From 58fabf23f8cab043fbe0ec67748c28586668eba6 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Mon, 2 Mar 2026 01:45:30 +0000 Subject: [PATCH] refactor: move embedded Kubernetes manifests to role templates --- ansible/roles/csi/tasks/main.yml | 58 ++---------- ansible/roles/csi/templates/csi-smoke.yaml.j2 | 47 ++++++++++ ansible/roles/observability/tasks/main.yml | 88 +++---------------- .../templates/grafana-datasource-loki.yaml.j2 | 16 ++++ .../kube-prometheus-stack-values.yaml.j2 | 28 ++++++ .../templates/loki-values.yaml.j2 | 19 ++++ .../templates/promtail-values.yaml.j2 | 3 + 7 files changed, 134 insertions(+), 125 deletions(-) create mode 100644 ansible/roles/csi/templates/csi-smoke.yaml.j2 create mode 100644 ansible/roles/observability/templates/grafana-datasource-loki.yaml.j2 create mode 100644 ansible/roles/observability/templates/kube-prometheus-stack-values.yaml.j2 create mode 100644 ansible/roles/observability/templates/loki-values.yaml.j2 create mode 100644 ansible/roles/observability/templates/promtail-values.yaml.j2 diff --git a/ansible/roles/csi/tasks/main.yml b/ansible/roles/csi/tasks/main.yml index 66e6ed4..f29ec77 100644 --- a/ansible/roles/csi/tasks/main.yml +++ b/ansible/roles/csi/tasks/main.yml @@ -173,56 +173,14 @@ when: csi_smoke_test_enabled | bool - name: Apply CSI smoke test resources - shell: | - kubectl apply -f - <<'EOF' - apiVersion: storage.k8s.io/v1 - kind: StorageClass - metadata: - name: {{ csi_smoke_test_storage_class }} - provisioner: csi.hetzner.cloud - reclaimPolicy: Delete - volumeBindingMode: Immediate - allowVolumeExpansion: true - --- - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: {{ csi_smoke_test_pvc_name }} - namespace: kube-system - labels: - app.kubernetes.io/name: csi-smoke - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ csi_smoke_test_size }} - storageClassName: {{ csi_smoke_test_storage_class }} - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: {{ csi_smoke_test_job_name }} - namespace: kube-system - labels: - app.kubernetes.io/name: csi-smoke - spec: - backoffLimit: 0 - template: - spec: - restartPolicy: Never - containers: - - name: write-and-read - image: busybox:1.36 - command: ["/bin/sh", "-c", "echo csi-ok > /data/health && cat /data/health"] - volumeMounts: - - name: data - mountPath: /data - volumes: - - name: data - persistentVolumeClaim: - claimName: {{ csi_smoke_test_pvc_name }} - EOF + template: + src: csi-smoke.yaml.j2 + dest: /tmp/csi-smoke.yaml + mode: "0644" + when: csi_smoke_test_enabled | bool + +- name: Apply CSI smoke test manifests + command: kubectl apply -f /tmp/csi-smoke.yaml changed_when: true when: csi_smoke_test_enabled | bool diff --git a/ansible/roles/csi/templates/csi-smoke.yaml.j2 b/ansible/roles/csi/templates/csi-smoke.yaml.j2 new file mode 100644 index 0000000..7e41c98 --- /dev/null +++ b/ansible/roles/csi/templates/csi-smoke.yaml.j2 @@ -0,0 +1,47 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ csi_smoke_test_storage_class }} +provisioner: csi.hetzner.cloud +reclaimPolicy: Delete +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ csi_smoke_test_pvc_name }} + namespace: kube-system + labels: + app.kubernetes.io/name: csi-smoke +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ csi_smoke_test_size }} + storageClassName: {{ csi_smoke_test_storage_class }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ csi_smoke_test_job_name }} + namespace: kube-system + labels: + app.kubernetes.io/name: csi-smoke +spec: + backoffLimit: 0 + template: + spec: + restartPolicy: Never + containers: + - name: write-and-read + image: busybox:1.36 + command: ["/bin/sh", "-c", "echo csi-ok > /data/health && cat /data/health"] + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ csi_smoke_test_pvc_name }} diff --git a/ansible/roles/observability/tasks/main.yml b/ansible/roles/observability/tasks/main.yml index f4a45ff..29496f3 100644 --- a/ansible/roles/observability/tasks/main.yml +++ b/ansible/roles/observability/tasks/main.yml @@ -21,38 +21,10 @@ grafana_password_effective: "{{ grafana_admin_password if grafana_admin_password | length > 0 else lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}" - name: Write kube-prometheus-stack values - copy: + template: + src: kube-prometheus-stack-values.yaml.j2 dest: /tmp/kube-prometheus-stack-values.yaml mode: "0644" - content: | - grafana: - enabled: true - adminPassword: {{ grafana_password_effective }} - persistence: - enabled: true - storageClassName: {{ grafana_storage_class }} - size: {{ grafana_storage_size }} - service: - type: ClusterIP - prometheus: - prometheusSpec: - retention: 7d - storageSpec: - volumeClaimTemplate: - spec: - storageClassName: {{ prometheus_storage_class }} - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ prometheus_storage_size }} - alertmanager: - enabled: false - kubeEtcd: - enabled: false - kubeControllerManager: - enabled: false - kubeScheduler: - enabled: false - name: Add Prometheus Helm repo command: helm repo add prometheus-community https://prometheus-community.github.io/helm-charts @@ -81,29 +53,10 @@ changed_when: true - name: Write Loki values - copy: + template: + src: loki-values.yaml.j2 dest: /tmp/loki-values.yaml mode: "0644" - content: | - loki: - auth_enabled: false - commonConfig: - replication_factor: 1 - storage: - type: filesystem - singleBinary: - replicas: 1 - persistence: - enabled: true - storageClass: {{ loki_storage_class }} - size: {{ loki_storage_size }} - test: - enabled: false - monitoring: - selfMonitoring: - enabled: false - lokiCanary: - enabled: false - name: Install Loki command: >- @@ -116,13 +69,10 @@ changed_when: true - name: Write Promtail values - copy: + template: + src: promtail-values.yaml.j2 dest: /tmp/promtail-values.yaml mode: "0644" - content: | - config: - clients: - - url: http://loki-gateway.{{ observability_namespace }}.svc.cluster.local/loki/api/v1/push - name: Install Promtail command: >- @@ -134,26 +84,14 @@ --timeout 10m changed_when: true +- name: Write Grafana Loki datasource manifest + template: + src: grafana-datasource-loki.yaml.j2 + dest: /tmp/grafana-datasource-loki.yaml + mode: "0644" + - name: Create Grafana Loki datasource - command: kubectl apply -f - - args: - stdin: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: grafana-datasource-loki - namespace: {{ observability_namespace }} - labels: - grafana_datasource: "1" - data: - loki-datasource.yaml: | - apiVersion: 1 - datasources: - - name: Loki - type: loki - access: proxy - url: http://loki-gateway.{{ observability_namespace }}.svc.cluster.local - isDefault: false + command: kubectl apply -f /tmp/grafana-datasource-loki.yaml changed_when: true - name: Show observability access details diff --git a/ansible/roles/observability/templates/grafana-datasource-loki.yaml.j2 b/ansible/roles/observability/templates/grafana-datasource-loki.yaml.j2 new file mode 100644 index 0000000..6cdd036 --- /dev/null +++ b/ansible/roles/observability/templates/grafana-datasource-loki.yaml.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-datasource-loki + namespace: {{ observability_namespace }} + labels: + grafana_datasource: "1" +data: + loki-datasource.yaml: | + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + url: http://loki-gateway.{{ observability_namespace }}.svc.cluster.local + isDefault: false diff --git a/ansible/roles/observability/templates/kube-prometheus-stack-values.yaml.j2 b/ansible/roles/observability/templates/kube-prometheus-stack-values.yaml.j2 new file mode 100644 index 0000000..5388e98 --- /dev/null +++ b/ansible/roles/observability/templates/kube-prometheus-stack-values.yaml.j2 @@ -0,0 +1,28 @@ +grafana: + enabled: true + adminPassword: {{ grafana_password_effective }} + persistence: + enabled: true + storageClassName: {{ grafana_storage_class }} + size: {{ grafana_storage_size }} + service: + type: ClusterIP +prometheus: + prometheusSpec: + retention: 7d + storageSpec: + volumeClaimTemplate: + spec: + storageClassName: {{ prometheus_storage_class }} + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: {{ prometheus_storage_size }} +alertmanager: + enabled: false +kubeEtcd: + enabled: false +kubeControllerManager: + enabled: false +kubeScheduler: + enabled: false diff --git a/ansible/roles/observability/templates/loki-values.yaml.j2 b/ansible/roles/observability/templates/loki-values.yaml.j2 new file mode 100644 index 0000000..de07ae5 --- /dev/null +++ b/ansible/roles/observability/templates/loki-values.yaml.j2 @@ -0,0 +1,19 @@ +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 + storage: + type: filesystem +singleBinary: + replicas: 1 + persistence: + enabled: true + storageClass: {{ loki_storage_class }} + size: {{ loki_storage_size }} +test: + enabled: false +monitoring: + selfMonitoring: + enabled: false + lokiCanary: + enabled: false diff --git a/ansible/roles/observability/templates/promtail-values.yaml.j2 b/ansible/roles/observability/templates/promtail-values.yaml.j2 new file mode 100644 index 0000000..f474e17 --- /dev/null +++ b/ansible/roles/observability/templates/promtail-values.yaml.j2 @@ -0,0 +1,3 @@ +config: + clients: + - url: http://loki-gateway.{{ observability_namespace }}.svc.cluster.local/loki/api/v1/push