core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity
2ede262abe
oc-deploy/ansible/Minio/setup_minio_oc_bucket.yml

143 lines
4.2 KiB
YAML
Raw Normal View History

All the Ansible playbooks used to deploy k3s, argo server, admiralty and minio
2025-09-26 14:12:01 +02:00
- name: Installation k3s
hosts: all:!localhost
user: "{{ user_prompt }}"
gather_facts: true
become_method: sudo
vars:
- argo_namespace: argo
- MC_PATH: $HOME/minio-binaries
- MINIO_NAME: my-minio
- UUID: "{{ uuid_prompt }}"
environment:
- KUBECONFIG: /home/{{ user_prompt }}/.kube/config
tasks:
- name: Install necessary packages
become: true
package:
name:
- python3-kubernetes
- python3-jmespath
state: present
- name: Create destination directory
file:
path: $HOME/minio-binaries
state: directory
mode: '0755'
- name: Install mc
ansible.builtin.get_url:
url: "https://dl.min.io/client/mc/release/linux-amd64/mc"
dest: $HOME/minio-binaries/mc
mode: +x
headers:
Content-Type: "application/json"
- name: Add mc to path
ansible.builtin.lineinfile:
path: $HOME/.bashrc
line: export PATH=$PATH:$HOME/minio-binaries
- name: Is mc already set up for the local minio
ansible.builtin.shell:
cmd: |
"{{ MC_PATH }}"/mc admin info {{ MINIO_NAME }}
register: minio_info
failed_when: minio_info.rc not in [0,1]
- name: Retrieve root user
ansible.builtin.shell:
cmd: |
kubectl get secrets argo-artifacts -o jsonpath="{.data.rootUser}" | base64 -d -
register: user
when: minio_info.rc == 1
- name: Retrieve root password
ansible.builtin.shell:
cmd: |
kubectl get secret argo-artifacts --namespace default -o jsonpath="{.data.rootPassword}" | base64 -d -
register : password
when: minio_info.rc == 1
- name: Set up MinIO host in mc
ansible.builtin.shell:
cmd: |
"{{ MC_PATH }}"/mc alias set {{ MINIO_NAME }} http://127.0.0.1:9000 '{{ user.stdout }}' '{{ password.stdout }}'
failed_when: user.stdout == "" or password.stdout == ""
when: minio_info.rc == 1
- name: Does oc-bucket already exist
ansible.builtin.shell:
cmd: |
"{{ MC_PATH }}"/mc ls my-minio | grep -q oc-bucket
register: bucket_exists
failed_when: bucket_exists.rc not in [0,1]
- name: Create oc-bucket
ansible.builtin.shell:
cmd: |
"{{ MC_PATH }}"/mc mb {{ MINIO_NAME }}/oc-bucket
when: bucket_exists.rc == 1
- name: Run mc admin accesskey create command
ansible.builtin.shell:
cmd: |
{{ MC_PATH }}/mc admin accesskey create --json {{ MINIO_NAME }}
register: minio_output
changed_when: false # Avoid marking the task as changed every time
- name: Parse JSON output
set_fact:
access_key: "{{ minio_output.stdout | from_json | json_query('accessKey') }}"
secret_key: "{{ minio_output.stdout | from_json | json_query('secretKey') }}"
- name: Retrieve cluster IP for minio API
ansible.builtin.shell:
cmd: |
kubectl get service argo-artifacts -o jsonpath="{.spec.clusterIP}"
register: minio_cluster_ip
- name: Create the minio secret in argo namespace
kubernetes.core.k8s:
state: present
namespace: '{{ argo_namespace }}'
name: "{{ UUID }}-argo-artifact-secret"
definition:
apiVersion: v1
kind: Secret
type: Opaque
stringData:
access-key: '{{ access_key }}'
secret-key: '{{ secret_key }}'
- name: Create the minio secret in argo namespace
kubernetes.core.k8s:
state: present
namespace: '{{ argo_namespace }}'
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: artifact-repositories
data:
oc-s3-artifact-repository: |
s3:
bucket: oc-bucket
endpoint: {{ minio_cluster_ip.stdout }}:9000
insecure: true
accessKeySecret:
name: "{{ UUID }}-argo-artifact-secret"
key: access-key
secretKeySecret:
name: "{{ UUID }}-argo-artifact-secret"
key: secret-key
# ansible.builtin.shell:
# cmd: |
# kubectl create secret -n '{{ argo_namespace }}' generic argo-artifact-secret \
# --from-literal=access-key='{{ access_key }}' \
# --from-literal=secret-key='{{ secret_key }}'
Reference in New Issue Copy Permalink