An opinionated ansible role to bootstrap K8s cluster deployments with the following components:
- MetalLB (Helm deployment)
- Cert-Manager (Helm deployment)
- NGINX ingress controllers (Helm deployment)
- ArgoCD (Helm deployment)
- LongHorn (Helm deployment)
- Strimzi (Helm deployment)
- Zalando Postgres Operator (Helm deployment)
- MySQL (Helm deployment)
- Metrics Server (Helm deployment)
- Grafana (TODO)
- Kyverno (TODO)
Role includes a cluster verifier that can be activated by setting k8s_verify: true that performs the following checks:
- All pods are successful
- All helm deployments are successful
- All certificates deployments are successful
- All ingresses haven been assigned external ips
- All ingresses haven been assigned a valid certificate
- All ingresses respond with HTTP 200
- All volumes deployments are successful
- All ArgoCD applications are successful
- All Zalando instances are deployed
- All MySQL InnoDB clusters are deployed
- Metrics server is deployed
- Add local path provisioner
- Add Grafana deployment
- Add Kyverno deployment
- Move deployments to ArgoCD apps deployed synchronously
- Add statefulset status tests
- Add deployment status tests
- Add service status tests
- Move loadbalancer tests to dedicated file
The following is the list of parameters intended for end-user manipulation:
Cluster wide parameters
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_deploy | true | bool | Toggle flag for cluster deployer | no |
| k8s_verify | false | bool | Toggle flag for cluster verification | no |
| k8s_service_verify | true | bool | Toggle flag for service verification | no |
| k8s_ingress_verify | true | bool | Toggle flag for ingress verification | no |
| k8s_volume_verify | true | bool | Toggle flag for volume verification | no |
| k8s_cluster_type | local | string | One of ['local', 'aws'] | no |
| k8s_kubeconfig | ~/.kube/config | string | Kubeconfig deploy bin file path | no |
| k8s_helm_bin | autodetect | string | Helm deploy bin file path | no |
| k8s_wait_timeout | 600 | int | Global deploy wait timeout | no |
| k8s_cluster_name | undefined | string | Cluster base fqdn | yes |
| k8s_address_pool_private_name | private | string | Private pool name | no |
| k8s_address_pool_private_iprange | undefined | string | LB private network/prefix | yes |
| k8s_address_pool_public_name | public | string | LB public network name | no |
| k8s_address_pool_public_iprange | undefined | string | LB public network/prefix | yes |
| k8s_retry_num | 3 | int | Retries for cluster operations | no |
| k8s_retry_delay | 30 | int | Retry delay for cluster operations | no |
Secret parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_secrets | [] | [Secret] | [Secret] definitions | no |
Verifier parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_verifier_path | undefined | string | Verification artifact directory | no |
ArgoCD parameters
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_argocd_deploy | true | bool | ArgoCD deployment flag | no |
| k8s_argocd_chart_release | undefined | string | Chart release override | no |
| k8s_argocd_apps_chart_release | undefined | string | Chart release override | no |
| k8s_argocd_hostname | argocd.<k8s_cluster_name> | string | ArgoCD ingress hostname | no |
| k8s_argocd_exec_timeout | 3m | string | ArgoCD operation timeout | no |
MetalLB parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_metallb_chart_release | undefined | string | Chart release override | no |
| k8s_metallb_speaker_secret | undefined | string | Speaker Secret | yes |
Nginx parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_nginx_chart_release | undefined | string | Chart release override | no |
Cert-Manager parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_certmanager_chart_release | undefined | string | Chart release override | no |
| k8s_certmanager_acme_secret | undefined | string | Cloudflare api token | yes |
| k8s_certmanager_acme_email | undefined | string | Cloudflare api email | yes |
| k8s_certmanager_issuer_server | LetsEncrypt staging URL | string | ACME registration server | no |
Longhorn parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_longhorn_deploy | true | bool | Toggle flag for Longhorn deployment | no |
| k8s_longhorn_verify | true | bool | Toggle flag for Longhorn verification | no |
| k8s_longhorn_chart_release | undefined | string | Chart release override | no |
Strimzi parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_strimzi_deploy | true | bool | Toggle flag for Strimzi deployment | no |
| k8s_strimzi_verify | true | bool | Toggle flag for Strimzi verification | no |
| k8s_strimzi_chart_release | undefined | string | Chart release override | no |
| k8s_strimzi_approval | Automatic | Manual | Automatic | no |
Zalando parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_zalando_deploy | true | bool | Toggle flag for Zalando deployment | no |
| k8s_zalando_verify | true | bool | Toggle flag for Zalando verification | no |
| k8s_zalando_chart_release | undefined | string | Chart release override | no |
| k8s_zalando_basedomain | k8s_cluster_name | string | Domain for postgresql load balancers | no |
OpenSearch parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_opensearch_deploy | true | bool | Toggle flag for OpenSearch deployment | no |
| k8s_opensearch_verify | true | bool | Toggle flag for OpenSearch verification | no |
| k8s_opensearch_chart_release | undefined | string | Chart release override | no |
Sealed-secrets parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_sealedsecrets_deploy | true | bool | Toggle flag for SealedSecrets deployment | no |
| k8s_sealedsecrets_chart_release | undefined | string | Sealedsecrets helm chart release | no |
| k8s_sealedsecrets_chart_values | undefined | string | Sealedsecrets chart values override | no |
Reflector parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_reflector_deploy | true | bool | Toggle flag for Reflector deployment | no |
| k8s_reflector_chart_release | undefined | string | Reflector helm chart release | no |
Keel parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_keel_deploy | true | bool | Toggle flag for Keel deployment | no |
| k8s_keel_chart_release | undefined | string | Keel helm chart release | no |
Metrics server parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_metrics_server_deploy | true | bool | Toggle flag for Metrics server deployment | no |
| k8s_metrics_server_chart_release | undefined | string | Metrics server helm chart release | no |
MySQL parameters:
| Parameter | Default | Type | Description | Required |
|---|---|---|---|---|
| k8s_mysql_deploy | false | bool | Toggle flag for Bitnami MySQL deployment | no |
| k8s_mysql_chart_release | undefined | string | Bitnami MySQL helm chart release | no |
| k8s_mysql_deployments | [] | list | MySQL name, namespace, and parameters | no |
The following Ansible collections are needed on the host that executes this module:
- ansible.utils
- nephelaiio.plugins
The following requirements are needed on the host that executes this module.
- Linux 64 bit
- kubectl binary is available on PATH
The following requirements are needed on the host that executes this module.
- kubernetes = "^24.2.0"
- openshift = "^0.13.1"
- jmespath = "^1.0.1"
The following Ansible collections are needed on the host that executes this module:
- community.general
---
- name: Deploy local K8s cluster
hosts: localhost
gather_facts: false
roles:
- nephelaiio.kind
- nephelaiio.k8sPlease make sure your environment has docker installed; then test the role from the project root using the following commands
poetry installSCENARIO=default make molecule test
This project is licensed under the terms of the MIT License