cloud-labs-infra · Mishavint · Aug 28, 2023 · Aug 28, 2023 · Aug 28, 2023 · Aug 28, 2023
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -56,9 +56,13 @@ jobs:
       - name: Install requirements
         run: |
           make init
+          sudo swapoff -a
       - name: Run tests
         run: |
-          molecule test --scenario-name "${{ matrix.scenario }}"
+          molecule test --scenario-name "${{ matrix.scenario }}" --destroy=never
         env:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
+      - name: Setup tmate session
+        if: ${{ failure() }}
+        uses: mxschmitt/action-tmate@v3
diff --git a/.yamllint b/.yamllint
@@ -4,6 +4,7 @@ extends: default
 
 ignore: |
   .github/*
+  molecule/end-to-end_demo/deploy_files/namespace-helm-chart/*
 
 # https://yamllint.readthedocs.io/en/stable/rules.html
 rules:

diff --git a/molecule/end-to-end_demo/converge.yml b/molecule/end-to-end_demo/converge.yml
@@ -0,0 +1,186 @@
+---
+
+- name: Converge using end-to-end
+  ansible.builtin.import_playbook: ../default_join-workers/converge.yml
+
+- name: Install Helm
+  hosts:
+    - control_plane
+  gather_facts: false
+  become: true
+  become_method: su
+  roles:
+    - { role: geerlingguy.helm }
+
+- name: Prepare control-plane
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  become: true
+  become_method: su
+  tasks:
+    - name: Copy manifests and helm files
+      ansible.builtin.copy:
+        src: deploy_files/
+        dest: /root/demo
+        mode: 0644
+
+    - name: Install pip library
+      ansible.builtin.pip:
+        name: kubernetes
+
+- name: Create namespace using self written chart
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  tasks:
+    - name: Create namespaces
+      kubernetes.core.helm:
+        name: namespaces
+        release_namespace: default
+        chart_ref: /root/demo/namespace-helm-chart
+
+- name: Loki and Grafana deployment
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  become: true
+  become_method: su
+  tasks:
+    - name: Loki installation
+      block:
+        - name: Add grafana/loki helm repo
+          kubernetes.core.helm_repository:
+            name: grafana
+            repo_url: "https://grafana.github.io/helm-charts"
+
+        - name: Install loki helm release
+          kubernetes.core.helm:
+            name: loki
+            chart_ref: grafana/loki-stack
+            release_namespace: loki-ns
+
+    - name: Grafana installation
+      block:
+        - name: Install grafana helm release
+          kubernetes.core.helm:
+            name: grafana
+            chart_ref: grafana/grafana
+            release_namespace: grafana-ns
+            values_files:
+              - /root/demo/grafana/helm-values.yml
+
+- name: Ingress Controller
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  become: true
+  become_method: su
+  tasks:
+    - name: Add ingress controller helm repo
+      kubernetes.core.helm_repository:
+        name: ingress-nginx
+        repo_url: "https://kubernetes.github.io/ingress-nginx"
+
+    - name: Install ingress controller helm release
+      kubernetes.core.helm:
+        name: ingress-nginx
+        chart_ref: ingress-nginx/ingress-nginx
+        release_namespace: ingress-nginx-ns
+        timeout: 2m
+        values_files:
+          - /root/demo/ingress-controller/helm-values.yml
+      register: helm_result
+      changed_when: false
+
+- name: Cert Manager
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  become: true
+  become_method: su
+  tasks:
+    - name: Install Cert Manager
+      block:
+        - name: Add cert-manager helm repo
+          kubernetes.core.helm_repository:
+            name: jetstack
+            repo_url: "https://charts.jetstack.io"
+
+        - name: Install cert-manager helm release
+          kubernetes.core.helm:
+            name: cert-manager
+            chart_ref: jetstack/cert-manager
+            release_namespace: cert-manager-ns
+            timeout: 2m
+            values_files:
+              - /root/demo/cert-manager/helm-values.yml
+          register: helm_result
+          changed_when: false
+
+    - name: Prepare CA certificate
+      block:
+        - name: Create selfsigned issuer
+          kubernetes.core.k8s:
+            state: present
+            src: /root/demo/cert-manager/selfsigned-issuer.yml
+
+        - name: Create CA certificate
+          kubernetes.core.k8s:
+            state: present
+            namespace: default
+            src: /root/demo/cert-manager/selfsigned-cert.yml
+
+        - name: Create CA issuer
+          kubernetes.core.k8s:
+            state: present
+            src: /root/demo/cert-manager/root-ca-issuer.yml
+
+- name: Ingress
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  become: true
+  become_method: su
+  tasks:
+    - name: Ingress to grafana
+      kubernetes.core.k8s:
+        state: present
+        src: /root/demo/grafana/ingress-to-grafana.yml
+
+- name: Useful output
+  hosts:
+    - k8s-control-plane-01
+  gather_facts: false
+  become: true
+  become_method: su
+  tasks:
+    - name: CA cert
+      block:
+        - name: Collect CA cert
+          ansible.builtin.shell: |
+            set -o pipefail && \
+            kubectl get secret -n default root-ca -o jsonpath="{.data.ca\.crt}" | base64 -d
+          args:
+            executable: /bin/bash
+          register: root_ca_secret
+          changed_when: False
+
+        - name: Print CA cert
+          ansible.builtin.debug:
+            msg: "{{ root_ca_secret.stdout }}"
+
+    - name: Grafana admin password
+      block:
+        - name: Collect password
+          ansible.builtin.shell: |
+            set -o pipefail && \
+            kubectl get secret --namespace grafana-ns grafana -o jsonpath="{.data.admin-password}" | base64 -d
+          args:
+            executable: /bin/bash
+          register: grafana_password
+          changed_when: False
+
+        - name: Print Grafana password
+          ansible.builtin.debug:
+            msg: "{{ grafana_password.stdout }}"
diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/helm-values.yml
@@ -0,0 +1,6 @@
+---
+
+installCRDs: true
+prometheus:
+  enabled: false
+clusterResourceNamespace: default
diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/root-ca-issuer.yml
@@ -0,0 +1,9 @@
+---
+
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: root-ca-issuer
+spec:
+  ca:
+    secretName: root-ca
diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-cert.yml
@@ -0,0 +1,25 @@
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: self-signed-root-cert
+spec:
+  duration: 24h
+  renewBefore: 2h
+  dnsNames:
+    - k8s.myorg.com
+  secretName: root-ca
+  subject:
+    organizations:
+      - myorg
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+  isCA: true
+  usages:
+    - signing
+    - cert sign
+  privateKey:
+    algorithm: RSA
+    size: 2048
diff --git a/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml b/molecule/end-to-end_demo/deploy_files/cert-manager/selfsigned-issuer.yml
@@ -0,0 +1,8 @@
+---
+
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
diff --git a/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml b/molecule/end-to-end_demo/deploy_files/grafana/helm-values.yml
@@ -0,0 +1,4 @@
+---
+
+persistence:
+  size: 2Gi
diff --git a/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml b/molecule/end-to-end_demo/deploy_files/grafana/ingress-to-grafana.yml
@@ -0,0 +1,27 @@
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana-ingress
+  namespace: grafana-ns
+  annotations:
+    cert-manager.io/cluster-issuer: "root-ca-issuer"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - grafana.k8s.myorg.com
+      secretName: grafana-tls
+  rules:
+    - host: grafana.k8s.myorg.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: grafana
+                port:
+                  number: 80
diff --git a/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml b/molecule/end-to-end_demo/deploy_files/ingress-controller/helm-values.yml
@@ -0,0 +1,11 @@
+---
+
+controller:
+  ingressClassResource:
+    default: true
+  kind: DaemonSet
+  service:
+    type: NodePort
+    nodePorts:
+      http: 30080
+      https: 30443
diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/Chart.yaml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: sa-chart
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/NOTES.txt b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/NOTES.txt
@@ -0,0 +1,23 @@
+1.
+{{- range $namespace := .Values.namespaces }}
+Namespace {{ $namespace.name }} was created
+{{- end }}
+2.
+{{- range $namespace := .Values.namespaces }}
+{{- range $user := $namespace.users }}
+ServiceAccount for {{ $user }} in {{ $namespace.name }} namespace was created
+{{- end }}
+{{- end }}
+3.
+{{- range $namespace := .Values.namespaces }}
+{{- range $user := $namespace.users }}
+Secret for {{ $user }} in {{ $namespace.name }} namespace was created
+{{- end }}
+{{- end }}
+4.
+{{- range $namespace := .Values.namespaces }}
+{{- range $user := $namespace.users }}
+RoleBinding for {{ $user }} in {{ $namespace.name }} namespace was created
+{{- end }}
+{{- end }}
+
diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/namespaces.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/namespaces.yml
@@ -0,0 +1,10 @@
+{{- range $namespace := .Values.namespaces }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ $namespace.name }}
+  labels:
+    name: {{ $namespace.name }}
+{{- end }}
+
diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/rolebindings.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/rolebindings.yml
@@ -0,0 +1,17 @@
+{{- range $namespace := .Values.namespaces }}
+{{- range $user := $namespace.users }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: admin-{{ $user }}-{{ $namespace.name }}-binding
+  namespace: {{ $namespace.name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ $user }}
+roleRef:
+  kind: ClusterRole
+  name: admin
+{{ end }}
+{{ end }}
+
diff --git a/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/secrets.yml b/molecule/end-to-end_demo/deploy_files/namespace-helm-chart/templates/secrets.yml
@@ -0,0 +1,14 @@
+{{- range $namespace := .Values.namespaces }}
+{{- range $user := $namespace.users }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $user }}-secret
+  namespace: {{ $namespace.name }}
+  annotations:
+    kubernetes.io/service-account.name: {{ $user }}
+type: kubernetes.io/service-account-token
+{{ end }}
+{{ end }}
+