From 66a82eedd9cf448fa62eecb389c707fe8f877366 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 22 Dec 2023 01:47:40 +0100 Subject: initial role apps/node-red (WIP) --- roles/apps/node-red/instance/tasks/main.yml | 54 ++++++++++++++++++++++ .../node-red/instance/templates/pod-spec.yml.j2 | 21 +++++++++ roles/apps/node-red/tasks/main.yml | 7 +++ 3 files changed, 82 insertions(+) create mode 100644 roles/apps/node-red/instance/tasks/main.yml create mode 100644 roles/apps/node-red/instance/templates/pod-spec.yml.j2 create mode 100644 roles/apps/node-red/tasks/main.yml (limited to 'roles/apps/node-red') diff --git a/roles/apps/node-red/instance/tasks/main.yml b/roles/apps/node-red/instance/tasks/main.yml new file mode 100644 index 00000000..ec9b9dff --- /dev/null +++ b/roles/apps/node-red/instance/tasks/main.yml @@ -0,0 +1,54 @@ +--- +## TODO: add storage handling! +- set_fact: + node_red_instance_basepath: "/srv/node-red/{{ node_red_instance }}" +## + +## TODO: custom user + +- name: create instance directories + loop: + - data + - tls + file: + path: "{{ node_red_instance_basepath }}/{{ item }}" + state: directory + owner: 1000 + mode: 0700 + +- name: generate/install/fetch TLS certificate + when: "'mqtt_tls' in node_red_instances[node_red_instance]" + vars: + x509_certificate_name: "node-red-{{ node_red_instance }}_mqtt" + x509_certificate_hostnames: [] + x509_certificate_config: "{{ node_red_instances[node_red_instance].mqtt_tls.certificate_config }}" + x509_certificate_renewal: + install: + - dest: "{{ node_red_instance_basepath }}/tls/mqtt-crt.pem" + src: + - fullchain + owner: root + group: 1000 + mode: "0644" + - dest: "{{ node_red_instance_basepath }}/tls/mqtt-key.pem" + src: + - key + owner: root + group: 1000 + mode: "0640" + - dest: "{{ node_red_instance_basepath }}/tls/mqtt-ca-crt.pem" + src: + - ca_cert + owner: root + group: 1000 + mode: "0644" + include_role: + name: "x509/{{ node_red_instances[node_red_instance].mqtt_tls.certificate_provider }}/cert" + +- name: install pod manifest + vars: + kubernetes_standalone_pod: + name: "node-red-{{ node_red_instance }}" + spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" + include_role: + name: kubernetes/standalone/pod diff --git a/roles/apps/node-red/instance/templates/pod-spec.yml.j2 b/roles/apps/node-red/instance/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..29f2161a --- /dev/null +++ b/roles/apps/node-red/instance/templates/pod-spec.yml.j2 @@ -0,0 +1,21 @@ +containers: +- name: node-red + image: "nodered/node-red:{{ node_red_instances[node_red_instance].version }}-debian" + volumeMounts: + - name: tls + mountPath: /tls + readOnly: true + - name: data + mountPath: /data + ports: + - containerPort: 1880 + hostPort: {{ node_red_instances[node_red_instance].port }} +volumes: +- name: tls + hostPath: + path: "{{ node_red_instance_basepath }}/tls" + type: Directory +- name: data + hostPath: + path: "{{ node_red_instance_basepath }}/data" + type: Directory diff --git a/roles/apps/node-red/tasks/main.yml b/roles/apps/node-red/tasks/main.yml new file mode 100644 index 00000000..211d9774 --- /dev/null +++ b/roles/apps/node-red/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: instance specific tasks + loop: "{{ node_red_instances | list }}" + loop_control: + loop_var: node_red_instance + include_role: + name: apps/node-red/instance -- cgit v1.2.3