From f45ac0cb6e26bc2598ebca57b830a881246098da Mon Sep 17 00:00:00 2001 From: Eric FELIXINE Date: Thu, 4 Jun 2026 09:45:16 -0400 Subject: [PATCH] feat(k8s): add defaults/main.yml, meta/main.yml for all 27 roles + 4 helm templates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added defaults/main.yml with production-ready values for all 27 Ansible roles - Added meta/main.yml with role dependencies (DAG: prereq → namespaces → storage → traefik → cert-manager → services) - Created 4 missing Helm templates: flink-deployment, kafka-cluster, smartapp-web, smartapp-api - Fixed YAML syntax error in backup/tasks/main.yml (Velero backupStorageLocation) - Updated README with domain list, dependencies diagram, and corrected Helm chart names - All 81 YAML files pass validation --- helms/README.md | 57 +++- helms/roles/airflow/defaults/main.yml | 19 ++ helms/roles/airflow/meta/main.yml | 13 + helms/roles/backup/defaults/main.yml | 8 + helms/roles/backup/meta/main.yml | 11 + helms/roles/backup/tasks/main.yml | 2 +- helms/roles/bi/defaults/main.yml | 23 ++ helms/roles/bi/meta/main.yml | 12 + helms/roles/cert-manager/defaults/main.yml | 6 + helms/roles/cert-manager/meta/main.yml | 12 + helms/roles/clickhouse/defaults/main.yml | 17 + helms/roles/clickhouse/meta/main.yml | 12 + helms/roles/databases/defaults/main.yml | 27 ++ helms/roles/databases/meta/main.yml | 13 + helms/roles/deltalake/defaults/main.yml | 17 + helms/roles/deltalake/meta/main.yml | 12 + helms/roles/duckdb/defaults/main.yml | 17 + helms/roles/duckdb/meta/main.yml | 12 + helms/roles/flink/defaults/main.yml | 14 + helms/roles/flink/meta/main.yml | 12 + .../flink/templates/flink-deployment.yml.j2 | 140 +++++++++ helms/roles/gis/defaults/main.yml | 36 +++ helms/roles/gis/meta/main.yml | 12 + helms/roles/gitea/defaults/main.yml | 17 + helms/roles/gitea/meta/main.yml | 12 + helms/roles/iot/defaults/main.yml | 27 ++ helms/roles/iot/meta/main.yml | 13 + helms/roles/jupyterhub/defaults/main.yml | 17 + helms/roles/jupyterhub/meta/main.yml | 12 + helms/roles/kafka/defaults/main.yml | 17 + helms/roles/kafka/meta/main.yml | 13 + .../kafka/templates/kafka-cluster.yml.j2 | 295 ++++++++++++++++++ helms/roles/mindsdb/defaults/main.yml | 17 + helms/roles/mindsdb/meta/main.yml | 12 + helms/roles/monitoring/defaults/main.yml | 12 + helms/roles/monitoring/meta/main.yml | 13 + helms/roles/namespaces/defaults/main.yml | 5 + helms/roles/namespaces/meta/main.yml | 12 + helms/roles/nodered/defaults/main.yml | 14 + helms/roles/nodered/meta/main.yml | 12 + helms/roles/odk/defaults/main.yml | 17 + helms/roles/odk/meta/main.yml | 12 + helms/roles/phpipam/defaults/main.yml | 14 + helms/roles/phpipam/meta/main.yml | 12 + helms/roles/prerequisites/defaults/main.yml | 19 ++ helms/roles/prerequisites/meta/main.yml | 11 + helms/roles/smartapp/defaults/main.yml | 5 + helms/roles/smartapp/meta/main.yml | 13 + .../smartapp/templates/smartapp-api.yml.j2 | 253 +++++++++++++++ .../smartapp/templates/smartapp-web.yml.j2 | 229 ++++++++++++++ helms/roles/starrocks/defaults/main.yml | 17 + helms/roles/starrocks/meta/main.yml | 12 + helms/roles/storage/defaults/main.yml | 10 + helms/roles/storage/meta/main.yml | 12 + helms/roles/streamlit/defaults/main.yml | 14 + helms/roles/streamlit/meta/main.yml | 12 + helms/roles/traefik/defaults/main.yml | 5 + helms/roles/traefik/meta/main.yml | 13 + helms/roles/trino/defaults/main.yml | 14 + helms/roles/trino/meta/main.yml | 12 + 60 files changed, 1713 insertions(+), 17 deletions(-) create mode 100644 helms/roles/airflow/defaults/main.yml create mode 100644 helms/roles/airflow/meta/main.yml create mode 100644 helms/roles/backup/defaults/main.yml create mode 100644 helms/roles/backup/meta/main.yml create mode 100644 helms/roles/bi/defaults/main.yml create mode 100644 helms/roles/bi/meta/main.yml create mode 100644 helms/roles/cert-manager/defaults/main.yml create mode 100644 helms/roles/cert-manager/meta/main.yml create mode 100644 helms/roles/clickhouse/defaults/main.yml create mode 100644 helms/roles/clickhouse/meta/main.yml create mode 100644 helms/roles/databases/defaults/main.yml create mode 100644 helms/roles/databases/meta/main.yml create mode 100644 helms/roles/deltalake/defaults/main.yml create mode 100644 helms/roles/deltalake/meta/main.yml create mode 100644 helms/roles/duckdb/defaults/main.yml create mode 100644 helms/roles/duckdb/meta/main.yml create mode 100644 helms/roles/flink/defaults/main.yml create mode 100644 helms/roles/flink/meta/main.yml create mode 100644 helms/roles/flink/templates/flink-deployment.yml.j2 create mode 100644 helms/roles/gis/defaults/main.yml create mode 100644 helms/roles/gis/meta/main.yml create mode 100644 helms/roles/gitea/defaults/main.yml create mode 100644 helms/roles/gitea/meta/main.yml create mode 100644 helms/roles/iot/defaults/main.yml create mode 100644 helms/roles/iot/meta/main.yml create mode 100644 helms/roles/jupyterhub/defaults/main.yml create mode 100644 helms/roles/jupyterhub/meta/main.yml create mode 100644 helms/roles/kafka/defaults/main.yml create mode 100644 helms/roles/kafka/meta/main.yml create mode 100644 helms/roles/kafka/templates/kafka-cluster.yml.j2 create mode 100644 helms/roles/mindsdb/defaults/main.yml create mode 100644 helms/roles/mindsdb/meta/main.yml create mode 100644 helms/roles/monitoring/defaults/main.yml create mode 100644 helms/roles/monitoring/meta/main.yml create mode 100644 helms/roles/namespaces/defaults/main.yml create mode 100644 helms/roles/namespaces/meta/main.yml create mode 100644 helms/roles/nodered/defaults/main.yml create mode 100644 helms/roles/nodered/meta/main.yml create mode 100644 helms/roles/odk/defaults/main.yml create mode 100644 helms/roles/odk/meta/main.yml create mode 100644 helms/roles/phpipam/defaults/main.yml create mode 100644 helms/roles/phpipam/meta/main.yml create mode 100644 helms/roles/prerequisites/defaults/main.yml create mode 100644 helms/roles/prerequisites/meta/main.yml create mode 100644 helms/roles/smartapp/defaults/main.yml create mode 100644 helms/roles/smartapp/meta/main.yml create mode 100644 helms/roles/smartapp/templates/smartapp-api.yml.j2 create mode 100644 helms/roles/smartapp/templates/smartapp-web.yml.j2 create mode 100644 helms/roles/starrocks/defaults/main.yml create mode 100644 helms/roles/starrocks/meta/main.yml create mode 100644 helms/roles/storage/defaults/main.yml create mode 100644 helms/roles/storage/meta/main.yml create mode 100644 helms/roles/streamlit/defaults/main.yml create mode 100644 helms/roles/streamlit/meta/main.yml create mode 100644 helms/roles/traefik/defaults/main.yml create mode 100644 helms/roles/traefik/meta/main.yml create mode 100644 helms/roles/trino/defaults/main.yml create mode 100644 helms/roles/trino/meta/main.yml diff --git a/helms/README.md b/helms/README.md index 617029e1..c58b24cf 100644 --- a/helms/README.md +++ b/helms/README.md @@ -123,33 +123,58 @@ kubectl get ingress --all-namespaces | Service | Domaine | Namespace | Helm Chart | |---------|---------|-----------|------------| +| Traefik | traefik.digitribe.fr | traefik | traefik/traefik | | Airflow | airflow.digitribe.fr | airflow | apache/airflow | -| Kafka | kafka.digitribe.fr | kafka | strimzi/kafka-operator | +| Kafka | kafka-bootstrap.digitribe.fr | kafka | strimzi/kafka-operator | | Flink | flink.digitribe.fr | flink | apache/flink-kubernetes-operator | | ClickHouse | clickhouse.digitribe.fr | clickhouse | bitnami/clickhouse | -| StarRocks | starrocks.digitribe.fr | starrocks | starrocks/starrocks-community | +| StarRocks | starrocks.digitribe.fr | starrocks | community/starrocks | | Trino | trino.digitribe.fr | trino | trinodb/trino | -| Delta Lake | deltalake.digitribe.fr | deltalake | delta-io/delta-lake | -| Streamlit | streamlit.digitribe.fr | streamlit | streamlit/streamlit | -| DuckDB | duckdb.digitribe.fr | duckdb | duckdb/duckdb | +| Delta Lake | deltalake.digitribe.fr | deltalake | custom | +| Streamlit | streamlit.digitribe.fr | streamlit | custom | +| DuckDB | duckdb.digitribe.fr | duckdb | custom | | EMQX | emqx.digitribe.fr | iot | emqx/emqx-operator | -| Mosquitto | mqtt.digitribe.fr | iot | k8s-at-home/mosquitto | -| Node-RED | nodered.digitribe.fr | iot | k8s-at-home/node-red | -| phpIPAM | phpipam.digitribe.fr | phpipam | phpipam/phpipam | -| ChirpStack | chirpstack.digitribe.fr | iot | chirpstack/chirpstack | -| Gitea | gitea.digitribe.fr | gitea | gitea/gitea | +| Mosquitto | mqtt.digitribe.fr | iot | custom | +| Node-RED | nodered.digitribe.fr | iot | custom | +| phpIPAM | phpipam.digitribe.fr | phpipam | custom | +| Gitea | gitea.digitribe.fr | gitea | gitea-charts/gitea | | JupyterHub | jupyter.digitribe.fr | jupyterhub | jupyterhub/jupyterhub | -| Zeppelin | zeppelin.digitribe.fr | default | apache/zeppelin | | Superset | superset.digitribe.fr | superset | apache/superset | | Metabase | metabase.digitribe.fr | metabase | bitnami/metabase | | MindsDB | mindsdb.digitribe.fr | mindsdb | bitnami/mindsdb | -| ODK Central | odk.digitribe.fr | odk | odk/odk-central | -| MapStore | mapstore.digitribe.fr | mapstore | geosolutionsit/mapstore | -| GeoServer | geoserver.digitribe.fr | geoserver | kartoza/geoserver | -| FROST | frost.digitribe.fr | iot | fraunhoferiosb/frost-server | +| ODK Central | odk.digitribe.fr | odk | custom | +| MapStore | mapstore.digitribe.fr | gis | custom | +| GeoServer | geoserver.digitribe.fr | gis | custom | | Smart App | smartapp.digitribe.fr | smartapp | custom | +| Smart App API | api-smartapp.digitribe.fr | smartapp | custom | | Grafana | grafana.digitribe.fr | monitoring | grafana/grafana | -| MinIO | minio.digitribe.fr | default | bitnami/minio | +| MinIO | minio.digitribe.fr | databases | bitnami/minio | +| PostgreSQL | — (interne) | databases | bitnami/postgresql-ha | +| Redis | — (interne) | databases | bitnami/redis-cluster | + +## Dépendances entre rôles + +``` +prerequisites → namespaces → storage → traefik → cert-manager + ↓ + ┌─────────────────────┼─────────────────────┐ + ↓ ↓ ↓ + databases monitoring kafka + (postgres, (prometheus, ↓ + redis, minio) grafana, loki) flink + ↓ ↓ ↓ + └─────────────────────┼─────────────────────┘ + ↓ + ┌─────────────────────┼─────────────────────┐ + ↓ ↓ ↓ + airflow bi iot + gitea jupyterhub superset metabase emqx mosquitto + odk mindsdb trino nodered phpipam + gis clickhouse streamlit + smartapp deltalake duckdb + ↓ + backup (Velero) +``` ## Commandes utiles diff --git a/helms/roles/airflow/defaults/main.yml b/helms/roles/airflow/defaults/main.yml new file mode 100644 index 00000000..1e71faaa --- /dev/null +++ b/helms/roles/airflow/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# Role: airflow +# Valeurs par défaut pour Apache Airflow + +# Réplicas des workers Airflow +services: + airflow: + replicas: 2 + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + +# Stockage des logs Airflow +storage_sizes: + airflow: "20Gi" diff --git a/helms/roles/airflow/meta/main.yml b/helms/roles/airflow/meta/main.yml new file mode 100644 index 00000000..d2c9117d --- /dev/null +++ b/helms/roles/airflow/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Apache Airflow for workflow orchestration on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases + - role: kafka diff --git a/helms/roles/backup/defaults/main.yml b/helms/roles/backup/defaults/main.yml new file mode 100644 index 00000000..2c996a21 --- /dev/null +++ b/helms/roles/backup/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# Role: backup +# Valeurs par défaut pour les sauvegardes Velero + +# Planification des sauvegardes (cron format) +backup: + schedule: "0 2 * * *" + retention: "168" # 7 jours en heures diff --git a/helms/roles/backup/meta/main.yml b/helms/roles/backup/meta/main.yml new file mode 100644 index 00000000..2b44f660 --- /dev/null +++ b/helms/roles/backup/meta/main.yml @@ -0,0 +1,11 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Velero backup and disaster recovery solution on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: [] diff --git a/helms/roles/backup/tasks/main.yml b/helms/roles/backup/tasks/main.yml index 24d75ef9..f2eab966 100644 --- a/helms/roles/backup/tasks/main.yml +++ b/helms/roles/backup/tasks/main.yml @@ -11,7 +11,7 @@ values: configuration: backupStorageLocation: - name: default + - name: default provider: aws bucket: smart-city-backup config: diff --git a/helms/roles/bi/defaults/main.yml b/helms/roles/bi/defaults/main.yml new file mode 100644 index 00000000..d38e2372 --- /dev/null +++ b/helms/roles/bi/defaults/main.yml @@ -0,0 +1,23 @@ +--- +# Role: bi +# Valeurs par défaut pour Superset et Metabase + +services: + superset: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + metabase: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" diff --git a/helms/roles/bi/meta/main.yml b/helms/roles/bi/meta/main.yml new file mode 100644 index 00000000..7c7c9e55 --- /dev/null +++ b/helms/roles/bi/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Business Intelligence tools on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/cert-manager/defaults/main.yml b/helms/roles/cert-manager/defaults/main.yml new file mode 100644 index 00000000..e8b7665d --- /dev/null +++ b/helms/roles/cert-manager/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Role: cert-manager +# Valeurs par défaut pour cert-manager + +# Email pour les certificats Let's Encrypt +acme_email: "admin@digitribe.fr" diff --git a/helms/roles/cert-manager/meta/main.yml b/helms/roles/cert-manager/meta/main.yml new file mode 100644 index 00000000..e01db728 --- /dev/null +++ b/helms/roles/cert-manager/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy cert-manager for automated TLS certificate management on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: traefik diff --git a/helms/roles/clickhouse/defaults/main.yml b/helms/roles/clickhouse/defaults/main.yml new file mode 100644 index 00000000..a21fab30 --- /dev/null +++ b/helms/roles/clickhouse/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: clickhouse +# Valeurs par défaut pour ClickHouse + +services: + clickhouse: + replicas: 2 + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + +storage_sizes: + clickhouse: "50Gi" diff --git a/helms/roles/clickhouse/meta/main.yml b/helms/roles/clickhouse/meta/main.yml new file mode 100644 index 00000000..299c9be8 --- /dev/null +++ b/helms/roles/clickhouse/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy ClickHouse columnar database for analytics on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/databases/defaults/main.yml b/helms/roles/databases/defaults/main.yml new file mode 100644 index 00000000..72d6ce4f --- /dev/null +++ b/helms/roles/databases/defaults/main.yml @@ -0,0 +1,27 @@ +--- +# Role: databases +# Valeurs par défaut pour PostgreSQL, Redis et MinIO + +services: + postgresql: + replicas: 2 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +# Stockages +storage_sizes: + postgresql: "50Gi" + redis: "10Gi" + minio: "100Gi" + +# Mots de passe Vault (valeurs DUMMY — overridés par group_vars/vault.yml) +vault_postgres_password: "DUMMY_POSTGRES_PASSWORD" +vault_postgres_repmgr_password: "DUMMY_REPMGR_PASSWORD" +vault_redis_password: "DUMMY_REDIS_PASSWORD" +vault_minio_root_user: "DUMMY_MINIO_USER" +vault_minio_root_password: "DUMMY_MINIO_PASSWORD" diff --git a/helms/roles/databases/meta/main.yml b/helms/roles/databases/meta/main.yml new file mode 100644 index 00000000..6a8c0ac8 --- /dev/null +++ b/helms/roles/databases/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy and manage core database services (PostgreSQL, MySQL, Redis) on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: storage + - role: cert-manager diff --git a/helms/roles/deltalake/defaults/main.yml b/helms/roles/deltalake/defaults/main.yml new file mode 100644 index 00000000..6f14773c --- /dev/null +++ b/helms/roles/deltalake/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: deltalake +# Valeurs par défaut pour Delta Lake + +services: + deltalake: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +storage_sizes: + deltalake: "100Gi" diff --git a/helms/roles/deltalake/meta/main.yml b/helms/roles/deltalake/meta/main.yml new file mode 100644 index 00000000..1f8c5566 --- /dev/null +++ b/helms/roles/deltalake/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Delta Lake storage layer for data lakehouse architecture on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/duckdb/defaults/main.yml b/helms/roles/duckdb/defaults/main.yml new file mode 100644 index 00000000..99815c51 --- /dev/null +++ b/helms/roles/duckdb/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: duckdb +# Valeurs par défaut pour DuckDB + +services: + duckdb: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +storage_sizes: + duckdb: "50Gi" diff --git a/helms/roles/duckdb/meta/main.yml b/helms/roles/duckdb/meta/main.yml new file mode 100644 index 00000000..45dcf574 --- /dev/null +++ b/helms/roles/duckdb/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy DuckDB embedded analytical database on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/flink/defaults/main.yml b/helms/roles/flink/defaults/main.yml new file mode 100644 index 00000000..a7127779 --- /dev/null +++ b/helms/roles/flink/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Role: flink +# Valeurs par défaut pour Apache Flink + +services: + flink: + replicas: 2 + resources: + requests: + cpu: "1000m" + memory: "2Gi" + limits: + cpu: "2000m" + memory: "4Gi" diff --git a/helms/roles/flink/meta/main.yml b/helms/roles/flink/meta/main.yml new file mode 100644 index 00000000..747041ca --- /dev/null +++ b/helms/roles/flink/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Apache Flink for stream processing on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: kafka diff --git a/helms/roles/flink/templates/flink-deployment.yml.j2 b/helms/roles/flink/templates/flink-deployment.yml.j2 new file mode 100644 index 00000000..4dc416d7 --- /dev/null +++ b/helms/roles/flink/templates/flink-deployment.yml.j2 @@ -0,0 +1,140 @@ +--- +# Role: flink +# Template: flink-deployment.yml.j2 +# Déploiement d'un cluster Apache Flink via FlinkKubernetesOperator +# Variables: +# {{ flink_namespace }} - Namespace Kubernetes (défaut: flink) +# {{ flink_replicas }} - Nombre de TaskManagers (défaut: 2) + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ flink_namespace | default('flink') }} + labels: + app: flink + version: "1.18" + +--- +apiVersion: flink.apache.org/v1beta1 +kind: FlinkDeployment +metadata: + name: flink-cluster + namespace: {{ flink_namespace | default('flink') }} + labels: + app: flink + version: "1.18" +spec: + image: flink:1.18-scala_2.12 + flinkVersion: v1_18 + imagePullPolicy: IfNotPresent + + # --- JobManager --- + jobmanager: + resource: + memory: "2048m" + cpu: 1 + replicas: 1 + + # --- TaskManager --- + taskmanager: + resource: + memory: "4096m" + cpu: 2 + replicas: {{ flink_replicas | default(2) }} + + # --- Configuration Flink --- + flinkConfiguration: + taskmanager.numberOfTaskSlots: "2" + state.backend: rocksdb + state.checkpoints.dir: s3://flink-checkpoints + state.savepoints.dir: s3://flink-savepoints + high-availability: zookeeper + high-availability.zookeeper.quorum: zk-cs.{{ flink_namespace | default('flink') }}.svc.cluster.local:2181 + web.upload.dir: /tmp/flink-web-upload + +--- +apiVersion: v1 +kind: Service +metadata: + name: flink-jobmanager + namespace: {{ flink_namespace | default('flink') }} + labels: + app: flink + component: jobmanager + version: "1.18" +spec: + type: ClusterIP + selector: + app: flink + component: jobmanager + ports: + - name: rpc + port: 6123 + targetPort: 6123 + protocol: TCP + - name: blob + port: 6124 + targetPort: 6124 + protocol: TCP + - name: webui + port: 8081 + targetPort: 8081 + protocol: TCP + +--- +apiVersion: v1 +kind: Service +metadata: + name: flink-taskmanager + namespace: {{ flink_namespace | default('flink') }} + labels: + app: flink + component: taskmanager + version: "1.18" +spec: + type: ClusterIP + selector: + app: flink + component: taskmanager + ports: + - name: rpc + port: 6122 + targetPort: 6122 + protocol: TCP + - name: data + port: 6125 + targetPort: 6125 + protocol: TCP + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flink-webui + namespace: {{ flink_namespace | default('flink') }} + labels: + app: flink + component: webui + version: "1.18" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/ssl-redirect: "true" + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - flink.digitribe.fr + secretName: flink-tls + rules: + - host: flink.digitribe.fr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: flink-jobmanager + port: + number: 8081 diff --git a/helms/roles/gis/defaults/main.yml b/helms/roles/gis/defaults/main.yml new file mode 100644 index 00000000..482e7e92 --- /dev/null +++ b/helms/roles/gis/defaults/main.yml @@ -0,0 +1,36 @@ +--- +# Role: gis +# Valeurs par défaut pour MapStore, GeoServer et FROST + +services: + mapstore: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + geoserver: + replicas: 1 + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + frost: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +storage_sizes: + mapstore: "10Gi" + geoserver: "20Gi" diff --git a/helms/roles/gis/meta/main.yml b/helms/roles/gis/meta/main.yml new file mode 100644 index 00000000..5f85189f --- /dev/null +++ b/helms/roles/gis/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Geographic Information System (GIS) services on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/gitea/defaults/main.yml b/helms/roles/gitea/defaults/main.yml new file mode 100644 index 00000000..e8e1a844 --- /dev/null +++ b/helms/roles/gitea/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: gitea +# Valeurs par défaut pour Gitea + +services: + gitea: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +storage_sizes: + gitea: "20Gi" diff --git a/helms/roles/gitea/meta/main.yml b/helms/roles/gitea/meta/main.yml new file mode 100644 index 00000000..f747d4b8 --- /dev/null +++ b/helms/roles/gitea/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Gitea - self-hosted Git service on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/iot/defaults/main.yml b/helms/roles/iot/defaults/main.yml new file mode 100644 index 00000000..b8548b8f --- /dev/null +++ b/helms/roles/iot/defaults/main.yml @@ -0,0 +1,27 @@ +--- +# Role: iot +# Valeurs par défaut pour EMQX et Mosquitto + +services: + emqx: + replicas: 2 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + mosquitto: + replicas: 1 + resources: + requests: + cpu: "100m" + memory: "256Mi" + limits: + cpu: "500m" + memory: "512Mi" + +storage_sizes: + emqx: "10Gi" + mosquitto: "5Gi" diff --git a/helms/roles/iot/meta/main.yml b/helms/roles/iot/meta/main.yml new file mode 100644 index 00000000..065b2495 --- /dev/null +++ b/helms/roles/iot/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy IoT platform services on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases + - role: kafka diff --git a/helms/roles/jupyterhub/defaults/main.yml b/helms/roles/jupyterhub/defaults/main.yml new file mode 100644 index 00000000..0634e66a --- /dev/null +++ b/helms/roles/jupyterhub/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: jupyterhub +# Valeurs par défaut pour JupyterHub + +services: + jupyterhub: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +storage_sizes: + jupyterhub: "20Gi" diff --git a/helms/roles/jupyterhub/meta/main.yml b/helms/roles/jupyterhub/meta/main.yml new file mode 100644 index 00000000..cfe7371d --- /dev/null +++ b/helms/roles/jupyterhub/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy JupyterHub for multi-user notebook environments on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/kafka/defaults/main.yml b/helms/roles/kafka/defaults/main.yml new file mode 100644 index 00000000..625b1ec5 --- /dev/null +++ b/helms/roles/kafka/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: kafka +# Valeurs par défaut pour Kafka (Strimzi) + +services: + kafka: + replicas: 3 + resources: + requests: + cpu: "1000m" + memory: "2Gi" + limits: + cpu: "2000m" + memory: "4Gi" + +storage_sizes: + kafka: "100Gi" diff --git a/helms/roles/kafka/meta/main.yml b/helms/roles/kafka/meta/main.yml new file mode 100644 index 00000000..6b929f51 --- /dev/null +++ b/helms/roles/kafka/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy and manage Apache Kafka cluster on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: storage + - role: cert-manager diff --git a/helms/roles/kafka/templates/kafka-cluster.yml.j2 b/helms/roles/kafka/templates/kafka-cluster.yml.j2 new file mode 100644 index 00000000..37623056 --- /dev/null +++ b/helms/roles/kafka/templates/kafka-cluster.yml.j2 @@ -0,0 +1,295 @@ +--- +# Role: kafka +# Template: kafka-cluster.yml.j2 +# Cluster Kafka via Strimzi KafkaOperator +# Variables: +# {{ kafka_namespace }} - Namespace Kubernetes (défaut: kafka) +# {{ kafka_replicas }} - Nombre de brokers Kafka (défaut: 3) +# {{ kafka_storage_size }} - Taille du stockage par broker (défaut: 100Gi) + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ kafka_namespace | default('kafka') }} + labels: + app: kafka + version: "3.6" + +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: Kafka +metadata: + name: kafka-cluster + namespace: {{ kafka_namespace | default('kafka') }} + labels: + app: kafka + version: "3.6" +spec: + kafka: + version: 3.6.0 + replicas: {{ kafka_replicas | default(3) }} + listeners: + - name: plain + port: 9092 + type: internal + tls: false + - name: tls + port: 9093 + type: internal + tls: true + - name: external + port: 9094 + type: ingress + tls: true + configuration: + bootstrap: + host: kafka-bootstrap.digitribe.fr + brokers: + - broker: 0 + host: kafka-broker-0.digitribe.fr + - broker: 1 + host: kafka-broker-1.digitribe.fr + - broker: 2 + host: kafka-broker-2.digitribe.fr + config: + offsets.topic.replication.factor: 3 + transaction.state.log.replication.factor: 3 + transaction.state.log.min.isr: 2 + default.replication.factor: 3 + min.insync.replicas: 2 + inter.broker.protocol.version: "3.6" + log.message.format.version: "3.6" + storage: + type: jbod + volumes: + - id: 0 + type: persistent-claim + size: {{ kafka_storage_size | default('100Gi') }} + class: standard + deleteClaim: false + resources: + requests: + cpu: "1" + memory: "2Gi" + limits: + cpu: "2" + memory: "4Gi" + livenessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 5 + metricsConfig: + type: jmxPrometheusExporter + valueFrom: + configMapKeyRef: + name: kafka-metrics + key: kafka-metrics-config.yml + template: + pod: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: strimzi.io/name + operator: In + values: + - kafka-cluster-kafka + topologyKey: kubernetes.io/hostname + + zookeeper: + replicas: 3 + storage: + type: persistent-claim + size: 20Gi + class: standard + deleteClaim: false + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "1" + memory: "2Gi" + livenessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 5 + readinessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 5 + + entityOperator: + topicOperator: + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "500m" + memory: "1Gi" + userOperator: + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "500m" + memory: "1Gi" + + kafkaExporter: + topicRegex: ".*" + groupRegex: ".*" + resources: + requests: + cpu: "200m" + memory: "256Mi" + limits: + cpu: "500m" + memory: "512Mi" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-metrics + namespace: {{ kafka_namespace | default('kafka') }} + labels: + app: kafka + version: "3.6" +data: + kafka-metrics-config.yml: | + # See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics + lowercaseOutputName: true + rules: + # Special cases and very specific rules + - pattern: kafka.server<>Value + name: kafka_server_$1_$2 + type: GAUGE + labels: + clientId: "$3" + topic: "$4" + partition: "$5" + - pattern: kafka.server<>Value + name: kafka_server_$1_$2 + type: GAUGE + labels: + clientId: "$3" + broker: "$4:$5" + # Generic per-second counters with 0-2 key/value pairs + - pattern: kafka.(\w+)<>Count + name: kafka_$1_$2_$3_total + type: COUNTER + labels: + "$4": "$5" + "$6": "$7" + - pattern: kafka.(\w+)<>Count + name: kafka_$1_$2_$3_total + type: COUNTER + labels: + "$4": "$5" + - pattern: kafka.(\w+)<>Count + name: kafka_$1_$2_$3_total + type: COUNTER + # Generic gauges with 0-2 key/value pairs + - pattern: kafka.(\w+)<>Value + name: kafka_$1_$2_$3 + type: GAUGE + labels: + "$4": "$5" + "$6": "$7" + - pattern: kafka.(\w+)<>Value + name: kafka_$1_$2_$3 + type: GAUGE + labels: + "$4": "$5" + - pattern: kafka.(\w+)<>Value + name: kafka_$1_$2_$3 + type: GAUGE + # Emulate Prometheus 'Summary' metrics for the exported 'Histogram's + - pattern: kafka.(\w+)<>Count + name: kafka_$1_$2_$3_count + type: COUNTER + labels: + "$4": "$5" + "$6": "$7" + - pattern: kafka.(\w+)<>(\d+)thPercentile + name: kafka_$1_$2_$3 + type: SUMMARY + labels: + "$4": "$5" + "$6": "$7" + quantile: 0.95 + - pattern: kafka.(\w+)<>Count + name: kafka_$1_$2_$3_count + type: COUNTER + labels: + "$4": "$5" + - pattern: kafka.(\w+)<>(\d+)thPercentile + name: kafka_$1_$2_$3 + type: SUMMARY + labels: + "$4": "$5" + quantile: 0.95 + - pattern: kafka.(\w+)<>Count + name: kafka_$1_$2_$3_count + type: COUNTER + +--- +apiVersion: v1 +kind: Service +metadata: + name: kafka-bootstrap + namespace: {{ kafka_namespace | default('kafka') }} + labels: + app: kafka + component: bootstrap + version: "3.6" +spec: + type: ClusterIP + selector: + strimzi.io/cluster: kafka-cluster + strimzi.io/name: kafka-cluster-kafka + ports: + - name: tcp-internal + port: 9092 + targetPort: 9092 + protocol: TCP + - name: tcp-tls + port: 9093 + targetPort: 9093 + protocol: TCP + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kafka-external + namespace: {{ kafka_namespace | default('kafka') }} + labels: + app: kafka + component: external + version: "3.6" + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "TCP" + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - kafka-bootstrap.digitribe.fr + secretName: kafka-bootstrap-tls + rules: + - host: kafka-bootstrap.digitribe.fr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kafka-cluster-kafka-external-bootstrap + port: + number: 9094 diff --git a/helms/roles/mindsdb/defaults/main.yml b/helms/roles/mindsdb/defaults/main.yml new file mode 100644 index 00000000..b60d7699 --- /dev/null +++ b/helms/roles/mindsdb/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: mindsdb +# Valeurs par défaut pour MindsDB + +services: + mindsdb: + replicas: 1 + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + +storage_sizes: + mindsdb: "20Gi" diff --git a/helms/roles/mindsdb/meta/main.yml b/helms/roles/mindsdb/meta/main.yml new file mode 100644 index 00000000..9340cd3f --- /dev/null +++ b/helms/roles/mindsdb/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy MindsDB - open-source AI/ML database on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/monitoring/defaults/main.yml b/helms/roles/monitoring/defaults/main.yml new file mode 100644 index 00000000..b4e207d8 --- /dev/null +++ b/helms/roles/monitoring/defaults/main.yml @@ -0,0 +1,12 @@ +--- +# Role: monitoring +# Valeurs par défaut pour Prometheus, Grafana, Loki et Promtail + +monitoring: + prometheus_retention: "30d" + grafana_admin_password: "DUMMY_GRAFANA_ADMIN_PASSWORD" + +storage_sizes: + prometheus: "50Gi" + grafana: "10Gi" + loki: "50Gi" diff --git a/helms/roles/monitoring/meta/main.yml b/helms/roles/monitoring/meta/main.yml new file mode 100644 index 00000000..8a9e7a3e --- /dev/null +++ b/helms/roles/monitoring/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy monitoring stack (Prometheus, Grafana, Alertmanager) on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: storage + - role: cert-manager diff --git a/helms/roles/namespaces/defaults/main.yml b/helms/roles/namespaces/defaults/main.yml new file mode 100644 index 00000000..31be6331 --- /dev/null +++ b/helms/roles/namespaces/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# Role: namespaces +# Crée les namespaces Kubernetes +# Les namespaces sont définis dans group_vars (variable: namespaces) +# Aucune variable custom supplémentaire requise pour ce rôle. diff --git a/helms/roles/namespaces/meta/main.yml b/helms/roles/namespaces/meta/main.yml new file mode 100644 index 00000000..57bdee2c --- /dev/null +++ b/helms/roles/namespaces/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Create and manage Kubernetes namespaces for the platform + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: prerequisites diff --git a/helms/roles/nodered/defaults/main.yml b/helms/roles/nodered/defaults/main.yml new file mode 100644 index 00000000..d5141178 --- /dev/null +++ b/helms/roles/nodered/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Role: nodered +# Valeurs par défaut pour Node-RED + +services: + nodered: + replicas: 1 + resources: + requests: + cpu: "100m" + memory: "256Mi" + limits: + cpu: "500m" + memory: "512Mi" diff --git a/helms/roles/nodered/meta/main.yml b/helms/roles/nodered/meta/main.yml new file mode 100644 index 00000000..c6278e8d --- /dev/null +++ b/helms/roles/nodered/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Node-RED flow-based programming tool on Kubernetes (IoT namespace) + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: iot diff --git a/helms/roles/odk/defaults/main.yml b/helms/roles/odk/defaults/main.yml new file mode 100644 index 00000000..82758dd6 --- /dev/null +++ b/helms/roles/odk/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: odk +# Valeurs par défaut pour ODK Central + +services: + odk: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" + +storage_sizes: + odk: "20Gi" diff --git a/helms/roles/odk/meta/main.yml b/helms/roles/odk/meta/main.yml new file mode 100644 index 00000000..cfef86a9 --- /dev/null +++ b/helms/roles/odk/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy ODK (Open Data Kit) for mobile data collection on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/phpipam/defaults/main.yml b/helms/roles/phpipam/defaults/main.yml new file mode 100644 index 00000000..fce5728e --- /dev/null +++ b/helms/roles/phpipam/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Role: phpipam +# Valeurs par défaut pour phpIPAM + +services: + phpipam: + replicas: 1 + resources: + requests: + cpu: "100m" + memory: "256Mi" + limits: + cpu: "500m" + memory: "512Mi" diff --git a/helms/roles/phpipam/meta/main.yml b/helms/roles/phpipam/meta/main.yml new file mode 100644 index 00000000..a30a612a --- /dev/null +++ b/helms/roles/phpipam/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy phpIPAM IP address management tool on Kubernetes (IoT namespace) + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: iot diff --git a/helms/roles/prerequisites/defaults/main.yml b/helms/roles/prerequisites/defaults/main.yml new file mode 100644 index 00000000..317befc1 --- /dev/null +++ b/helms/roles/prerequisites/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# Role: prerequisites +# Valeurs par défaut pour les prérequis (repositories Helm) + +helm_repos: + - name: stable + url: https://charts.helm.sh/stable + - name: bitnami + url: https://charts.bitnami.com/bitnami + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + - name: grafana + url: https://grafana.github.io/helm-charts + - name: traefik + url: https://traefik.github.io/charts + - name: strimzi + url: https://strimzi.io/charts/ + - name: jetstack + url: https://charts.jetstack.io diff --git a/helms/roles/prerequisites/meta/main.yml b/helms/roles/prerequisites/meta/main.yml new file mode 100644 index 00000000..f9cce66b --- /dev/null +++ b/helms/roles/prerequisites/meta/main.yml @@ -0,0 +1,11 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Prerequisites - Install base tools and dependencies for the Kubernetes platform + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: [] diff --git a/helms/roles/smartapp/defaults/main.yml b/helms/roles/smartapp/defaults/main.yml new file mode 100644 index 00000000..94db31dd --- /dev/null +++ b/helms/roles/smartapp/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# Role: smartapp +# Déploiement de l'application Smart City +# Les variables sont définies directement dans les tasks (smartapp_namespace, smartapp_domain). +# Aucune variable custom supplémentaire requise pour ce rôle. diff --git a/helms/roles/smartapp/meta/main.yml b/helms/roles/smartapp/meta/main.yml new file mode 100644 index 00000000..0ed99cad --- /dev/null +++ b/helms/roles/smartapp/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy SmartApp intelligent application platform on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases + - role: cert-manager diff --git a/helms/roles/smartapp/templates/smartapp-api.yml.j2 b/helms/roles/smartapp/templates/smartapp-api.yml.j2 new file mode 100644 index 00000000..8bdc8137 --- /dev/null +++ b/helms/roles/smartapp/templates/smartapp-api.yml.j2 @@ -0,0 +1,253 @@ +--- +# Role: smartapp +# Template: smartapp-api.yml.j2 +# Déploiement de l'API backend SmartApp +# Variables: +# {{ smartapp_namespace }} - Namespace Kubernetes (défaut: smartapp) +# {{ smartapp_domain }} - Domaine public (défaut: api-smartapp.digitribe.fr) + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: smartapp-api-config + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" +data: + APP_ENV: "production" + APP_PORT: "8080" + LOG_LEVEL: "info" + CORS_ORIGINS: "https://smartapp.digitribe.fr" + DATABASE_POOL_SIZE: "10" + REDIS_POOL_SIZE: "5" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: smartapp-api-secrets + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" +type: Opaque +stringData: + DATABASE_URL: "postgresql://smartapp:{{ smartapp_db_password | default('changeme') }}@postgres.smartapp.svc.cluster.local:5432/smartapp" + REDIS_URL: "redis://redis.smartapp.svc.cluster.local:6379/0" + JWT_SECRET: "{{ smartapp_jwt_secret | default('change-this-secret-in-production') }}" + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: smartapp-api + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" +spec: + replicas: 2 + selector: + matchLabels: + app: smartapp + component: api + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: smartapp + component: api + version: "1.0" + spec: + containers: + - name: api + image: digitribe/smartapp-api:{{ smartapp_api_version | default('latest') }} + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + protocol: TCP + envFrom: + - configMapRef: + name: smartapp-api-config + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: smartapp-api-secrets + key: DATABASE_URL + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: smartapp-api-secrets + key: REDIS_URL + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: smartapp-api-secrets + key: JWT_SECRET + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "1Gi" + livenessProbe: + httpGet: + path: /api/v1/health/live + port: http + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /api/v1/health/ready + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 3 + startupProbe: + httpGet: + path: /api/v1/health/live + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 12 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - smartapp + - key: component + operator: In + values: + - api + topologyKey: kubernetes.io/hostname + +--- +apiVersion: v1 +kind: Service +metadata: + name: smartapp-api + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" +spec: + type: ClusterIP + selector: + app: smartapp + component: api + ports: + - name: http + port: 8080 + targetPort: 8080 + protocol: TCP + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: smartapp-api + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "10m" + nginx.ingress.kubernetes.io/rate-limit: "100" + nginx.ingress.kubernetes.io/rate-limit-window: "1m" + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ smartapp_domain | default('api-smartapp.digitribe.fr') }} + secretName: smartapp-api-tls + rules: + - host: {{ smartapp_domain | default('api-smartapp.digitribe.fr') }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: smartapp-api + port: + number: 8080 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: smartapp-api + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: api + version: "1.0" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: smartapp-api + minReplicas: 2 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + behavior: + scaleUp: + stabilizationWindowSeconds: 60 + policies: + - type: Percent + value: 50 + periodSeconds: 60 + scaleDown: + stabilizationWindowSeconds: 300 + policies: + - type: Percent + value: 25 + periodSeconds: 120 diff --git a/helms/roles/smartapp/templates/smartapp-web.yml.j2 b/helms/roles/smartapp/templates/smartapp-web.yml.j2 new file mode 100644 index 00000000..7b012fc7 --- /dev/null +++ b/helms/roles/smartapp/templates/smartapp-web.yml.j2 @@ -0,0 +1,229 @@ +--- +# Role: smartapp +# Template: smartapp-web.yml.j2 +# Déploiement du frontend web SmartApp (nginx) +# Variables: +# {{ smartapp_namespace }} - Namespace Kubernetes (défaut: smartapp) +# {{ smartapp_domain }} - Domaine public (défaut: smartapp.digitribe.fr) + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: web + version: "1.0" + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: smartapp-web + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: web + version: "1.0" +spec: + replicas: 2 + selector: + matchLabels: + app: smartapp + component: web + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: smartapp + component: web + version: "1.0" + spec: + containers: + - name: nginx + image: nginx:1.25-alpine + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "500m" + memory: "256Mi" + livenessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 3 + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d + readOnly: true + - name: static-content + mountPath: /usr/share/nginx/html + readOnly: true + volumes: + - name: nginx-config + configMap: + name: smartapp-web-nginx-config + - name: static-content + configMap: + name: smartapp-web-static + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - smartapp + - key: component + operator: In + values: + - web + topologyKey: kubernetes.io/hostname + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: smartapp-web-nginx-config + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: web + version: "1.0" +data: + default.conf: | + server { + listen 80; + server_name {{ smartapp_domain | default('smartapp.digitribe.fr') }}; + root /usr/share/nginx/html; + index index.html; + + # Health check endpoint + location /healthz { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + # Static assets with caching + location /static/ { + expires 30d; + add_header Cache-Control "public, immutable"; + } + + # SPA fallback + location / { + try_files $uri $uri/ /index.html; + } + + # Security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + } + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: smartapp-web-static + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: web + version: "1.0" +data: + index.html: | + + + + + + SmartApp - DigiTribe + + +

SmartApp - DigiTribe

+

Frontend web opérationnel.

+ + + +--- +apiVersion: v1 +kind: Service +metadata: + name: smartapp-web + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: web + version: "1.0" +spec: + type: ClusterIP + selector: + app: smartapp + component: web + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: smartapp-web + namespace: {{ smartapp_namespace | default('smartapp') }} + labels: + app: smartapp + component: web + version: "1.0" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "10m" + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ smartapp_domain | default('smartapp.digitribe.fr') }} + secretName: smartapp-web-tls + rules: + - host: {{ smartapp_domain | default('smartapp.digitribe.fr') }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: smartapp-web + port: + number: 80 diff --git a/helms/roles/starrocks/defaults/main.yml b/helms/roles/starrocks/defaults/main.yml new file mode 100644 index 00000000..10e9173c --- /dev/null +++ b/helms/roles/starrocks/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Role: starrocks +# Valeurs par défaut pour StarRocks + +services: + starrocks: + replicas: 1 + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + +storage_sizes: + starrocks: "100Gi" diff --git a/helms/roles/starrocks/meta/main.yml b/helms/roles/starrocks/meta/main.yml new file mode 100644 index 00000000..6e22cde3 --- /dev/null +++ b/helms/roles/starrocks/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy StarRocks unified analytics warehouse on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/storage/defaults/main.yml b/helms/roles/storage/defaults/main.yml new file mode 100644 index 00000000..301d4f8b --- /dev/null +++ b/helms/roles/storage/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# Role: storage +# Valeurs par défaut pour le stockage NFS + +# Classe de stockage par défaut +storage_class: "nfs-client" + +# Serveur NFS +nfs_server: "10.0.0.1" +nfs_path: "/srv/nfs/k8s" diff --git a/helms/roles/storage/meta/main.yml b/helms/roles/storage/meta/main.yml new file mode 100644 index 00000000..75cedbb4 --- /dev/null +++ b/helms/roles/storage/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Provision and manage persistent storage (PVs, PVCs, StorageClasses) on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: namespaces diff --git a/helms/roles/streamlit/defaults/main.yml b/helms/roles/streamlit/defaults/main.yml new file mode 100644 index 00000000..2761451a --- /dev/null +++ b/helms/roles/streamlit/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Role: streamlit +# Valeurs par défaut pour Streamlit + +services: + streamlit: + replicas: 1 + resources: + requests: + cpu: "250m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "2Gi" diff --git a/helms/roles/streamlit/meta/main.yml b/helms/roles/streamlit/meta/main.yml new file mode 100644 index 00000000..97dfdc4d --- /dev/null +++ b/helms/roles/streamlit/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Streamlit data application framework on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases diff --git a/helms/roles/traefik/defaults/main.yml b/helms/roles/traefik/defaults/main.yml new file mode 100644 index 00000000..6c121ce9 --- /dev/null +++ b/helms/roles/traefik/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# Role: traefik +# Valeurs par défaut pour Traefik + +traefik_namespace: "traefik" diff --git a/helms/roles/traefik/meta/main.yml b/helms/roles/traefik/meta/main.yml new file mode 100644 index 00000000..4051e66d --- /dev/null +++ b/helms/roles/traefik/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy and configure Traefik as the ingress controller for Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: storage + - role: namespaces diff --git a/helms/roles/trino/defaults/main.yml b/helms/roles/trino/defaults/main.yml new file mode 100644 index 00000000..bb8c2585 --- /dev/null +++ b/helms/roles/trino/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Role: trino +# Valeurs par défaut pour Trino + +services: + trino: + replicas: 2 + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" diff --git a/helms/roles/trino/meta/main.yml b/helms/roles/trino/meta/main.yml new file mode 100644 index 00000000..5cb2e250 --- /dev/null +++ b/helms/roles/trino/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Eric FELIXINE + description: Deploy Trino distributed SQL query engine on Kubernetes + license: MIT + min_ansible_version: "2.15" + platforms: + - name: Kubernetes + versions: + - "1.28" +dependencies: + - role: databases