Skip to content

Instantly share code, notes, and snippets.

@ikke-t

ikke-t/gist:7009061545316ccc6e735b544dd02c40

Created May 4, 2018 10:01
Show Gist options
  • Save ikke-t/7009061545316ccc6e735b544dd02c40 to your computer and use it in GitHub Desktop.
Save ikke-t/7009061545316ccc6e735b544dd02c40 to your computer and use it in GitHub Desktop.
Download ZIP
Sample Ansible playbook with openshift_raw module to setup project in multi zone cluster
Raw
gistfile1.txt
---
#
# This playbook sets up a project which is locked into some given environment.
# Consider you have cluster labelled to have three zones, e.g.
#
# 1. devtest
# 2. prodA
# 3. prodB
#
# This playbook sets up a new project, and labels it to force all the pods to
# be placed into given zone. It also creates build stream with given git repo.
# This utilises OpenShift NetworkPolicy, and isolates the project network
# from other prjects' networks. Also (untestested, in comments) there is setting
# for outgoing traffic with fixed IP. This is called egress ip, which can be
# allowed in external firewalls to access restricted networks.
#
# You need to have sharded router set with the same project environment label,
# hosts labelled according to environment, and egress ip on some node.
#
# parameters:
# * user
# * api_url
# * api_key
# * project_name
# * project_description
# * project_display_name
# * project_environment
# * app_name
# * src_image_name
# * app_git_url
#
#
# e.g. playbook-create-project.yml -i "localhost ansible_connection=local" \
# -c local
# -e api_url=https://api.ocp.fi -e user -e api_key=xxx \
# -e project_name=ikke -e project_description="ikkes test" \
# -e project_display_name=ikke -e project_environment=devtest \
# -e app_name=node -e src_image_name=nodejs \
# -e app_git_url=https://github.com/ikke-t/nodejs-ex
- name: Push application to OCP
hosts: all
gather_facts: false
vars:
set_static_egress_ip: false
egress_ip: 172.30.7.xx
router_url: apps.ocp.fi
tasks:
- name: Create a project
openshift_raw:
state: present
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
definition:
apiVersion: v1
kind: Namespace
metadata:
annotations:
openshift.io/description: "{{project_description}}"
openshift.io/display-name: "{{project_display_name}}"
openshift.io/node-selector: environment="{{project_environment}}"
labels:
environment: "{{project_environment}}"
name: "{{project_name}}"
- name: Deny all traffic from outside by default
openshift_raw:
state: present
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
definition:
apiVersion: v1
kind: NetworkPolicy
apiVersion: v1
metadata:
name: allow-from-same-namespace
spec:
podSelector:
ingress:
- from:
- podSelector: {}
- name: Apply network policy openingns from operations tools
openshift_raw:
state: present
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
definition:
apiVersion: v1
kind: NetworkPolicy
apiVersion: v1
metadata:
name: allow-from-infra-projects
spec:
podSelector:
ingress:
- from:
- namespaceSelector:
matchLabels:
name:
- default
- logging
- openshift-metrics
- openshift-infra
- ci-cd
# - name: Apply static IP for external project traffic
# openshift_raw:
# state: present
# host: "{{api_url}}"
# username: "{{user}}"
# api_key: "{{api_key}}"
# definition:
# apiVersion: v1
# kind: NetNamespace
# egressIPs:
# - {{egress_ip}}
# when: set_static_egress_ip
- name: Create BuildConfig
openshift_raw:
state: present
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
definition:
apiVersion: v1
kind: BuildConfig
metadata:
labels:
app: "{{app_name}}"
name: "{{app_name}}"
namespace: "{{project_name}}"
spec:
output:
to:
kind: ImageStreamTag
name: "{{app_name}}:latest"
source:
git:
uri: "{{app_git_url}}"
type: Git
strategy:
sourceStrategy:
from:
kind: ImageStreamTag
name: "{{src_image_name}}:latest"
namespace: openshift
type: Source
- name: Create app
openshift_raw:
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
api_version: v1
kind: DeploymentConfig
state: present
definition:
apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: "{{app_name}}"
name: "{{app_name}}"
namespace: "{{project_name}}"
spec:
replicas: 1
selector:
app: "{{app_name}}"
deploymentconfig: "{{app_name}}"
template:
metadata:
labels:
app: "{{app_name}}"
deploymentconfig: "{{app_name}}"
spec:
containers:
- image: "docker-registry.default.svc:5000/{{project_name}}/{{app_name}}:latest"
imagePullPolicy: Always
name: "{{app_name}}"
ports:
- containerPort: 8080
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- name: Create ImageStream
openshift_raw:
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
state: present
definition:
apiVersion: v1
kind: ImageStream
metadata:
labels:
app: "{{app_name}}"
name: "{{app_name}}"
namespace: "{{project_name}}"
- name: Create Service
openshift_raw:
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
state: present
definition:
apiVersion: v1
kind: Service
metadata:
labels:
app: "{{app_name}}"
name: "{{app_name}}"
namespace: "{{project_name}}"
spec:
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: "{{app_name}}"
deploymentconfig: "{{app_name}}"
sessionAffinity: None
type: ClusterIP
- name: Create Route
openshift_raw:
host: "{{api_url}}"
username: "{{user}}"
api_key: "{{api_key}}"
state: present
definition:
apiVersion: v1
kind: Route
metadata:
labels:
app: "{{app_name}}"
name: "{{app_name}}"
namespace: "{{project_name}}"
spec:
host: "{{app_name}}-{{project_name}}.{{router_url}}"
port:
targetPort: 8080-tcp
to:
kind: Service
name: "{{app_name}}"
weight: 100
wildcardPolicy: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment