to Kubernetes control plane node
+      kubernetes.core.k8s_taint:
+        kubeconfig: "{{ kubeconfig }}"
+        state: present
+        name: "{{ hostvars[groups['control_plane'][0]]['ansible_host'] }}"
+        taints:
+          - key: "node-role.kubernetes.io/control-plane"
+            effect: "NoSchedule"

assets/playbooks/prerequisites.yml

@@ -0,0 +1,79 @@
+---
+- name: Configure K3s nodes
+  hosts: all
+  become: true
+  tasks:
+    # Common tasks for all nodes
+    - name: Set hostname
+      ansible.builtin.hostname:
+        name: "{{ inventory_hostname }}"
+
+    - name: Update hosts file
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        line: "127.0.0.1 {{ inventory_hostname }}"
+        regexp: '^127\.0\.0\.1'
+
+    - name: Configure resolv.conf
+      ansible.builtin.lineinfile:
+        path: /etc/resolv.conf
+        line: "{{ item }}"
+      loop:
+        - "domain {{ domain_name }}"
+        - "search {{ domain_name }}"
+
+    - name: Preserve hostname in cloud.cfg
+      ansible.builtin.lineinfile:
+        path: /etc/cloud/cloud.cfg
+        line: "preserve_hostname: true"
+
+    # Control plane specific tasks
+    - name: Install base packages
+      ansible.builtin.package:
+        name: "{{ base_packages }}"
+        state: present
+      when: inventory_hostname in groups['control_plane']
+      tags: [packages, control_plane]
+
+    - name: Get latest kubectl version
+      ansible.builtin.command: curl -L -s https://dl.k8s.io/release/stable.txt
+      register: kubectl_stable_version
+      changed_when: false # This task never changes the system
+      when: inventory_hostname in groups['control_plane']
+      tags: [tools, control_plane]
+
+    - name: Download kubectl
+      ansible.builtin.get_url:
+        url: "https://dl.k8s.io/release/{{ kubectl_stable_version.stdout }}/bin/linux/amd64/kubectl"
+        dest: /usr/local/bin/kubectl
+        mode: "0755"
+      when: inventory_hostname in groups['control_plane']
+      tags: [tools, control_plane]
+
+    - name: Download MinIO client
+      ansible.builtin.get_url:
+        url: https://dl.min.io/client/mc/release/linux-amd64/mc
+        dest: /usr/local/bin/mc
+        mode: "0755"
+      when: inventory_hostname in groups['control_plane']
+      tags: [tools, control_plane]
+
+    - name: Donwload warp tool
+      ansible.builtin.get_url:
+        url: https://github.com/minio/warp/releases/download/v1.0.6/warp_Linux_x86_64.tar.gz
+        dest: /tmp/warp.tar.gz
+      when: inventory_hostname in groups['control_plane']
+      tags: [tools, control_plane]
+
+    - name: Extract warp tool
+      ansible.builtin.unarchive:
+        src: /tmp/warp.tar.gz
+        dest: /tmp/
+        remote_src: true
+      when: inventory_hostname in groups['control_plane']
+      tags: [tools, control_plane]
+
+    - name: Move warp tool to /usr/local/bin
+      ansible.builtin.command: mv /tmp/warp /usr/local/bin/warp
+      when: inventory_hostname in groups['control_plane']
+      tags: [tools, control_plane]