apps/nextcloud: migrate to new standalone pod role

author: Christian Pointner <equinox@spreadspace.org> 2020-06-30 16:39:23 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-06-30 16:39:23 +0200
commit: d88ec101103f5ad9cf4fa5c8acf7cd0c581eff8a (patch)
tree: 2e2a5cabcdaa357366980da9cc8a770372b4f5ec /roles
parent: apps/etherpad-lite: migrate to new standalone pod role (diff)
3 files changed, 96 insertions, 89 deletions
diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml
index b08ce2d0..d2ed558a 100644
--- a/roles/apps/nextcloud/tasks/main.yml
+++ b/roles/apps/nextcloud/tasks/main.yml
@@ -102,14 +102,24 @@
   when: "'custom_image' in item.value"
   include_tasks: custom-image.yml
 
-- name: generate pod manifests
+- name: install pod manifest
   loop: "{{ nextcloud_instances | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
-  template:
-    src: "pod-with-{{ item.value.database.type }}.yml.j2"
-    dest: "/etc/kubernetes/manifests/nextcloud-{{ item.key }}.yml"
-    mode: 0600
+  vars:
+    kubernetes_standalone_pod:
+      name: "nextcloud-{{ item.key }}"
+      spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}"
+      mode: 0600
+      config_hash_items:
+      - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/apache-site.conf"
+        properties:
+        - checksum
+      - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/ports.conf"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
 
 
 - name: install cron trigger script
@@ -141,8 +151,8 @@
 
 - name: configure nginx vhost
   loop: "{{ nextcloud_instances | dict2items }}"
-  include_role:
-    name: nginx/vhost
+  loop_control:
+    label: "{{ item.key }}"
   vars:
     nginx_vhost:
       name: "nextcloud-{{ item.key }}"
@@ -156,6 +166,8 @@
         replacement: "https://$host/"
       - redirect: "http://$host:8080/"
         replacement: "https://$host/"
+  include_role:
+    name: nginx/vhost
 
 
 - name: install management scripts
diff --git a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2
new file mode 100644
index 00000000..b587cad3
--- /dev/null
+++ b/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2
@@ -0,0 +1,77 @@
+securityContext:
+  allowPrivilegeEscalation: false
+containers:
+- name: nextcloud
+  image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}"
+  securityContext:
+    runAsUser: {{ nextcloud_app_uid }}
+    runAsGroup: {{ nextcloud_app_gid }}
+  resources:
+    limits:
+      memory: "4Gi"
+{% if 'new' in item.value and item.value.new %}
+  env:
+  - name: NEXTCLOUD_TRUSTED_DOMAINS
+    value: "{{ item.value.hostnames | join(' ') }}"
+  - name: MYSQL_HOST
+    value: 127.0.0.1
+  - name: MYSQL_DATABASE
+    value: nextcloud
+  - name: MYSQL_USER
+    value: nextcloud
+  - name: MYSQL_PASSWORD
+    value: "{{ item.value.database.password }}"
+{% endif %}
+  volumeMounts:
+  - name: nextcloud
+    mountPath: /var/www/html
+  - name: config
+    mountPath: /etc/apache2/sites-available/000-default.conf
+    subPath: apache-site.conf
+    readOnly: true
+  - name: config
+    mountPath: /etc/apache2/ports.conf
+    subPath: ports.conf
+    readOnly: true
+  ports:
+  - containerPort: 8080
+    hostPort: {{ item.value.port }}
+    hostIP: 127.0.0.1
+- name: database
+  image: "mariadb:{{ item.value.database.version }}"
+  args:
+  - --transaction-isolation=READ-COMMITTED
+  - --binlog-format=ROW
+  securityContext:
+    runAsUser: {{ nextcloud_db_uid }}
+    runAsGroup: {{ nextcloud_db_gid }}
+  resources:
+    limits:
+      memory: "2Gi"
+{% if 'new' in item.value and item.value.new %}
+  env:
+  - name: MYSQL_RANDOM_ROOT_PASSWORD
+    value: "true"
+  - name: MYSQL_DATABASE
+    value: nextcloud
+  - name: MYSQL_USER
+    value: nextcloud
+  - name: MYSQL_PASSWORD
+    value: "{{ item.value.database.password }}"
+{% endif %}
+  volumeMounts:
+  - name: database
+    mountPath: /var/lib/mysql
+volumes:
+- name: config
+  hostPath:
+    path: "{{ nextcloud_base_path }}/{{ item.key }}/config/"
+    type: Directory
+- name: nextcloud
+  hostPath:
+    path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
+    type: Directory
+- name: database
+  hostPath:
+    path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
+    type: Directory
diff --git a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
deleted file mode 100644
index 20752490..00000000
--- a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
+++ /dev/null
@@ -1,82 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "nextcloud-{{ item.key }}"
-spec:
-  securityContext:
-    allowPrivilegeEscalation: false
-  containers:
-  - name: nextcloud
-    image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}"
-    securityContext:
-      runAsUser: {{ nextcloud_app_uid }}
-      runAsGroup: {{ nextcloud_app_gid }}
-    resources:
-      limits:
-        memory: "4Gi"
-{% if 'new' in item.value and item.value.new %}
-    env:
-    - name: NEXTCLOUD_TRUSTED_DOMAINS
-      value: "{{ item.value.hostnames | join(' ') }}"
-    - name: MYSQL_HOST
-      value: 127.0.0.1
-    - name: MYSQL_DATABASE
-      value: nextcloud
-    - name: MYSQL_USER
-      value: nextcloud
-    - name: MYSQL_PASSWORD
-      value: "{{ item.value.database.password }}"
-{% endif %}
-    volumeMounts:
-    - name: nextcloud
-      mountPath: /var/www/html
-    - name: config
-      mountPath: /etc/apache2/sites-available/000-default.conf
-      subPath: apache-site.conf
-      readOnly: true
-    - name: config
-      mountPath: /etc/apache2/ports.conf
-      subPath: ports.conf
-      readOnly: true
-    ports:
-    - containerPort: 8080
-      hostPort: {{ item.value.port }}
-      hostIP: 127.0.0.1
-  - name: database
-    image: "mariadb:{{ item.value.database.version }}"
-    args:
-    - --transaction-isolation=READ-COMMITTED
-    - --binlog-format=ROW
-    securityContext:
-      runAsUser: {{ nextcloud_db_uid }}
-      runAsGroup: {{ nextcloud_db_gid }}
-    resources:
-      limits:
-        memory: "2Gi"
-{% if 'new' in item.value and item.value.new %}
-    env:
-    - name: MYSQL_RANDOM_ROOT_PASSWORD
-      value: "true"
-    - name: MYSQL_DATABASE
-      value: nextcloud
-    - name: MYSQL_USER
-      value: nextcloud
-    - name: MYSQL_PASSWORD
-      value: "{{ item.value.database.password }}"
-{% endif %}
-    volumeMounts:
-    - name: database
-      mountPath: /var/lib/mysql
-  volumes:
-  - name: config
-    hostPath:
-      path: "{{ nextcloud_base_path }}/{{ item.key }}/config/"
-      type: Directory
-  - name: nextcloud
-    hostPath:
-      path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
-      type: Directory
-  - name: database
-    hostPath:
-      path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
-      type: Directory
author	Christian Pointner <equinox@spreadspace.org>	2020-06-30 16:39:23 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-06-30 16:39:23 +0200
commit	d88ec101103f5ad9cf4fa5c8acf7cd0c581eff8a (patch)
tree	2e2a5cabcdaa357366980da9cc8a770372b4f5ec /roles
parent	apps/etherpad-lite: migrate to new standalone pod role (diff)