core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity

All the Ansible playbooks used to deploy k3s, argo server, admiralty and minio

Browse Source
This commit is contained in:
pb
2025-09-26 14:12:01 +02:00
parent 140bd63559
commit 2ede262abe
32 changed files with 2019 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
ansible/Argo/README.md Normal file
View File

@@ -0,0 +1,70 @@
# Prerequisites
Ensure that you have the following installed on your local machine:
- Ansible
- SSH access to the target host
- Required dependencies for Kubernetes
Two passwords are required via the prompt:
1. The username used to connect to the host via SSH.
2. The root password for privilege escalation.
- You can use a user on the name with `NOPASSWD` permissions and not use `--ask-become-pass`
- You can use `ssh-copy-id` on the remote host on the user that you will provide and not use `--ask-pass`
# Deployment Instructions
## Deploying K3s
Replace `HOST_NAME` with the IP address or hostname of the target machine in `my_hosts.yaml`, then run:
```sh
ansible-playbook -i <YOUR_HOST_IP>, deploy_k3s.yml --extra-vars "user_prompt=YOUR_USER" --ask-pass --ask-become-pass
```
This playbook:
- Updates package repositories.
- Installs necessary dependencies.
- Ensures the user has `sudo` privileges.
- Downloads and installs K3s.
- Configures permissions for Kubernetes operations.
- Enables auto-completion for `kubectl`.
- Reboots the machine to apply changes.
## Deploying Argo Workflows
Replace `HOST_NAME` with the IP address or hostname of the target machine in `my_hosts.yaml`, then run:
```sh
ansible-playbook -i <YOUR_HOST_IP>, deploy_argo.yml --extra-vars "user_prompt=<YOUR_USER>" --ask-pass --ask-become-pass
```
This playbook:
- Ensures the `argo` namespace exists in Kubernetes.
- Deploys Argo Workflows using the official manifest.
- Waits for the `argo-server` pod to be running.
- Patches the deployment for first-time connection issues.
- Applies a service configuration to expose Argo Workflows via NodePort.
- Installs the Argo CLI.
- Enables CLI autocompletion.
- Configures `kubectl` for Argo access.
# Additional Notes
- The service account used by default is `argo:default`, which may not have sufficient permissions. Use `argo:argo` instead:
```sh
argo submit -f workflow.yaml --serviceaccount=argo
```
- The Argo CLI is installed in `/usr/local/bin/argo`.
- The Kubernetes configuration file is copied to `~/.kube/config`.
# Troubleshooting
- If the deployment fails due to permissions, ensure the user has `sudo` privileges.
- Check the status of Argo pods using:
```sh
kubectl get pods -n argo
```
- If Argo Workflows is not accessible, verify that the NodePort service is correctly configured.
# References
- [K3s Official Documentation](https://k3s.io/)
- [Argo Workflows Documentation](https://argoproj.github.io/argo-workflows/)

14
ansible/Argo/argo-service.yml Normal file
View File

@@ -0,0 +1,14 @@
# Needed by deploy-argo.yml to change argo to a NodePort service
apiVersion: v1
kind: Service
metadata:
name: argo-server
namespace: argo
spec:
type: NodePort
selector:
app: argo-server
ports:
- port: 2746
targetPort: 2746
nodePort: 32746

95
ansible/Argo/deploy_argo.yml Normal file
View File

@@ -0,0 +1,95 @@
# ansible-playbook -i my_hosts.yaml deploy_argo.yml --ask-pass --ask-become-pass
# Need to think about which serviceaccount will be used to launch the workflow, by default
# uses argo:default but it doesn't have enough rights, need to use argo:argo
# like '$ argo submit -f .... --serviceaccount=argo'
- name: Installation de Argo
hosts: all
user: "{{ user_prompt }}"
vars:
ARGO_VERSION: "3.5.2"
environment:
KUBECONFIG: /home/{{ user_prompt }}/.kube/config
tasks:
- name: Create argo namespace
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
labels:
kubernetes.io/metadata.name: argo
name: argo
- name: Verifier si argo est déjà entrain de tourner
ansible.builtin.shell:
cmd: |
kubectl get -n argo pods | grep -q argo-server
register: argo_server_pod
failed_when: argo_server_pod.rc not in [ 0, 1 ]
- name: Installing argo services
ansible.builtin.shell:
cmd: |
kubectl apply -n argo -f https://github.com/argoproj/argo-workflows/releases/download/v{{ ARGO_VERSION }}/install.yaml
when: argo_server_pod.rc == 1
- name: Vérifier l'état du pod argo-server
ansible.builtin.shell:
cmd: |
argo_server_name=$(kubectl get -n argo pods | grep argo-server | cut -d ' ' -f 1)
kubectl get -n argo pods $argo_server_name --output=jsonpath='{.status.phase}'
register: pod_status
retries: 30
delay: 10
until: pod_status.stdout == "Running"
- name: Patch first connection bug
ansible.builtin.shell: |
kubectl patch deployment \
argo-server \
--namespace argo \
--type='json' \
-p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": [
"server",
"--auth-mode=server"
]}]'
- name: Copying the configuration file to new host
copy: src=argo-service.yml dest=$HOME mode=0755
- name: Applying the conf file to make the service a NodePort typ
ansible.builtin.shell:
cmd: |
kubectl apply -f argo-service.yml
- name: download argo CLI
become: true
ansible.builtin.uri:
url: " https://github.com/argoproj/argo-workflows/releases/download/v{{ ARGO_VERSION }}/argo-linux-amd64.gz"
method: GET
dest: /var
status_code: 200
headers:
Content-Type: "application/json"
- name: Install argo CLI
become: true
ansible.builtin.shell:
cmd: |
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
mv ./argo-linux-amd64 /usr/local/bin/argo
args:
chdir: /var
- name: Enable argo CLI autocomplete
ansible.builtin.shell:
cmd: |
grep 'argo completion bash' $HOME/.bashrc || echo 'source <(argo completion bash)' >> $HOME/.bashrc

116
ansible/Argo/deploy_k3s.yml Normal file
View File

@@ -0,0 +1,116 @@
- name: Installation k3s
hosts: all:!localhost
user: "{{ user_prompt }}"
gather_facts: true
tasks:
- name: Update apt
become: true
# become_method: su
ansible.builtin.shell:
cmd:
apt update -y
- name: Install necessary packages
become: true
# become_method: su
package:
name:
- sudo
- curl
- grep
- expect
- adduser
state: present
- name: Test if the current user is a sudoer
ansible.builtin.shell:
cmd:
groups {{ ansible_user_id }} | grep -q 'sudo'
register: sudoer
failed_when: sudoer.rc not in [ 0, 1 ]
- name: Adding user to sudoers
become: true
# become_method: su
user:
name: "{{ ansible_user_id }}"
append: true
groups: sudo
when: sudoer.rc == 1
- name: Reset ssh connection to allow user changes to affect ansible user
ansible.builtin.meta:
reset_connection
when: sudoer.rc == 1
- name: Attendre que la déconnexion soit effective
wait_for:
port: 22
delay: 10
timeout: 120
when: sudoer.rc == 1
- name: Download k3s
ansible.builtin.uri:
url: "https://get.k3s.io"
method: GET
dest: ./install_k3s.sh
status_code: 200
headers:
Content-Type: "application/json"
- name: Install k3s
become: true
# become_method: su
ansible.builtin.shell:
cmd : sh install_k3s.sh
- name: Add k3s group
become: true
# become_method: su
group:
name: k3s
state: present
- name: Add user to k3s group
become: true
# become_method: su
user:
name: "{{ ansible_user_id }}"
append: true
groups: k3s
- name: Ensure .kube directory exists
ansible.builtin.file:
path: ~/.kube
state: directory
mode: '0700'
- name: Copy kubeconfig file
become: true
ansible.builtin.copy:
src: /etc/rancher/k3s/k3s.yaml
dest: /home/{{ user_prompt }}/.kube/config
remote_src: true
mode: '0600'
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
- name: Set KUBECONFIG environment variable in .bashrc
ansible.builtin.lineinfile:
path: ~/.bashrc
line: 'export KUBECONFIG=$HOME/.kube/config'
- name: Ensure kubectl autocompletion is enabled
ansible.builtin.lineinfile:
path: ~/.bashrc
line: 'source <(kubectl completion bash)'
- name: Unconditionally reboot the machine with all defaults
become: true
# become_method: su
ansible.builtin.reboot: