This playbook deploys a number of things in a Kubernetes cluster.
Infrastructure: DNS + Certificates
Software
Create a YAML file (e.g., your-settings.yaml
) to select which software to instal (and override default configuration). See roles/*/defaults/main.yaml
for the individual parameters.
Example:
domain: "bla.example.com"
# external dns + cert-manager (ip or hostname)
rfc2136_nameserver: "192.168.1.2"
# external dns
external_dns_enable: True
rfc2136_tsigSecret: "sdfkjasdasdfasdfsdaf...sadfsadfdss=="
rfc2136_tsigKeyname: "{{ domain }}"
rfc2136_tsigAlg: "hmac-sha512"
# cert-manager
cert_manager_enable: True
letsencrypt_email: "xx.yyr@example.com"
# binderhub + jupyterhub
binder_enable: True
VARS="your-settings.yaml" ; ansible-playbook --extra-vars "@$VARS" create.yaml
Run some elements only (e.g., only keycloak): VARS="your-settings.yaml" ; ansible-playbook --extra-vars "@$VARS" --tags keycloak create.yaml
VARS="your-settings.yaml" ; ansible-playbook --extra-vars "@$VARS" destroy.yaml
Ansible and Python packages kubernetes
and openshift
are required. Run pip3 install kubernetes openshift
.
- Use ClusterIssuer instead of namespaced Issuer
- Destroy does not check whether a component should have been installed in the first place (e.g., it tries to delete nginx ingress despite the fact that is shouldn't have been installed)
- Binder Tokens should be randomly generated
- Add option to configure a github access token in
files/binderhub.yaml
GitHubRepoProvider:
access_token: dsdfdsafasdfsdaffasdfassadfasdf7sdf
Add a UDP/TCP service using the NGINX ingress controller (cf. Ingress nginx for TCP and UDP services)
spec:
template:
spec:
containers:
- name: ingress-nginx-controller
ports:
- containerPort: 53
hostPort: 53
Run
kubectl -n kube-system patch configmap nginx-udp-configmap --patch '{"data":{"53":"default/my-service:53"}}'
kubectl -n kube-system patch deployment nginx-ingress-controller --patch "$(cat ingress-nginx-controller-patch.yaml)"