80dbf686b0
Базы данных: - addons/postgresql: Bitnami PostgreSQL (Helm), vault_postgresql_* - addons/mysql: Bitnami MySQL (Helm), vault_mysql_* Объектное хранилище и backup: - addons/minio: Bitnami MinIO в distributed режиме (4 ноды по умолчанию) - addons/velero: backup кластера через Velero + MinIO как S3 backend; bucket создаётся автоматически через mc Job; daily schedule 02:00 Безопасность: - addons/crowdsec: CrowdSec LAPI + DaemonSet агенты, мониторит ingress-nginx; опциональный nginx bouncer (crowdsec_nginx_bouncer_enabled: true) Резервное копирование БД: - addons/databasus: OCI chart, автоматически подключается к addon_postgresql и addon_mysql когда те включены (shared endpoint через postgresql_external_host и mysql_external_host) Общее: - group_vars/all/addons.yml: флаги addon_* + конфиги для всех 6 аддонов; shared DB endpoints postgresql_external_host / mysql_external_host - group_vars/all/vault.yml.example: примеры паролей для всех аддонов - Makefile: targets addon-postgresql/mysql/databasus/minio/velero/crowdsec
66 lines
2.6 KiB
YAML
66 lines
2.6 KiB
YAML
---
|
|
- name: Add Bitnami Helm repo
|
|
kubernetes.core.helm_repository:
|
|
name: bitnami
|
|
repo_url: "{{ mysql_chart_repo }}"
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Deploy MySQL via Helm
|
|
kubernetes.core.helm:
|
|
name: mysql
|
|
chart_ref: bitnami/mysql
|
|
chart_version: "{{ mysql_version }}"
|
|
release_namespace: "{{ mysql_namespace }}"
|
|
create_namespace: true
|
|
wait: true
|
|
timeout: "10m0s"
|
|
values:
|
|
auth:
|
|
rootPassword: "{{ mysql_auth_root_password }}"
|
|
username: "{{ mysql_auth_username }}"
|
|
password: "{{ mysql_auth_password }}"
|
|
database: "{{ mysql_auth_database }}"
|
|
primary:
|
|
persistence:
|
|
enabled: true
|
|
size: "{{ mysql_storage_size }}"
|
|
storageClass: "{{ mysql_storage_class }}"
|
|
resources: "{{ mysql_resources }}"
|
|
secondary:
|
|
replicaCount: "{{ mysql_secondary_replica_count }}"
|
|
persistence:
|
|
enabled: "{{ mysql_secondary_replica_count > 0 }}"
|
|
size: "{{ mysql_storage_size }}"
|
|
storageClass: "{{ mysql_storage_class }}"
|
|
resources: "{{ mysql_resources }}"
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Wait for MySQL primary to be ready
|
|
ansible.builtin.command: >
|
|
k3s kubectl -n {{ mysql_namespace }}
|
|
rollout status statefulset/mysql-primary --timeout=180s
|
|
become: true
|
|
register: _mysql_ready
|
|
changed_when: false
|
|
retries: 3
|
|
delay: 15
|
|
until: _mysql_ready.rc == 0
|
|
|
|
- name: Show MySQL access info
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "══════════════════════════════════════════════"
|
|
- " MySQL установлен"
|
|
- "══════════════════════════════════════════════"
|
|
- " Namespace: {{ mysql_namespace }}"
|
|
- " Service: mysql.{{ mysql_namespace }}.svc.cluster.local:3306"
|
|
- " Database: {{ mysql_auth_database }}"
|
|
- " Root: root / {{ mysql_auth_root_password }}"
|
|
- " App user: {{ mysql_auth_username }} / {{ mysql_auth_password }}"
|
|
- "──────────────────────────────────────────────"
|
|
- " Port-forward для локального доступа:"
|
|
- " kubectl port-forward -n {{ mysql_namespace }} svc/mysql 3306:3306"
|
|
- "══════════════════════════════════════════════"
|