nephelaiio.k8s

An opinionated ansible role to bootstrap K8s cluster deployments with the following components:

MetalLB (Helm deployment)
Cert-Manager (Helm deployment)
NGINX ingress controllers (Helm deployment)
ArgoCD (Helm deployment)
LongHorn (Helm deployment)
Strimzi (Helm deployment)
Zalando Postgres Operator (Helm deployment)
MySQL (Helm deployment)
Metrics Server (Helm deployment)
Grafana (TODO)
Kyverno (TODO)

Role includes a cluster verifier that can be activated by setting k8s_verify: true that performs the following checks:

All pods are successful
All helm deployments are successful
All certificates deployments are successful
All ingresses haven been assigned external ips
All ingresses haven been assigned a valid certificate
All ingresses respond with HTTP 200
All volumes deployments are successful
All ArgoCD applications are successful
All Zalando instances are deployed
All MySQL InnoDB clusters are deployed
Metrics server is deployed

Roadmap

Add local path provisioner
Add Grafana deployment
Add Kyverno deployment
Move deployments to ArgoCD apps deployed synchronously
Add statefulset status tests
Add deployment status tests
Add service status tests
Move loadbalancer tests to dedicated file

Role Variables

The following is the list of parameters intended for end-user manipulation:

Cluster wide parameters

Parameter	Default	Type	Description	Required
k8s_deploy	true	bool	Toggle flag for cluster deployer	no
k8s_verify	false	bool	Toggle flag for cluster verification	no
k8s_service_verify	true	bool	Toggle flag for service verification	no
k8s_ingress_verify	true	bool	Toggle flag for ingress verification	no
k8s_volume_verify	true	bool	Toggle flag for volume verification	no
k8s_cluster_type	local	string	One of ['local', 'aws']	no
k8s_kubeconfig	~/.kube/config	string	Kubeconfig deploy bin file path	no
k8s_helm_bin	autodetect	string	Helm deploy bin file path	no
k8s_wait_timeout	600	int	Global deploy wait timeout	no
k8s_cluster_name	undefined	string	Cluster base fqdn	yes
k8s_address_pool_private_name	private	string	Private pool name	no
k8s_address_pool_private_iprange	undefined	string	LB private network/prefix	yes
k8s_address_pool_public_name	public	string	LB public network name	no
k8s_address_pool_public_iprange	undefined	string	LB public network/prefix	yes
k8s_retry_num	3	int	Retries for cluster operations	no
k8s_retry_delay	30	int	Retry delay for cluster operations	no

Secret parameters:

Parameter	Default	Type	Description	Required
k8s_secrets	[]	[Secret]	[Secret] definitions	no

Verifier parameters:

Parameter	Default	Type	Description	Required
k8s_verifier_path	undefined	string	Verification artifact directory	no

ArgoCD parameters

Parameter	Default	Type	Description	Required
k8s_argocd_deploy	true	bool	ArgoCD deployment flag	no
k8s_argocd_chart_release	undefined	string	Chart release override	no
k8s_argocd_apps_chart_release	undefined	string	Chart release override	no
k8s_argocd_hostname	argocd.<k8s_cluster_name>	string	ArgoCD ingress hostname	no
k8s_argocd_exec_timeout	3m	string	ArgoCD operation timeout	no

MetalLB parameters:

Parameter	Default	Type	Description	Required
k8s_metallb_chart_release	undefined	string	Chart release override	no
k8s_metallb_speaker_secret	undefined	string	Speaker Secret	yes

Nginx parameters:

Parameter	Default	Type	Description	Required
k8s_nginx_chart_release	undefined	string	Chart release override	no

Cert-Manager parameters:

Parameter	Default	Type	Description	Required
k8s_certmanager_chart_release	undefined	string	Chart release override	no
k8s_certmanager_acme_secret	undefined	string	Cloudflare api token	yes
k8s_certmanager_acme_email	undefined	string	Cloudflare api email	yes
k8s_certmanager_issuer_server	LetsEncrypt staging URL	string	ACME registration server	no

Longhorn parameters:

Parameter	Default	Type	Description	Required
k8s_longhorn_deploy	true	bool	Toggle flag for Longhorn deployment	no
k8s_longhorn_verify	true	bool	Toggle flag for Longhorn verification	no
k8s_longhorn_chart_release	undefined	string	Chart release override	no

Strimzi parameters:

Parameter	Default	Type	Description	Required
k8s_strimzi_deploy	true	bool	Toggle flag for Strimzi deployment	no
k8s_strimzi_verify	true	bool	Toggle flag for Strimzi verification	no
k8s_strimzi_chart_release	undefined	string	Chart release override	no
k8s_strimzi_approval	Automatic	Manual	Automatic	no

Zalando parameters:

Parameter	Default	Type	Description	Required
k8s_zalando_deploy	true	bool	Toggle flag for Zalando deployment	no
k8s_zalando_verify	true	bool	Toggle flag for Zalando verification	no
k8s_zalando_chart_release	undefined	string	Chart release override	no
k8s_zalando_basedomain	k8s_cluster_name	string	Domain for postgresql load balancers	no

OpenSearch parameters:

Parameter	Default	Type	Description	Required
k8s_opensearch_deploy	true	bool	Toggle flag for OpenSearch deployment	no
k8s_opensearch_verify	true	bool	Toggle flag for OpenSearch verification	no
k8s_opensearch_chart_release	undefined	string	Chart release override	no

Sealed-secrets parameters:

Parameter	Default	Type	Description	Required
k8s_sealedsecrets_deploy	true	bool	Toggle flag for SealedSecrets deployment	no
k8s_sealedsecrets_chart_release	undefined	string	Sealedsecrets helm chart release	no
k8s_sealedsecrets_chart_values	undefined	string	Sealedsecrets chart values override	no

Reflector parameters:

Parameter	Default	Type	Description	Required
k8s_reflector_deploy	true	bool	Toggle flag for Reflector deployment	no
k8s_reflector_chart_release	undefined	string	Reflector helm chart release	no

Keel parameters:

Parameter	Default	Type	Description	Required
k8s_keel_deploy	true	bool	Toggle flag for Keel deployment	no
k8s_keel_chart_release	undefined	string	Keel helm chart release	no

Metrics server parameters:

Parameter	Default	Type	Description	Required
k8s_metrics_server_deploy	true	bool	Toggle flag for Metrics server deployment	no
k8s_metrics_server_chart_release	undefined	string	Metrics server helm chart release	no

MySQL parameters:

Parameter	Default	Type	Description	Required
k8s_mysql_deploy	false	bool	Toggle flag for Bitnami MySQL deployment	no
k8s_mysql_chart_release	undefined	string	Bitnami MySQL helm chart release	no
k8s_mysql_deployments	[]	list	MySQL name, namespace, and parameters	no

Dependencies

The following Ansible collections are needed on the host that executes this module:

ansible.utils
nephelaiio.plugins

System

The following requirements are needed on the host that executes this module.

Linux 64 bit
kubectl binary is available on PATH

Python

The following requirements are needed on the host that executes this module.

kubernetes = "^24.2.0"
openshift = "^0.13.1"
jmespath = "^1.0.1"

Ansible

The following Ansible collections are needed on the host that executes this module:

community.general

Example Playbook

---
- name: Deploy local K8s cluster
  hosts: localhost
  gather_facts: false
  roles:
    - nephelaiio.kind
    - nephelaiio.k8s

Testing

Please make sure your environment has docker installed; then test the role from the project root using the following commands

poetry install
SCENARIO=default make molecule test

License

This project is licensed under the terms of the MIT License

Name		Name	Last commit message	Last commit date
Latest commit History 181 Commits
.github/workflows		.github/workflows
bin		bin
defaults/main		defaults/main
handlers		handlers
meta		meta
molecule		molecule
tasks		tasks
.ansible-lint		.ansible-lint
.ansible-lint-ignore		.ansible-lint-ignore
.flake8		.flake8
.gitignore		.gitignore
.talismanrc		.talismanrc
.yamllint		.yamllint
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
requirements.yml		requirements.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

nephelaiio.k8s

Roadmap

Role Variables

Dependencies

System

Python

Ansible

Example Playbook

Testing

License

About

Releases

Packages

Contributors 4

Languages

License

nephelaiio/ansible-role-k8s

Folders and files

Latest commit

History

Repository files navigation

nephelaiio.k8s

Roadmap

Role Variables

Dependencies

System

Python

Ansible

Example Playbook

Testing

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 4

Languages

Packages