Skip to content
Snippets Groups Projects
Normal view Permalink
gateway.yaml 2.38 KiB
Newer Older
František Dvořák's avatar
Initial experiments with Enterprise Gateway in kubernetes
František Dvořák committed
1 2 3 4 5 6 7 8 9 10 11 12 13 
---
- name: Enterprise Gateway Deployment
  hosts: master
  become: true
  vars:
    namespace: gateway
    version: 3.2.2
  tasks:
    - name: Enterprise Gateway Configuration
      copy:
        dest: /tmp/gateway.yaml
        mode: 0640
        content: |
František Dvořák's avatar
Gateway: secure using auth token  
František Dvořák committed
14 
          authToken: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/data/gateway_authtoken:value', token_validate=true) }}"
František Dvořák's avatar
Initial experiments with Enterprise Gateway in kubernetes
František Dvořák committed
15 16 17 18 19 20 21 22 23 24 
          global:
            rbac: true
          deployment:
            replicas: 1
            # serviceAccountName: 'enterprise-gateway-sa'
            terminationGracePeriodSeconds: 60
          ingress:
            enabled: true
            annotations:
              kubernetes.io/ingress.class: "nginx"
František Dvořák's avatar
Gateway: enable SSL  
František Dvořák committed
25 26 27 28 29 30 
              kubernetes.io/tls-acme: "true"
            hostName: "{{ gateway_hostname }}"
            tls:
              - hosts:
                - "{{ gateway_hostname }}"
                secretName: acme-tls-gateway
František Dvořák's avatar
Initial experiments with Enterprise Gateway in kubernetes
František Dvořák committed
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 
          kip:
            enabled: true
            # serviceAccountName: 'kernel-image-puller-sa'
            # podSecurityPolicy:
            #   create: true
          service:
            type: "ClusterIP"
            ports:
              # Enterprise Gateway reqursts
              - name: http
                port: 8888
                targetPort: 8888
              # Kernel connection info responses
              - name: http-reponse
                port: 8887
                targetPort: 8887
    - name: Enterprise Gateway Download
      get_url:
        url: "https://github.com/jupyter-server/enterprise_gateway/releases/download/v{{ version }}/jupyter_enterprise_gateway_helm-{{ version }}.tar.gz"
        dest: "/tmp/jupyter_enterprise_gateway_helm-{{ version }}.tar.gz"
        mode: 0644
    - name: Enterprise Gateway Helm
      vars:
        config: >-
          --namespace {{ namespace }}
          --kube-context kubernetes-admin@kubernetes
          -f /tmp/gateway.yaml
          enterprise-gateway
          /tmp/jupyter_enterprise_gateway_helm-{{ version }}.tar.gz
      shell: |-
        helm status --namespace {{ namespace }} enterprise-gateway
        if [ $? -ne 0 ]; then
          kubectl create namespace {{ namespace }} || :
          helm install {{ config }}
        else
          helm upgrade {{ config }}
        fi
      environment:
        KUBECONFIG: /etc/kubernetes/admin.conf
        PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
      when: true