From 78a9db4489b6ab0e6c2d7455f8d5c5bf1f6ffe8d Mon Sep 17 00:00:00 2001
From: guppy <tech@domain.test>
Date: Sun, 14 May 2023 23:17:13 +0200
Subject: [PATCH] Add loadbalancer

---
 README.md                                     |  4 +-
 group_vars/all                                |  5 ++
 openebs.yaml                                  |  2 +-
 purelb.yml => purelb.yaml                     |  0
 roles/gitea-helm/tasks/main.yaml              | 48 +++++++++++++++++--
 roles/gitea-helm/templates/values.yaml.j2     | 12 ++---
 roles/metallb/tasks/main.yaml                 | 18 +++++--
 roles/metallb/templates/metallb-config.yaml   |  4 +-
 .../metallb/templates/metallb-values.yaml.j2  |  6 +++
 roles/purelb/tasks/main.yaml                  |  2 +-
 roles/purelb/templates/purelb-config.yaml.j2  |  6 +--
 start.yaml                                    |  3 +-
 12 files changed, 84 insertions(+), 26 deletions(-)
 rename purelb.yml => purelb.yaml (100%)
 create mode 100644 roles/metallb/templates/metallb-values.yaml.j2

diff --git a/README.md b/README.md
index 83bac15..671dd7a 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 # K8s cluster on Debian 11
-Tested successfully on 14/05/2023 with kubernetes 1.27.1, containerd 1.6.21 and flannel 1.1.2  
+Tested successfully on 14/05/2023 with kubernetes 1.27.1, containerd 1.6.21, flannel 1.1.2, ingress-nginx and PureLB  
 Durée approximative du deployment: 8 minutes  
  
 kubeadm version  
@@ -14,7 +14,7 @@ cf https://git.metatux.fr:3001/GRETA/TP-IaC-Ansible
 
 ## Prepare les noeuds et fait l'installation de kubernetes
 > ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini pre-start.yaml 
-## Initialisation du cluster + join des workes, ajout de flannel, openebs, ingress-nginx, helm.
+## Initialisation du cluster + join des workers, ajout de flannel, openebs, ingress-nginx, purelb, helm.
 ## Mise en service de Gitea
 > ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ../terraform/hosts.ini start.yaml
 ## Si besoin de reset le cluster 
diff --git a/group_vars/all b/group_vars/all
index 2ff58de..2a31070 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -12,3 +12,8 @@ gitea:
   replicacount: 3
   servicetype: LoadBalancer
   externalips: 192.168.230.10
+metallb:
+  iprange: 192.168.230.100-192.168.230.200
+purelb:
+  pool: 192.168.230.100-192.168.230.200
+  subnet: 192.168.230.0/24 
diff --git a/openebs.yaml b/openebs.yaml
index 41a08d3..4a2c1ae 100644
--- a/openebs.yaml
+++ b/openebs.yaml
@@ -1,6 +1,6 @@
 ---
 - hosts: control-plane
-  name: "Install OpenEBS Storagee provider"
+  name: "Install OpenEBS Storage provider"
   roles:
     - role: openebs
       run_once: True
diff --git a/purelb.yml b/purelb.yaml
similarity index 100%
rename from purelb.yml
rename to purelb.yaml
diff --git a/roles/gitea-helm/tasks/main.yaml b/roles/gitea-helm/tasks/main.yaml
index e438269..4d7e927 100644
--- a/roles/gitea-helm/tasks/main.yaml
+++ b/roles/gitea-helm/tasks/main.yaml
@@ -5,7 +5,20 @@
     src: values.yaml.j2
     dest: /tmp/values.yaml
 
-# TODO: Add a wait_for condition to test if ingress-nginx avalaible
+- name: get Ingress-nginx internal IP
+  shell: >
+    kubectl get svc -A | grep ingress-nginx-controller-admission | awk '{print $4}'
+  register: nginxip
+  delay: 10
+
+# Add a wait_for condition to test if ingress-nginx avalaible
+- name: Attente du démarrage d Ingress Nginx
+  retries: 6
+  wait_for:
+    host: "{{ nginxip.stdout }}"
+    port: 443
+    delay: 10
+    state: present
 
 - name: install gitea via helm
   shell: |
@@ -13,14 +26,39 @@
     helm repo update
     helm install -f /tmp/values.yaml gitea gitea-charts/gitea
 
-- name: Attente du démarrage de Gitea
+- name: Is pod gitea-0 running
+  shell: kubectl get pods | grep gitea-0 | awk '{print $3}'
+  register: gitearunning
+  until: "'Running' in gitearunning.stdout"
+  retries: 6
+  delay: 10
+
+- name: get Gitea http IP
+  shell: >
+    kubectl get svc | grep gitea-http | awk '{print $4}'
+  register: giteaip
+
+- name:
+  debug:
+    msg: IP du serveur http Gitea {{ giteaip.stdout }}
+
+- name: get Gitea http port
+  shell: >
+    kubectl get svc | grep gitea-http | awk '{print $5}' | sed 's/3000://;s/\/TCP//'
+  register: giteaport
+
+- name:
+  debug:
+    msg: Port du serveur http Gitea {{ giteaport.stdout }}
+
+- name: Attente du démarrage du serveur web Gitea
   retries: 6
   wait_for:
-    host: "{{ gitea.externalips }}"
-    port: 3000
+    host: "{{ giteaip.stdout }}"
+    port: "{{ giteaport.stdout }}"
     delay: 10
     state: present
 
 - name:
   debug:
-    msg: Le serveur Gitea est operationel est joignable sur http://{{ gitea.externalips }}:3000
+    msg: Le serveur Gitea est operationel et joignable sur http://{{ giteaip.stdout }}:{{ giteaport.stdout }}
diff --git a/roles/gitea-helm/templates/values.yaml.j2 b/roles/gitea-helm/templates/values.yaml.j2
index 5080865..aef6fc0 100644
--- a/roles/gitea-helm/templates/values.yaml.j2
+++ b/roles/gitea-helm/templates/values.yaml.j2
@@ -95,7 +95,7 @@ service:
     nodePort:
     externalTrafficPolicy:
     externalIPs:
-      - {{ gitea.externalips }}
+#      - {{ gitea.externalips }}
     ipFamilyPolicy:
     ipFamilies:
     loadBalancerSourceRanges: []
@@ -114,13 +114,13 @@ service:
   ## @param service.ssh.annotations SSH service annotations
   ssh:
     type: {{ gitea.servicetype }}
-    port: 22
+    port: 2222
     clusterIP: None
     loadBalancerIP:
     nodePort:
     externalTrafficPolicy:
     externalIPs:
-      - {{ gitea.externalips }}
+#      - {{ gitea.externalips }}
     ipFamilyPolicy:
     ipFamilies:
     hostPort:
@@ -344,12 +344,12 @@ gitea:
     #   customEmailUrl:
 
   ## @param gitea.config  Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
-  config: {}
+  config:
   #  APP_NAME: "Gitea: Git with a cup of tea"
   #  RUN_MODE: dev
   #
-  #  server:
-  #    SSH_PORT: 22
+    server:
+      SSH_PORT: 2222
   #
   #  security:
   #    PASSWORD_COMPLEXITY: spec
diff --git a/roles/metallb/tasks/main.yaml b/roles/metallb/tasks/main.yaml
index 11dc594..a00a017 100644
--- a/roles/metallb/tasks/main.yaml
+++ b/roles/metallb/tasks/main.yaml
@@ -1,11 +1,19 @@
+- name: Enable structARP on kube-proxy 
+  shell: |
+    kubectl get configmap kube-proxy -n kube-system -o yaml | \
+    sed -e "s/strictARP: false/strictARP: true/" | \
+    kubectl apply -f - -n kube-system
+
+- name: install MetalLB
+  shell: |
+    helm repo add metallb https://metallb.github.io/metallb
+    helm install metallb metallb/metallb --create-namespace --namespace metallb-system
+
 - name: copy MetalLB config
   become: yes
   template:
     src: metallb-config.yaml
-    dest: /etc/metallb-config.yaml
-
-- name: install MetalLB
-  command: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.9/config/manifests/metallb-native.yaml
+    dest: /tmp/metallb-config.yaml
 
 - name: install MetalLB config
-  command: kubectl apply -f /etc/metallb-config.yaml
+  command: kubectl apply -f /tmp/metallb-config.yaml
diff --git a/roles/metallb/templates/metallb-config.yaml b/roles/metallb/templates/metallb-config.yaml
index 35df0ac..aebfd60 100644
--- a/roles/metallb/templates/metallb-config.yaml
+++ b/roles/metallb/templates/metallb-config.yaml
@@ -2,11 +2,11 @@
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
-  name: nat
+  name: first-pool
   namespace: metallb-system
 spec:
   addresses:
-    - "{{ metalrange }}"
+    - "{{ metallb.iprange }}"
 ---
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
diff --git a/roles/metallb/templates/metallb-values.yaml.j2 b/roles/metallb/templates/metallb-values.yaml.j2
new file mode 100644
index 0000000..d641183
--- /dev/null
+++ b/roles/metallb/templates/metallb-values.yaml.j2
@@ -0,0 +1,6 @@
+configInline:
+  address-pools:
+   - name: default
+     protocol: layer2
+     addresses:
+     - {{ metallb.iprange }}
diff --git a/roles/purelb/tasks/main.yaml b/roles/purelb/tasks/main.yaml
index 79ca3d1..749684c 100644
--- a/roles/purelb/tasks/main.yaml
+++ b/roles/purelb/tasks/main.yaml
@@ -7,7 +7,7 @@
 - name: install PureLB
   command: kubectl apply -f https://gitlab.com/api/v4/projects/purelb%2Fpurelb/packages/generic/manifest/0.0.1/purelb-complete.yaml
   retries: 2
-  delays: 5
+  delay: 5
 
 - name: install PureLB config
   command: kubectl apply -f /etc/purelb-config.yaml
diff --git a/roles/purelb/templates/purelb-config.yaml.j2 b/roles/purelb/templates/purelb-config.yaml.j2
index 2e5ad2e..c5bd509 100644
--- a/roles/purelb/templates/purelb-config.yaml.j2
+++ b/roles/purelb/templates/purelb-config.yaml.j2
@@ -6,6 +6,6 @@ metadata:
 spec:
   local:
     v4pools:
-    - subnet: '{{ lbsubnet }}'
-      pool: '{{ lbpool }}'
-      aggregation: /25
+    - subnet: '{{ purelb.subnet }}'
+      pool: '{{ purelb.pool }}'
+      aggregation: default
diff --git a/start.yaml b/start.yaml
index c2c8d7a..fbc388e 100644
--- a/start.yaml
+++ b/start.yaml
@@ -6,6 +6,7 @@
 - import_playbook: kubernetes-worker.yaml
 - import_playbook: openebs.yaml
 - import_playbook: ingress-nginx.yaml
+- import_playbook: purelb.yaml
+#- import_playbook: metallb.yaml
 - import_playbook: helm.yaml
 - import_playbook: gitea-helm.yaml
-#- import_playbook: purelb.yaml