Marcel-Wefers
/
ansible-kubernetes-hetzner
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mongodb community operator deployment

This commit is contained in:
Marcel Wefers 2024-04-15 14:57:02 +02:00
parent b71e9c7c39
commit 2f93c94236
8 changed files with 250 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
inventory.yml
View File

@ -10,14 +10,14 @@ all:
controller_init: controller_init:
hosts: hosts:
k8s-master-1: k8s-master-1:
ansible_host: 10.0.0.2 ansible_host: 10.0.0.3
ansible_python_interpreter: /usr/bin/python3.11 ansible_python_interpreter: /usr/bin/python3.11
ansible_ssh_common_args: '-o ProxyCommand="ssh -p 22 -W %h:%p -q root@65.109.4.220"' ansible_ssh_common_args: '-o ProxyCommand="ssh -p 22 -W %h:%p -q root@65.109.4.220"'
worker: worker:
hosts: hosts:
k8s-node-1: k8s-node-1:
ansible_host: 10.0.0.3 ansible_host: 10.0.0.2
ansible_python_interpreter: /usr/bin/python3.11 ansible_python_interpreter: /usr/bin/python3.11
ansible_ssh_common_args: '-o ProxyCommand="ssh -p 22 -W %h:%p -q root@65.109.4.220"' ansible_ssh_common_args: '-o ProxyCommand="ssh -p 22 -W %h:%p -q root@65.109.4.220"'

75
playbooks/setup_k8s_cluster.yml
View File

@ -6,43 +6,46 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: Read global default values # - name: Read global default values
include_vars: # include_vars:
file: ../vars/default.yml # file: ../vars/default.yml
#
- name: Read cluster default values # - name: Read cluster default values
include_vars: # include_vars:
file: ../vars/k8s_cluster/cluster_vars.yml # file: ../vars/k8s_cluster/cluster_vars.yml
#
- name: base install block # - name: base install block
when: inventory_hostname in (groups['controller'] + groups['worker']) # when: inventory_hostname in (groups['controller'] + groups['worker'])
block: # block:
- name: Prepare Debian System # - name: Prepare Debian System
import_tasks: ../tasks/k8s_cluster/system/prepare_debian_system.yml # import_tasks: ../tasks/k8s_cluster/system/prepare_debian_system.yml
#
- name: Setup k8s Cluster # - name: Setup k8s Cluster
import_tasks: ../tasks/k8s_cluster/kubernetes/setupK8sCluster.yml # import_tasks: ../tasks/k8s_cluster/kubernetes/setupK8sCluster.yml
#
- name : Install linkerd Service Mesh # - name : Install linkerd Service Mesh
import_tasks: ../tasks/k8s_cluster/serviceMesh/installLinkerd.yml # import_tasks: ../tasks/k8s_cluster/serviceMesh/installLinkerd.yml
#
- name: Setup Storage # - name: Setup Storage
import_tasks: ../tasks/k8s_cluster/storage/setupStorage.yml # import_tasks: ../tasks/k8s_cluster/storage/setupStorage.yml
#
- name: base install block # - name: base install block
when: inventory_hostname in groups['controller'] # when: inventory_hostname in groups['controller']
block: # block:
- name: install Helm3 # - name: install Helm3
import_tasks: ../tasks/k8s_cluster/helm/install_helm3.yml # import_tasks: ../tasks/k8s_cluster/helm/install_helm3.yml
#
- name: base install block controller_init - name: base install block controller_init
when: inventory_hostname in groups['controller_init'] when: inventory_hostname in groups['controller_init']
block: block:
- name: Install MetalLB # - name: Install MetalLB
import_tasks: ../tasks/k8s_cluster/loadbalancer/install_metallb.yml # import_tasks: ../tasks/k8s_cluster/loadbalancer/install_metallb.yml
#
# - name: install nginx ingress
# import_tasks: ../tasks/k8s_cluster/ingress/install_nginx_ingress.yml
#
# - name: Install cert-manager
# import_tasks: ../tasks/k8s_cluster/cert_manager/install_cert_manager.yml
- name: install nginx ingress - name: Install mongodb
import_tasks: ../tasks/k8s_cluster/ingress/install_nginx_ingress.yml import_tasks: ../tasks/k8s_cluster/mongodb/install_mongodb.yml
- name: Install cert-manager
import_tasks: ../tasks/k8s_cluster/cert_manager/install_cert_manager.yml

43
tasks/k8s_cluster/mongodb/install_mongodb.yml Normal file
View File

@ -0,0 +1,43 @@
---
#- name: Read mongodb community operator values
# include_vars:
# file: ../vars/k8s_cluster/mongodb/mongodb.yml
#
#- name: "Create namespace '{{ namespace }}'"
# kubernetes.core.k8s:
# state: present
# definition:
# api_version: v1
# kind: Namespace
# metadata:
# name: '{{ namespace }}'
# labels:
# name: '{{ namespace }}'
#
#- name: Add mongodb community operator chart repo
# kubernetes.core.helm_repository:
# name: "{{ helm.releaseName }}"
# repo_url: "{{ helm.repoUrl }}"
#
#- name: Deploy mongodb community operator from helm chart
# kubernetes.core.helm:
# name: '{{ helm.releaseName }}'
# state: present
# chart_ref: '{{ helm.chart }}'
# release_namespace: '{{ namespace }}'
# chart_version: '{{ helm.chartVersion }}'
# update_repo_cache: 'true'
# values: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-operator-values.yml') | from_yaml }}"
- name: Deploy mongodb database
k8s:
state: present
namespace: "{{ namespace }}"
src: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-deploy-db.yml') | from_yaml }}"
#- name: Add secret for mongodb
# kubernetes.core.k8s:
# state: present
# release_namespace: "{{ namespace }}"
# definiton: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-secret.yml') | from_yaml }}"
#

26
templates/k8s_cluster/mongodb/mongodb-deploy-db.yml Normal file
View File

@ -0,0 +1,26 @@
---
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: example-mongodb
spec:
members: 1
type: ReplicaSet
version: "6.0.5"
security:
authentication:
modes: ["SCRAM"]
users:
- name: my-user
db: admin
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
name: my-user-password
roles:
- name: clusterAdmin
db: admin
- name: userAdminAnyDatabase
db: admin
scramCredentialsSecretName: my-scram
additionalMongodConfig:
storage.wiredTiger.engineConfig.journalCompressor: zlib

120
templates/k8s_cluster/mongodb/mongodb-operator-values.yml Normal file
View File

@ -0,0 +1,120 @@
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: "image-pull-secret"
## Operator
operator:
# Name that will be assigned to most of internal Kubernetes objects like
# Deployment, ServiceAccount, Role etc.
name: mongodb-kubernetes-operator
# Name of the operator image
operatorImageName: mongodb-kubernetes-operator
# Name of the deployment of the operator pod
deploymentName: mongodb-kubernetes-operator
# Version of mongodb-kubernetes-operator
version: 0.9.0
# Uncomment this line to watch all namespaces
# watchNamespace: "*"
# Resources allocated to Operator Pod
resources:
limits:
cpu:
memory:
requests:
cpu:
memory:
# replicas deployed for the operator pod. Running 1 is optimal and suggested.
replicas: 1
# Additional environment variables
extraEnvs: []
# environment:
# - name: CLUSTER_DOMAIN
# value: my-cluster.domain
podSecurityContext:
runAsNonRoot: true
runAsUser: 2000
securityContext: {}
## Operator's database
database:
name: mongodb-database
# set this to the namespace where you would like
# to deploy the MongoDB database,
# Note if the database namespace is not same
# as the operator namespace,
# make sure to set "watchNamespace" to "*"
# to ensure that the operator has the
# permission to reconcile resources in other namespaces
# namespace: mongodb-database
agent:
name: mongodb-agent
version: 107.0.0.8465-1
versionUpgradeHook:
name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
version: 1.0.8
readinessProbe:
name: mongodb-kubernetes-readinessprobe
version: 1.0.17
mongodb:
name: mongo
repo: docker.io
registry:
agent: quay.io/mongodb
versionUpgradeHook: quay.io/mongodb
readinessProbe: quay.io/mongodb
operator: quay.io/mongodb
pullPolicy: Always
# Set to false if CRDs have been installed already. The CRDs can be installed
# manually from the code repo: github.com/mongodb/mongodb-kubernetes-operator or
# using the `community-operator-crds` Helm chart.
community-operator-crds:
enabled: true
# Deploys MongoDB with `resource` attributes.
createResource: false
resource:
name: mongodb-replica-set
version: 4.4.0
members: 3
tls:
enabled: false
# Installs Cert-Manager in this cluster.
useX509: false
sampleX509User: false
useCertManager: true
certificateKeySecretRef: tls-certificate
caCertificateSecretRef: tls-ca-key-pair
certManager:
certDuration: 8760h # 365 days
renewCertBefore: 720h # 30 days
users:
# if using the MongoDBCommunity Resource, list any users to be added to the resource
users:
- name: my-user
db: admin
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
name: admin-credential
roles:
- name: clusterAdmin
db: admin
- name: userAdminAnyDatabase
db: admin
- name: readWriteAnyDatabase
db: admin
- name: dbAdminAnyDatabase
db: admin
scramCredentialsSecretName: my-scram

8
templates/k8s_cluster/mongodb/mongodb-secret.yml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Secret
metadata:
name: my-user-password
type: Opaque
stringData:
password: admin

3
templates/k8s_cluster/storage/rook/csi/cephfs/storageclass.yaml
View File

@ -25,4 +25,5 @@ parameters:
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete reclaimPolicy: Delete

10
vars/k8s_cluster/mongodb/mongodb.yml Normal file
View File

@ -0,0 +1,10 @@
######################################
# Kubernetes mongodb community operator vars #
######################################
namespace: 'mongodb'
helm:
repoUrl: 'https://mongodb.github.io/helm-charts'
chart: 'mongodb/community-operator'
releaseName: 'community-operator'
chartVersion: '0.9.0'