Working Gitea

2023-05-14 08:16:15 +02:00 · 2023-05-14 08:16:15 +02:00 · 0cfa985a1e
parent 1103d2ba7a
commit 0cfa985a1e
11 changed files with 533 additions and 5051 deletions
--- a/README.md
+++ b/README.md
@ -1,11 +1,20 @@
 # K8s cluster on Debian 11
-# Tested on 13/05/2023 with kubernetes 1.27.1, containerd 1.6.21 and flannel 1.1.2
+Tested successfully on 14/05/2023 with kubernetes 1.27.1, containerd 1.6.21 and flannel 1.1.2  
 kubeadm version  
 containerd --version  
 /opt/cni/bin/flannel --version  
 ## Prérequis
-kubeadm version
+Editez groupvar/all selon vos besoins  
-containerd --version
+Avoir générer le hosts.ini avec Terraform  
-/opt/cni/bin/flannel --version
+cf https://git.metatux.fr:3001/GRETA/TP-IaC-Ansible  
-# Boostrap
+## Prepare les noeuds et fait l'installation de kubernetes
-ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini pre-start.yaml 
+> ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini pre-start.yaml 
-# Initialisation du cluster, ajout de flannel, openebs, helm et ajout de Gitea
+## Initialisation du cluster + join des workes, ajout de flannel, openebs, ingress-nginx, helm.
-ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini start.yaml 
+## Mise en service de Gitea
 > ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini start.yaml
 ## Si besoin de reset le cluster 
 > ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini kubernetes-reset.yaml
--- a/group_vars/all
+++ b/group_vars/all
@ -1,14 +1,14 @@
 ---
 ansible_user: ansuser
 #pods_subnet: "192.168.64.0/20"
 pods_subnet: "10.244.0.0/16"
-services_subnet: "10.96.0.0/12"
+#services_subnet: "10.96.0.0/12"
 os: "Debian_11"
 # Version de Kubernetes
 version: "1.27"
 dns: "192.168.230.254"
 metalrange: "192.168.230.100-192.168.230.200"
 flannel:
  network: "192.168.64.0/20"
  subnet: "192.168.64.1/24"
 gitea:
-  fqdn: gitea.domain.test
+  replicacount: 3
  servicetype: LoadBalancer
  externalips: 192.168.230.20
--- a/ingress-nginx.yaml
+++ b/ingress-nginx.yaml
@ -0,0 +1,6 @@
 ---
 - hosts: control-plane
  name: "Install Ingress-Nginx"
  roles:
    - role: ingress-nginx
      run_once: True
--- a/roles/gitea-helm/tasks/main.yaml
+++ b/roles/gitea-helm/tasks/main.yaml
@ -1,5 +1,14 @@
 # To get the default file
 # helm show values gitea-charts/gitea > values.yaml
 - name: Get values
  template:
    src: values.yaml.j2
    dest: /tmp/values.yaml
 # TODO: Add a wait_for condition to test if ingress-nginx avalaible
 - name: install gitea via helm
  shell: |
    helm repo add gitea-charts https://dl.gitea.io/charts/
    helm repo update
-    helm install gitea gitea-charts/gitea
+    helm install -f /tmp/values.yaml gitea gitea-charts/gitea
--- a/roles/gitea-helm/templates/calico.yaml.j2
+++ b/roles/gitea-helm/templates/calico.yaml.j2
--- a/roles/gitea-helm/templates/values.yaml.j2
+++ b/roles/gitea-helm/templates/values.yaml.j2
@ -0,0 +1,492 @@
 # Default values for gitea.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
 ## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
 ## @param global.storageClass global storage class override
 ## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
 global:
  imageRegistry: ""
  ## E.g.
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
  storageClass: ""
  hostAliases: []
  # - ip: 192.168.137.2
  #   hostnames:
  #   - example.com
 ## @param replicaCount number of replicas for the statefulset
 replicaCount: {{ gitea.replicacount }}
 ## @param clusterDomain cluster domain
 clusterDomain: cluster.local
 ## @section Image
 ## @param image.registry image registry, e.g. gcr.io,docker.io
 ## @param image.repository Image to start for this pod
 ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
 ## @param image.pullPolicy Image pull policy
 ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
 image:
  registry: ""
  repository: gitea/gitea
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
  pullPolicy: Always
  rootless: false # only possible when running 1.14 or later
 ## @param imagePullSecrets Secret to use for pulling the image
 imagePullSecrets: []
 ## @section Security
 # Security context is only usable with rootless image due to image design
 ## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
 podSecurityContext:
  fsGroup: 1000
 ## @param containerSecurityContext Security context
 containerSecurityContext: {}
 #   allowPrivilegeEscalation: false
 #   capabilities:
 #     drop:
 #       - ALL
 #   # Add the SYS_CHROOT capability for root and rootless images if you intend to
 #   # run pods on nodes that use the container runtime cri-o. Otherwise, you will
 #   # get an error message from the SSH server that it is not possible to read from
 #   # the repository.
 #   # https://gitea.com/gitea/helm-chart/issues/161
 #     add:
 #       - SYS_CHROOT
 #   privileged: false
 #   readOnlyRootFilesystem: true
 #   runAsGroup: 1000
 #   runAsNonRoot: true
 #   runAsUser: 1000
 ## @deprecated The securityContext variable has been split two:
 ## - containerSecurityContext
 ## - podSecurityContext.
 ## @param securityContext Run init and Gitea containers as a specific securityContext
 securityContext: {}
 ## @section Service
 service:
  ## @param service.http.type Kubernetes service type for web traffic
  ## @param service.http.port Port number for web traffic
  ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
  ## @param service.http.loadBalancerIP LoadBalancer IP setting
  ## @param service.http.nodePort NodePort for http service
  ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
  ## @param service.http.externalIPs External IPs for service
  ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
  ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
  ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
  ## @param service.http.annotations HTTP service annotations
  http:
    type: {{ gitea.servicetype }}
    port: 3000
    clusterIP: None
    loadBalancerIP:
    nodePort:
    externalTrafficPolicy:
    externalIPs:
      - {{ gitea.externalips }}
    ipFamilyPolicy:
    ipFamilies:
    loadBalancerSourceRanges: []
    annotations: {}
  ## @param service.ssh.type Kubernetes service type for ssh traffic
  ## @param service.ssh.port Port number for ssh traffic
  ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
  ## @param service.ssh.loadBalancerIP LoadBalancer IP setting
  ## @param service.ssh.nodePort NodePort for ssh service
  ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
  ## @param service.ssh.externalIPs External IPs for service
  ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
  ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
  ## @param service.ssh.hostPort HostPort for ssh service
  ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
  ## @param service.ssh.annotations SSH service annotations
  ssh:
    type: {{ gitea.servicetype }}
    port: 22
    clusterIP: None
    loadBalancerIP:
    nodePort:
    externalTrafficPolicy:
    externalIPs:
      - {{ gitea.externalips }}
    ipFamilyPolicy:
    ipFamilies:
    hostPort:
    loadBalancerSourceRanges: []
    annotations: {}
 ## @section Ingress
 ## @param ingress.enabled Enable ingress
 ## @param ingress.className Ingress class name
 ## @param ingress.annotations Ingress annotations
 ## @param ingress.hosts[0].host Default Ingress host
 ## @param ingress.hosts[0].paths[0].path Default Ingress path
 ## @param ingress.hosts[0].paths[0].pathType Ingress path type
 ## @param ingress.tls Ingress tls settings
 ## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
 ingress:
  enabled: true
  # className: nginx
  className:
  annotations:
    {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  hosts:
    - host: git.example.com
      paths:
        - path: /
          pathType: Prefix
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - git.example.com
  # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
  # If helm doesn't correctly detect your ingress API version you can set it here.
  # apiVersion: networking.k8s.io/v1
 ## @section StatefulSet
 #
 ## @param resources Kubernetes resources
 resources:
  {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 ## Use an alternate scheduler, e.g. "stork".
 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
 ##
 ## @param schedulerName Use an alternate scheduler, e.g. "stork"
 schedulerName: ""
 ## @param nodeSelector NodeSelector for the statefulset
 nodeSelector: {}
 ## @param tolerations Tolerations for the statefulset
 tolerations: []
 ## @param affinity Affinity for the statefulset
 affinity: {}
 ## @param dnsConfig dnsConfig for the statefulset
 dnsConfig: {}
 ## @param priorityClassName priorityClassName for the statefulset
 priorityClassName: ""
 ## @param statefulset.env  Additional environment variables to pass to containers
 ## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
 ## @param statefulset.labels Labels for the statefulset
 ## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
 statefulset:
  env:
    []
    # - name: VARIABLE
    #   value: my-value
  terminationGracePeriodSeconds: 60
  labels: {}
  annotations: {}
 ## @section Persistence
 #
 ## @param persistence.enabled Enable persistent storage
 ## @param persistence.existingClaim Use an existing claim to store repository information
 ## @param persistence.size Size for persistence to store repo information
 ## @param persistence.accessModes AccessMode for persistence
 ## @param persistence.labels Labels for the persistence volume claim to be created
 ## @param persistence.annotations Annotations for the persistence volume claim to be created
 ## @param persistence.storageClass Name of the storage class to use
 ## @param persistence.subPath Subdirectory of the volume to mount at
 persistence:
  enabled: true
  existingClaim:
  size: 10Gi
  accessModes:
    - ReadWriteOnce
  labels: {}
  annotations: {}
  storageClass:
  subPath:
 ## @param extraVolumes Additional volumes to mount to the Gitea statefulset
 extraVolumes: []
 # - name: postgres-ssl-vol
 #   secret:
 #     secretName: gitea-postgres-ssl
 ## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
 extraContainerVolumeMounts: []
 ## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
 extraInitVolumeMounts: []
 ## @deprecated The extraVolumeMounts variable has been split two:
 ## - extraContainerVolumeMounts
 ## - extraInitVolumeMounts
 ## As an example, can be used to mount a client cert when connecting to an external Postgres server.
 ## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
 extraVolumeMounts: []
 # - name: postgres-ssl-vol
 #   readOnly: true
 #   mountPath: "/pg-ssl"
 ## @section Init
 ## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
 initPreScript: ""
 #
 # initPreScript: |
 #   mkdir -p /data/git/.postgresql
 #   cp /pg-ssl/* /data/git/.postgresql/
 #   chown -R git:git /data/git/.postgresql/
 #   chmod 400 /data/git/.postgresql/postgresql.key
 ## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers
 ## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers
 ## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers
 initContainers:
  resources:
    limits: {}
    requests:
      cpu: 100m
      memory: 128Mi
 # Configure commit/action signing prerequisites
 ## @section Signing
 #
 ## @param signing.enabled Enable commit/action signing
 ## @param signing.gpgHome GPG home directory
 ## @param signing.privateKey Inline private gpg key for signed Gitea actions
 ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
 signing:
  enabled: false
  gpgHome: /data/git/.gnupg
  privateKey: ""
  # privateKey: |-
  #   -----BEGIN PGP PRIVATE KEY BLOCK-----
  #   ...
  #   -----END PGP PRIVATE KEY BLOCK-----
  existingSecret: ""
 ## @section Gitea
 #
 gitea:
  ## @param gitea.admin.username Username for the Gitea admin user
  ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
  ## @param gitea.admin.password Password for the Gitea admin user
  ## @param gitea.admin.email Email for the Gitea admin user
  admin:
    # existingSecret: gitea-admin-secret
    existingSecret:
    username: gitea_admin
    password: r8sA8CPHD9!bt6d
    email: "gitea@local.domain"
  ## @param gitea.metrics.enabled Enable Gitea metrics
  ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
  metrics:
    enabled: false
    serviceMonitor:
      enabled: false
      #  additionalLabels:
      #    prometheus-release: prom1
  ## @param gitea.ldap LDAP configuration
  ldap:
    []
    # - name: "LDAP 1"
    #  existingSecret:
    #  securityProtocol:
    #  host:
    #  port:
    #  userSearchBase:
    #  userFilter:
    #  adminFilter:
    #  emailAttribute:
    #  bindDn:
    #  bindPassword:
    #  usernameAttribute:
    #  publicSSHKeyAttribute:
  # Either specify inline `key` and `secret` or refer to them via `existingSecret`
  ## @param gitea.oauth OAuth configuration
  oauth:
    []
    # - name: 'OAuth 1'
    #   provider:
    #   key:
    #   secret:
    #   existingSecret:
    #   autoDiscoverUrl:
    #   useCustomUrls:
    #   customAuthUrl:
    #   customTokenUrl:
    #   customProfileUrl:
    #   customEmailUrl:
  ## @param gitea.config  Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
  config: {}
  #  APP_NAME: "Gitea: Git with a cup of tea"
  #  RUN_MODE: dev
  #
  #  server:
  #    SSH_PORT: 22
  #
  #  security:
  #    PASSWORD_COMPLEXITY: spec
  ## @param gitea.additionalConfigSources Additional configuration from secret or configmap
  additionalConfigSources: []
  #   - secret:
  #       secretName: gitea-app-ini-oauth
  #   - configMap:
  #       name: gitea-app-ini-plaintext
  ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
  additionalConfigFromEnvs: []
  ## @param gitea.podAnnotations Annotations for the Gitea pod
  podAnnotations: {}
  ## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
  ssh:
    logLevel: "INFO"
  ## @section LivenessProbe
  #
  ## @param gitea.livenessProbe.enabled Enable liveness probe
  ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
  ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
  ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
  ## @param gitea.livenessProbe.periodSeconds Period for liveness probe
  ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
  ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
  # Modify the liveness probe for your needs or completely disable it by commenting out.
  livenessProbe:
    enabled: true
    tcpSocket:
      port: http
    initialDelaySeconds: 200
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 10
  ## @section ReadinessProbe
  #
  ## @param gitea.readinessProbe.enabled Enable readiness probe
  ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
  ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
  ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
  ## @param gitea.readinessProbe.periodSeconds Period for readiness probe
  ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
  ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
  # Modify the readiness probe for your needs or completely disable it by commenting out.
  readinessProbe:
    enabled: true
    tcpSocket:
      port: http
    initialDelaySeconds: 5
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 3
  # # Uncomment the startup probe to enable and modify it for your needs.
  ## @section StartupProbe
  #
  ## @param gitea.startupProbe.enabled Enable startup probe
  ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
  ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
  ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
  ## @param gitea.startupProbe.periodSeconds Period for startup probe
  ## @param gitea.startupProbe.successThreshold Success threshold for startup probe
  ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
  startupProbe:
    enabled: false
    tcpSocket:
      port: http
    initialDelaySeconds: 60
    timeoutSeconds: 1
    periodSeconds: 10
    successThreshold: 1
    failureThreshold: 10
 ## @section Memcached
 #
 ## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
 ## ref: https://hub.docker.com/r/bitnami/memcached/tags/
 ## @param memcached.service.ports.memcached Port for Memcached
 memcached:
  enabled: true
  # image:
  #   registry: docker.io
  #   repository: bitnami/memcached
  #   tag: ""
  #   digest: ""
  #   pullPolicy: IfNotPresent
  #   pullSecrets: []
  service:
    ports:
      memcached: 11211
 ## @section PostgreSQL
 #
 ## @param postgresql.enabled Enable PostgreSQL
 ## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
 ## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
 ## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
 ## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
 ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
 postgresql:
  enabled: true
  global:
    postgresql:
      auth:
        password: gitea
        database: gitea
        username: gitea
      service:
        ports:
          postgresql: 5432
  primary:
    persistence:
      size: 10Gi
 # By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
 # Set it to false to skip this basic validation check.
 ## @section Advanced
 ## @param checkDeprecation Set it to false to skip this basic validation check.
 ## @param test.enabled Set it to false to disable test-connection Pod.
 ## @param test.image.name Image name for the wget container used in the test-connection Pod.
 ## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
 checkDeprecation: true
 test:
  enabled: true
  image:
    name: busybox
    tag: latest
 ## @param extraDeploy Array of extra objects to deploy with the release
 ##
 extraDeploy: []
--- a/roles/ingress-nginx/tasks/main.yaml
+++ b/roles/ingress-nginx/tasks/main.yaml
@ -0,0 +1,2 @@
 - name: install ingress-nginx
  command: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/baremetal/deploy.yaml
--- a/roles/ingress/tasks/main.yaml
+++ b/roles/ingress/tasks/main.yaml
@ -1,8 +0,0 @@
 - name: copy ingress config
  become: yes
  template:
    src: ingress-config.yaml.j2
    dest: /etc/ingress-config.yaml
 - name: Apply Ingress config
  command: kubectl apply -f /etc/ingress-config.yaml
--- a/roles/ingress/templates/ingress-config.yaml.j2
+++ b/roles/ingress/templates/ingress-config.yaml.j2
@ -1,36 +0,0 @@
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
  name: nginx-ingress-controller
 spec:
  selector:
    matchLabels:
      component: ingress-controller
  template:
    metadata:
      labels:
        component: ingress-controller
    spec:
      restartPolicy: Always
      hostNetwork: true
      containers:
        - name: nginx-ingress-lb
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
          ports:
            - name: http
              hostPort: 80
              containerPort: 80
              protocol: TCP
            - name: https
              hostPort: 443
              containerPort: 443
              protocol: TCP
          env:
            - name: {{ pod_namespace }}
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.namespace
          args:
            - /nginx-ingress-controller
            - '--default-backend-service={{ pod_namespace }}/default-http-backend'
--- a/start.yaml
+++ b/start.yaml
@ -5,6 +5,7 @@
 - import_playbook: pre-join.yaml
 - import_playbook: kubernetes-worker.yaml
 - import_playbook: openebs.yaml
 - import_playbook: ingress-nginx.yaml
 - import_playbook: helm.yaml
 - import_playbook: gitea-helm.yaml
 #- import_playbook: purelb.yaml
--- a/test.yml
+++ b/test.yml
@ -1,5 +0,0 @@
 ---
 #- import_playbook: helm.yaml
 #- import_playbook: gitea-helm.yaml
 - import_playbook: openebs.yaml
 #- import_playbook: purelb.yaml
		`@ -0,0 +1,2 @@`
							`- name: install ingress-nginx`
							`command: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.1/deploy/static/provider/baremetal/deploy.yaml`