Ansible playbook refactoring and bugs fixing

.github/workflows/ci.yml

@@ -0,0 +1,29 @@
+---
+name: CI
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint all the YAMLs.
+        working-directory: ./ansible
+        run: yamllint .

ansible/group_vars/k3s_cluster.yml

@@ -7,8 +7,41 @@ k3s_master_ip: 10.0.0.11
 k3s_token: s1cret0
 
 # Extra arguments for k3s installation scripts
-k3s_server_extra_args: "--write-kubeconfig-mode '0644' --disable 'servicelb' --node-taint 'node-role.kubernetes.io/master=true:NoSchedule'"
+k3s_server_extra_args: >-
+  --write-kubeconfig-mode '0644'
+  --disable 'servicelb'
+  --node-taint 'node-role.kubernetes.io/master=true:NoSchedule'
+  --kube-controller-manager-arg 'bind-address=0.0.0.0'
+  --kube-controller-manager-arg 'address=0.0.0.0'
+  --kube-proxy-arg 'metrics-bind-address=0.0.0.0'
+  --kube-scheduler-arg 'bind-address=0.0.0.0'
+  --kube-scheduler-arg 'address=0.0.0.0'
+
+
 k3s_worker_extra_args: "--node-label 'node_type=worker'"
 
+# Namespaces
+k3s_metallb_namespace: metallb-system
+k3s_traefik_namespace: traefik-system
+k3s_longhorn_namespace: longhorn-system
+k3s_certmanager_namespace: certmanager-system
+k3s_logging_namespace: k3s-logging
+k3s_monitoring_namespace: k3s-monitoring
+
+# DNS service end-points
+
+traefik_dashboard_dns: traefik.picluster.ricsanfre.com
+longhorn_dashboard_dns: storage.picluster.ricsanfre.com
+kibana_dashboard_dns: kibana.picluster.ricsanfre.com
+grafana_dashboard_dns: grafana.picluster.ricsanfre.com
+prometheus_dashboard_dns: prometheus.picluster.ricsanfre.com
+alertmanager_dashboard_dns: alertmanager.picluster.ricsanfre.com
+
+# MetalLB configuration
 # k3s external ip range: Metal LB pool configuration
 k3s_external_ip_range: "10.0.0.100-10.0.0.200"
+
+# Traefik configuration
+# HTTP Basic auth credentials
+traefik_basic_auth_user: admin
+traefik_basic_auth_passwd: s1cret0

ansible/roles/basic_setup/tasks/remove_snap_packages.yml

@@ -16,9 +16,12 @@
     register: snap_remove_output
     with_items: "{{ snap_packages.stdout_lines }}"
   rescue:
-    - fail:
+    - name: Check number of retries and fail if greater that 3
+      fail:
         msg: Maximum retries of grouped tasks reached
       when: retry_count | int == 3
-    - debug:
+    - name: printing retry message
+      debug:
         msg: "Removing snap package failed, let's give it another shot"
-    - include_tasks: remove_snap_packages.yml
+    - name: retrying deletion
+      include_tasks: remove_snap_packages.yml

ansible/roles/certmanager/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# Namespace for cert-manager
+k3s_certmanager_namespace: certmanager-system

ansible/roles/certmanager/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Create cert-manager namespace.
   kubernetes.core.k8s:
-    name: certmanager-system
+    name: "{{ k3s_certmanager_namespace }}"
     api_version: v1
     kind: Namespace
     state: present
@@ -15,8 +15,8 @@
   kubernetes.core.helm:
     name: certmanager
     chart_ref: jetstack/cert-manager
-    chart_version: "1.5.3"
-    release_namespace: certmanager-system
+    update_repo_cache: true
+    release_namespace: "{{ k3s_certmanager_namespace }}"
     state: present
     release_values:
       installCRDs: true
@@ -26,4 +26,4 @@
     definition: "{{ lookup('template', 'templates/' + item ) }}"
     state: present
   with_items:
-    - selfsigned_issuer.yml
+    - selfsigned_issuer.yml.j2

ansible/roles/certmanager/templates/selfsigned_issuer.yml → ansible/roles/certmanager/templates/selfsigned_issuer.yml.j2

@@ -3,5 +3,6 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: self-signed-issuer
+  namespace: {{ k3s_certmanager_namespace }}
 spec:
   selfSigned: {}

ansible/roles/logging/k3s/defaults/main.yml

@@ -20,3 +20,6 @@ efk_fluentd_image: "fluent/fluentd-kubernetes-daemonset:v1.14-debian-elasticsear
 
 # Configured Timezone
 efk_node_timezone: "Europe/Madrid"
+
+# Endpoint Service DNS name
+kibana_dashboard_dns: kibana.picluster.ricsanfre.com

ansible/roles/logging/k3s/tasks/main.yml

@@ -2,7 +2,7 @@
 # namespace for hosting EFK stack
 - name: Create k3s-logging namespace.
   kubernetes.core.k8s:
-    name: k3s-logging
+    name: "{{ k3s_logging_namespace }}"
     api_version: v1
     kind: Namespace
     state: present
@@ -25,15 +25,16 @@
     name: elastic-operator
     chart_ref: elastic/eck-operator
     release_namespace: elastic-system
+    update_repo_cache: true
     state: present
 
 - name: Deploy elasticsearch, kibana and fluentd
   kubernetes.core.k8s:
     definition: "{{ lookup('template', 'templates/' + item ) }}"
     state: present
   with_items:
-    - elasticsearch_secret.yml
-    - elasticsearch.yml
-    - kibana.yml
-    - fluentd.yml
-    - kibana_ingress.yml
+    - elasticsearch_secret.yml.j2
+    - elasticsearch.yml.j2
+    - kibana.yml.j2
+    - fluentd.yml.j2
+    - kibana_ingress.yml.j2

ansible/roles/logging/k3s/templates/kibana_ingress.yml → ansible/roles/logging/k3s/templates/kibana_ingress.yml.j2

@@ -8,7 +8,7 @@ metadata:
     kubernetes.io/ingress.class: traefik
 spec:
   rules:
-    - host: kibana.picluster.ricsanfre.com
+    - host: {{ kibana_dashboard_dns }}
       http:
         paths:
           - path: /

ansible/roles/longhorn/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# Namespace for Longhorn
+k3s_longhorn_namespace: longhorn-system
+
+# Endpoint Service DNS name
+longhorn_dashboard_dns: storage.picluster.ricsanfre.com

ansible/roles/longhorn/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Create longhorn namespace.
   kubernetes.core.k8s:
-    name: longhorn-system
+    name: "{{ k3s_longhorn_namespace }}"
     api_version: v1
     kind: Namespace
     state: present
@@ -16,7 +16,7 @@
     name: longhorn
     chart_ref: longhorn/longhorn
     update_repo_cache: true
-    release_namespace: longhorn-system
+    release_namespace: "{{ k3s_longhorn_namespace }}"
     state: present
     release_values:
       defaultSettings:
@@ -27,7 +27,7 @@
     definition: "{{ lookup('template', 'templates/' + item ) }}"
     state: present
   with_items:
-    - longhorn_ingress.yml
+    - longhorn_ingress.yml.j2
 
 - name: Remove Local-Path as default storage class
   command:

ansible/roles/longhorn/templates/longhorn_ingress.yml → ansible/roles/longhorn/templates/longhorn_ingress.yml.j2

@@ -4,24 +4,24 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: longhorn-ingress
-  namespace: longhorn-system
+  namespace: {{ k3s_longhorn_namespace }}
   annotations:
     # HTTPS as entry point
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     # Enable TLS
     traefik.ingress.kubernetes.io/router.tls: "true"
     # Use Basic Auth Midleware configured
-    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-basic-auth@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: {{ k3s_traefik_namespace }}-basic-auth@kubernetescrd
     # Enable cert-manager to create automatically the SSL certificate and store in Secret
     cert-manager.io/cluster-issuer: self-signed-issuer
     cert-manager.io/common-name: longhorn
 spec:
   tls:
     - hosts:
-        - storage.picluster.ricsanfre.com
+        - {{ longhorn_dashboard_dns }}
       secretName: storage-tls
   rules:
-    - host: storage.picluster.ricsanfre.com
+    - host: {{ longhorn_dashboard_dns }}
       http:
         paths:
           - path: /
@@ -38,15 +38,15 @@ kind: Ingress
 apiVersion: networking.k8s.io/v1
 metadata:
   name: longhorn-redirect
-  namespace: longhorn-system
+  namespace: {{ k3s_longhorn_namespace }}
   annotations:
     # Use redirect Midleware configured
-    traefik.ingress.kubernetes.io/router.middlewares: traefik-system-redirect@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: {{ k3s_traefik_namespace }}-redirect@kubernetescrd
     # HTTP as entrypoint
     traefik.ingress.kubernetes.io/router.entrypoints: web
 spec:
   rules:
-    - host: storage.picluster.ricsanfre.com
+    - host: {{ longhorn_dashboard_dns }}
       http:
         paths:
           - path: /

ansible/roles/metallb/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# Namespace for metallb
+k3s_metallb_namespace: metallb-system
+
+# k3s external ip range: Metal LB pool configuration
+k3s_external_ip_range:

ansible/roles/metallb/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Create Metal LB namespace.
   kubernetes.core.k8s:
-    name: metallb-system
+    name: "{{ k3s_metallb_namespace }}"
     api_version: v1
     kind: Namespace
     state: present
@@ -15,7 +15,8 @@
   kubernetes.core.helm:
     name: metallb
     chart_ref: metallb/metallb
-    release_namespace: metallb-system
+    release_namespace: "{{ k3s_metallb_namespace }}"
+    update_repo_cache: true
     state: present
     release_values:
       configInline:

ansible/roles/prometheus/defaults/main.yml

@@ -1,5 +1,12 @@
 ---
 
+k3s_monitoring_namespace: k3s-monitoring
+
+# Endpoint Service DNS name
+grafana_dashboard_dns: grafana.picluster.ricsanfre.com
+prometheus_dashboard_dns: prometheus.picluster.ricsanfre.com
+alertmanager_dashboard_dns: alertmanager.picluster.ricsanfre.com
+
 # Storage Settings
 prometheus_storage_size: "5Gi"
 prometheus_storage_class: "longhorn"