From 5d6025faf380c070c82ee95379cc6f434e47e818 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 12:27:19 +0300 Subject: [PATCH 01/18] feat: create new molecule scenario --- molecule/end-to-end_demo/converge.yml | 4 + molecule/end-to-end_demo/molecule.yml | 243 ++++++++++++++++++++++++++ 2 files changed, 247 insertions(+) create mode 100644 molecule/end-to-end_demo/converge.yml create mode 100644 molecule/end-to-end_demo/molecule.yml diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml new file mode 100644 index 0000000..b064157 --- /dev/null +++ b/molecule/end-to-end_demo/converge.yml @@ -0,0 +1,4 @@ +--- + +- name: Converge using end-to-end + ansible.builtin.import_playbook: ../end-to-end/converge.yml diff --git a/molecule/end-to-end_demo/molecule.yml b/molecule/end-to-end_demo/molecule.yml new file mode 100644 index 0000000..10de7a7 --- /dev/null +++ b/molecule/end-to-end_demo/molecule.yml @@ -0,0 +1,243 @@ +--- + +dependency: + name: galaxy +driver: + name: docker +platforms: + # etcd + - &default_platform_common + name: etcd-instance-01 + hostname: etcd-instance-01 + image: mpaivabarbosa/molecule-systemd-ubuntu:20.04 + groups: + - etcd + command: /sbin/init + security_opts: + - seccomp=unconfined + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + override_command: false + keep_volumes: false + # https://github.com/ansible-community/molecule-docker/blob/main/src/molecule_docker/driver.py + docker_networks: + - name: k8s_cluster + ipam_config: + - subnet: '172.18.0.0/24' + gateway: '172.18.0.254' + networks: + - name: k8s_cluster + - <<: *default_platform_common + name: etcd-instance-02 + hostname: etcd-instance-02 + # load balancers + - <<: *default_platform_common + name: lb-etcd + hostname: lb-etcd + groups: + - lb + networks: + - name: k8s_cluster + ipv4_address: "172.18.0.100" + - <<: *default_platform_common + name: lb-master + hostname: lb-master + groups: + - lb + networks: + - name: k8s_cluster + ipv4_address: "172.18.0.200" + # -------- + # k8s + - &default_platform + name: k8s-control-plane-01 + hostname: k8s-control-plane-01 + image: kindest/node:v1.26.3 + groups: + - control_plane + - etcd_clients + volumes: + - /lib/modules:/lib/modules:ro + - /var/lib/containerd + privileged: true + pre_build_image: true + keep_volumes: false + sysctls: + net.bridge.bridge-nf-call-iptables: 1 + net.bridge.bridge-nf-call-ip6tables: 1 + net.ipv4.ip_forward: 1 + docker_networks: + - name: k8s_cluster + ipam_config: + - subnet: '172.18.0.0/24' + gateway: '172.18.0.254' + networks: + - name: k8s_cluster + etc_hosts: + 'etcd.cloudlabsinfra.local': '172.18.0.100' # dns name of etcd load balancer + 'control-plane.cloudlabsinfra.local': '172.18.0.200' # dns name of control-plane load balancer + - <<: *default_platform + name: k8s-control-plane-02 + hostname: k8s-control-plane-02 + - <<: *default_platform + name: k8s-worker-01 + hostname: k8s-worker-01 + groups: + - workers +provisioner: + name: ansible + inventory: + host_vars: + k8s-control-plane-01: + # cloudlabsinfra.k8s_cluster role related variables + k8s_cluster_initial_master: true + k8s_cluster_kubernetes_version: 1.26.0 + # we can't use default cluster configuration here because it doesn't have 'etcd' section + k8s_cluster_cluster_configuration: + etcd: + external: + endpoints: ["https://{{ etcd_frontend_name }}:2379"] + caFile: "/etc/ssl/private/ca.pem" + certFile: "/etc/ssl/private/client.pem" + keyFile: "/etc/ssl/private/client-key.pem" + networking: + serviceSubnet: 10.96.0.0/12 + podSubnet: 10.244.0.0/16 + dnsDomain: cluster.local + kubernetesVersion: "{{ k8s_cluster_kubernetes_version }}" + controlPlaneEndpoint: "{{ k8s_cluster_control_plane_endpoint }}:6443" + # custom networking + k8s_cluster_flannel_apply: "" + k8s_cluster_custom_networking_tasks_path: "network/custom-networking.yml" + lb-etcd: + haproxy_frontend_name: 'etcd' + haproxy_frontend_bind_address: '*' + haproxy_frontend_port: 2379 + haproxy_frontend_mode: 'tcp' + haproxy_backend_name: 'etcd' + haproxy_backend_mode: 'tcp' + haproxy_backend_balance_method: 'roundrobin' + haproxy_backend_httpchk: '' + haproxy_backend_servers: + - name: etcd-instance-01 + address: "{{ hostvars['etcd-instance-01']['ansible_facts']['default_ipv4']['address'] }}:2379" + - name: etcd-instance-02 + address: "{{ hostvars['etcd-instance-02']['ansible_facts']['default_ipv4']['address'] }}:2379" + lb-master: + haproxy_frontend_name: 'master' + haproxy_frontend_bind_address: '*' + haproxy_frontend_port: 6443 + haproxy_frontend_mode: 'tcp' + haproxy_backend_name: 'master' + haproxy_backend_mode: 'tcp' + haproxy_backend_balance_method: 'roundrobin' + haproxy_backend_httpchk: '' + haproxy_backend_servers: + - name: k8s-control-plane-01 + address: "{{ hostvars['k8s-control-plane-01']['ansible_facts']['default_ipv4']['address'] }}:6443" + - name: k8s-control-plane-02 + address: "{{ hostvars['k8s-control-plane-02']['ansible_facts']['default_ipv4']['address'] }}:6443" + group_vars: + all: + # required for control-plane nodes and etcd as well + etcd_frontend_name: "etcd.cloudlabsinfra.local" + k8s_cluster_control_plane_endpoint: "control-plane.cloudlabsinfra.local" + control_plane: + # default value of variable below is 'worker' + k8s_cluster_node_type: "master" + # we can't use default join configuration here because it doesn't have 'controlPlane' section + k8s_cluster_join_configuration: + nodeRegistration: + name: "{{ k8s_cluster_node_name }}" + ignorePreflightErrors: + - SystemVerification + discovery: + bootstrapToken: + token: "{{ k8s_cluster_join_token }}" + apiServerEndpoint: "{{ k8s_cluster_control_plane_endpoint }}:6443" + caCertHashes: + - "sha256:{{ k8s_cluster_root_ca_hash }}" + unsafeSkipCAVerification: false + controlPlane: + localAPIEndpoint: + advertiseAddress: "{{ hostvars[inventory_hostname]['ansible_facts']['default_ipv4']['address'] }}" + bindPort: 6443 + etcd_clients: + etcd_cert_matrix: + - profile_name: client + output_name: client + csr: + CN: client + hosts: [] + key: + algo: ecdsa + size: 256 + names: + - C: RU + L: Moscow + O: Organization + OU: Organizational Unit + ST: Moscow region + etcd: + # cloudlabsinfra.etcd_cluster_certificates role related variables + etcd_cert_dir: /etc/ssl/private + # cloudlabsinfra.etcd_cluster role related variables + # client/server + etcd_trusted_ca_file: "{{ etcd_conf_dir }}/ca.pem" + etcd_key_file: "{{ etcd_conf_dir }}/server-key.pem" + etcd_cert_file: "{{ etcd_conf_dir }}/server.pem" + etcd_client_cert_auth: 'true' + # peer + etcd_peer_trusted_ca_file: "{{ etcd_trusted_ca_file }}" + etcd_peer_key_file: "{{ etcd_conf_dir }}/peer-key.pem" + etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.pem" + etcd_peer_client_cert_auth: 'true' + etcd_remote_cert_files: + - "{{ etcd_cert_dir }}/ca.pem" + - "{{ etcd_cert_dir }}/server-key.pem" + - "{{ etcd_cert_dir }}/server.pem" + - "{{ etcd_cert_dir }}/peer-key.pem" + - "{{ etcd_cert_dir }}/peer.pem" + etcd_cert_matrix: + - profile_name: server + output_name: server + csr: &default_csr + CN: "{{ inventory_hostname }}" + hosts: + - "{{ inventory_hostname }}" + - "{{ ansible_default_ipv4.address }}" + - "{{ etcd_frontend_name }}" + key: + algo: ecdsa + size: 256 + names: + - C: RU + L: Moscow + O: Organization + OU: Organizational Unit + ST: Moscow region + - profile_name: peer + output_name: peer + csr: + <<: *default_csr + - profile_name: client + output_name: client + csr: + <<: *default_csr + CN: client + hosts: [] +scenario: + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - side_effect + - verify + - cleanup + - destroy From 37a6e388f08d22c222c51449624ff5fe8d52b218 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 13:02:11 +0300 Subject: [PATCH 02/18] feat: helm installation --- molecule/end-to-end_demo/converge.yml | 9 +++++++++ requirements.yml | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index b064157..e8777fd 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -2,3 +2,12 @@ - name: Converge using end-to-end ansible.builtin.import_playbook: ../end-to-end/converge.yml + +- name: Install Helm + hosts: + - control_plane + gather_facts: false + become: true + become_method: su + roles: + - { role: geerlingguy.helm } diff --git a/requirements.yml b/requirements.yml index e644d3f..5939ac5 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,6 +19,12 @@ roles: - name: cloudlabsinfra.etcd_cluster_certificates version: v1.0.0 + - name: geerlingguy.helm + version: 1.0.1 + collections: - name: community.general version: 7.0.1 + + - name: kubernetes.core + version: 2.4.0 From 483f1f8f076f9887d75b6e799300b8eb3529c58d Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 13:10:31 +0300 Subject: [PATCH 03/18] feat: caopy all demo files --- molecule/end-to-end_demo/converge.yml | 16 ++++++++++-- .../deploy_files/cert-manager/helm-values.yml | 4 +++ .../cert-manager/root-ca-issuer.yml | 7 ++++++ .../cert-manager/selfsigned-cert.yml | 23 +++++++++++++++++ .../cert-manager/selfsigned-issuer.yml | 6 +++++ .../deploy_files/grafana/helm-values.yml | 2 ++ .../grafana/ingress-to-grafana.yml | 25 +++++++++++++++++++ .../ingress-controller/helm-values.yml | 9 +++++++ .../deploy_files/nginx/deploy.yml | 22 ++++++++++++++++ .../deploy_files/nginx/ingress-to-nginx.yml | 25 +++++++++++++++++++ .../deploy_files/nginx/service.yml | 12 +++++++++ 11 files changed, 149 insertions(+), 2 deletions(-) create mode 100644 molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml create mode 100644 molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml create mode 100644 molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml create mode 100644 molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml create mode 100644 molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml create mode 100644 molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml create mode 100644 molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml create mode 100644 molecule/end-to-end_demo/deploy_files/nginx/deploy.yml create mode 100644 molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml create mode 100644 molecule/end-to-end_demo/deploy_files/nginx/service.yml diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index e8777fd..f0c3f59 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -1,7 +1,7 @@ --- -- name: Converge using end-to-end - ansible.builtin.import_playbook: ../end-to-end/converge.yml +#- name: Converge using end-to-end +# ansible.builtin.import_playbook: ../end-to-end/converge.yml - name: Install Helm hosts: @@ -11,3 +11,15 @@ become_method: su roles: - { role: geerlingguy.helm } + +- name: Copy manifests and helm files + hosts: + - k8s-control-plane-01 + gather_facts: false + become: true + become_method: su + tasks: + - name: Copy manifests and helm files + ansible.builtin.copy: + src: deploy_files/ + dest: ~/demo diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml new file mode 100644 index 0000000..970a04a --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml @@ -0,0 +1,4 @@ +installCRDs: true +prometheus: + enabled: false +clusterResourceNamespace: default diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml new file mode 100644 index 0000000..601c991 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: root-ca-issuer +spec: + ca: + secretName: root-ca diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml new file mode 100644 index 0000000..a1b7327 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml @@ -0,0 +1,23 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: self-signed-root-cert +spec: + duration: 24h + renewBefore: 2h + dnsNames: + - k8s.myorg.com + secretName: root-ca + subject: + organizations: + - myorg + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + isCA: true + usages: + - signing + - cert sign + privateKey: + algorithm: RSA + size: 2048 diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml new file mode 100644 index 0000000..56366fa --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-issuer +spec: + selfSigned: {} diff --git a/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml b/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml new file mode 100644 index 0000000..b234bc2 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml @@ -0,0 +1,2 @@ +persistence: + size: 2Gi diff --git a/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml b/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml new file mode 100644 index 0000000..6fe30eb --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana-ingress + namespace: grafana-ns + annotations: + cert-manager.io/cluster-issuer: "root-ca-issuer" + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + tls: + - hosts: + - grafana.k8s.myorg.com + secretName: grafana-tls + rules: + - host: grafana.k8s.myorg.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana + port: + number: 80 diff --git a/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml b/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml new file mode 100644 index 0000000..75a8eae --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml @@ -0,0 +1,9 @@ +controller: + ingressClassResource: + default: true + kind: DaemonSet + service: + type: NodePort + nodePorts: + http: 30080 + https: 30443 diff --git a/molecule/end-to-end_demo/deploy_files/nginx/deploy.yml b/molecule/end-to-end_demo/deploy_files/nginx/deploy.yml new file mode 100644 index 0000000..db3947c --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/nginx/deploy.yml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deploy + namespace: nginx-ns + labels: + app: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 diff --git a/molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml b/molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml new file mode 100644 index 0000000..7f638dc --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-ingress + namespace: nginx-ns + annotations: + cert-manager.io/cluster-issuer: "root-ca-issuer" + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: nginx + tls: + - hosts: + - nginx.k8s.myorg.com + secretName: nginx-tls + rules: + - host: nginx.k8s.myorg.com + http: + paths: + - path: /nginx + pathType: Prefix + backend: + service: + name: nginx-service + port: + number: 80 diff --git a/molecule/end-to-end_demo/deploy_files/nginx/service.yml b/molecule/end-to-end_demo/deploy_files/nginx/service.yml new file mode 100644 index 0000000..07f4ed0 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/nginx/service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-service + namespace: nginx-ns +spec: + selector: + app: nginx + ports: + - port: 80 + targetPort: 80 + protocol: TCP From 20e7d2cbdbf8e5743792fef21d14fb8ec7c06308 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 13:26:36 +0300 Subject: [PATCH 04/18] feat: install nginx --- molecule/end-to-end_demo/converge.yml | 37 ++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index f0c3f59..66b8cb5 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -1,7 +1,7 @@ --- -#- name: Converge using end-to-end -# ansible.builtin.import_playbook: ../end-to-end/converge.yml +- name: Converge using end-to-end + ansible.builtin.import_playbook: ../end-to-end/converge.yml - name: Install Helm hosts: @@ -12,7 +12,7 @@ roles: - { role: geerlingguy.helm } -- name: Copy manifests and helm files +- name: Prepare control-plane hosts: - k8s-control-plane-01 gather_facts: false @@ -23,3 +23,34 @@ ansible.builtin.copy: src: deploy_files/ dest: ~/demo + + - name: Install pip library + ansible.builtin.pip: + name: kubernetes + +- name: Nginx, Loki and Grafana deployment + hosts: + - k8s-control-plane-01 + gather_facts: false + become: true + become_method: su + tasks: + - name: Nginx installation + block: + - name: Create nginx namespace + kubernetes.core.k8s: + name: nginx-ns + api_version: v1 + kind: Namespace + state: present + + - name: Create nginx deploy + kubernetes.core.k8s: + state: present + src: ~/demo/nginx/deploy.yml + + - name: Create nginx service + kubernetes.core.k8s: + state: present + src: ~/demo/nginx/service.yml + From 75b4ba67ffc9d9c2c97319b2e8bf3dc1774b9416 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 13:51:44 +0300 Subject: [PATCH 05/18] feat: nginx, grafana and loki installation --- molecule/end-to-end_demo/converge.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 66b8cb5..1d8ffb7 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -54,3 +54,27 @@ state: present src: ~/demo/nginx/service.yml + - name: Loki installation + block: + - name: Add grafana/loki helm repo + kubernetes.core.helm_repository: + name: grafana + repo_url: "https://grafana.github.io/helm-charts" + + - name: Install loki release + kubernetes.core.helm: + name: loki + chart_ref: grafana/loki-stack + release_namespace: loki-ns + create_namespace: true + + - name: Grafana installation + block: + - name: Install grafana release + kubernetes.core.helm: + name: grafana + chart_ref: grafana/grafana + release_namespace: grafana-ns + create_namespace: true + values_files: + - root/demo/grafana/helm-values.yml From d1f4e784dc5664055ac046e6bc11d5e8ef1169ac Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 13:59:43 +0300 Subject: [PATCH 06/18] feat: ingress controller instalation --- molecule/end-to-end_demo/converge.yml | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 1d8ffb7..c06e868 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -61,7 +61,7 @@ name: grafana repo_url: "https://grafana.github.io/helm-charts" - - name: Install loki release + - name: Install loki helm release kubernetes.core.helm: name: loki chart_ref: grafana/loki-stack @@ -70,7 +70,7 @@ - name: Grafana installation block: - - name: Install grafana release + - name: Install grafana helm release kubernetes.core.helm: name: grafana chart_ref: grafana/grafana @@ -78,3 +78,24 @@ create_namespace: true values_files: - root/demo/grafana/helm-values.yml + +- name: Ingress Controller + hosts: + - k8s-control-plane-01 + gather_facts: false + become: true + become_method: su + tasks: + - name: Add ingress controller helm repo + kubernetes.core.helm_repository: + name: ingress-nginx + repo_url: "https://kubernetes.github.io/ingress-nginx" + + - name: Install ingress controller helm release + kubernetes.core.helm: + name: ingress-nginx + chart_ref: ingress-nginx/ingress-nginx + release_namespace: ingress-nginx-ns + create_namespace: true + values_files: + - root/demo/ingress-controller/helm-values.yml From c984923b00a40b73e5a40833bab3f854a637a02e Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 14:14:47 +0300 Subject: [PATCH 07/18] feat: cert manager configuration --- molecule/end-to-end_demo/converge.yml | 41 +++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index c06e868..683f44b 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -99,3 +99,44 @@ create_namespace: true values_files: - root/demo/ingress-controller/helm-values.yml + +- name: Cert Manager + hosts: + - k8s-control-plane-01 + gather_facts: false + become: true + become_method: su + tasks: + - name: Install Cert Manager + block: + - name: Add cert-manager helm repo + kubernetes.core.helm_repository: + name: jetstack + repo_url: "https://charts.jetstack.io" + + - name: Install cert-manager helm release + kubernetes.core.helm: + name: cert-manager + chart_ref: jetstack/cert-manager + release_namespace: cert-manager-ns + create_namespace: true + values_files: + - root/demo/cert-manager/helm-values.yml + + - name: Prepare CA certificate + block: + - name: Create selfsigned issuer + kubernetes.core.k8s: + state: present + src: ~/demo/cert-manager/selfsigned-issuer.yml + + - name: Create CA certificate + kubernetes.core.k8s: + state: present + namespace: default + src: ~/demo/cert-manager/selfsigned-cert.yml + + - name: Create CA issuer + kubernetes.core.k8s: + state: present + src: ~/demo/cert-manager/root-ca-issuer.yml From 113ca353fc302d9394cded30c8639e14ffb15496 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 14:19:09 +0300 Subject: [PATCH 08/18] feat: Ingress configuration --- molecule/end-to-end_demo/converge.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 683f44b..3ff143e 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -140,3 +140,20 @@ kubernetes.core.k8s: state: present src: ~/demo/cert-manager/root-ca-issuer.yml + +- name: Ingress + hosts: + - k8s-control-plane-01 + gather_facts: false + become: true + become_method: su + tasks: + - name: Ingress to nginx + kubernetes.core.k8s: + state: present + src: ~/demo/nginx/ingress-to-nginx.yml + + - name: Ingress to grafana + kubernetes.core.k8s: + state: present + src: ~/demo/grafana/ingress-to-grafana.yml From c2086f9d1a1778ecad669e8d39b78bc20afebf6a Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 16:06:50 +0300 Subject: [PATCH 09/18] feat: useful output --- molecule/end-to-end_demo/converge.yml | 36 +++++++++++++++++++++++++++ molecule/end-to-end_demo/molecule.yml | 4 +++ 2 files changed, 40 insertions(+) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 3ff143e..63b2c97 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -71,6 +71,7 @@ - name: Grafana installation block: - name: Install grafana helm release + # kubernetes.core.helm: name: grafana chart_ref: grafana/grafana @@ -157,3 +158,38 @@ kubernetes.core.k8s: state: present src: ~/demo/grafana/ingress-to-grafana.yml + +- name: Useful output + hosts: + - k8s-control-plane-01 + gather_facts: false + become: true + become_method: su + tasks: + - name: CA cert + block: + - name: Collect CA cert + ansible.builtin.shell: | + set -o pipefail && \ + kubectl get secret -n default root-ca -o jsonpath="{.data.ca\.crt}" | base64 -d + args: + executable: /bin/bash + register: root_ca_secret + + - name: Print CA cert + ansible.builtin.debug: + msg: "{{ root_ca_secret.stdout }}" + + - name: Grafana admin password + block: + - name: Collect password + ansible.builtin.shell: | + set -o pipefail && \ + kubectl get secret --namespace grafana-ns grafana -o jsonpath="{.data.admin-password}" | base64 -d + args: + executable: /bin/bash + register: grafana_password + + - name: Print Grafana password + ansible.builtin.debug: + msg: "{{ grafana_password.stdout }}" diff --git a/molecule/end-to-end_demo/molecule.yml b/molecule/end-to-end_demo/molecule.yml index 10de7a7..decdcb6 100644 --- a/molecule/end-to-end_demo/molecule.yml +++ b/molecule/end-to-end_demo/molecule.yml @@ -88,6 +88,10 @@ platforms: - workers provisioner: name: ansible + config_options: + defaults: + stdout_callback: yaml + stderr_callback: yaml inventory: host_vars: k8s-control-plane-01: From ba07bc0c441dc2e8712ac85307965c3df7fcc81c Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 16:51:19 +0300 Subject: [PATCH 10/18] chore: implement self written namespaces chart --- molecule/end-to-end_demo/converge.yml | 41 ++++++------------- .../namespace-helm-chart/Chart.yaml | 24 +++++++++++ .../namespace-helm-chart/templates/NOTES.txt | 23 +++++++++++ .../templates/namespaces.yml | 10 +++++ .../templates/rolebindings.yml | 17 ++++++++ .../templates/secrets.yml | 14 +++++++ .../templates/serviceaccounts.yml | 11 +++++ .../namespace-helm-chart/values.yaml | 9 ++++ .../deploy_files/nginx/deploy.yml | 22 ---------- .../deploy_files/nginx/ingress-to-nginx.yml | 25 ----------- .../deploy_files/nginx/service.yml | 12 ------ 11 files changed, 120 insertions(+), 88 deletions(-) create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/Chart.yaml create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/NOTES.txt create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/namespaces.yml create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/rolebindings.yml create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/secrets.yml create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/serviceaccounts.yml create mode 100644 molecule/end-to-end_demo/deploy_files/namespace-helm-chart/values.yaml delete mode 100644 molecule/end-to-end_demo/deploy_files/nginx/deploy.yml delete mode 100644 molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml delete mode 100644 molecule/end-to-end_demo/deploy_files/nginx/service.yml diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 63b2c97..18bc8bc 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -28,32 +28,24 @@ ansible.builtin.pip: name: kubernetes -- name: Nginx, Loki and Grafana deployment +- name: Create namespace using self written chart + hosts: + - k8s-control-plane-01 + gather_facts: false + tasks: + - name: Create namespaces + kubernetes.core.helm: + name: namespaces + release_namespace: default + chart_ref: root/demo/namespace-helm-chart + +- name: Loki and Grafana deployment hosts: - k8s-control-plane-01 gather_facts: false become: true become_method: su tasks: - - name: Nginx installation - block: - - name: Create nginx namespace - kubernetes.core.k8s: - name: nginx-ns - api_version: v1 - kind: Namespace - state: present - - - name: Create nginx deploy - kubernetes.core.k8s: - state: present - src: ~/demo/nginx/deploy.yml - - - name: Create nginx service - kubernetes.core.k8s: - state: present - src: ~/demo/nginx/service.yml - - name: Loki installation block: - name: Add grafana/loki helm repo @@ -66,7 +58,6 @@ name: loki chart_ref: grafana/loki-stack release_namespace: loki-ns - create_namespace: true - name: Grafana installation block: @@ -76,7 +67,6 @@ name: grafana chart_ref: grafana/grafana release_namespace: grafana-ns - create_namespace: true values_files: - root/demo/grafana/helm-values.yml @@ -97,7 +87,6 @@ name: ingress-nginx chart_ref: ingress-nginx/ingress-nginx release_namespace: ingress-nginx-ns - create_namespace: true values_files: - root/demo/ingress-controller/helm-values.yml @@ -120,7 +109,6 @@ name: cert-manager chart_ref: jetstack/cert-manager release_namespace: cert-manager-ns - create_namespace: true values_files: - root/demo/cert-manager/helm-values.yml @@ -149,11 +137,6 @@ become: true become_method: su tasks: - - name: Ingress to nginx - kubernetes.core.k8s: - state: present - src: ~/demo/nginx/ingress-to-nginx.yml - - name: Ingress to grafana kubernetes.core.k8s: state: present diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/Chart.yaml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/Chart.yaml new file mode 100644 index 0000000..0e215e6 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: sa-chart +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/NOTES.txt b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/NOTES.txt new file mode 100644 index 0000000..21d25c2 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/NOTES.txt @@ -0,0 +1,23 @@ +1. +{{- range $namespace := .Values.namespaces }} +Namespace {{ $namespace.name }} was created +{{- end }} +2. +{{- range $namespace := .Values.namespaces }} +{{- range $user := $namespace.users }} +ServiceAccount for {{ $user }} in {{ $namespace.name }} namespace was created +{{- end }} +{{- end }} +3. +{{- range $namespace := .Values.namespaces }} +{{- range $user := $namespace.users }} +Secret for {{ $user }} in {{ $namespace.name }} namespace was created +{{- end }} +{{- end }} +4. +{{- range $namespace := .Values.namespaces }} +{{- range $user := $namespace.users }} +RoleBinding for {{ $user }} in {{ $namespace.name }} namespace was created +{{- end }} +{{- end }} + diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/namespaces.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/namespaces.yml new file mode 100644 index 0000000..6e6b090 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/namespaces.yml @@ -0,0 +1,10 @@ +{{- range $namespace := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $namespace.name }} + labels: + name: {{ $namespace.name }} +{{- end }} + diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/rolebindings.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/rolebindings.yml new file mode 100644 index 0000000..73e5356 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/rolebindings.yml @@ -0,0 +1,17 @@ +{{- range $namespace := .Values.namespaces }} +{{- range $user := $namespace.users }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: admin-{{ $user }}-{{ $namespace.name }}-binding + namespace: {{ $namespace.name }} +subjects: +- kind: ServiceAccount + name: {{ $user }} +roleRef: + kind: ClusterRole + name: admin +{{ end }} +{{ end }} + diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/secrets.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/secrets.yml new file mode 100644 index 0000000..c0c54e4 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/secrets.yml @@ -0,0 +1,14 @@ +{{- range $namespace := .Values.namespaces }} +{{- range $user := $namespace.users }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $user }}-secret + namespace: {{ $namespace.name }} + annotations: + kubernetes.io/service-account.name: {{ $user }} +type: kubernetes.io/service-account-token +{{ end }} +{{ end }} + diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/serviceaccounts.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/serviceaccounts.yml new file mode 100644 index 0000000..a9371f1 --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/serviceaccounts.yml @@ -0,0 +1,11 @@ +{{- range $namespace := .Values.namespaces }} +{{- range $user := $namespace.users }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $user }} + namespace: {{ $namespace.name }} +{{ end }} +{{ end }} + diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/values.yaml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/values.yaml new file mode 100644 index 0000000..7d74f3b --- /dev/null +++ b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/values.yaml @@ -0,0 +1,9 @@ +# Default values for sa-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +namespaces: +- name: loki-ns +- name: grafana-ns +- name: ingress-nginx-ns +- name: cert-manager-ns diff --git a/molecule/end-to-end_demo/deploy_files/nginx/deploy.yml b/molecule/end-to-end_demo/deploy_files/nginx/deploy.yml deleted file mode 100644 index db3947c..0000000 --- a/molecule/end-to-end_demo/deploy_files/nginx/deploy.yml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-deploy - namespace: nginx-ns - labels: - app: nginx -spec: - replicas: 3 - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 diff --git a/molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml b/molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml deleted file mode 100644 index 7f638dc..0000000 --- a/molecule/end-to-end_demo/deploy_files/nginx/ingress-to-nginx.yml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nginx-ingress - namespace: nginx-ns - annotations: - cert-manager.io/cluster-issuer: "root-ca-issuer" - nginx.ingress.kubernetes.io/rewrite-target: / -spec: - ingressClassName: nginx - tls: - - hosts: - - nginx.k8s.myorg.com - secretName: nginx-tls - rules: - - host: nginx.k8s.myorg.com - http: - paths: - - path: /nginx - pathType: Prefix - backend: - service: - name: nginx-service - port: - number: 80 diff --git a/molecule/end-to-end_demo/deploy_files/nginx/service.yml b/molecule/end-to-end_demo/deploy_files/nginx/service.yml deleted file mode 100644 index 07f4ed0..0000000 --- a/molecule/end-to-end_demo/deploy_files/nginx/service.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-service - namespace: nginx-ns -spec: - selector: - app: nginx - ports: - - port: 80 - targetPort: 80 - protocol: TCP From beecc7dfbc960c72d2cd9a02f35b99c3d2f7d8f6 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 17:22:19 +0300 Subject: [PATCH 11/18] chore: fix yamllint --- .yamllint | 1 + .../deploy_files/cert-manager/helm-values.yml | 2 ++ .../cert-manager/root-ca-issuer.yml | 2 ++ .../cert-manager/selfsigned-cert.yml | 2 ++ .../cert-manager/selfsigned-issuer.yml | 2 ++ .../deploy_files/grafana/helm-values.yml | 2 ++ .../grafana/ingress-to-grafana.yml | 30 ++++++++++--------- .../ingress-controller/helm-values.yml | 2 ++ 8 files changed, 29 insertions(+), 14 deletions(-) diff --git a/.yamllint b/.yamllint index 1900594..876e94d 100644 --- a/.yamllint +++ b/.yamllint @@ -4,6 +4,7 @@ extends: default ignore: | .github/* + molecule/end-to-end_demo/deploy_files/namespace-helm-chart/* # https://yamllint.readthedocs.io/en/stable/rules.html rules: diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml index 970a04a..5040d7c 100644 --- a/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml @@ -1,3 +1,5 @@ +--- + installCRDs: true prometheus: enabled: false diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml index 601c991..d4eca5a 100644 --- a/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml @@ -1,3 +1,5 @@ +--- + apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml index a1b7327..dae377f 100644 --- a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml @@ -1,3 +1,5 @@ +--- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml index 56366fa..6f9e70f 100644 --- a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml +++ b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml @@ -1,3 +1,5 @@ +--- + apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: diff --git a/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml b/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml index b234bc2..de470f6 100644 --- a/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml +++ b/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml @@ -1,2 +1,4 @@ +--- + persistence: size: 2Gi diff --git a/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml b/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml index 6fe30eb..7ff9dad 100644 --- a/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml +++ b/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml @@ -1,25 +1,27 @@ +--- + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: grafana-ingress - namespace: grafana-ns + namespace: grafana-ns annotations: cert-manager.io/cluster-issuer: "root-ca-issuer" nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx tls: - - hosts: - - grafana.k8s.myorg.com - secretName: grafana-tls + - hosts: + - grafana.k8s.myorg.com + secretName: grafana-tls rules: - - host: grafana.k8s.myorg.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: grafana - port: - number: 80 + - host: grafana.k8s.myorg.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana + port: + number: 80 diff --git a/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml b/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml index 75a8eae..8e3a974 100644 --- a/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml +++ b/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml @@ -1,3 +1,5 @@ +--- + controller: ingressClassResource: default: true From 18f4112922464c84ae4c14c4ef94fde32a8be7fc Mon Sep 17 00:00:00 2001 From: Mikhail Date: Mon, 28 Aug 2023 17:24:52 +0300 Subject: [PATCH 12/18] chore: fix ansible-lint --- molecule/end-to-end_demo/converge.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 18bc8bc..13d0637 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -23,6 +23,7 @@ ansible.builtin.copy: src: deploy_files/ dest: ~/demo + mode: 0644 - name: Install pip library ansible.builtin.pip: @@ -158,10 +159,11 @@ args: executable: /bin/bash register: root_ca_secret + changed_when: False - name: Print CA cert ansible.builtin.debug: - msg: "{{ root_ca_secret.stdout }}" + msg: "{{ root_ca_secret.stdout }}" - name: Grafana admin password block: @@ -172,6 +174,7 @@ args: executable: /bin/bash register: grafana_password + changed_when: False - name: Print Grafana password ansible.builtin.debug: From a006ad7211bd5252f11ecde3179c7acc90306cbf Mon Sep 17 00:00:00 2001 From: Mikhail Date: Tue, 29 Aug 2023 11:49:36 +0300 Subject: [PATCH 13/18] ci: debug --- .github/workflows/tests.yml | 3 +++ molecule/end-to-end_demo/converge.yml | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 15d9c10..a25cb29 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -62,3 +62,6 @@ jobs: env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + - name: Setup tmate session + if: ${{ failure() }} + uses: mxschmitt/action-tmate@v3 diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 13d0637..34dbba5 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -63,7 +63,6 @@ - name: Grafana installation block: - name: Install grafana helm release - # kubernetes.core.helm: name: grafana chart_ref: grafana/grafana From 552bd86115a18918fc0142059c90d73b67a20ca5 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Tue, 29 Aug 2023 14:02:16 +0300 Subject: [PATCH 14/18] ci: debug --- molecule/verify-common.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/verify-common.yml b/molecule/verify-common.yml index b3cb7fd..30cf58b 100644 --- a/molecule/verify-common.yml +++ b/molecule/verify-common.yml @@ -5,7 +5,7 @@ - name: Query health endpoint to show output # noqa: command-instead-of-module ansible.builtin.shell: | set -o pipefail && \ - curl -k https://localhost:6443/livez?verbose 2>/dev/null + curl -k https://localhost:6443/livez?verbose args: executable: /bin/bash register: curl_show From 432847a393e39409082ad8e0ec4a2e8e0fb2d413 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Tue, 29 Aug 2023 14:58:09 +0300 Subject: [PATCH 15/18] ci: fix files locations --- molecule/end-to-end_demo/converge.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 34dbba5..43d99be 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -22,7 +22,7 @@ - name: Copy manifests and helm files ansible.builtin.copy: src: deploy_files/ - dest: ~/demo + dest: /root/demo mode: 0644 - name: Install pip library @@ -38,7 +38,7 @@ kubernetes.core.helm: name: namespaces release_namespace: default - chart_ref: root/demo/namespace-helm-chart + chart_ref: /root/demo/namespace-helm-chart - name: Loki and Grafana deployment hosts: @@ -68,7 +68,7 @@ chart_ref: grafana/grafana release_namespace: grafana-ns values_files: - - root/demo/grafana/helm-values.yml + - /root/demo/grafana/helm-values.yml - name: Ingress Controller hosts: @@ -88,7 +88,7 @@ chart_ref: ingress-nginx/ingress-nginx release_namespace: ingress-nginx-ns values_files: - - root/demo/ingress-controller/helm-values.yml + - /root/demo/ingress-controller/helm-values.yml - name: Cert Manager hosts: @@ -110,25 +110,25 @@ chart_ref: jetstack/cert-manager release_namespace: cert-manager-ns values_files: - - root/demo/cert-manager/helm-values.yml + - /root/demo/cert-manager/helm-values.yml - name: Prepare CA certificate block: - name: Create selfsigned issuer kubernetes.core.k8s: state: present - src: ~/demo/cert-manager/selfsigned-issuer.yml + src: /root/demo/cert-manager/selfsigned-issuer.yml - name: Create CA certificate kubernetes.core.k8s: state: present namespace: default - src: ~/demo/cert-manager/selfsigned-cert.yml + src: /root/demo/cert-manager/selfsigned-cert.yml - name: Create CA issuer kubernetes.core.k8s: state: present - src: ~/demo/cert-manager/root-ca-issuer.yml + src: /root/demo/cert-manager/root-ca-issuer.yml - name: Ingress hosts: @@ -140,7 +140,7 @@ - name: Ingress to grafana kubernetes.core.k8s: state: present - src: ~/demo/grafana/ingress-to-grafana.yml + src: /root/demo/grafana/ingress-to-grafana.yml - name: Useful output hosts: From b9599f90606a81ebb3619f62e99485535ccc2b5a Mon Sep 17 00:00:00 2001 From: Mikhail Date: Tue, 29 Aug 2023 16:04:40 +0300 Subject: [PATCH 16/18] ci: debug --- molecule/end-to-end_demo/converge.yml | 10 ++++++++++ molecule/end-to-end_demo/molecule.yml | 2 -- molecule/verify-common.yml | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 43d99be..534192e 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -89,6 +89,11 @@ release_namespace: ingress-nginx-ns values_files: - /root/demo/ingress-controller/helm-values.yml + register: helm_result + changed_when: false + until: helm_result.rc != 0 + retries: 2 + delay: 5 - name: Cert Manager hosts: @@ -111,6 +116,11 @@ release_namespace: cert-manager-ns values_files: - /root/demo/cert-manager/helm-values.yml + register: helm_result + changed_when: false + until: helm_result.rc != 0 + retries: 2 + delay: 5 - name: Prepare CA certificate block: diff --git a/molecule/end-to-end_demo/molecule.yml b/molecule/end-to-end_demo/molecule.yml index decdcb6..5ed2845 100644 --- a/molecule/end-to-end_demo/molecule.yml +++ b/molecule/end-to-end_demo/molecule.yml @@ -243,5 +243,3 @@ scenario: - converge - side_effect - verify - - cleanup - - destroy diff --git a/molecule/verify-common.yml b/molecule/verify-common.yml index 30cf58b..2f177cd 100644 --- a/molecule/verify-common.yml +++ b/molecule/verify-common.yml @@ -5,7 +5,7 @@ - name: Query health endpoint to show output # noqa: command-instead-of-module ansible.builtin.shell: | set -o pipefail && \ - curl -k https://localhost:6443/livez?verbose + curl -k --retry 5 https://localhost:6443/livez?verbose 2>/dev/null args: executable: /bin/bash register: curl_show From 685c5375f588de169cb76a5890a8e9765fff4e99 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Thu, 31 Aug 2023 12:06:13 +0300 Subject: [PATCH 17/18] ci: debug --- .github/workflows/tests.yml | 2 +- molecule/end-to-end_demo/converge.yml | 20 ++++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a25cb29..6502705 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -58,7 +58,7 @@ jobs: make init - name: Run tests run: | - molecule test --scenario-name "${{ matrix.scenario }}" + molecule test --scenario-name "${{ matrix.scenario }}" --destroy=never env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 534192e..2656671 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -87,13 +87,16 @@ name: ingress-nginx chart_ref: ingress-nginx/ingress-nginx release_namespace: ingress-nginx-ns + timeout: 2m values_files: - /root/demo/ingress-controller/helm-values.yml register: helm_result changed_when: false - until: helm_result.rc != 0 - retries: 2 - delay: 5 + failed_when: false + + - name: Debug + debug: + msg: "{{ helm_result }}" - name: Cert Manager hosts: @@ -114,13 +117,18 @@ name: cert-manager chart_ref: jetstack/cert-manager release_namespace: cert-manager-ns + timeout: 2m values_files: - /root/demo/cert-manager/helm-values.yml register: helm_result changed_when: false - until: helm_result.rc != 0 - retries: 2 - delay: 5 + failed_when: false + + - name: Debug + debug: + msg: "{{ helm_result }}" + - name: Pause + pause: - name: Prepare CA certificate block: From 1c1bcc73159bee5c8cf9afaa6f36f6795aca16e7 Mon Sep 17 00:00:00 2001 From: Mikhail Date: Thu, 31 Aug 2023 12:12:30 +0300 Subject: [PATCH 18/18] ci: debug --- molecule/end-to-end_demo/converge.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml index 2656671..4802a22 100644 --- a/molecule/end-to-end_demo/converge.yml +++ b/molecule/end-to-end_demo/converge.yml @@ -95,7 +95,7 @@ failed_when: false - name: Debug - debug: + ansible.builtin.debug: msg: "{{ helm_result }}" - name: Cert Manager @@ -125,10 +125,10 @@ failed_when: false - name: Debug - debug: + ansible.builtin.debug: msg: "{{ helm_result }}" - name: Pause - pause: + ansible.builtin.pause: - name: Prepare CA certificate block: