diff options
Diffstat (limited to 'roles/collabora/code')
| -rw-r--r-- | roles/collabora/code/defaults/main.yml | 12 | ||||
| -rw-r--r-- | roles/collabora/code/tasks/main.yml | 38 | ||||
| -rw-r--r-- | roles/collabora/code/templates/pod.yml.j2 | 28 |
3 files changed, 78 insertions, 0 deletions
diff --git a/roles/collabora/code/defaults/main.yml b/roles/collabora/code/defaults/main.yml new file mode 100644 index 00000000..b5082941 --- /dev/null +++ b/roles/collabora/code/defaults/main.yml @@ -0,0 +1,12 @@ +--- +collabora_code_app_uid: "940" +collabora_code_app_gid: "940" + +# collabora_code_instances: +# example: +# version: 4.0.6.1 +# port: 8200 +# hostnames: +# - office.example.com +# admin_user: admin +# admin_password: S3cret diff --git a/roles/collabora/code/tasks/main.yml b/roles/collabora/code/tasks/main.yml new file mode 100644 index 00000000..8bc19bfd --- /dev/null +++ b/roles/collabora/code/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: add group for collabora-code app + group: + name: code-app + gid: "{{ collabora_code_app_gid }}" + +- name: add user for collabora-code app + user: + name: code-app + uid: "{{ collabora_code_app_uid }}" + group: nc-app + password: "!" + + +- name: generate pod manifests + loop: "{{ collabora_code_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: "pod.yml.j2" + dest: "/etc/kubernetes/manifests/collabora-code-{{ item.key }}.yml" + mode: 0600 + + +- name: configure nginx vhost + loop: "{{ collabora_code_instances | dict2items }}" + include_role: + name: nginx/vhost + vars: + nginx_vhost: + name: "collabora-code-{{ item.key }}" + template: generic-proxy-no-buffering-with-acme + acme: true + hostnames: "{{ item.value.hostnames }}" + proxy_pass: "http://127.0.0.1:{{ item.value.port }}" + proxy_redirect: + redirect: "http://$host:9980/" + replacement: "https://$host/" diff --git a/roles/collabora/code/templates/pod.yml.j2 b/roles/collabora/code/templates/pod.yml.j2 new file mode 100644 index 00000000..05158ebf --- /dev/null +++ b/roles/collabora/code/templates/pod.yml.j2 @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "collabora-code-{{ item.key }}" +spec: + securityContext: + allowPrivilegeEscalation: false + containers: + - name: collabora-code + image: "collabora/code:{{ item.value.version }}" + # securityContext: + # runAsUser: {{ collabora_code_app_uid }} + # runAsGroup: {{ collabora_code_app_gid }} + resources: + limits: + memory: "4Gi" + env: + - name: "DONT_GEN_SSL_CERT" + value: "1" + - name: "username" + value: "{{ item.value.admin_user }}" + - name: "password" + value: "{{ item.value.admin_password }}" + - name: "extra_params" + value: "--o:ssl.enable=false --o:ssl.termination=true" + ports: + - containerPort: 9980 + hostPort: {{ item.value.port }} |