hpi-schul-cloud · mamutmk5 · Aug 19, 2024 · Aug 16, 2024 · Aug 16, 2024 · Aug 16, 2024
diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml
@@ -20,9 +20,9 @@ permissions:
   contents: read
 
 jobs:
-  deploy:
+  create-artifact:
     runs-on: ubuntu-latest
-    name: deploy ${{ inputs.tenant }}
+    name: Ansible artifact ${{ inputs.tenant }}
     steps:
       - uses: actions/download-artifact@v4
       - run: ls -R
@@ -34,6 +34,32 @@ jobs:
           name: debug-${{ inputs.tenant }}-ansible
           path: ${{github.workspace }}/${{ inputs.tenant }}-ansible.tar
           overwrite: true
+
+
+  deploy-matrix:
+    runs-on: ubuntu-latest
+    name: deploy ${{ inputs.tenant }}
+    strategy:
+      fail-fast: false
+      matrix:
+        action:
+          - tags: configmap
+            op: tags
+          - tags: service
+            op: tags
+          - tags: 1password
+            op: tags
+          - tags: deployment
+            op: tags
+          - tags: ingress
+            op: tags
+          - tags: "ingress,configmap,service,1password,deployment"
+            op: skip-tags
+    steps:
+      - uses: actions/download-artifact@v4
+      - run: ls -R
+      - run: mv */*.tar ./
+      - run: find -name "*.tar" -exec tar -xf {} \;
       - shell: bash
         run: |
           python3 -m pip install kubernetes 'urllib3>=1.26.16'
@@ -49,20 +75,12 @@ jobs:
         run: |
           mkdir files
           echo "${{ secrets.KUBECONFIG }}" > files/config
-      # It's necessary for the ansible k8s module to define proxy options as environment vars 
-      # (doesn't use the proxy defined in kubeconfig)
-      # https://github.com/kubernetes-client/python/issues/1862
-      # https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#parameter-proxy
-      # Format in kubeconfig is <protocoll>://<user>:<password>@<domain>:<port>
-      # Set K8S_AUTH_PROXY=<protocoll>://<domain>:<port>
-      # Set K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=<user>:<password>
-      # If proxy-url is not defined in the kubeconfig no variables are set
       - name: Set proxy environment variable if included in the kubeconfig
         working-directory: ${{github.workspace }}/ansible/roles/sys/files
         run: |
           yq ".clusters[0].cluster.proxy-url" config | sed -nr 's+(.*//).*@(.*)+K8S_AUTH_PROXY=\1\2+p' >> $GITHUB_ENV
           yq ".clusters[0].cluster.proxy-url" config | sed -nr 's+.*//(.*)@.*+K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=\1+p' >> $GITHUB_ENV
-      - run: ansible-playbook ./playbook.yml --inventory-file hosts --limit "${{ inputs.host_name }}" -e 'ansible_python_interpreter=/usr/bin/python3'
+      - run: ansible-playbook ./playbook.yml --inventory-file hosts --limit "${{ inputs.host_name }}" -e 'ansible_python_interpreter=/usr/bin/python3' --${{ matrix.action.op }} ${{ matrix.action.tags }}
         working-directory: ${{github.workspace }}/ansible
       - working-directory: ${{github.workspace }}/ansible/roles/sys/files
         run: |

diff --git a/ansible/roles/clamav/tasks/main.yml b/ansible/roles/clamav/tasks/main.yml
@@ -3,16 +3,22 @@
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: svc.yml.j2
+    tags:
+      - service
 
   - name: Configmap
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: configmap.yml.j2
       apply: yes
+    tags:
+      - configmap
 
   - name: Deployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: deployment.yml.j2
+    tags:
+      - deployment
diff --git a/ansible/roles/dof_etherpad/tasks/main.yml b/ansible/roles/dof_etherpad/tasks/main.yml
@@ -3,24 +3,32 @@
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: svc.yml.j2
+    tags:
+      - service
 
   - name: Configmap
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: configmap.yml.j2
       apply: yes
+    tags:
+      - configmap
 
   - name: Secret by 1Password
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: onepassword.yml.j2
     when: ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
+    tags:
+      - 1password
 
   - name: Deployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: deployment.yml.j2
+    tags:
+      - deployment
 
diff --git a/ansible/roles/dof_etherpad_nginx/tasks/main.yml b/ansible/roles/dof_etherpad_nginx/tasks/main.yml
@@ -3,17 +3,23 @@
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: svc.yml.j2
+    tags:
+      - service
 
   - name: Configmap Files
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: configmap-files.yml.j2
       apply: yes
+    tags:
+      - configmap
 
   - name: Deployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: deployment.yml.j2
+    tags:
+      - deployment
 
diff --git a/ansible/roles/dof_mailcatcher/tasks/main.yml b/ansible/roles/dof_mailcatcher/tasks/main.yml
@@ -3,10 +3,14 @@
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: svc.yml.j2
+    tags:
+      - service
 
   - name: Deployment
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: deployment.yml.j2
+    tags:
+      - deployment
 
diff --git a/ansible/roles/dof_mongo/tasks/main.yml b/ansible/roles/dof_mongo/tasks/main.yml
@@ -4,6 +4,8 @@
       namespace: "{{ NAMESPACE }}"
       template: svc.yml.j2
     when: WITH_MONGO_DATABASES
+    tags:
+      - service
 
   - name: remove Service
     kubernetes.core.k8s:
@@ -14,13 +16,17 @@
       kind: Service
       name: mongo-svc
     when: not WITH_MONGO_DATABASES
+    tags:
+      - service
 
   - name: Add or Update ServiceMonitor
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
       template: svc-monitor.yml.j2
     when: WITH_MONGO_DATABASES
+    tags:
+      - prometheus
 
   - name: remove ServiceMonitor
     kubernetes.core.k8s:
@@ -31,13 +37,17 @@
       kind: ServiceMonitor
       name: mongo-svc-monitor
     when: not WITH_MONGO_DATABASES
+    tags:
+      - prometheus
 
   - name: Add or Update Secret by 1Password
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config
       namespace: "{{ NAMESPACE }}"
       template: onepassword.yml.j2
     when: WITH_MONGO_DATABASES and ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
+    tags:
+      - 1password
 
   - name: remove Secret by 1Password
     kubernetes.core.k8s:
@@ -48,13 +58,17 @@
       kind: OnePasswordItem
       name: mongo-secret
     when: not WITH_MONGO_DATABASES and ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
+    tags:
+      - 1password
 
   - name: Add or Update Persistent Volumes Claim
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: pvc.yml.j2
     when: WITH_MONGO_DATABASES
+    tags:
+      - pvc
 
   - name: remove Persistent Volumes Claim
     kubernetes.core.k8s:
@@ -65,6 +79,8 @@
       kind: PersistentVolumeClaim
       name: mongo-pvc
     when: not WITH_MONGO_DATABASES
+    tags:
+      - pvc
 
   - name: Add or Update Deployment
     kubernetes.core.k8s:
@@ -73,6 +89,8 @@
       template: deployment.yml.j2
       apply: yes
     when: WITH_MONGO_DATABASES
+    tags:
+      - deployment
 
   - name: remove Deployment
     kubernetes.core.k8s:
@@ -83,3 +101,5 @@
       kind: Deployment
       name: mongo-deployment
     when: not WITH_MONGO_DATABASES
+    tags:
+      - deployment
diff --git a/ansible/roles/dof_postgresql/tasks/main.yml b/ansible/roles/dof_postgresql/tasks/main.yml
@@ -4,6 +4,8 @@
       namespace: "{{ NAMESPACE }}"
       template: svc.yml.j2
     when: WITH_POSTGRES_DATABASES
+    tags:
+      - service
 
   - name: remove Service
     kubernetes.core.k8s:
@@ -14,13 +16,17 @@
       name: postgres-svc
       state: absent
     when: not WITH_POSTGRES_DATABASES
+    tags:
+      - service
 
   - name: Add or Update Persistent Volumes Claim  
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: pvc.yml.j2
     when: WITH_POSTGRES_DATABASES
+    tags:
+      - pvc
 
   - name: remove Persistent Volumes Claim  
     kubernetes.core.k8s:
@@ -31,6 +37,8 @@
       name: postgres-pvc
       state: absent
     when: not WITH_POSTGRES_DATABASES
+    tags:
+      - pvc
 
   - name: Add or Update Configmap
     kubernetes.core.k8s:
@@ -39,6 +47,8 @@
       template: configmap.yml.j2
       apply: yes
     when: WITH_POSTGRES_DATABASES and (ONEPASSWORD_OPERATOR is undefined or ( ONEPASSWORD_OPERATOR is defined and not ONEPASSWORD_OPERATOR) )
+    tags:
+      - configmap
 
   - name: remove Configmap
     kubernetes.core.k8s:
@@ -49,6 +59,8 @@
       name: postgres-configmap
       state: absent
     when: not WITH_POSTGRES_DATABASES and (ONEPASSWORD_OPERATOR is undefined or ( ONEPASSWORD_OPERATOR is defined and not ONEPASSWORD_OPERATOR) )
+    tags:
+      - configmap
 
   - name: Add or Update init scripts Configmap
     kubernetes.core.k8s:
@@ -57,6 +69,8 @@
       template: configmap-init.yml.j2
       apply: yes
     when: WITH_POSTGRES_DATABASES
+    tags:
+      - configmap
 
   - name: remove init scripts Configmap
     kubernetes.core.k8s:
@@ -67,13 +81,17 @@
       name: postgres-configmap-init
       state: absent
     when: not WITH_POSTGRES_DATABASES
+    tags:
+      - configmap
 
   - name: Add or Update Secret by 1Password
     kubernetes.core.k8s:
       kubeconfig: ~/.kube/config 
       namespace: "{{ NAMESPACE }}"
       template: onepassword.yml.j2
     when: WITH_POSTGRES_DATABASES and (ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool)
+    tags:
+      - 1password
 
   - name: remove Secret by 1Password
     kubernetes.core.k8s:
@@ -84,6 +102,8 @@
       name: postgres-secret
       state: absent
     when: not WITH_POSTGRES_DATABASES and (ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool)
+    tags:
+      - 1password
 
   - name: Add or Update Deployment
     kubernetes.core.k8s:
@@ -92,6 +112,8 @@
       template: deployment.yml.j2
       apply: yes
     when: WITH_POSTGRES_DATABASES
+    tags:
+      - deployment
 
   - name: remove Deployment
     kubernetes.core.k8s:
@@ -102,3 +124,5 @@
       name: postgres-deployment
       state: absent
     when: not WITH_POSTGRES_DATABASES
+    tags:
+      - deployment
diff --git a/ansible/roles/dof_postgresql_management/tasks/main.yml b/ansible/roles/dof_postgresql_management/tasks/main.yml
@@ -4,6 +4,8 @@
     namespace: "{{ NAMESPACE }}"
     template: onepassword-pg-cluster.yml.j2
   when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT and ONEPASSWORD_OPERATOR is defined and ONEPASSWORD_OPERATOR|bool
+  tags:
+    - 1password
 
 - name: Create ConfigMap with Script for database deletion
   kubernetes.core.k8s:
@@ -12,11 +14,15 @@
     template: configmap-database-deletion.yml.j2
     apply: yes
   when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT
+  tags:
+    - configmap
 
 - name: Create suspended Job for database deletion
   kubernetes.core.k8s:
     kubeconfig: ~/.kube/config
     namespace: "{{ NAMESPACE }}"
     template: job-database-deletion.yml.j2
     apply: yes
-  when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT
+  when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT
+  tags:
+    - job