a209b8a9bf
- CSI-S3 (ctrox/csi-s3): монтирование S3/MinIO бакетов как PVC, авто-интеграция с addon_minio через internal MinIO endpoint - Rook-Ceph (csi-ceph): distributed block (RWO) и filesystem (RWX) storage, оператор Helm + CephCluster CRD + StorageClasses, опциональный Dashboard Ingress - CSI GlusterFS: установка glusterfs-client на все ноды, CSI Driver из GitHub releases, StorageClass с Heketi provisioner, Endpoints для прямых подключений - Vaultwarden (guerzon/vaultwarden): self-hosted Bitwarden, авто-версия, SMTP smtp.yandex.ru:465/force_tls, WebSocket, ingress TLS, ServiceMonitor Обновлены: playbooks/addons.yml (8 пропущенных аддонов + 4 новых), group_vars/all/addons.yml (флаги + комментарии конфигурации), vault.yml.example (vaultwarden_admin_token, smtp_password, heketi_secret), Makefile (PHONY + 4 новых цели)
60 lines
2.2 KiB
YAML
60 lines
2.2 KiB
YAML
---
|
|
- name: Add Vaultwarden Helm repo
|
|
kubernetes.core.helm_repository:
|
|
name: vaultwarden
|
|
repo_url: "{{ vaultwarden_chart_repo }}"
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Get latest Vaultwarden chart version
|
|
ansible.builtin.shell: |
|
|
helm search repo vaultwarden/vaultwarden --output json | \
|
|
python3 -c "import sys,json; print(json.load(sys.stdin)[0]['version'])"
|
|
register: _vaultwarden_latest_version
|
|
changed_when: false
|
|
when: vaultwarden_version == ""
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Set Vaultwarden chart version
|
|
ansible.builtin.set_fact:
|
|
_vaultwarden_version: "{{ vaultwarden_version if vaultwarden_version != '' else _vaultwarden_latest_version.stdout | trim }}"
|
|
|
|
- name: Template Vaultwarden values
|
|
ansible.builtin.template:
|
|
src: vaultwarden-values.yaml.j2
|
|
dest: /tmp/vaultwarden-values.yaml
|
|
mode: '0600'
|
|
|
|
- name: Install Vaultwarden via Helm
|
|
kubernetes.core.helm:
|
|
name: vaultwarden
|
|
chart_ref: vaultwarden/vaultwarden
|
|
chart_version: "{{ _vaultwarden_version }}"
|
|
release_namespace: "{{ vaultwarden_namespace }}"
|
|
create_namespace: true
|
|
wait: true
|
|
timeout: "5m0s"
|
|
values_files:
|
|
- /tmp/vaultwarden-values.yaml
|
|
environment:
|
|
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
|
|
|
|
- name: Wait for Vaultwarden to be ready
|
|
ansible.builtin.command: >
|
|
k3s kubectl -n {{ vaultwarden_namespace }}
|
|
rollout status deployment/vaultwarden --timeout=120s
|
|
changed_when: false
|
|
retries: 3
|
|
delay: 10
|
|
|
|
- name: Show Vaultwarden access info
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "Vaultwarden установлен в namespace: {{ vaultwarden_namespace }}"
|
|
- "URL: {{ vaultwarden_domain }}"
|
|
- "Admin panel: {{ vaultwarden_domain }}/admin"
|
|
- "{% if vaultwarden_admin_token %}Admin token задан (из vault.yml){% else %}Admin panel отключена (admin_token не задан){% endif %}"
|
|
- "Регистрация: {{ 'разрешена' if vaultwarden_signups_allowed else 'запрещена' }}"
|
|
- "SMTP: {{ 'включён (' + vaultwarden_smtp_host + ':' + vaultwarden_smtp_port | string + ')' if vaultwarden_smtp_enabled else 'отключён' }}"
|