Merge pull request #76 from cliveseldon/ansible

Add ansible playbooks

Author: ukclivecox

.gitignore

@@ -111,6 +111,7 @@ examples/*.h5
 
 # emacs
 *~
+.\#*
 
 # Test models
 tests/testdata/keras

Makefile

@@ -16,19 +16,28 @@ test:
 
 .PHONY: fmt
 fmt:
-	isort .
+	isort . \
+		--skip ansible \
+		--skip .tox \
+		--skip .eggs \
+		--skip build
 	black . \
-		--exclude "(.eggs|.tox)" \
+		--exclude "(.eggs|.tox|ansible|build)" \
 		--line-length 120
 
 .PHONY: lint
 lint:
-	flake8 .
+	flake8 . \
+		--extend-exclude "ansible"
 	mypy ./tempo
-	isort . --check
+	isort . --check \
+		--skip ansible \
+		--skip .tox \
+		--skip .eggs \
+		--skip build
 	black . \
 		--check \
-		--exclude "(.eggs|.tox)" \
+		--exclude "(.eggs|.tox|ansible|build)" \
 		--line-length 120
 
 .PHONY: install-rclone

ansible/.gitignore

@@ -0,0 +1 @@
+.resources

ansible/Makefile

@@ -0,0 +1,29 @@
+KIND_IMAGE ?= kindest/node:v1.18.15
+KIND_NAME ?= ansible
+
+
+# Kind Cluster
+kind-cluster:
+	kind create cluster --name ${KIND_NAME} --image ${KIND_IMAGE} || echo "already there"
+	kind export kubeconfig --name ${KIND_NAME}
+	kubectl create ns seldon || echo "already there"
+	kubectl config set-context --current --namespace seldon
+
+
+kind-delete:
+	kind delete cluster --name ${KIND_NAME}
+
+
+
+# Port Forwards
+port-forward-ambassador:
+	kubectl port-forward -n ambassador svc/ambassador 8003:80
+
+port-forward-istio:
+	kubectl port-forward  -n istio-system svc/istio-ingressgateway 8003:80
+
+port-forward-istio-8004:
+	kubectl port-forward  -n istio-system svc/istio-ingressgateway 8004:80
+
+port-forward-minio:
+	kubectl port-forward -n minio-system svc/minio 8090:9000

ansible/ansible-tools/inventory.ini

@@ -0,0 +1,5 @@
+[all:vars]
+ansible_python_interpreter=python3
+
+[all]
+localhost ansible_connection=local

ansible/ansible-tools/roles/ambassador/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+ambassador_namespace: ambassador

ansible/ansible-tools/roles/ambassador/tasks/main.yaml

@@ -0,0 +1,19 @@
+---
+- name: "Create a k8s namespace: {{ ambassador_namespace }}"
+  community.kubernetes.k8s:
+    name: "{{ ambassador_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Install ambassador
+  community.kubernetes.helm:
+    name: ambassador
+    release_namespace: "{{ ambassador_namespace }}"
+    chart_repo_url: "https://www.getambassador.io"
+    chart_ref: "ambassador"
+    values:
+      image:
+        repository: quay.io/datawire/ambassador
+      enableAES: false
+      crds.keep: false

ansible/ansible-tools/roles/argo/defaults/main.yaml

@@ -0,0 +1,11 @@
+---
+argo_namespace: argo
+argo_version: null    # means that --version is not set so latest is used
+
+argo_wait_for_deployments: false
+argo_configure_rbac: true
+
+argo_values: {}
+argo_values_files: []
+
+workflow_namespaces: []

ansible/ansible-tools/roles/argo/tasks/main.yaml

@@ -0,0 +1,40 @@
+---
+
+#### Install
+
+- name: "Create a k8s namespaces: {{ argo_namespace }}"
+  community.kubernetes.k8s:
+    name: "{{ argo_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Install Argo Workflows
+  community.kubernetes.helm:
+    name: argo
+    release_namespace: "{{ argo_namespace }}"
+    chart_repo_url: "https://argoproj.github.io/argo-helm"
+    chart_ref: "argo"
+    chart_version: "{{ argo_version }}"
+    values: "{{ argo_values }}"
+    values_files: "{{ argo_values_files }}"
+
+- name: Wait for Argo deployments
+  community.kubernetes.k8s_info:
+    kind: Deployment
+    wait: yes
+    wait_condition:
+      type: Available
+      status: "True"
+      reason: MinimumReplicasAvailable
+    name: "{{ item }}"
+    namespace: "{{ argo_namespace }}"
+    wait_timeout: 360
+  with_items:
+    - argo-server
+    - workflow-controller
+  when: argo_wait_for_deployments | bool
+
+- name: Configure Service RBAC
+  include: rbac.yaml
+  when: argo_configure_rbac | bool

ansible/ansible-tools/roles/argo/tasks/rbac.yaml

@@ -0,0 +1,75 @@
+---
+- name: Create Workflow Role
+  community.kubernetes.k8s:
+    state: present
+    name: workflow
+    namespace: "{{ loop_namespace }}"
+    definition:
+      apiVersion: rbac.authorization.k8s.io/v1
+      kind: Role
+      metadata:
+        name: workflow
+      rules:
+      - apiGroups:
+        - ""
+        resources:
+        - pods
+        verbs:
+        - "*"
+      - apiGroups:
+        - "apps"
+        resources:
+        - deployments
+        verbs:
+        - "*"
+      - apiGroups:
+        - ""
+        resources:
+        - pods/log
+        verbs:
+        - "*"
+      - apiGroups:
+        - machinelearning.seldon.io
+        resources:
+        - "*"
+        verbs:
+        - "*"
+  loop: "{{ workflow_namespaces }}"
+  loop_control:
+    loop_var: loop_namespace
+
+- name: Create Workflow Role
+  community.kubernetes.k8s:
+    state: present
+    name: workflow
+    namespace: "{{ loop_namespace }}"
+    definition:
+      apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: workflow
+  loop: "{{ workflow_namespaces }}"
+  loop_control:
+    loop_var: loop_namespace
+
+- name: Create Rolebinding
+  community.kubernetes.k8s:
+    state: present
+    name: workflow
+    namespace: "{{ loop_namespace }}"
+    definition:
+      apiVersion: rbac.authorization.k8s.io/v1
+      kind: RoleBinding
+      metadata:
+        name: workflow
+      subjects:
+      - kind: ServiceAccount
+        name: workflow
+        namespace: "{{ loop_namespace }}"
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: Role
+        name: workflow
+  loop: "{{ workflow_namespaces }}"
+  loop_control:
+    loop_var: loop_namespace

ansible/ansible-tools/roles/argocd/defaults/main.yaml

@@ -0,0 +1,7 @@
+---
+argocd_namespace: argocd
+argocd_version: v1.7.10
+argocd_manifest: https://raw.githubusercontent.com/argoproj/argo-cd/{{ argocd_version }}/manifests/install.yaml
+
+gitops_repository: ""
+gitops_namespaces: []

ansible/ansible-tools/roles/argocd/tasks/main.yaml

@@ -0,0 +1,52 @@
+---
+- name: "Create a k8s namespaces: {{ argocd_namespace }}"
+  community.kubernetes.k8s:
+    name: "{{ argocd_namespace }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+
+- name: Deploy ArgoCD
+  community.kubernetes.k8s:
+    state: present
+    namespace: "{{ argocd_namespace }}"
+    definition: "{{ lookup('url', argocd_manifest, split_lines=False) }}"
+
+- name: Wait for ArgoCD deployments
+  community.kubernetes.k8s_info:
+    kind: Deployment
+    wait: yes
+    wait_condition:
+      type: Available
+      status: "True"
+      reason: MinimumReplicasAvailable
+    name: "{{ item }}"
+    namespace: "{{ argocd_namespace }}"
+    wait_timeout: 360
+  with_items:
+    - argocd-application-controller
+    - argocd-repo-server
+    - argocd-server
+    - argocd-redis
+    - argocd-dex-server
+
+- name: Create a k8s namespaces
+  community.kubernetes.k8s:
+    name: "{{ item }}"
+    api_version: v1
+    kind: Namespace
+    state: present
+  with_items: "{{ gitops_namespaces }}"
+
+- name: Configure ArgoCD Project
+  community.kubernetes.k8s:
+    state: present
+    template: templates/project.j2
+
+- name: Configure ArgoCD Applications
+  community.kubernetes.k8s:
+    state: present
+    template: templates/application.j2
+  loop: "{{ gitops_namespaces }}"
+  loop_control:
+    loop_var: loop_namespace

ansible/ansible-tools/roles/argocd/templates/application.j2

@@ -0,0 +1,19 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: seldon-gitops-{{ loop_namespace }}
+  namespace: argocd
+spec:
+  project: seldon
+  destination:
+    namespace: {{ loop_namespace }}
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: {{ gitops_repository }}
+    path: {{ loop_namespace }}
+    directory:
+      recurse: true
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

ansible/ansible-tools/roles/argocd/templates/project.j2

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: seldon
+  namespace: {{ argocd_namespace }}
+spec:
+  description: Seldon Gitops Project
+  sourceRepos:
+  - {{ gitops_repository }}
+  destinations:
+{% for namespace in gitops_namespaces %}
+  - namespace: {{ namespace }}
+    server: https://kubernetes.default.svc
+{% endfor %}
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  roles:
+  - name: seldon-admin
+    policies:
+    - p, proj:seldon:seldon-admin, applications, get, seldon/*, allow
+    - p, proj:seldon:seldon-admin, applications, create, seldon/*, allow
+    - p, proj:seldon:seldon-admin, applications, update, seldon/*, allow
+    - p, proj:seldon:seldon-admin, applications, delete, seldon/*, allow
+    - p, proj:seldon:seldon-admin, applications, sync, seldon/*, allow

ansible/ansible-tools/roles/certmanager/defaults/main.yaml

@@ -0,0 +1,4 @@
+---
+certmanager_version: v1.0.4
+certmanager_yaml: "https://github.com/jetstack/cert-manager/releases/download/{{ certmanager_version }}/cert-manager.yaml"
+

ansible/ansible-tools/roles/certmanager/tasks/main.yaml

@@ -0,0 +1,10 @@
+---
+- name: Install Certmanager
+  community.kubernetes.k8s:
+    state: present
+    definition: "{{ lookup('url', item, split_lines=False) }}"
+  with_items:
+    - "{{ certmanager_yaml }}"
+
+
+

ansible/ansible-tools/roles/istio/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+istio_version: 1.7.6
+istio_verify_install: true