Merge branch '404-move-all-apps-to-flux' into 'master'

Resolve "Move all apps to flux" Closes #404 and #394 See merge request openappstack/openappstack!153

Merge branch '404-move-all-apps-to-flux' into 'master'
Resolve "Move all apps to flux" Closes #404 and #394 See merge request openappstack/openappstack!153
b57bef4c · Varac · 9c2b3a32 · e6116291 · b57bef4c · b57bef4c
Commit b57bef4c authored 5 years ago by Varac
--- a/ansible/roles/apps/tasks/cert-manager.yml
+++ b/ansible/roles/apps/tasks/cert-manager.yml
@@ -45,16 +45,18 @@
    - name: production
      server: "https://acme-v02.api.letsencrypt.org/directory"

- name: Install cert-manager
+- name: Create Kubernetes secret with cert-manager settings
  tags:
-    - helmfile
+    - config
+    - flux
    - cert-manager
-  include_role:
-    name: "helmfile"
-    tasks_from: "apply"
-    apply:
-      tags:
-        - helmfile
-        - cert-manager
-  vars:
-      helmfile: '05-cert-manager'
+  k8s:
+    state: present
+    definition:
+      api_version: v1
+      kind: Secret
+      metadata:
+        namespace: "oas"
+        name: "cert-manager-settings"
+      data:
+        values.yaml: "{{ lookup('template','cert-manager-values.yaml') | b64encode }}"
--- a/ansible/roles/apps/tasks/local-storage.yml
+++ b/ansible/roles/apps/tasks/local-storage.yml
 ---
- name: Clone local-storage repo
-  tags:
-    - git
-    - helmfile
-    - local-storage
-  git:
-    repo: 'https://open.greenhost.net/openappstack/local-storage'
-    dest: '{{ data_directory }}/source/repos/local-storage'
-    version: '{{ git_local_storage_version }}'

- name: Install local-storage provisioner
+- name: Create Kubernetes secret with local-storage values
  tags:
-    - helmfile
+    - config
+    - flux
    - local-storage
-  include_role:
-    name: "helmfile"
-    tasks_from: "apply"
-    apply:
-      tags:
-        - helmfile
-        - local-storage
-  vars:
-      helmfile: '00-storage'
+  k8s:
+    state: present
+    definition:
+      api_version: v1
+      kind: Secret
+      metadata:
+        namespace: "oas"
+        name: "local-storage-settings"
+      data:
+        values.yaml: "{{ lookup('template','local-storage-values.yaml') | b64encode }}"
--- a/ansible/roles/apps/tasks/main.yml
+++ b/ansible/roles/apps/tasks/main.yml
@@ -8,10 +8,8 @@
  tags: [ helmfile ]
  when: '"00-flux" in helmfiles'

- name: Install local-storage
+- name: Perform tasks necessary for local-storage
  import_tasks: local-storage.yml
-  tags: [ helmfile ]
-  when: '"00-storage" in helmfiles'

 - name: Install cert-manager
  import_tasks: cert-manager.yml

--- a/ansible/roles/apps/tasks/nextcloud.yml
+++ b/ansible/roles/apps/tasks/nextcloud.yml
 ---

- name: Create Kubernetes secret with NextCloud values
+- name: Create Kubernetes secret with NextCloud settings
  tags:
    - config
    - flux
-    - oas
    - nextcloud
  k8s:
    state: present
@@ -13,6 +12,6 @@
      kind: Secret
      metadata:
        namespace: "oas-apps"
-        name: "oas"
+        name: "nextcloud-settings"
      data:
-        nextcloud.yaml: "{{ lookup('template','secrets.nextcloud.yaml') | b64encode }}"
+        values.yaml: "{{ lookup('template','nextcloud-values.yaml') | b64encode }}"
--- a/ansible/roles/apps/tasks/nginx.yml
+++ b/ansible/roles/apps/tasks/nginx.yml
 ---
- name: Install nginx ingress controller
+
+- name: Create Kubernetes secret with nginx-ingress settings
  tags:
-    - helmfile
+    - config
+    - flux
    - nginx
-  include_role:
-    name: "helmfile"
-    tasks_from: "apply"
-    apply:
-      tags:
-        - helmfile
-        - nginx
-  vars:
-      helmfile: '10-nginx'
+  k8s:
+    state: present
+    definition:
+      api_version: v1
+      kind: Secret
+      metadata:
+        namespace: "oas"
+        name: "ingress-settings"
+      data:
+        values.yaml: "{{ lookup('template','ingress-values.yaml') | b64encode }}"
--- a/ansible/roles/apps/tasks/prometheus.yml
+++ b/ansible/roles/apps/tasks/prometheus.yml
@@ -31,21 +31,19 @@
    recurse: true
  when: prometheus_pv_name.stdout

- name: Install prometheus and grafana
-  include_role:
-    name: "helmfile"
-    tasks_from: "apply"
-    apply:
-      tags:
-        - monitoring
-        - prometheus
-      environment:
-        - GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
+- name: Create Kubernetes secret with monitoring settings
  tags:
-    - helmfile
+    - config
+    - flux
+    - monitoring
    - prometheus
-  vars:
-      helmfile: '15-monitoring'
-      # Force needed for upgrading from 5 to 6, see
-      # https://github.com/helm/charts/tree/master/stable/prometheus-operator#upgrading-from-5xx-to-6xx
-      helmfile_apply_args: '--args="--force"'
+  k8s:
+    state: present
+    definition:
+      api_version: v1
+      kind: Secret
+      metadata:
+        namespace: "oas"
+        name: "monitoring-settings"
+      data:
+        values.yaml: "{{ lookup('template','monitoring-values.yaml') | b64encode }}"
--- a/helmfiles/values/cert-manager.yaml.gotmpl
+++ b/helmfiles/values/cert-manager.yaml.gotmpl
 ingressShim:
-  {{- if .Environment.Values.acmeStaging | default false }}
+  {% if acme_staging %}
  defaultIssuerName: "letsencrypt-staging"
-  {{- else }}
+  {% else %}
  defaultIssuerName: "letsencrypt-production"
-  {{- end }}
+  {% endif %}
  defaultIssuerKind: ClusterIssuer
--- a/helmfiles/values/nginx.yaml.gotmpl
+++ b/helmfiles/values/nginx.yaml.gotmpl
 controller:
-  # scope:
-  #   enabled: true
-  #   namespace: oas-apps
  service:
-    externalIPs: ["{{ .Environment.Values.ip }}"]
+    externalIPs: ["{{ ip_address }}"]
  resources:
    limits:
      cpu: 100m

--- a/helmfiles/values/local-storage.yaml
+++ b/helmfiles/values/local-storage.yaml
--- a/helmfiles/values/prometheus.yaml.gotmpl
+++ b/helmfiles/values/prometheus.yaml.gotmpl
@@ -92,7 +92,9 @@ additionalPrometheusRulesMap:
          severity: warning
      - alert: KubeQuotaExceeded
        annotations:
+          {% raw %}
          message: Namespace {{`{{ $labels.namespace }}`}} is using {{`{{ printf "%0.0f" $value }}`}}% of its {{`{{ $labels.resource }}`}} quota.
+          {% endraw %}
          runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubequotaexceeded
        expr: |-
          100 * kube_resourcequota{job="kube-state-metrics", type="used"}
@@ -104,7 +106,9 @@ additionalPrometheusRulesMap:
          severity: warning
      - alert: CPUThrottlingHigh
        annotations:
-          message: '{{`{{ printf "%0.0f" $value }}`}}% throttling of CPU in namespace {{`{{ $labels.namespace }}`}} for container {{`{{ $labels.container_name }}`}} in pod {{`{{ $labels.pod_name }}`}}.'
+          {% raw %}
+          message: '{{ printf "%0.0f" $value }}% throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container_name }} in pod {{ $labels.pod_name }}.'
+          {% endraw %}
          runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-cputhrottlinghigh
        expr: |-
          100 * sum(increase(container_cpu_cfs_throttled_periods_total{container_name!="", }[5m])) by (container_name, pod_name, namespace)
@@ -116,18 +120,18 @@ additionalPrometheusRulesMap:
          severity: warning

 grafana:
-  adminPassword: "{{ requiredEnv "GRAFANA_ADMIN_PASSWORD" }}"
+  adminPassword: "{{ grafana_admin_password }}"

  ingress:
    enabled: true
    annotations:
      kubernetes.io/tls-acme: "true"
    hosts:
-      - "grafana.{{ .Environment.Values.domain }}"
+      - "grafana.{{ domain }}"
    tls:
      - secretName: grafana-tls
        hosts:
-          - "grafana.{{ .Environment.Values.domain }}"
+          - "grafana.{{ domain }}"
  persistence:
    enabled: true
    size: 2Gi

--- a/ansible/roles/apps/templates/secrets.nextcloud.yaml
+++ b/ansible/roles/apps/templates/secrets.nextcloud.yaml
--- a/ansible/roles/local-flux/tasks/main.yml
+++ b/ansible/roles/local-flux/tasks/main.yml
@@ -66,7 +66,7 @@
  - name: Install local-flux helm chart
    tags:
      - flux
-    shell: helm install --namespace=oas --name=local-flux /var/lib/OpenAppStack/source/local-flux
+    shell: helm upgrade --install --namespace=oas local-flux /var/lib/OpenAppStack/source/local-flux
  
  vars:
    repo: "/var/lib/OpenAppStack/local-flux"
--- a/flux/cert-manager.yaml
+++ b/flux/cert-manager.yaml
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: oas
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: cert-manager
+  chart:
+    repository: https://charts.jetstack.io
+    name: cert-manager
+    version: 0.11.0
+  valuesFrom:
+    - secretKeyRef:
+        name: cert-manager-settings
+        key: values.yaml
--- a/flux/local-storage.yaml
+++ b/flux/local-storage.yaml
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: local-storage
+  namespace: oas
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: local-storage
+  chart:
+    git: https://open.greenhost.net/openappstack/local-storage
+    ref: master
+    path: .
+  valuesFrom:
+    - secretKeyRef:
+        name: local-storage-settings
+        key: values.yaml
+  timeout: 120
--- a/flux/monitoring.yaml
+++ b/flux/monitoring.yaml
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: monitoring
+  namespace: oas
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: monitoring
+  chart:
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    name: prometheus-operator
+    version: 7.4.0
+  valuesFrom:
+    - secretKeyRef:
+        name: monitoring-settings
+        key: values.yaml
--- a/flux/nextcloud.yaml
+++ b/flux/nextcloud.yaml
@@ -16,6 +16,6 @@ spec:
    path: .
  valuesFrom:
    - secretKeyRef:
-        name: oas
-        key: nextcloud.yaml
+        name: nextcloud-settings
+        key: values.yaml
  timeout: 900
--- a/flux/nginx.yaml
+++ b/flux/nginx.yaml
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: ingress
+  namespace: oas
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: ingress
+  chart:
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    name: nginx-ingress
+    version: 1.26.1
+  valuesFrom:
+    - secretKeyRef:
+        name: ingress-settings
+        key: values.yaml
--- a/helmfiles/helmfile.d/00-storage.yaml
+++ b/helmfiles/helmfile.d/00-storage.yaml
-environments:
-  oas:
-    values:
-      - "/etc/OpenAppStack/values/local.yaml"
-
-releases:
-  - name: "oas-{{ .Environment.Values.releaseName }}-local-storage"
-    namespace: "oas"
-    chart: "../../repos/local-storage/"
-    values:
-    - "../values/local-storage.yaml"
--- a/helmfiles/helmfile.d/05-cert-manager.yaml
+++ b/helmfiles/helmfile.d/05-cert-manager.yaml
-environments:
-  oas:
-    values:
-      - "/etc/OpenAppStack/values/local.yaml"
-
-repositories:
-  - name: jetstack
-    url: https://charts.jetstack.io
-
-releases:
-  - name: "oas-{{ .Environment.Values.releaseName }}-cert-manager"
-    namespace: "cert-manager"
-    chart: "jetstack/cert-manager"
-    version: "0.11.0"
-    values:
-    - "../values/cert-manager.yaml.gotmpl"
-    wait: false
--- a/helmfiles/helmfile.d/10-nginx.yaml
+++ b/helmfiles/helmfile.d/10-nginx.yaml
-environments:
-  oas:
-    values:
-      - "/etc/OpenAppStack/values/local.yaml"
-
-releases:
-  - name: "oas-{{ .Environment.Values.releaseName }}-proxy"
-    namespace: "oas"
-    chart: "stable/nginx-ingress"
-    values:
-    - "../values/nginx.yaml.gotmpl"
-    - "/etc/OpenAppStack/values/apps/nginx.yaml.gotmpl"
-    wait: false