225f77598a
Helm chart + Ansible role для Authelia 4.38: - Forward-auth для ingress-nginx через аннотации auth-url/auth-signin - OIDC provider: Gitea, Grafana, ArgoCD, MinIO, Vault, Nextcloud - SQLite default или PostgreSQL; опциональный Redis для сессий - RSA ключ OIDC генерируется автоматически если не задан в vault - ConfigMap authelia-forward-auth с готовыми аннотациями для любого сервиса - README: install, users, protect service, OIDC per-service, debug, test
338 lines
9.2 KiB
YAML
338 lines
9.2 KiB
YAML
---
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
# Установка аддонов по флагам из group_vars/all/addons.yml
|
|
#
|
|
# Порядок важен: NFS → CSI → Ingress → cert-manager → остальные
|
|
#
|
|
# Запуск всех включённых аддонов: make install-full
|
|
# Конкретный аддон напрямую: make addon-<name>
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
|
|
- name: Install NFS Server
|
|
hosts: nfs_server
|
|
gather_facts: true
|
|
become: true
|
|
when: addon_nfs_server | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/nfs-server/role"
|
|
|
|
- name: Install CSI NFS Driver
|
|
hosts: k3s_cluster
|
|
gather_facts: true
|
|
become: true
|
|
when: addon_csi_nfs | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/csi-nfs/role"
|
|
|
|
- name: Install ingress-nginx
|
|
hosts: k3s_cluster
|
|
gather_facts: true
|
|
become: true
|
|
when: addon_ingress_nginx | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/ingress-nginx/role"
|
|
|
|
- name: Install cert-manager
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_cert_manager | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/cert-manager/role"
|
|
|
|
- name: Install metrics-server
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_metrics_server | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/metrics-server/role"
|
|
|
|
- name: Install kube-prometheus-stack
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_prometheus_stack | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/prometheus-stack/role"
|
|
|
|
- name: Install Istio + Kiali
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_istio | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/istio/role"
|
|
|
|
- name: Install ArgoCD
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_argocd | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/argocd/role"
|
|
|
|
- name: Install Longhorn
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_longhorn | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/longhorn/role"
|
|
|
|
- name: Install Kubernetes Dashboard
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_kubernetes_dashboard | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/kubernetes-dashboard/role"
|
|
|
|
- name: Install PostgreSQL
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_postgresql | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/postgresql/role"
|
|
|
|
- name: Install MySQL
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_mysql | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/mysql/role"
|
|
|
|
- name: Install Databasus
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_databasus | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/databasus/role"
|
|
|
|
- name: Install MinIO
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_minio | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/minio/role"
|
|
|
|
- name: Install Velero
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_velero | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/velero/role"
|
|
|
|
- name: Install CrowdSec
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_crowdsec | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/crowdsec/role"
|
|
|
|
- name: Install Harbor
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_harbor | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/harbor/role"
|
|
|
|
- name: Install Gitea
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_gitea | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/gitea/role"
|
|
|
|
- name: Install ownCloud OCIS
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_owncloud | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/owncloud/role"
|
|
|
|
- name: Install Nextcloud
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_nextcloud | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/nextcloud/role"
|
|
|
|
- name: Install Loki
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_loki | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/loki/role"
|
|
|
|
- name: Install Promtail
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_promtail | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/promtail/role"
|
|
|
|
- name: Install Tempo
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_tempo | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/tempo/role"
|
|
|
|
- name: Install Pushgateway
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_pushgateway | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/pushgateway/role"
|
|
|
|
- name: Install CSI S3 Driver
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_csi_s3 | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/csi-s3/role"
|
|
|
|
- name: Install Rook-Ceph
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_csi_ceph | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/csi-ceph/role"
|
|
|
|
- name: Install CSI GlusterFS Driver
|
|
hosts: k3s_master[0]
|
|
gather_facts: true
|
|
become: true
|
|
when: addon_csi_glusterfs | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/csi-glusterfs/role"
|
|
|
|
- name: Install Vaultwarden
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_vaultwarden | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/vaultwarden/role"
|
|
|
|
- name: Install SMTP Relay
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_smtp_relay | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/smtp-relay/role"
|
|
|
|
- name: Install HashiCorp Vault
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_vault | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/vault/role"
|
|
|
|
- name: Install External Secrets Operator
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_external_secrets | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/external-secrets/role"
|
|
|
|
- name: Install Jenkins
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_jenkins | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/jenkins/role"
|
|
|
|
- name: Install NetBird VPN
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_netbird | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/netbird/role"
|
|
|
|
- name: Install MediaServer (Plex, *arr, Transmission, Prowlarr+Hysteria2, Samba)
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_mediaserver | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/mediaserver/role"
|
|
|
|
- name: Install Hysteria2 VPN Server on remote VPS
|
|
hosts: hysteria2_server
|
|
gather_facts: true
|
|
become: true
|
|
when: addon_hysteria2_server | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/hysteria2-server/role"
|
|
|
|
- name: Install Split Gateway (sing-box + Hysteria2 TPROXY)
|
|
hosts: splitgw
|
|
gather_facts: true
|
|
become: true
|
|
when: addon_splitgw | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/splitgw/role"
|
|
|
|
- name: Install External Services Ingress Proxy
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_ingress_proxypass | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/ingress-proxypass/role"
|
|
|
|
- name: Install Ingress Add Domains
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_ingress_add_domains | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/ingress-add-domains/role"
|
|
|
|
- name: Install Yandex 360 DNS Controller
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_yandex_dns_controller | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/yandex-dns-controller/role"
|
|
|
|
- name: Install Technitium DNS HA
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_technitium_dns | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/technitium-dns/role"
|
|
|
|
- name: Install Authelia SSO
|
|
hosts: k3s_master[0]
|
|
gather_facts: false
|
|
become: true
|
|
when: addon_authelia | default(false) | bool
|
|
roles:
|
|
- role: "{{ playbook_dir }}/../addons/authelia/role"
|