Created
May 4, 2018 10:01
-
-
Save ikke-t/7009061545316ccc6e735b544dd02c40 to your computer and use it in GitHub Desktop.
Sample Ansible playbook with openshift_raw module to setup project in multi zone cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# | |
# This playbook sets up a project which is locked into some given environment. | |
# Consider you have cluster labelled to have three zones, e.g. | |
# | |
# 1. devtest | |
# 2. prodA | |
# 3. prodB | |
# | |
# This playbook sets up a new project, and labels it to force all the pods to | |
# be placed into given zone. It also creates build stream with given git repo. | |
# This utilises OpenShift NetworkPolicy, and isolates the project network | |
# from other prjects' networks. Also (untestested, in comments) there is setting | |
# for outgoing traffic with fixed IP. This is called egress ip, which can be | |
# allowed in external firewalls to access restricted networks. | |
# | |
# You need to have sharded router set with the same project environment label, | |
# hosts labelled according to environment, and egress ip on some node. | |
# | |
# parameters: | |
# * user | |
# * api_url | |
# * api_key | |
# * project_name | |
# * project_description | |
# * project_display_name | |
# * project_environment | |
# * app_name | |
# * src_image_name | |
# * app_git_url | |
# | |
# | |
# e.g. playbook-create-project.yml -i "localhost ansible_connection=local" \ | |
# -c local | |
# -e api_url=https://api.ocp.fi -e user -e api_key=xxx \ | |
# -e project_name=ikke -e project_description="ikkes test" \ | |
# -e project_display_name=ikke -e project_environment=devtest \ | |
# -e app_name=node -e src_image_name=nodejs \ | |
# -e app_git_url=https://github.com/ikke-t/nodejs-ex | |
- name: Push application to OCP | |
hosts: all | |
gather_facts: false | |
vars: | |
set_static_egress_ip: false | |
egress_ip: 172.30.7.xx | |
router_url: apps.ocp.fi | |
tasks: | |
- name: Create a project | |
openshift_raw: | |
state: present | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
definition: | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
annotations: | |
openshift.io/description: "{{project_description}}" | |
openshift.io/display-name: "{{project_display_name}}" | |
openshift.io/node-selector: environment="{{project_environment}}" | |
labels: | |
environment: "{{project_environment}}" | |
name: "{{project_name}}" | |
- name: Deny all traffic from outside by default | |
openshift_raw: | |
state: present | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
definition: | |
apiVersion: v1 | |
kind: NetworkPolicy | |
apiVersion: v1 | |
metadata: | |
name: allow-from-same-namespace | |
spec: | |
podSelector: | |
ingress: | |
- from: | |
- podSelector: {} | |
- name: Apply network policy openingns from operations tools | |
openshift_raw: | |
state: present | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
definition: | |
apiVersion: v1 | |
kind: NetworkPolicy | |
apiVersion: v1 | |
metadata: | |
name: allow-from-infra-projects | |
spec: | |
podSelector: | |
ingress: | |
- from: | |
- namespaceSelector: | |
matchLabels: | |
name: | |
- default | |
- logging | |
- openshift-metrics | |
- openshift-infra | |
- ci-cd | |
# - name: Apply static IP for external project traffic | |
# openshift_raw: | |
# state: present | |
# host: "{{api_url}}" | |
# username: "{{user}}" | |
# api_key: "{{api_key}}" | |
# definition: | |
# apiVersion: v1 | |
# kind: NetNamespace | |
# egressIPs: | |
# - {{egress_ip}} | |
# when: set_static_egress_ip | |
- name: Create BuildConfig | |
openshift_raw: | |
state: present | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
definition: | |
apiVersion: v1 | |
kind: BuildConfig | |
metadata: | |
labels: | |
app: "{{app_name}}" | |
name: "{{app_name}}" | |
namespace: "{{project_name}}" | |
spec: | |
output: | |
to: | |
kind: ImageStreamTag | |
name: "{{app_name}}:latest" | |
source: | |
git: | |
uri: "{{app_git_url}}" | |
type: Git | |
strategy: | |
sourceStrategy: | |
from: | |
kind: ImageStreamTag | |
name: "{{src_image_name}}:latest" | |
namespace: openshift | |
type: Source | |
- name: Create app | |
openshift_raw: | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
api_version: v1 | |
kind: DeploymentConfig | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: DeploymentConfig | |
metadata: | |
labels: | |
app: "{{app_name}}" | |
name: "{{app_name}}" | |
namespace: "{{project_name}}" | |
spec: | |
replicas: 1 | |
selector: | |
app: "{{app_name}}" | |
deploymentconfig: "{{app_name}}" | |
template: | |
metadata: | |
labels: | |
app: "{{app_name}}" | |
deploymentconfig: "{{app_name}}" | |
spec: | |
containers: | |
- image: "docker-registry.default.svc:5000/{{project_name}}/{{app_name}}:latest" | |
imagePullPolicy: Always | |
name: "{{app_name}}" | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
resources: {} | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
- name: Create ImageStream | |
openshift_raw: | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: ImageStream | |
metadata: | |
labels: | |
app: "{{app_name}}" | |
name: "{{app_name}}" | |
namespace: "{{project_name}}" | |
- name: Create Service | |
openshift_raw: | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: "{{app_name}}" | |
name: "{{app_name}}" | |
namespace: "{{project_name}}" | |
spec: | |
ports: | |
- name: 8080-tcp | |
port: 8080 | |
protocol: TCP | |
targetPort: 8080 | |
selector: | |
app: "{{app_name}}" | |
deploymentconfig: "{{app_name}}" | |
sessionAffinity: None | |
type: ClusterIP | |
- name: Create Route | |
openshift_raw: | |
host: "{{api_url}}" | |
username: "{{user}}" | |
api_key: "{{api_key}}" | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: Route | |
metadata: | |
labels: | |
app: "{{app_name}}" | |
name: "{{app_name}}" | |
namespace: "{{project_name}}" | |
spec: | |
host: "{{app_name}}-{{project_name}}.{{router_url}}" | |
port: | |
targetPort: 8080-tcp | |
to: | |
kind: Service | |
name: "{{app_name}}" | |
weight: 100 | |
wildcardPolicy: None |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment