- grafana
- helm
+- hosts: mepautomate
+ become: yes
+ tags:
+ - mepautomate
+
+ roles:
+ - mepserver
+
- hosts: mep
become: yes
tags:
mep
[infra-k3s:children]
-mep
\ No newline at end of file
+mep
+
+[mepautomate:children]
+mep
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# kong deployment
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: apigw-kong
+ name: apigw-kong
+ namespace: mep
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: apigw-kong
+ template:
+ metadata:
+ labels:
+ app: apigw-kong
+ spec:
+ initContainers:
+ - name: check-db-ready
+ image: postgres:9.6
+ command: ['sh', '-c', 'until pg_isready -h postgres-db -p 5432;
+ do echo waiting for database; sleep 2; done;']
+ containers:
+ - name: kong-proxy
+ image: kong:1.5.1-alpine
+ env:
+ - name: KONG_DATABASE
+ value: "postgres"
+ - name: KONG_NGINX_WORKER_PROCESSES
+ value: "1"
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: /dev/stdout
+ - name: KONG_ADMIN_ERROR_LOG
+ value: /dev/stderr
+ - name: KONG_ADMIN_ACCESS_LOG
+ value: /dev/stdout
+ - name: KONG_ADMIN_ERROR_LOG
+ value: /dev/stderr
+ - name: KONG_ADMIN_LISTEN
+ value: 127.0.0.1:8444 ssl
+ - name: KONG_PROXY_LISTEN
+ value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
+ - name: KONG_ADMIN_LISTEN
+ value: 0.0.0.0:8001
+ - name: KONG_PG_DATABASE
+ value: kong
+ - name: KONG_PG_HOST
+ value: postgres-db
+ - name: KONG_PG_USER
+ value: kong
+ - name: KONG_PG_PASSWORD
+ value: kong
+ - name: KONG_PROXY_ACCESS_LOG
+ value: /dev/stdout
+ - name: KONG_PROXY_ERROR_LOG
+ value: /dev/stderr
+ ports:
+ - containerPort: 8000
+ name: proxy
+ protocol: TCP
+ - containerPort: 8443
+ name: proxy-ssl
+ protocol: TCP
+ - containerPort: 8001
+ name: admin-api
+ protocol: TCP
+ - containerPort: 8444
+ name: admin-api-ssl
+ protocol: TCP
+ volumeMounts:
+ - name: kongssl
+ mountPath: "/run/kongssl"
+ readOnly: true
+ volumes:
+ - name: kongssl
+ secret:
+ secretName: kongssl-secret
+
+
+# kong service
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kong-service
+ namespace: mep
+spec:
+ selector:
+ app: apigw-kong
+ type: NodePort
+ ports:
+ - port: 8000
+ name: proxy
+ - port: 8443
+ name: proxy-ssl
+ - port: 8001
+ name: admin-api
+ - port: 8444
+ name: admin-api-ssl
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# mep namespace
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: mep
+
+# persitent volume
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: postgres-pv-volume
+ labels:
+ type: local
+ app: postgres
+spec:
+ storageClassName: manual
+ capacity:
+ storage: 5Gi
+ accessModes:
+ - ReadWriteMany
+ hostPath:
+ path: "/mnt/data"
+
+# pvc
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: postgres-pv-claim
+ namespace: mep
+ labels:
+ app: postgres
+spec:
+ storageClassName: manual
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 5Gi
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# mep pod
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: mep
+ namespace: mep
+ labels:
+ app: mep
+spec:
+ containers:
+ - image: ealtedge/mep:latest
+ imagePullPolicy: IfNotPresent
+ name: mep-pod
+ ports:
+ - containerPort: 8088
+ - containerPort: 8443
+ env:
+ - name: SSL_ROOT
+ value: "/etc/mepssl"
+ - name: MEP_SSL_MODE
+ value: "0"
+ volumeMounts:
+ - name: mepssl
+ mountPath: "/etc/mepssl"
+ readOnly: true
+ volumes:
+ - name: mepssl
+ secret:
+ secretName: mepssl-secret
+
+
+# mep service
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mep-service
+ namespace: mep
+spec:
+ selector:
+ app: mep
+ type: NodePort
+ ports:
+ - port: 8088
+ name: mep-port
+ nodePort: 30088
+ - port: 8443
+ name: mep-https-port
+ nodePort: 30443
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# postgres database
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: postgres-db
+ namespace: mep
+ labels:
+ app: postgres-db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: postgres-db
+ template:
+ metadata:
+ labels:
+ app: postgres-db
+ spec:
+ volumes:
+ - name: postgres-data
+ persistentVolumeClaim:
+ claimName: postgres-pv-claim
+ containers:
+ - name: postgres-db
+ image: postgres:9.6
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: POSTGRES_DB
+ value: kong
+ - name: POSTGRES_USER
+ value: kong
+ - name: POSTGRES_PASSWORD
+ value: kong
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: postgres-data
+ ports:
+ - containerPort: 5432
+
+# prepare postgres-db
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: prepare-postgre-db
+ namespace: mep
+spec:
+ template:
+ spec:
+ initContainers:
+ - name: check-db-ready
+ image: postgres:9.6
+ command: ['sh', '-c', 'until pg_isready -h postgres-db -p 5432;
+ do echo waiting for database; sleep 2; done;']
+ containers:
+ - name: prepare-postgres-db
+ image: kong:1.5.1-alpine
+ env:
+ - name: KONG_DATABASE
+ value: "postgres"
+ - name: KONG_PG_DATABASE
+ value: kong
+ - name: KONG_PG_HOST
+ value: postgres-db
+ - name: KONG_PG_USER
+ value: kong
+ - name: KONG_PG_PASSWORD
+ value: kong
+ command: ['kong']
+ args: ['migrations', 'bootstrap']
+ restartPolicy: Never
+ backoffLimit: 4
+
+
+# postgres servcie
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: postgres-db
+ namespace: mep
+spec:
+ selector:
+ app: postgres-db
+ type: ClusterIP
+ ports:
+ - port: 5432
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQCfViZd0MNOEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTIwMDUwOTE1MDczNFoXDTMwMDUwNzE1MDczNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+APAyHQYv9OUkzXF/jcSl24MxmzY8FGrTAv1HsY1I0IH/vzeig60CGAyvi/Za/rWq
+6vh2lR4mSHRJ7aB6gNrvhj/IHrJFtt6HDhIoG6WiJ0xZRjnkvYdgye2/Jc6ydJjQ
+F4nz17BbvyzkxdZtnd5aHhM5Fbkd/R5DPNyaNnCetUUehMH7I0vAew//kIu2PfQJ
+stvOzgdAtBuPz/D6Cq7EljkX+6ROZggDi2NRFKzMp2moajKdvPQFs1WTKg1at/+k
+zFAcAi68DxyxhdPEFpKU3uepccbh332cJ1/x1bVHlUSVwH9SNi8to9nLG/NrL2UY
+wrX/ZzrYL7IUHqu7zlVpUN8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA42ECvTd3
+ZsL5a1x5HKQiIuvjKYI6pfsU67vB3e+IiXC8KqYVTWLIWILUXDXYrmO68vQ4+ewz
+GKTPmL50x7y6EurX5qYJ/Znj4frBOkFIRlT17rwz+HDx/ZdaLmh4D3q0jkfsjSqi
+eEh2kHfiJMLEWwPLcTfTdqtnjITvPIVydj+T+ocCvgfXsriJq4TwXl8panJiQAS2
+15gs3aRtb6PEr8jvt+a1WfnBtpFscelr7BTGpQZvGPbIFx0Xw1O106dMbi1nxG5B
+xsWL8JAb5qlbxW+jQdSuz+O2vF/CGeGZLUqvJjHx+Ud6OBoBMBmf9tEprQxJeCRD
+OhHC7N5cztTIdQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C02B29671A16FE3F
+
+oj2/2Q763tk6b6+A0H16+G7CEjnx6uWlKbf6N2GzcvQnJBd7n39Q2aImVM8syNCO
+2wyNL5LH/FZt8qBOAFMIX8wba+VRbDAZrVK3mVNLjHf5K2Pb4kQdvzwunGC9vjR3
+C4w8sVvs2Lo+zU3f/TpWNrN8B4AVx0jn+yPmyzMgJ+TgpvBOsinSWC96UBNOeabf
+ShwFtO7wrFDWjmgtBWlWYUn4DogFiahIfw/CVMzvsSAtpB03Ajb5boEWLtkfly+s
+EfajYn42/YeG5/ibzb7aQ5Ld/U5RFX36s4O3J3FGnHhsGIWNn0NUM4NfPBiKD9r8
+Wy9muK9n1MsaUPbn2Dn8tWjSZGVeNjeVCLQaEoIYRin8zhDlpco3fE2F+cKWOTce
+VV8ejCikB+bQeFnQCAeT0RNNhXgeRwSTotLKjmGYB2PiWsBdiBy1XM3Icw5nc6MF
+jx6zCN5VeQ0k2ZOkoNUn95C/3d6JfyGTOAbzRvfJAoLS1ZguwZFL3Ki27Q/pdkdl
+HAjJbS/l4CRXftn2IHSTS7OBtbnKeD0Ui19Iq50SLQEFfobKxdquio0vxIQCovkp
+ouiUH/93yETLyIkc1enYnwqpEnoEgYV+aQRbdVUMajNWDcsemI9sdHQR9xueAokU
+ksNK4+YejmcW3+DZva+haTaeG73RKRVVuVSczeQs5mEaCl4sKJANR/flfcZFtBBD
+LSj82oa8lc72c7a3w5P8qZIui91jEIjpnZPstUGv8Pc1MqnSMu4oyehYF1tkOVfR
+LdxZhzRGyYjkU1ki6GvRQ5+hd6cPV8AP46dxYyk5/tmdnY+cAMs+VpP4eK9CR6LD
+FkjwkHRxpSIvY2useQWCszCaEgIl6KwysWTPH4mAztH028/2jw1GgAe5xlBBYHlE
+uHbBP6h8VNLGWV1TADXpERYnudGAf3RA7/PU7JzeEebCVWuV21DhaU0KU8gNx+tO
+J/LHn95BtVEsuweeUyJh2G35sas50RxBi5UXy8MfG50QteUa7RPyGCkoxyo3wyts
+O2FKsPLpUsqKD73XL1BB1hiBeylB41r9zrQAK845V2M8lhWSe0yI96LDkphaDHWs
+G8C9q9zR5+aNdJK4tgDYA1MkIArmMDKoknQkJFGn1QbVnYTIXQZNIyfalhriW/0Z
+GPqPIeX8ejUU1Ev0s+0sTp/yVMMZzCInUQCcPMcFS7QDL3K3IsMw/2ucpp5thPSE
+IehioQf8gnDqaDD8qaOjAoZ+F5hthysAv7lDQEX/d/wr28g1PBZr5p78x4x5T3uE
+uLaGFmxIC1UdcKeOkCxUGXahqjaHuFeJI1eL8KHKi/b57Co1dHlfqx3pQJi74TlF
+AwkqC5s2VBa2fCXy7gfcE5wkrD2KpGcaOa37AiSocSMcYnF4RmWiZ2CHnebMuG5s
+hVDqXofamV4E0CpJHq9TRCAdR6qq6rTfQcT73Vmu7FvMXb3cT/F8aXfli2x157zw
+K2Xi2PsbBLDl6zODzZ2/EjShNnwPOTtx0m73kppa/RoW+56AlFG6q/7fH1tDkOqW
+fvVrZlJVFeDNp7sBEuoN+OhCiuKG9VajaQWpeUeCkua0kRzsKRs/oA==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQCfViZd0MNOEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTIwMDUwOTE1MDczNFoXDTMwMDUwNzE1MDczNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+APAyHQYv9OUkzXF/jcSl24MxmzY8FGrTAv1HsY1I0IH/vzeig60CGAyvi/Za/rWq
+6vh2lR4mSHRJ7aB6gNrvhj/IHrJFtt6HDhIoG6WiJ0xZRjnkvYdgye2/Jc6ydJjQ
+F4nz17BbvyzkxdZtnd5aHhM5Fbkd/R5DPNyaNnCetUUehMH7I0vAew//kIu2PfQJ
+stvOzgdAtBuPz/D6Cq7EljkX+6ROZggDi2NRFKzMp2moajKdvPQFs1WTKg1at/+k
+zFAcAi68DxyxhdPEFpKU3uepccbh332cJ1/x1bVHlUSVwH9SNi8to9nLG/NrL2UY
+wrX/ZzrYL7IUHqu7zlVpUN8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA42ECvTd3
+ZsL5a1x5HKQiIuvjKYI6pfsU67vB3e+IiXC8KqYVTWLIWILUXDXYrmO68vQ4+ewz
+GKTPmL50x7y6EurX5qYJ/Znj4frBOkFIRlT17rwz+HDx/ZdaLmh4D3q0jkfsjSqi
+eEh2kHfiJMLEWwPLcTfTdqtnjITvPIVydj+T+ocCvgfXsriJq4TwXl8panJiQAS2
+15gs3aRtb6PEr8jvt+a1WfnBtpFscelr7BTGpQZvGPbIFx0Xw1O106dMbi1nxG5B
+xsWL8JAb5qlbxW+jQdSuz+O2vF/CGeGZLUqvJjHx+Ud6OBoBMBmf9tEprQxJeCRD
+OhHC7N5cztTIdQ==
+-----END CERTIFICATE-----
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: mep namespace
+ shell:
+ cmd: kubectl create namespace mep
+ ignore_errors: 'True'
+
+- name: copy deploy folder to mep node to install mepserver
+ copy:
+ src: deploy
+ dest: /tmp/mepserver/
+
+- name: Create mepssl-secret
+ shell:
+# yamllint disable rule:line-length
+ cmd: kubectl create secret --namespace mep generic mepssl-secret --from-file=/tmp/mepserver/deploy/server.cer --from-file=/tmp/mepserver/deploy/server_key.pem --from-file=/tmp/mepserver/deploy/trust.cer
+
+- name: Create kongssl-secret
+ shell:
+# yamllint disable rule:line-length
+ cmd: kubectl create secret --namespace mep generic kongssl-secret --from-file=/tmp/mepserver/deploy/server.cer --from-file=/tmp/mepserver/deploy/server_key.pem --from-file=/tmp/mepserver/deploy/trust.cer
+
+- name: Apply mep-basic.yaml
+ shell:
+ cmd: kubectl apply -f /tmp/mepserver/deploy/mep-basic.yaml
+
+- name: Apply mep-k8s.yaml
+ shell:
+ cmd: kubectl apply -f /tmp/mepserver/deploy/mep-k8s.yaml
+
+- name: Apply kong-k8s.yaml
+ shell:
+ cmd: kubectl apply -f /tmp/mepserver/deploy/kong-k8s.yaml
+
+- name: Apply postgres-k8s.yaml
+ shell:
+ cmd: kubectl apply -f /tmp/mepserver/deploy/postgres-k8s.yaml
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- include: "install.yml"
+ when: operation == 'install'
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Uninstalling mepserver
+ shell:
+ cmd: echo "Reseting the mepserver"
+
+- name: Remove the Deployment of mepserver
+ shell:
+ cmd: kubectl delete namespace mep
+ ignore_errors: 'True'
+
+
+- name: Remove the Deployment of mepserver
+ shell:
+ cmd: kubectl delete -f /tmp/mepserver/deploy
+ ignore_errors: 'True'