├── .yamllint ├── README.md ├── defaults └── main.yml ├── meta └── main.yml ├── molecule └── default │ ├── Dockerfile.j2 │ ├── INSTALL.rst │ ├── converge.yml │ ├── create.yml │ ├── destroy.yml │ ├── files │ ├── tls.crt │ └── tls.key │ ├── inventory │ ├── generator.yml │ └── group_vars │ │ ├── all.yml │ │ ├── docker-debug.yml │ │ ├── runner.yml │ │ └── test.yml │ ├── molecule.yml │ ├── requirements.txt │ ├── roles │ └── set-namespace │ │ └── tasks │ │ └── main.yml │ ├── side_effect.yml │ ├── templates │ ├── env-configmap.yml │ ├── env-secrets.yml │ ├── manifest.yml │ ├── tls-secrets.yml │ └── www-data-configmap.yml │ ├── vault_password │ └── yamllint.cfg └── tasks ├── main.yml └── resource.yml /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | braces: 6 | max-spaces-inside: 1 7 | level: error 8 | brackets: 9 | max-spaces-inside: 1 10 | level: error 11 | line-length: disable 12 | # NOTE(retr0h): Templates no longer fail this lint rule. 13 | # Uncomment if running old Molecule templates. 14 | # truthy: disable 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | kube-resource 2 | ============= 3 | 4 | Manages Kubernetes resources based on a set of manifest templates 5 | 6 | The kube-resource role implements the principles of immutable configmaps 7 | and secrets as 8 | [presented at AnsibleFest 2018](https://www.ansible.com/managing-kubernetes-is-easy-with-ansible) 9 | 10 | Requirements 11 | ------------ 12 | 13 | * openshift 0.11.2 or above 14 | * kubernetes-validate (only needed if `kube_resource_validation_options` is set 15 | * kubernetes 16 | * kubernetes-validate python module if `kube_resource_validate` is set 17 | * community.kubernetes collection 1.0.0 (if using 2.10 onwards) 18 | 19 | Role Variables 20 | -------------- 21 | 22 | * `kube_resource_apply` - whether to use client side apply (equivalent to `kubectl apply`) 23 | * `kube_resource_namespace` - namespace in which to create resources 24 | * `kube_resource_create_namespace` - whether to create the namespace (defaults to `False`) 25 | * `kube_resource_name` - name of resource being managed 26 | * `kube_resource_configmaps` - a dict of ConfigMaps, mapping a reference name to a ConfigMap definition 27 | * `kube_resource_manifest_files` - a list of resource definition template file names 28 | * `kube_resource_secrets` - a dict of Secrets, mapping a reference name to a Secret definition 29 | * `kube_resource_secrets_files` - a list of Secret definition template file names 30 | * `kube_resource_validate` - configuration for the `validation` argument of the `k8s` module. e.g. 31 | ``` 32 | kube_resource_validate: 33 | fail_on_error: true 34 | strict: true 35 | ``` 36 | * `kube_resource_wait` - whether to wait for resources to update (default `false`) 37 | * `kube_resource_wait_timeout` - how long to wait in seconds for resources to update (ignored if kube_resource_wait is unset). Defaults to 120 38 | * `kube_resource_UNSAFE_show_logs` - whether to show the logs when working with secrets. Defaults to `false`. 39 | For use when troubleshooting problems with secret definitions. 40 | 41 | * `kube_resource_validate_options` - how to validate Kubernetes resources. Defaults to an empty dict, 42 | disabling validation. A sensible setting is: 43 | ``` 44 | kube_resource_validate_options: 45 | strict: yes 46 | fail_on_error: yes 47 | ``` 48 | * `kube_resource_wait` - whether to wait for resources to reach their desired state (default `no`) 49 | * `kube_resource_wait_timeout` - how long to wait in seconds for resources if `kube_resource_wait` is on 50 | (default 120) 51 | * `kube_resource_lookup_plugin` - The lookup plugin to use when reading manifests. If you're reading pure 52 | kubernetes manifests, you can use `file` which helps if those manifests contain jinja. Defaults to 53 | `template` 54 | 55 | 56 | Dependencies 57 | ------------ 58 | 59 | None 60 | 61 | Example Playbook 62 | ---------------- 63 | 64 | ``` 65 | kube_resource_configmaps: 66 | my-resource-env: "{{ lookup('template', template_dir + '/my-resource-env.j2') }}" 67 | ``` 68 | 69 | ``` 70 | kube_resource_manifest_files: "{{ lookup('fileglob', template_dir + '/*manifest.yml') }}" 71 | ``` 72 | 73 | ``` 74 | - hosts: "{{ application }}-{{ env }}-runner" 75 | roles: 76 | - kube-resource 77 | ``` 78 | 79 | The molecule/default directory now contains a working playbook and inventory suitable for 80 | running on Kubernetes for Docker 81 | 82 | Testing 83 | ------- 84 | 85 | The role comes with a [molecule](https://molecule.readthedocs.io/) test suite that should 86 | work against any reasonable Kubernetes implementation (it has been tested against Kubernetes 87 | for Docker) 88 | 89 | ``` 90 | K8S_AUTH_CONTEXT=docker-for-desktop molecule test 91 | ``` 92 | 93 | Versions 94 | -------- 95 | 96 | This module relies on functionality of Ansible that won't be released until Ansible 2.8 in mid 2019. 97 | The functionality has been included in this role, but will need to be removed once 2.8 is released. 98 | As such, the role will be available by Ansible version. 99 | 100 | Versions will be tagged `v2.7-x` where `x` is the release number of the role for version 2.7, with 101 | a parallel `v2.8-y` version for use with Ansible 2.8 (or ansible devel branch before then) 102 | 103 | License 104 | ------- 105 | 106 | This role contains modules and filters from the Ansible project and thus inherit Ansible's license 107 | 108 | GPL 3 109 | 110 | Author Information 111 | ------------------ 112 | 113 | Will Thames (@willthames) 114 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kube_resource_apply: true 3 | kube_resource_create_namespace: false 4 | kube_resource_configmaps: {} 5 | kube_resource_secrets: {} 6 | kube_resource_secrets_files: [] 7 | kube_resource_UNSAFE_show_logs: false 8 | kube_resource_validate_options: {} 9 | kube_resource_wait: false 10 | kube_resource_wait_timeout: 120 11 | kube_resource_prefix_label: kube_resource_prefix 12 | kube_resource_deployments_api: apps/v1 13 | kube_resource_lookup_plugin: template 14 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Will Thames 4 | description: Manage Kubernetes resources 5 | 6 | license: GPLv3 7 | 8 | min_ansible_version: 2.7 9 | 10 | # 11 | # platforms is a list of platforms, and each platform has a name and a list of versions. 12 | # 13 | # platforms: 14 | # - name: Fedora 15 | # versions: 16 | # - all 17 | # - 25 18 | # - name: SomePlatform 19 | # versions: 20 | # - all 21 | # - 1.0 22 | # - 7 23 | # - 99.99 24 | 25 | galaxy_tags: 26 | - kubernetes 27 | - k8s 28 | 29 | dependencies: [] 30 | collections: 31 | - community.kubernetes 32 | - kubernetes.core 33 | -------------------------------------------------------------------------------- /molecule/default/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM geerlingguy/docker-centos7-ansible 2 | 3 | COPY requirements.txt / 4 | RUN pip install -r /requirements.txt 5 | -------------------------------------------------------------------------------- /molecule/default/INSTALL.rst: -------------------------------------------------------------------------------- 1 | ******* 2 | Docker driver installation guide 3 | ******* 4 | 5 | Requirements 6 | ============ 7 | 8 | * General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) 9 | * Docker Engine 10 | * docker-py 11 | * docker 12 | 13 | Install 14 | ======= 15 | 16 | $ sudo pip install docker-py 17 | -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Initial run 3 | hosts: docker-debug-test-runner 4 | vars: 5 | version: blue 6 | 7 | roles: 8 | - set-namespace 9 | - ansible-role-kube-resource 10 | -------------------------------------------------------------------------------- /molecule/default/create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create 3 | hosts: docker-debug-test-runner 4 | 5 | tasks: 6 | - name: generate sufficiently random namespace name 7 | set_fact: 8 | kube_resource_namespace: "kube-resource-test-{{ (ansible_facts.date_time.iso8601_micro | hash('sha256'))[:8] }}" 9 | 10 | - name: create namespace 11 | k8s: 12 | definition: 13 | kind: Namespace 14 | metadata: 15 | name: "{{ kube_resource_namespace }}" 16 | labels: 17 | created-by: ansible-role-kube-resource-molecule 18 | -------------------------------------------------------------------------------- /molecule/default/destroy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Destroy 3 | hosts: docker-debug-test-runner 4 | 5 | tasks: 6 | - name: find namespaces owned by this role 7 | k8s_info: 8 | kind: Namespace 9 | label_selectors: 10 | - created-by=ansible-role-kube-resource-molecule 11 | register: k8s_info_namespace 12 | 13 | - name: remove namespaces owned by this role 14 | k8s: 15 | kind: Namespace 16 | name: "{{ item.metadata.name }}" 17 | state: absent 18 | loop: "{{ k8s_info_namespace.resources }}" 19 | -------------------------------------------------------------------------------- /molecule/default/files/tls.crt: -------------------------------------------------------------------------------- 1 | $ANSIBLE_VAULT;1.1;AES256 2 | 62396365393530666464633330383662323235623562653765623837653465663833316532313466 3 | 3835383662383832326165356130393366323361356633360a626161343564343766333732346262 4 | 64393130306361666433303438323836393131383637323966643837303633636338333364613230 5 | 3133346236346133320a336132353935653239313536303663376563633963636362326361396339 6 | 35663739323932626133373762616138623463383464353737383037633334613630623361666538 7 | 66353162663861623837303337393163643163636639383736336563636562383131356536303932 8 | 65336663353133626437663566356131346365343334333438373033653064316664663161646138 9 | 30623731336263343930613236616633346266333536326433353537613763646436616236613766 10 | 39636364616538653831306630353735613331383035623432626535656536336238326361663864 11 | 31636636363633316134616433616532366234656661393530356164333333623462616161343737 12 | 63346139303139616238336633626234316336343136343064323838363762353539323864666235 13 | 65316166313232613033353365383732383434653164333466333365323661353031326665386133 14 | 32663939393630323531393561383538616361303732633536613438313338393033383161663366 15 | 35393361346537653539633638303035386331313665313366653065346661623933393037336261 16 | 35646233623563333733613930313032373936616462346133376662363235336164636530386166 17 | 66633466633266316561393666396630333338383937326533346539323865353830623431633739 18 | 64336230646162353131363739366534343539383537633532653636343030633663623436663635 19 | 65626539316266653439616630386631306536386333633566633263653764303663356261666666 20 | 39333835306362303465323063353035386266376561363963336662663465666233346661646566 21 | 61303864343766366261656235323630383334306638643734643334316635333539653034663233 22 | 35633231363939393033386465623737383333623838636233353765356537653631346634316134 23 | 63646264373039326335313038323539383064383136373034313736383433646237633935616562 24 | 35333836333464336531393961353230616662303038663932363539353931376538316231396133 25 | 36303036356661383930663939363462363839366136666136303362613165663634376332303937 26 | 33343537653365313731356165353935353538366365643033653737346337316663643331333930 27 | 38373639383139333733303730623035303032373563633433633061656564373032303236303737 28 | 333833303334366639393739336261323335 29 | -------------------------------------------------------------------------------- /molecule/default/files/tls.key: -------------------------------------------------------------------------------- 1 | $ANSIBLE_VAULT;1.1;AES256 2 | 33653966386230373566313739663066633833633334376262653532663964356337303839643433 3 | 3564656634333066663234373063373762636264396434610a646232653431626565313864316463 4 | 33396636306337303238353861373132393161393537313365626165306332363464616661663031 5 | 3564366636393537620a623665306261346362653332653561623161393866353338626438376437 6 | 31616530643538646564353131323830623663626666346337646632656265313237313139346234 7 | 37623435353636343039313932613034366534336238636562303832393530653636356563306437 8 | 33636537613833373632393435623865313132663461336230373061616535306136623939373434 9 | 32326262396233373537373261303730626139613937313462636537643130386333306366363565 10 | 63663163336662343530306163663665663033396233626239633238353734613163666261343765 11 | 39613662343531633631666465646238336231613430346563393761336164313263613737666432 12 | 63643061626664633732333237373835313566366330393965333563303261303039303133376161 13 | 30393732613435653862666237663962356464356164303034323163656236333034653664303764 14 | 32376663316662643539613036373031623337623634303964653330663762356132616561646437 15 | 32646664376437316539356465666135616432313832396437643634396361313437613361333936 16 | 39383161656464623235333830323536626238303662316163336362306436653231323739393239 17 | 38646438663462396165393931373030356430653833376366626165383334353336626438393965 18 | 64663762366263346633323365383738353035373465306561393730643566343939633034656634 19 | 36353863623934643039313164666564613761643165616136303564653834333465323133376266 20 | 62386335646337393466623063366437373537363831346237373438303764653966346262313334 21 | 36343231326534323738393834383730626632393764346438323739636132613630643663323836 22 | 34393535356266306632623263336135356164336434336239666365636366316130353835396239 23 | 65306662646339666237356432656533653334313333396639363635313365316530663566633735 24 | 63666665323038303432356133363065326232653863333833626262303534343461646534383638 25 | 34333331653965376563646137343765316436386262316662336232656338656538303139623232 26 | 37373562336464346531353332313935623165343135393364326561323565646230323731643238 27 | 65663032313536643466626239363030613166636133666239633331616266333335336130613564 28 | 37666264316466336433326134353238623138336265313636656531346665303561316638646339 29 | 31393633323833656536663861326364356438323462646331656162636535323864306335313334 30 | 66376231636464316666333862383263616561616638303336666565343162666361376261616531 31 | 36656466653762656365343537363637323861306433376134313739626138386135356365643137 32 | 38346132306531616163633837343630363936396631323062643532623766383935366261343065 33 | 31356539396333633534313930633637663630366434373363353161623839356466633535316462 34 | 34393761623462396632616337393063313661623361326137613236373735323537666565383565 35 | 31316530386664626536386238633263636163353236383331316531656165313563353730383934 36 | 35323234326166356532343730303237316661316330326662656163333763666538636463643333 37 | 64393062616137633833636635383163383634353563363664306538373433333739656432643962 38 | 63666432623636643763346563653830306534666666373331623031306362353837 39 | -------------------------------------------------------------------------------- /molecule/default/inventory/generator.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # inventory.config file in YAML format 3 | plugin: generator 4 | strict: false 5 | hosts: 6 | name: "{{ application }}-{{ environment }}-runner" 7 | parents: 8 | - name: "{{ application }}-{{ environment }}" 9 | parents: 10 | - name: "{{ application }}" 11 | vars: 12 | application: "{{ application }}" 13 | - name: "{{ environment }}" 14 | vars: 15 | environment: "{{ environment }}" 16 | - name: runner 17 | layers: 18 | environment: 19 | - dev 20 | - test 21 | - prod 22 | application: 23 | - docker-debug 24 | -------------------------------------------------------------------------------- /molecule/default/inventory/group_vars/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kube_resource_apply: true 3 | kube_resource_name: "{{ env }}-{{ application }}" 4 | kube_resource_labels: 5 | application: "{{ application }}" 6 | environment: "{{ env }}" 7 | kube_deployment_extra_labels: 8 | version: "{{ version }}" 9 | kube_deployment_labels: "{{ kube_resource_labels | combine(kube_deployment_extra_labels) }}" 10 | kube_deployment_replicas: 3 11 | container_image: willthames/docker_debug 12 | container_registry: "" 13 | image_pull_policy: Always 14 | kube_resource_fqdn: "{{ application }}.{{ kube_domain_name }}" 15 | kube_domain_name: example.com 16 | kube_resource_template_dir: "{{ 'templates/' }}" 17 | docker_debug_database_password: !vault | 18 | $ANSIBLE_VAULT;1.1;AES256 19 | 38663934326666646361653932663535643739636430383166633436626432383261333162356534 20 | 3261346635623763306631396166346332376263306564390a303462623762383434333264346434 21 | 66333032393364323836343331323230656465636334363132626265653937656434633166313465 22 | 3431663738353339360a373333373366613935373364303837353161633466393164653163383134 23 | 6636 24 | 25 | kube_resource_validate_options: 26 | strict: true 27 | fail_on_error: true 28 | kube_resource_wait: true 29 | -------------------------------------------------------------------------------- /molecule/default/inventory/group_vars/docker-debug.yml: -------------------------------------------------------------------------------- 1 | --- 2 | application: docker-debug 3 | kube_resource_configmaps: 4 | env-configmap: "{{ lookup('template', kube_resource_template_dir + 'env-configmap.yml') | from_yaml }}" 5 | www-data-configmap: "{{ lookup('template', kube_resource_template_dir + 'www-data-configmap.yml') | from_yaml }}" 6 | kube_resource_secrets: 7 | env-secrets: "{{ lookup('template', kube_resource_template_dir + 'env-secrets.yml') | from_yaml }}" 8 | kube_resource_manifest_files: "{{ query('fileglob', kube_resource_template_dir + '*manifest.yml') }}" 9 | kube_resource_secrets_files: 10 | - "{{ kube_resource_template_dir }}tls-secrets.yml" 11 | changeable: v1 12 | -------------------------------------------------------------------------------- /molecule/default/inventory/group_vars/runner.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_connection: local 3 | ansible_python_interpreter: "{{ ansible_playbook_python }}" 4 | -------------------------------------------------------------------------------- /molecule/default/inventory/group_vars/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | env: test 3 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: delegated 6 | options: 7 | managed: true 8 | ansible_connection_options: 9 | ansible_connection: local 10 | lint: | 11 | set -e 12 | yamllint -c molecule/default/yamllint.cfg . 13 | flake8 14 | platforms: 15 | - name: docker-debug-test-runner 16 | groups: 17 | - docker-debug 18 | - test 19 | - runner 20 | provisioner: 21 | name: ansible 22 | env: 23 | ANSIBLE_STDOUT_CALLBACK: yaml 24 | inventory: 25 | links: 26 | group_vars: inventory/group_vars 27 | options: 28 | vault-password-file: vault_password 29 | vvv: true 30 | playbooks: 31 | side_effect: side_effect.yml 32 | scenario: 33 | name: default 34 | verifier: 35 | name: testinfra 36 | -------------------------------------------------------------------------------- /molecule/default/requirements.txt: -------------------------------------------------------------------------------- 1 | openshift==0.8.2 2 | kubernetes-validate==1.12.2 3 | -------------------------------------------------------------------------------- /molecule/default/roles/set-namespace/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: find namespace 3 | k8s_info: 4 | kind: Namespace 5 | label_selectors: 6 | - created-by=ansible-role-kube-resource-molecule 7 | register: k8s_info_namespace 8 | 9 | - name: set kube_resource_namespace appropriately 10 | set_fact: 11 | kube_resource_namespace: >- 12 | {{ (k8s_info_namespace.resources | json_query('[?status.phase != `Terminating`]') | first).metadata.name }} 13 | -------------------------------------------------------------------------------- /molecule/default/side_effect.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify changing Deployment 3 | hosts: docker-debug-test-runner 4 | vars: 5 | version: green 6 | 7 | roles: 8 | - set-namespace 9 | - ansible-role-kube-resource 10 | -------------------------------------------------------------------------------- /molecule/default/templates/env-configmap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ kube_resource_name }}-env 6 | namespace: {{ kube_resource_namespace }} 7 | labels: 8 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(4) }} 9 | data: 10 | DATABASE_NAME: application 11 | DATABASE_HOST: db.{{ env }}.example.com 12 | ENABLE_BUGGY_FEATURE: "True" 13 | CHANGEABLE_VARIABLE: {{ changeable }} 14 | -------------------------------------------------------------------------------- /molecule/default/templates/env-secrets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "{{ kube_resource_name }}-env" 6 | namespace: {{ kube_resource_namespace }} 7 | labels: 8 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(4) }} 9 | type: Opaque 10 | data: 11 | DATABASE_PASSWORD: "{{ docker_debug_database_password | b64encode }}" 12 | -------------------------------------------------------------------------------- /molecule/default/templates/manifest.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ kube_resource_name }} 6 | namespace: {{ kube_resource_namespace }} 7 | labels: 8 | {{ kube_deployment_labels | to_nice_yaml(indent=2) | indent(4) }} 9 | spec: 10 | replicas: {{ kube_deployment_replicas }} 11 | selector: 12 | matchLabels: 13 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(6) }} 14 | template: 15 | metadata: 16 | labels: 17 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(8) }} 18 | spec: 19 | securityContext: 20 | runAsUser: 1000 21 | fsGroup: 2000 22 | containers: 23 | - name: {{ kube_resource_name }} 24 | # Normally container tag would come from inventory but we want to show changes over time 25 | image: {{ container_registry|ternary(container_registry + "/", "") }}{{ container_image }}:{{ version }} 26 | imagePullPolicy: {{ image_pull_policy }} 27 | ports: 28 | - containerPort: 5000 29 | env: 30 | - name: NODE_NAME 31 | valueFrom: 32 | fieldRef: 33 | fieldPath: spec.nodeName 34 | envFrom: 35 | - configMapRef: 36 | name: {{ (kube_resource_configmaps['env-configmap']) | k8s_config_resource_name }} 37 | - secretRef: 38 | name: {{ (kube_resource_secrets['env-secrets']) | k8s_config_resource_name }} 39 | readinessProbe: 40 | tcpSocket: 41 | port: 5000 42 | initialDelaySeconds: 5 43 | periodSeconds: 5 44 | volumeMounts: 45 | - name: www-data 46 | mountPath: /app/static/extras 47 | - name: tls 48 | mountPath: /etc/ssl/ 49 | volumes: 50 | - name: www-data 51 | configMap: 52 | name: {{ (kube_resource_configmaps['www-data-configmap']) | k8s_config_resource_name }} 53 | - name: tls 54 | secret: 55 | secretName: {{ kube_resource_name }}-tls 56 | defaultMode: 0440 57 | --- 58 | apiVersion: v1 59 | kind: Service 60 | metadata: 61 | name: {{ kube_resource_name }} 62 | namespace: {{ kube_resource_namespace }} 63 | labels: 64 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(4) }} 65 | spec: 66 | ports: 67 | - port: 8080 # the port that this service should serve on 68 | # the container on each pod to connect to, can be a name 69 | # (e.g. 'www') or a number (e.g. 80) 70 | targetPort: 5000 71 | protocol: TCP 72 | # just like the selector in the deployment, 73 | # but this time it identifies the set of pods to load balance 74 | # traffic to. 75 | selector: 76 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(4) }} 77 | --- 78 | apiVersion: extensions/v1beta1 79 | kind: Ingress 80 | metadata: 81 | name: {{ kube_resource_name }} 82 | namespace: {{ kube_resource_namespace }} 83 | spec: 84 | rules: 85 | - host: {{ kube_resource_fqdn }} 86 | http: 87 | paths: 88 | - path: / 89 | backend: 90 | serviceName: {{ kube_resource_name }} 91 | servicePort: 8080 92 | -------------------------------------------------------------------------------- /molecule/default/templates/tls-secrets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "{{ kube_resource_name }}-tls" 6 | namespace: {{ kube_resource_namespace }} 7 | labels: 8 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(4) }} 9 | type: Opaque 10 | data: 11 | tls.crt: "{{ lookup('file', playbook_dir + '/files/tls.crt') | b64encode }}" 12 | tls.key: "{{ lookup('file', playbook_dir + '/files/tls.key') | b64encode }}" 13 | -------------------------------------------------------------------------------- /molecule/default/templates/www-data-configmap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ kube_resource_name }}-www-data 6 | namespace: {{ kube_resource_namespace }} 7 | labels: 8 | {{ kube_resource_labels | to_nice_yaml(indent=2) | indent(4) }} 9 | data: 10 | shake.css: | 11 | @keyframes shake { 12 | 10%, 90% { transform: translate3d(-1px, 0, 0); } 13 | 20%, 80% { transform: translate3d(2px, 0, 0); } 14 | 30%, 50%, 70% { transform: translate3d(-4px, 0, 0); } 15 | 40%, 60% { transform: translate3d(4px, 0, 0); } 16 | } 17 | 18 | table { 19 | display: inline-block; 20 | animation: shake 2.5s infinite; 21 | } 22 | -------------------------------------------------------------------------------- /molecule/default/vault_password: -------------------------------------------------------------------------------- 1 | hello 2 | -------------------------------------------------------------------------------- /molecule/default/yamllint.cfg: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | # 120 chars should be enough, but don't fail if a line is longer 6 | line-length: 7 | max: 120 8 | level: warning 9 | 10 | ignore: | 11 | **/molecule/default/templates/*.yml 12 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ensure that the namespace exists 3 | k8s: 4 | kind: Namespace 5 | name: "{{ kube_resource_namespace }}" 6 | when: kube_resource_create_namespace 7 | 8 | - name: empty manifest and secret lists (important if role is run twice!) 9 | set_fact: 10 | kube_resource_manifests_from_files: [] 11 | kube_resource_secrets_from_files: [] 12 | 13 | - name: create secrets list 14 | set_fact: 15 | kube_resource_secrets_from_files: >- 16 | {{ kube_resource_secrets_from_files + lookup(kube_resource_lookup_plugin, item)|from_yaml_all|list }} 17 | loop: "{{ kube_resource_secrets_files }}" 18 | no_log: "{{ not kube_resource_UNSAFE_show_logs }}" 19 | 20 | - name: create manifests list 21 | set_fact: 22 | kube_resource_manifests_from_files: >- 23 | {{ kube_resource_manifests_from_files + lookup(kube_resource_lookup_plugin, item)|from_yaml_all|list }} 24 | loop: "{{ kube_resource_manifest_files }}" 25 | 26 | - name: create configmaps 27 | k8s: 28 | definition: "{{ item.value }}" 29 | append_hash: true 30 | validate: "{{ kube_resource_validate_options }}" 31 | wait: "{{ kube_resource_wait }}" 32 | wait_timeout: "{{ kube_resource_wait_timeout }}" 33 | loop: "{{ kube_resource_configmaps | dict2items }}" 34 | 35 | - name: create secrets 36 | k8s: 37 | definition: "{{ item.value }}" 38 | append_hash: true 39 | validate: "{{ kube_resource_validate_options }}" 40 | wait: "{{ kube_resource_wait }}" 41 | wait_timeout: "{{ kube_resource_wait_timeout }}" 42 | loop: "{{ kube_resource_secrets | dict2items }}" 43 | loop_control: 44 | label: "{{ item.value.kind }}-{{ item.value.metadata.name }}" 45 | no_log: "{{ not kube_resource_UNSAFE_show_logs }}" 46 | 47 | - name: create secrets from files 48 | k8s: 49 | definition: "{{ item }}" 50 | validate: "{{ kube_resource_validate_options }}" 51 | wait: "{{ kube_resource_wait }}" 52 | wait_timeout: "{{ kube_resource_wait_timeout }}" 53 | loop: "{{ kube_resource_secrets_from_files }}" 54 | loop_control: 55 | label: "{{ item.kind }}-{{ item.metadata.name }}" 56 | no_log: "{{ not kube_resource_UNSAFE_show_logs }}" 57 | 58 | - name: apply all resource definitions in order 59 | include_tasks: resource.yml 60 | with_items: "{{ kube_resource_manifests_from_files }}" 61 | loop_control: 62 | label: "{{ item.kind }}-{{ item.metadata.name }}" 63 | -------------------------------------------------------------------------------- /tasks/resource.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Apply {{ item.metadata.name }} {{ item.kind }} manifest 3 | k8s: 4 | apply: "{{ kube_resource_apply }}" 5 | definition: "{{ item }}" 6 | wait: "{{ kube_resource_wait }}" 7 | wait_timeout: "{{ kube_resource_wait_timeout }}" 8 | validate: "{{ kube_resource_validate_options }}" 9 | no_log: "{{ item.kind == 'Secret' and not(kube_resource_UNSAFE_show_logs | bool) }}" 10 | --------------------------------------------------------------------------------