guipguia/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 🎸 support to ytd and monitoring

Browse Source
This commit is contained in:
guipguia
2026-01-16 21:51:01 +00:00
parent 231198da1e
commit 66274c067a
6 changed files with 296 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
playbook.yml
View File

@@ -17,3 +17,5 @@
- traefik_gateway
- cert_manager
- gitea
- monitoring_storage
- ytd_storage

24
roles/argocd/tasks/main.yml
View File

@@ -43,3 +43,27 @@
backendRefs:
- name: argocd-server
port: 80
- name: Bootstrap App of Apps
kubernetes.core.k8s:
definition:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: apps
namespace: argocd
spec:
project: default
source:
repoURL: https://git.svc.pguia.com/guipguia/argocd.git
targetRevision: HEAD
path: apps
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true

32
roles/cert_manager/tasks/main.yml
View File

@@ -80,3 +80,35 @@
kind: ClusterIssuer
dnsNames:
- argocd.svc.pguia.com
- name: Create Certificate for Grafana
kubernetes.core.k8s:
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: grafana-svc-pguia-com-tls
namespace: traefik
spec:
secretName: grafana-svc-pguia-com-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- grafana.svc.pguia.com
- name: Create Certificate for YTD
kubernetes.core.k8s:
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ytd-svc-pguia-com-tls
namespace: traefik
spec:
secretName: ytd-svc-pguia-com-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- ytd.svc.pguia.com

127
roles/monitoring_storage/tasks/main.yml Normal file
View File

@@ -0,0 +1,127 @@
---
# Create StorageClass for manual monitoring volumes
- name: Create Manual Monitoring StorageClass
kubernetes.core.k8s:
definition:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: manual-monitoring
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
# Create monitoring data directories
- name: Create Monitoring Data Directories
file:
path: "{{ item }}"
state: directory
mode: '0777'
owner: root
group: root
loop:
- /data/monitoring/prometheus
- /data/monitoring/grafana
- /data/monitoring/alertmanager
# Create Prometheus PV
- name: Create Prometheus Persistent Volume
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: prometheus-pv
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/monitoring/prometheus
storageClassName: manual-monitoring
# Create Grafana PV
- name: Create Grafana Persistent Volume
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: grafana-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/monitoring/grafana
storageClassName: manual-monitoring
# Create Alertmanager PV
- name: Create Alertmanager Persistent Volume
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: alertmanager-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/monitoring/alertmanager
storageClassName: manual-monitoring
# Create monitoring namespace
- name: Create Monitoring Namespace
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
# Create Grafana PVC (needed before Helm chart runs)
- name: Create Grafana Persistent Volume Claim
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-data
namespace: monitoring
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: manual-monitoring
volumeName: grafana-pv
# Create HTTPRoute for Grafana
- name: Create Grafana HTTPRoute
kubernetes.core.k8s:
definition:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: grafana-route
namespace: monitoring
spec:
parentRefs:
- name: main-gateway
namespace: traefik
sectionName: grafana-https
hostnames:
- "grafana.svc.pguia.com"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: monitoring-grafana
port: 80

22
roles/traefik_gateway/tasks/main.yml
View File

@@ -111,3 +111,25 @@
allowedRoutes:
namespaces:
from: All
- name: grafana-https
port: 443
protocol: HTTPS
hostname: grafana.svc.pguia.com
tls:
mode: Terminate
certificateRefs:
- name: grafana-svc-pguia-com-tls
allowedRoutes:
namespaces:
from: All
- name: ytd-https
port: 443
protocol: HTTPS
hostname: ytd.svc.pguia.com
tls:
mode: Terminate
certificateRefs:
- name: ytd-svc-pguia-com-tls
allowedRoutes:
namespaces:
from: All

89
roles/ytd_storage/tasks/main.yml Normal file
View File

@@ -0,0 +1,89 @@
---
# Create YTD data directory
- name: Create YTD Data Directory
file:
path: /data/ytd/downloads
state: directory
mode: '0777'
owner: root
group: root
# Create YTD PV
- name: Create YTD Persistent Volume
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: ytd-pv
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/ytd/downloads
storageClassName: manual-ytd
# Create StorageClass for YTD
- name: Create YTD StorageClass
kubernetes.core.k8s:
definition:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: manual-ytd
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
# Create YTD namespace
- name: Create YTD Namespace
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Namespace
metadata:
name: ytd
# Create YTD PVC
- name: Create YTD Persistent Volume Claim
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ytd-data
namespace: ytd
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: manual-ytd
volumeName: ytd-pv
# Create HTTPRoute for YTD
- name: Create YTD HTTPRoute
kubernetes.core.k8s:
definition:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: ytd-route
namespace: ytd
spec:
parentRefs:
- name: main-gateway
namespace: traefik
sectionName: ytd-https
hostnames:
- "ytd.svc.pguia.com"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: ytd-api
port: 8080