102 lines
3.9 KiB
YAML
102 lines
3.9 KiB
YAML
- name: Deploy+Verify 04-12 nodejs TLS Ingress
|
||
hosts: k3s_server
|
||
become: true
|
||
run_once: true
|
||
vars:
|
||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||
verify_teardown: "{{ (VERIFY_TEARDOWN | default('1')) | string }}"
|
||
nodejs_manifest_src: "{{ playbook_dir }}/../../files/04-01/04-12-nodejs-demo.yaml"
|
||
nodejs_manifest_dest: /tmp/nodejs-demo-04-12.yaml
|
||
# 默认不强行跑 HTTPS curl(需要 DNS/证书/入口);提供环境变量时再启用
|
||
nodejs_http_check_enabled: "{{ (NODEJS_TLS_ENTRY_BASE is defined) and (NODEJS_TLS_HOST is defined) }}"
|
||
nodejs_verify_entry_base: "{{ NODEJS_TLS_ENTRY_BASE | default('https://app.example.local') }}"
|
||
nodejs_verify_path: "/api/"
|
||
nodejs_verify_host: "{{ NODEJS_TLS_HOST | default('app.example.local') }}"
|
||
tasks:
|
||
- name: Assert TLS secret exists (nodejs-demo-tls)
|
||
ansible.builtin.shell: |
|
||
set -e
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl -n default get secret nodejs-demo-tls
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|
||
|
||
- name: Copy nodejs demo manifest
|
||
ansible.builtin.copy:
|
||
src: "{{ nodejs_manifest_src }}"
|
||
dest: "{{ nodejs_manifest_dest }}"
|
||
mode: "0644"
|
||
|
||
- name: Apply nodejs demo manifest
|
||
ansible.builtin.shell: |
|
||
set -e
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f {{ nodejs_manifest_dest }}
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: true
|
||
|
||
- name: Rollout status nodejs-demo
|
||
ansible.builtin.shell: |
|
||
set -e
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout status deployment/nodejs-demo -n default --timeout=180s
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|
||
|
||
- name: Assert Service targetPort matches expected (optional)
|
||
when: nodejs_expected_target_port is defined and (nodejs_expected_target_port | int) > 0
|
||
ansible.builtin.shell: |
|
||
set -euo pipefail
|
||
exp="{{ nodejs_expected_target_port | int }}"
|
||
got=$(KUBECONFIG={{ k3s_kubeconfig }} kubectl get svc nodejs-demo -n default -o jsonpath='{.spec.ports[0].targetPort}')
|
||
echo "svc/nodejs-demo targetPort=$got expected=$exp"
|
||
test "$got" = "$exp"
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|
||
|
||
- name: Assert Endpoints exist
|
||
ansible.builtin.shell: |
|
||
set -euo pipefail
|
||
eps=$(KUBECONFIG={{ k3s_kubeconfig }} kubectl get endpoints nodejs-demo -n default -o jsonpath='{.subsets[0].addresses[0].ip}' 2>/dev/null || true)
|
||
echo "endpoints.ip=$eps"
|
||
test -n "$eps"
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|
||
|
||
- name: HTTP check nodejs demo (path/host optional)
|
||
when: nodejs_http_check_enabled | default(true)
|
||
ansible.builtin.shell: |
|
||
set -euo pipefail
|
||
base="{{ nodejs_verify_entry_base | trim | regex_replace('/+$','') }}"
|
||
path="{{ nodejs_verify_path | default('/node') }}"
|
||
url="$base${path}"
|
||
host="{{ nodejs_verify_host | default('') | trim }}"
|
||
|
||
ok=0
|
||
for i in 1 2 3 4 5 6 7 8 9 10; do
|
||
if [ -n "$host" ]; then
|
||
code=$(curl -s -o /dev/null -w "%{http_code}" -H "Host: ${host}" --connect-timeout 3 --max-time 8 "$url" 2>/dev/null || echo "000")
|
||
else
|
||
code=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 3 --max-time 8 "$url" 2>/dev/null || echo "000")
|
||
fi
|
||
echo "try $i: $url host=${host:-<none>} -> $code"
|
||
if [ "$code" = "200" ]; then ok=1; break; fi
|
||
sleep 2
|
||
done
|
||
test "$ok" = "1"
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|
||
|
||
- name: Teardown when VERIFY_TEARDOWN=1
|
||
when: verify_teardown == "1"
|
||
ansible.builtin.shell: |
|
||
set -e
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete -f {{ nodejs_manifest_dest }} --ignore-not-found=true
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: true
|
||
|