apps/coturn: migrate to new standalone pod role

author: Christian Pointner <equinox@spreadspace.org> 2020-06-30 16:09:52 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-06-30 16:09:52 +0200
commit: b8a5b98ee991669ef16eed50b9fa221eecf27d87 (patch)
tree: cc695018cdc96ce4d4fd715e087e567291d62f7e /roles
parent: kubernetes: add standalone/pod role (diff)
5 files changed, 48 insertions, 45 deletions
diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml
index 132e4847..9971b428 100644
--- a/roles/apps/coturn/tasks/main.yml
+++ b/roles/apps/coturn/tasks/main.yml
@@ -68,8 +68,15 @@
   include_role:
     name: nginx/vhost
 
-- name: generate pod manifests
-  template:
-    src: "pod.yml.j2"
-    dest: "/etc/kubernetes/manifests/coturn-{{ coturn_realm }}.yml"
-    mode: 0600
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "coturn-{{ coturn_realm }}"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+      mode: 0600
+      config_hash_items:
+      - path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/turnserver.conf"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
diff --git a/roles/apps/coturn/templates/pod-spec.yml.j2 b/roles/apps/coturn/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..d157af37
--- /dev/null
+++ b/roles/apps/coturn/templates/pod-spec.yml.j2
@@ -0,0 +1,32 @@
+securityContext:
+  allowPrivilegeEscalation: false
+  runAsUser: {{ coturn_uid }}
+  runAsGroup: {{ coturn_gid }}
+hostNetwork: true
+containers:
+- name: coturn
+  image: "instrumentisto/coturn:{{ coturn_version }}"
+  args:
+    - --log-file=stdout
+  resources:
+    limits:
+      memory: "1Gi"
+  volumeMounts:
+  - name: config
+    mountPath: /etc/coturn/
+    readOnly: true
+  - name: run
+    mountPath: /var/run
+  - name: lib
+    mountPath: /var/lib/coturn
+volumes:
+- name: config
+  hostPath:
+    path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/"
+    type: Directory
+- name: run
+  emptyDir:
+    medium: Memory
+- name: lib
+  emptyDir:
+    medium: Memory
diff --git a/roles/apps/coturn/templates/pod.yml.j2 b/roles/apps/coturn/templates/pod.yml.j2
deleted file mode 100644
index 7c127c13..00000000
--- a/roles/apps/coturn/templates/pod.yml.j2
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "coturn-{{ coturn_realm }}"
-spec:
-  securityContext:
-    allowPrivilegeEscalation: false
-    runAsUser: {{ coturn_uid }}
-    runAsGroup: {{ coturn_gid }}
-  hostNetwork: true
-  containers:
-  - name: coturn
-    image: "instrumentisto/coturn:{{ coturn_version }}"
-    args:
-      - --log-file=stdout
-    resources:
-      limits:
-        memory: "1Gi"
-    volumeMounts:
-    - name: config
-      mountPath: /etc/coturn/
-      readOnly: true
-    - name: run
-      mountPath: /var/run
-    - name: lib
-      mountPath: /var/lib/coturn
-  volumes:
-  - name: config
-    hostPath:
-      path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/"
-      type: Directory
-  - name: run
-    emptyDir:
-      medium: Memory
-  - name: lib
-    emptyDir:
-      medium: Memory
diff --git a/roles/kubernetes/standalone/pod/defaults/main.yml b/roles/kubernetes/standalone/pod/defaults/main.yml
index 87e849d8..c20d37cf 100644
--- a/roles/kubernetes/standalone/pod/defaults/main.yml
+++ b/roles/kubernetes/standalone/pod/defaults/main.yml
@@ -13,7 +13,7 @@
 #       - /bin/bash
 #       - -c
 #       - "sleep inf"
-
+#   mode: 0600
 #   config_hash_items:
 #   - path: /path/to/configfile
 #     properties:
diff --git a/roles/kubernetes/standalone/pod/tasks/main.yml b/roles/kubernetes/standalone/pod/tasks/main.yml
index b59e4f38..73048a81 100644
--- a/roles/kubernetes/standalone/pod/tasks/main.yml
+++ b/roles/kubernetes/standalone/pod/tasks/main.yml
@@ -55,14 +55,14 @@
       apiVersion: v1
       kind: Pod
       metadata:
-        name: {{ kubernetes_standalone_pod.name }}
+        name: "{{ kubernetes_standalone_pod.name }}"
       {% if 'labels' in kubernetes_standalone_pod %}
         labels:
           {{ kubernetes_standalone_pod.labels | to_nice_yaml(indent=2) | indent(4) }}{% endif %}
       {% if config_hash_value is defined or'annotations' in kubernetes_standalone_pod %}
         annotations:
       {%   if config_hash_value is defined %}
-          config-hash: {{ config_hash_value }}
+          config-hash: "{{ config_hash_value }}"
       {%   endif %}
       {%   if 'annotations' in kubernetes_standalone_pod %}
           {{ kubernetes_standalone_pod.annotations | default({}) | to_nice_yaml(indent=2) | indent(4) }}{% endif %}
@@ -70,3 +70,4 @@
       spec:
         {{ kubernetes_standalone_pod.spec | indent(2) }}
     dest: "/etc/kubernetes/manifests/{{ kubernetes_standalone_pod.name }}.yml"
+    mode: "{{ kubernetes_standalone_pod.mode | default(omit) }}"
author	Christian Pointner <equinox@spreadspace.org>	2020-06-30 16:09:52 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-06-30 16:09:52 +0200
commit	b8a5b98ee991669ef16eed50b9fa221eecf27d87 (patch)
tree	cc695018cdc96ce4d4fd715e087e567291d62f7e /roles
parent	kubernetes: add standalone/pod role (diff)