diff --git a/ansible.cfg b/ansible.cfg index 9760a1b..ff7e1b7 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,3 +6,8 @@ callbacks_enabled = profile_tasks interpreter_python = auto_silent log_path=last_ansible_run forks = 30 +# https://issues.arxes-tolina.de/browse/DEV-499?focusedCommentId=93615&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-93615 +# https://github.com/ansible/ansible/issues/30411#issuecomment-766488342 +[ssh_connection] +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ServerAliveInterval=30 +retries = 3 diff --git a/galaxy-requirements.yml b/galaxy-requirements.yml index 027cfb7..f5e075f 100644 --- a/galaxy-requirements.yml +++ b/galaxy-requirements.yml @@ -25,7 +25,7 @@ roles: collections: - name: hetzner.hcloud - version: 1.6.0 + version: 1.8.1 - name: community.general - name: community.docker version: 2.1.1 diff --git a/group_vars/stage_devscr/hetzner_loadbalancer.yml b/group_vars/stage_devscr/hetzner_loadbalancer.yml new file mode 100644 index 0000000..42b050d --- /dev/null +++ b/group_vars/stage_devscr/hetzner_loadbalancer.yml @@ -0,0 +1,23 @@ +--- +hcloud_lb_objects: + - + name: &devscr_apiserver '{{ stage }}-k8s-apiserver' + hcloud_lb_type: lb11 + labels: + stage: '{{ stage }}' + service: kube_control_plane + managed_by: ansible + network: '{{ stage }}' + location: nbg1 + services: + - + load_balancer: *devscr_apiserver + protocol: tcp + listen_port: 443 + destination_port: 6443 + targets: + - + load_balancer: *devscr_apiserver + type: label_selector + label_selector: stage={{ stage }},service=kube_control_plane + use_private_ip: yes diff --git a/group_vars/stage_devscr/kubespray.yml b/group_vars/stage_devscr/kubespray.yml index f19810d..2089457 100644 --- a/group_vars/stage_devscr/kubespray.yml +++ b/group_vars/stage_devscr/kubespray.yml @@ -1,2 +1,7 @@ --- helm_enabled: true + +apiserver_loadbalancer_domain_name: "apiserver.devscr.smardigo.digital" +loadbalancer_apiserver: + address: "{{ lookup('community.general.dig', 'apiserver.devscr' + domain ) }}" + port: 443 diff --git a/hcloud_firewall.yml b/hcloud_firewall.yml index 2e18366..5db57e0 100644 --- a/hcloud_firewall.yml +++ b/hcloud_firewall.yml @@ -38,7 +38,6 @@ serial: "{{ serial_number | default(1) }}" gather_facts: false connection: local - tasks: - name: "Setup base hcloud firewall rules" include_role: diff --git a/hcloud_loadbalancer.yml b/hcloud_loadbalancer.yml new file mode 100644 index 0000000..b43aab5 --- /dev/null +++ b/hcloud_loadbalancer.yml @@ -0,0 +1,58 @@ +--- + +# updates loadbalancer config + +# Parameters: +# playbook inventory +# stage := the name of the stage (e.g. dev, int, qa, prod) + +############################################################# +# Creating inventory dynamically for given parameters +############################################################# + +- hosts: localhost + gather_facts: false + connection: local + + pre_tasks: + - name: "Check if ansible version is at least 2.10.x" + assert: + that: + - ansible_version.major >= 2 + - ansible_version.minor >= 10 + msg: "The ansible version has to be at least ({{ ansible_version.full }})" + +# add virtual server to load stage specific variables as context + - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts" + add_host: + name: "{{ stage }}-virtual-host-to-read-groups-vars" + groups: + - "stage_{{ stage }}" + changed_when: False + +############################################################# +# Creating inventory dynamically for given parameters +############################################################# + +- hosts: "{{ stage }}-virtual-host-to-read-groups-vars" + serial: "{{ serial_number | default(1) }}" + gather_facts: false + connection: local + module_defaults: + hetzner.hcloud.hcloud_load_balancer: + api_token: "{{ hetzner_authentication_ansible }}" + hetzner.hcloud.hcloud_load_balancer_network: + api_token: "{{ hetzner_authentication_ansible }}" + hetzner.hcloud.hcloud_load_balancer_service: + api_token: "{{ hetzner_authentication_ansible }}" + hetzner.hcloud.hcloud_load_balancer_target: + api_token: "{{ hetzner_authentication_ansible }}" + + tasks: + - name: "Setup base hcloud firewall rules" + include_role: + name: hcloud + tasks_from: _create_loadbalancer.yml + loop: "{{ hcloud_lb_objects }}" + loop_control: + loop_var: lb_object diff --git a/roles/hcloud/tasks/_create_loadbalancer.yml b/roles/hcloud/tasks/_create_loadbalancer.yml new file mode 100644 index 0000000..01e3937 --- /dev/null +++ b/roles/hcloud/tasks/_create_loadbalancer.yml @@ -0,0 +1,26 @@ +--- +- name: "Create a hetzner LB" + hetzner.hcloud.hcloud_load_balancer: + name: '{{ lb_object.name }}' + load_balancer_type: '{{ lb_object.lb_type | default("lb11") }}' + delete_protection: '{{ lb_object.delete_protection | default("no") }}' + disable_public_interface: '{{ lb_object.disable_public_interface | default("no") }}' + labels: '{{ lb_object.labels | default({}) }}' + location: '{{ lb_object.location | default("nbg1") }}' + state: '{{ lb_object.status | default("present") }}' + +- name: Create a basic Load Balancer network + hetzner.hcloud.hcloud_load_balancer_network: + load_balancer: '{{ lb_object.name }}' + state: '{{ lb_object.status | default("present") }}' + network: '{{ lb_object.network }}' + +- name: "Add Services to LB" + hetzner.hcloud.hcloud_load_balancer_service: + args: '{{ item }}' + loop: '{{ lb_object.services }}' + +- name: "Add servers by label|server to LB" + hetzner.hcloud.hcloud_load_balancer_target: + args: '{{ item }}' + loop: '{{ lb_object.targets }}'