The PPEAgentDeployment project provides a streamlined way to configure and deploy the PPEAgent on a Kubernetes cluster using Ansible playbooks. Here’s an in-depth guide based on the provided project details.
PPEAgentDeployment simplifies the deployment of PPEAgent, a tool designed for Kubernetes clusters. This solution leverages Ansible for configuration management and Helm for Kubernetes package management. Below, we outline the key steps and configurations needed to get started.
Before deploying PPEAgent, ensure you have the following prerequisites in place:
- Ansible: A configuration management tool to automate software provisioning.
- Kubernetes Cluster: A running Kubernetes cluster where the PPEAgent will be deployed.
- Helm: A package manager for Kubernetes to manage Helm charts.
Start by cloning the PPEAgentDeployment repository. This will download the necessary files and folders for deployment.
git \
clone \
--branch=master \
--depth=1 \
https://github.com/kamilrybacki/PPEAgentDeployment.git
Change your current directory to the cloned repository to access the deployment files.
cd PPEAgentDeployment
Set the required variables in the group_vars
directory of Your target environment. This directory contains environment-specific configurations.
By default You need two things set up:
-
ppeagentdeployment_namespace
- Namespace to deploy PPEAgent to (set in thegroup_vars/ppeagent.yml
file).# Example: Edit development/group_vars/ppeagent.yml ppeagentdeployment_namespace: "ppeagent" # Replace with your target namespace
-
PPE_AGENT_EMAIL
andPPE_AGENT_PASSWORD
- Email and password for the PPEAgent service, set in the environment variables, corresponding to Your credentials in MójLicznik service.export PPE_AGENT_EMAIL="[email protected]" export PPE_AGENT_PASSWORD="estusflask"
Run the Ansible playbook to deploy PPEAgent. Replace <ENVIRONMENT NAME>
with the appropriate environment directory name from environments/
.
ansible-playbook \
--inventory \
./environments/<ENVIRONMENT NAME>/ \
install.yml
To remove the deployed PPEAgent, execute the uninstall.yml
playbook.
ansible-playbook \
--inventory \
./environments/<ENVIRONMENT NAME>/ \
uninstall.yml
After deploying PPEAgent, you can access the service by visiting the URL provided in the output of the playbook if the Ingress resource was created and the cluster is accessible from the host machine via FQDNs of the Ingress resources.
If not - you must port-forward the service manually to access it from the host machine.
Convention: Global variables are prepended only with the playbook name i.e.
ppeagentdeployment_
and are to be set in the group_vars
directory
of the environment you want to deploy to.
The playbook uses the following playbook-wide variables:
- (REQUIRED)
ppeagentdeployment_namespace
- Namespace to deploy PPEAgent to ppeagentdeployment_email
- Email address for the PPEAgent service (default: the value ofPPE_AGENT_EMAIL
environment variable)ppeagentdeployment_password
- Password for the PPEAgent service (default: the value ofPPE_AGENT_PASSWORD
environment variable)ppeagentdeployment_api_version
- Version of the PPEAgent API to deploy (default:v1
)ppeagentdeployment_kubeconfig
- Path to thekubectl
configuration file (default:$HOME/.kube/config
)ppeagentdeployment_cluster_domain
- Cluster domain (default: read from cluster information dump (via service issuer) module orcluster.local
if not found)
The defaults for these variables are set in the group_vars/ppeagent.yml
file.
Convention: Role variables are prepended with the playbook name followed by the role name and separated by an underscore i.e. ppeagentdeploment_<ROLE>_
.
Their default values are to be stored in the roles/<ROLE>/defaults/main.yml
file.
Any internal variables used in the roles are prepended with an underscore and located in the roles/<ROLE>/vars/main.yml
file. By internal variables, we mean variables that are not meant to be set by the user but are used internally by the role.
However, nothing stops you from setting these variables in the group_vars
directory of the environment you want to deploy to or in any other way you see fit.
Just bear in ming that they are not a part of "public" API of the playbook.
Each role is responsible for a specific part of the deployment process and contains a set of tasks that need to be executed.
Variable Name | Description | Default Value |
---|---|---|
ppeagentdeployment_deploy_port |
The port on which the PPEAgent service will listen. | 8080 |
ppeagentdeployment_deploy_replica_count |
The number of replicas for the PPEAgent service. | 1 |
ppeagentdeployment_deploy_custom_config_file |
Path to a custom configuration file for the PPEAgent service. | "" (empty string, meaning no custom config by default) |
ppeagentdeployment_deploy_ingress_enabled |
Indicates whether Ingress is enabled for the PPEAgent service. | "yes" |
ppeagentdeployment_deploy_ingress_class |
Specifies the Ingress class to be used. | "nginx" |
ppeagentdeployment_deploy_ingress_path |
The path pattern for Ingress routing. | "/{{ ppeagentdeployment_api_version }}(/|$)(.*)" |
ppeagentdeployment_deploy_ingress_annotations |
Annotations to be applied to the Ingress resource. | See below for default annotations |
ppeagentdeployment_deploy_ingress_routes |
Defines the Ingress routes, including paths and service settings. | See below for default routes |
ppeagentdeployment_deploy_ingress_enable_tls |
Indicates if TLS should be enabled for the Ingress. | "yes" |
ppeagentdeployment_deploy_ingress_tls_secret_name |
The name of the TLS secret to be used by the Ingress. | "" (empty string, meaning no TLS secret is created and default certification is used if configured) |
ppeagentdeployment_deploy_ingress_tls_hosts |
Hosts for which TLS should be enabled. | ["{{ _ppeagentdeployment_deploy_ingress_host }}"] |
key: "nginx.ingress.kubernetes.io/rewrite-target"
value: "/$2"
key: "nginx.ingress.kubernetes.io/use-regex"
value: "true"
path: "/{{ ppeagentdeployment_api_version }}(/|$)(.*)"
serviceName: "{{ _ppeagentdeployment_deploy_service_name }}"
servicePort: "{{ ppeagentdeployment_deploy_port }}"
To see values for internal variables used in the roles (underscored variables), please refer to the vars/main.yml
file in the role's directory.