Kubernetes Deployment
Deploy Kubernetes manifest templates using Ansible.
How it works:
- mount an Ansible role directory into
/deployment
- use the k8s Ansible module to template and apply manifests
- set these environment variables:
- k8s cluster connection settings
- private docker registry credentials
- namespace for deployment
- optional variables that will get exposed to playbook variables
- the default playbook run will
- create the k8s namespace
- create the private registry secret
- trigger the Ansible role you've mounted
Usage
-
Set these environment variables:
CLUSTER_CA_CERT
: Cluster's CA Cert (base64 encoded)CLUSTER_SERVER
: Cluster's API entry pointCLUSTER_TOKEN
: Service Account TokenDOCKER_CONFIG_JSON
: Private registry credentials, can be obtained by:-
generating the secret, replacing
USER
,PASSWORD
, andhttps://registry.gitlab.com/
as needed:kubectl create secret docker-registry regcred \ --docker-username="USER" --docker-password="PASSWORD" \ --docker-server="https://registry.gitlab.com/" \ --dry-run -o yaml
-
copy the value from the field
.dockerconfigjson
-
DEPLOY_NAMESPACE
: Kubernetes namespace that will be created/deletedDEPLOY_NAMESPACE_STATE
:present
|absent
-- sometimes you want to keep the namespace even if you are removing the deployment because other deployments use itDEPLOY_STATE
:present
|absent
DEPLOY_IMAGE
: (optional) The docker image- exposed in Ansible as
deploy_image
- e.g. "ronalddddd/foo"
- exposed in Ansible as
DEPLOY_TAG
: (optional) The docker image tag- exposed in Ansible as
deploy_tag
- it is recommended you don't use "latest" as Ansible will not know if this image has been updated and hence won't trigger a redeploy
- exposed in Ansible as
DEPLOY_HOST
: (optional) Used for setting your service's Ingress host- exposed in Ansible as
deploy_host
- exposed in Ansible as
DEPLOY_CONFIG
: (optional) Used for identifying which set of configurations to use in your playbook role- exposed in Ansible as
deploy_config
- e.g. "staging" or "production"
- exposed in Ansible as
DEPLOY_VAULT_PASS
: (optional) Used to decrypt ansible-vault encrypted filesEXTRA_VARS
: (optional) Variables foransible-playbook
's--extra-vars
command- e.g.
deploy_role=ingress acme_email=foo@example.com
- e.g.
-
Mount your Ansible role folder to
/deployment
and run the playbook:docker run --rm -it \ -v /path/to/app-role:/deployment \ --env-file=/path/to/.env ronalddddd/kube-deploy
-
Optionally you can add ConfigMap and Secrets definitions into the
deployment/files
directory:deployment/files/configmap-<DEPLOY_CONFIG>.yml
deployment/files/secrets-<DEPLOY_CONFIG>.yml
- these can be encrypted using
ansible-vault encrypt
- if you encrypt them, provide the decryption passphrase into
DEPLOY_VAULT_PASS
- these can be encrypted using
Deploying the included Ingress Nginx role
-
Set
EXTRA_VARS
and run the playbook:docker run --rm -it \ --env-file=/path/to/.env -e EXTRA_VARS="deploy_role=ingress acme_email=foo@example.com" -e DEPLOY_NAMESPACE=ingress-nginx -e DEPLOY_STATE=present ronalddddd/kube-deploy
Deploying the included Gitlab (Kubernetes) Runner role
-
Set
EXTRA_VARS
and run the playbook:docker run --rm -it \ --env-file=/path/to/.env -e EXTRA_VARS="deploy_role=gitlab_runner gitlab_runner_token=<YOUR TOKEN>" -e DEPLOY_NAMESPACE=gitlab -e DEPLOY_STATE=present ronalddddd/kube-deploy
-
gitlab_runner_token
can be obtained by:curl --request POST "https://gitlab.com/api/v4/runners" --form "token=<REGISTRATION TOKEN>" --form "description=dev-cluster-runner"