Issue #000 feat: added kubernetes folder

kubernetes/ansible/bootstrap.yaml

+---
+# tasks file for bootstrap-k8s
+
+- hosts: local
+  gather_facts: false
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  serial: 1
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  pre_tasks:
+    - name: Creating namespace
+      shell: "kubectl create namespace {{ item }} "
+      with_items:
+        - "{{ namespace }}"
+        - monitoring
+        - "{{env}}-logging"
+        - istio-system
+      ignore_errors: yes
+    - name: "Tagging {{ namespace }} to enable istio"
+      shell: "kubectl label namespaces {{ namespace }} istio-injection=enabled --overwrite"
+    - name: Creating docker secrets
+      shell: kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ namespace }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }}
+      ignore_errors: yes
+  roles:
+    - istio

kubernetes/ansible/bootstrap_minimal.yaml

+---
+# tasks file for bootstrap-k8s
+
+- hosts: local
+  gather_facts: false
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  serial: 1
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  pre_tasks:
+    - name: Creating namespace
+      shell: "kubectl create namespace {{ item }} "
+      with_items:
+        - "{{ namespace }}"
+      ignore_errors: yes
+    - name: Creating docker secrets
+      shell: kubectl create secret docker-registry {{ imagepullsecrets }} --namespace {{ namespace }} --docker-server {{ vault_docker_registry_url }} --docker-username {{ vault_docker_registry_user }} --docker-password {{ vault_docker_registry_password }}
+      when: imagepullsecrets|length > 0
+    - name: Creating domain sssl
+      shell: 
+        cmd: |
+          cat <<EOF | kubectl apply -f -
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: ingress-cert
+            namespace: "{{ namespace }}"
+          data:
+            ca.crt: ""
+            site.crt: "{{ core_vault_proxy_site_crt | b64encode }}"
+            site.key: "{{ core_vault_proxy_site_key | b64encode }}"
+          EOF

kubernetes/ansible/deploy_core_service.yml

+---
+- hosts: local
+  gather_facts: no
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"
+  roles:
+    - "{{ role_name }}"

kubernetes/ansible/istio.yaml

+---
+- hosts: localhost
+  gather_facts: false
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  roles:
+    - istio
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"

kubernetes/ansible/monitoring.yaml

+---
+- hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml']
+  roles:
+    - sunbird-monitoring
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"

kubernetes/ansible/networkconfig.yaml

+---
+- hosts: local
+  gather_facts: no
+  vars_files:
+    - "{{inventory_dir}}/secrets.yml"
+  roles:
+    - proxy
+  environment:
+    KUBECONFIG: "{{ kubeconfig_path }}"

kubernetes/ansible/roles/deploy-badger/defaults/main.yml

+badger_admin_user: admin

kubernetes/ansible/roles/deploy-badger/tasks/main.yml

+
+- name: template values file
+  template:
+    src: "{{ chart_path }}/values.j2"
+    dest: "{{ chart_path }}/values.yaml"
+
+- name: template configmap file
+  template:
+    src: "configmap.j2"
+    dest: "{{ chart_path }}/templates/configmap.yaml"
+
+- name: helm install
+  shell: helm upgrade --install {{ release_name }} {{ chart_path }}
+  #shell: helm template {{ chart_path }} > /tmp/test.yaml
+
+- name: Copying user creation template
+  template:
+    src: user.j2
+    dest: /tmp/user.sh
+    mode: 0755
+
+- name: Copying user creation script to badger
+  shell: "kubectl cp /tmp/user.sh --namespace={{namespace}} $(kubectl get pod --namespace={{namespace}} | grep badger-* | awk '{print $1}' | head -n1):/tmp/user.sh"
+
+- name: Creating superuser
+  shell: "kubectl exec --namespace={{namespace}} $(kubectl get pod --namespace={{namespace}} | grep badger-* | awk '{print $1}' | head -n1) /tmp/user.sh"
+  no_log: true
+
+- name: Cleaning up secrets in container
+  shell: "kubectl exec --namespace={{namespace}} $(kubectl get pod --namespace={{namespace}} | grep badger-* | awk '{print $1}' | head -n1) rm /tmp/user.sh"
+
+- name: Deleting user.sh 
+  become: yes
+  file:
+    name: "/tmp/user.sh"
+    state: absent
+
+- name: Getting private lb ip
+  command: kubectl get svc -n istio-system ingressgateway-private -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
+  register: private_lb_ip
+
+- set_fact:
+    badger_url: "http://{{private_lb_ip.stdout}}/badger"
+
+- name: Getting auth token
+  shell: curl -X POST '{{badger_url}}' -d "username="{{badger_admin_user}}"&password={{badger_admin_password}}"
+  register: curl
+  no_log: true
+
+- name: Copy admin auth token to desktop
+  copy: content="{{curl.stdout}}" dest=~/badger_token.txt
\ No newline at end of file

kubernetes/ansible/roles/deploy-badger/templates/configmap.j2

+apiVersion: v1
+data:
+  settings_local.py: |+
+    # settings_local.py is for all instance specific settings
+
+
+    from settings import *
+    from mainsite import TOP_DIR
+
+    DEBUG = False
+    TEMPLATE_DEBUG = DEBUG
+    DEBUG_ERRORS = DEBUG
+    DEBUG_STATIC = DEBUG
+    DEBUG_MEDIA = DEBUG
+
+    TIME_ZONE = 'America/Los_Angeles'
+    LANGUAGE_CODE = 'en-us'
+
+
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.postgresql_psycopg2', # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'.
+            'NAME': "{{badger_postgres_database}}",
+            'USER': "{{badger_postgres_user}}",                      # Not used with sqlite3.
+            'PASSWORD': "{{badger_postgres_password}}",                  # Not used with sqlite3.
+            'HOST': "{{badger_host}}",                      # Set to empty string for localhost. Not used with sqlite3.
+            'PORT': '5432',                      # Set to empty string for default. Not used with sqlite3.
+            'OPTIONS': {
+    #            "init_command": "SET storage_engine=InnoDB",  # Uncomment when using MySQL to ensure consistency across servers
+            },
+        }
+    }
+
+
+    CACHES = {
+        'default': {
+            'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+            'LOCATION': '',
+            'TIMEOUT': 300,
+            'KEY_PREFIX': '',
+            'VERSION': 1,
+        }
+    }
+
+
+
+    # celery
+    BROKER_URL = 'amqp://localhost:5672/'
+    CELERY_RESULT_BACKEND = 'djcelery.backends.cache:CacheBackend'
+    CELERY_TASK_SERIALIZER = 'json'
+    CELERY_RESULTS_SERIALIZER = 'json'
+    CELERY_ACCEPT_CONTENT = ['json']
+
+    HTTP_ORIGIN = '{{sunbird_http_orgin}}'
+
+    # Optionally restrict issuer creation to accounts that have the 'issuer.add_issuer' permission
+    BADGR_APPROVED_ISSUERS_ONLY = True
+
+    # If you have an informational front page outside the Django site that can link back to '/login', specify it here
+    ROOT_INFO_REDIRECT = '/login'
+
+    # For the browsable API documentation at '/docs'
+    # For local development environment: When you have a user you'd like to make API requests,
+    # as you can force the '/docs' endpoint to use particular credentials.
+    # Get a token for your user at '/v1/user/auth-token'
+    # SWAGGER_SETTINGS = {
+    #     'api_key': ''
+    # }
+
+
+    #LTI_OAUTH_CREDENTIALS = {
+    #    'test': 'secret',
+    #    'test2': 'reallysecret'
+    #}
+
+    LOGS_DIR = TOP_DIR + '/logs'
+
+
+    # Run celery tasks in same thread as webserver
+    CELERY_ALWAYS_EAGER = True
+
+
+    EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+    # EMAIL_BACKEND = 'django_ses.SESBackend'
+
+    # These are optional -- if they're set as environment variables they won't
+    # need to be set here as well
+    # AWS_ACCESS_KEY_ID = ''
+    # AWS_SECRET_ACCESS_KEY = ''
+
+    # Your SES account may only be available for one region. You can specify a region, like so:
+    # AWS_SES_REGION_NAME = 'us-west-2'
+    # AWS_SES_REGION_ENDPOINT = 'email.us-west-2.amazonaws.com'
+    # OR:
+    # AWS_SES_REGION_NAME = 'us-east-1'
+    # AWS_SES_REGION_ENDPOINT = 'email.us-east-1.amazonaws.com'
+
+    DEFAULT_FROM_EMAIL = ''
+    ##AZURE CONFIGURATION###
+    DEFAULT_FILE_STORAGE = "{{badger_file_storage}}"
+    AZURE_ACCOUNT_NAME = "{{sunbird_account_name}}"
+    AZURE_ACCOUNT_KEY = "{{sunbird_account_key}}"
+    MEDIA_URL = "{{badger_url}}"
+    AZURE_CONTAINER = "{{badger_container}}"
+
+    LOGS_DIR = os.path.join(TOP_DIR, 'logs')
+    if not os.path.exists(LOGS_DIR):
+        os.makedirs(LOGS_DIR)
+    LOGGING = {
+        'version': 1,
+        'disable_existing_loggers': False,
+        'handlers': {
+            'mail_admins': {
+                'level': 'ERROR',
+                'filters': [],
+                'class': 'django.utils.log.AdminEmailHandler'
+            },
+
+            # badgr events log to disk by default
+            'badgr_events': {
+                'level': 'INFO',
+                'formatter': 'json',
+                'class': 'logging.FileHandler',
+                'filename': os.path.join(LOGS_DIR, 'badgr_events.log')
+            }
+        },
+        'loggers': {
+            'django.request': {
+                'handlers': ['mail_admins'],
+                'level': 'ERROR',
+                'propagate': True,
+            },
+
+            # Badgr.Events emits all badge related activity
+            'Badgr.Events': {
+                'handlers': ['badgr_events'],
+                'level': 'INFO',
+                'propagate': False,
+
+            }
+
+        },
+        'formatters': {
+            'default': {
+                'format': '%(asctime)s %(levelname)s %(module)s %(message)s'
+            },
+            'json': {
+                '()': 'mainsite.formatters.JsonFormatter',
+                'format': '%(asctime)s',
+                'datefmt': '%Y-%m-%dT%H:%M:%S%z',
+            }
+        },
+    }
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: badger-config
+  namespace: {{ namespace }}

kubernetes/ansible/roles/deploy-badger/templates/user.j2

+#!/bin/bash
+
+echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('{{badger_admin_user}}', '{{badger_admin_email}}', '{{badger_admin_password}}')" |  python /badger/code/manage.py shell 2> /dev/null

kubernetes/ansible/roles/deploy-player/defaults/main.yml

+../../../../../ansible/roles/stack-sunbird/defaults/main.yml
\ No newline at end of file

kubernetes/ansible/roles/deploy-player/tasks/main.yml

+- name: Create a directory if it does not exist
+  file:
+    path: /var/lib/jenkins/player_config
+    state: directory
+
+- name: Remove existing index_cdn.ejs
+  file: path=/var/lib/jenkins/player_config/index_cdn.ejs state=absent
+  ignore_errors: true
+
+- name: copy new index file
+  copy: src="{{cdn_file_path}}" dest="/var/lib/jenkins/player_config/index_cdn.ejs" mode=0644
+  when: sunbird_portal_cdn_url|length>0 and  cdn_file_path|length>0
+
+- name: remove whitespaces in index file
+  shell: 'sed -i s/\\s\\+$//e /var/lib/jenkins/player_config/index_cdn.ejs'
+  when: sunbird_portal_cdn_url|length>0 and  cdn_file_path|length>0
+
+- name: Remove the existing CDN config
+  shell: "kubectl delete configmap player-cdn-config --namespace={{namespace}}"
+  ignore_errors: true
+
+- name: Create player-cdn configmap
+  shell: "kubectl create configmap player-cdn-config --from-file=/var/lib/jenkins/player_config/index_cdn.ejs --namespace={{namespace}}"
+  when: sunbird_portal_cdn_url|length>0 and  cdn_file_path|length>0
+
+- name: rename template
+  template:
+    src: "{{ chart_path }}/values.j2"
+    dest: "{{ chart_path }}/values.yaml"
+
+- name: Create env data dir
+  file:
+    path: "/var/lib/jenkins/env"
+    state: directory
+    mode: 0755
+
+- name: copy env file from swarm role
+  template:
+    src: "{{service_env[release_name]}}"
+    dest: "{{role_path}}/templates/{{ release_name }}.env"
+
+- name: template vars
+  template:
+    src: "{{ release_name }}.env"
+    dest: "/var/lib/jenkins/env/{{ release_name }}.env"
+
+- name: create configmap
+  shell: "kubectl create configmap player-config --from-env-file=/var/lib/jenkins/env/{{ release_name }}.env -n {{namespace}} --dry-run -o=yaml | kubectl apply -f -"
+
+- name: check helm release
+  shell:  helm ls | grep {{ release_name }}
+  register: output
+  ignore_errors: true
+
+- name: helm install
+  shell: helm install {{ release_name }} {{ chart_path }}
+  when: output.rc == 1
+
+- name: helm upgrade
+  shell: helm upgrade --recreate-pods {{ release_name }} {{ chart_path }}
+  when: output.rc == 0
\ No newline at end of file

kubernetes/ansible/roles/helm-deploy/tasks/main.yml

+- name: rename template
+  template:
+    src: "{{ chart_path }}/values.j2"
+    dest: "{{ chart_path }}/values.yaml"
+
+
+- name: helm install
+  shell: helm upgrade --install --recreate-pods {{ release_name }} {{ chart_path }}
+  #shell: helm template {{ chart_path }} > /tmp/test.yaml
\ No newline at end of file

kubernetes/ansible/roles/istio/README.md

+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

kubernetes/ansible/roles/istio/defaults/main.yml

+---
+# defaults file for istio
+
+

kubernetes/ansible/roles/istio/handlers/main.yml

+---
+# handlers file for istio
\ No newline at end of file

kubernetes/ansible/roles/istio/meta/main.yml

+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+
+  min_ansible_version: 1.2
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  #github_branch:
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
\ No newline at end of file

kubernetes/ansible/roles/istio/tasks/main.yml

+---
+# tasks file for istio
+- name: tempating variables
+  template:
+    src: "{{ item }}.yaml"
+    dest: "/tmp/{{item}}.yaml"
+  with_items:
+    - istio
+
+- name: initializing istio-crds
+  shell: helm upgrade --install istio-init {{ chart_path }}/istio-init --namespace istio-system
+
+- name: waiting for crds to get completed
+  pause:
+    seconds: 30
+
+- name: Creating kiali secrtes
+  shell:
+    cmd: |
+      cat <<EOF | kubectl apply -f -
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: kiali
+        namespace: istio-system
+        labels:
+          app: kiali
+      type: Opaque
+      data:
+        username: "{{ 'admin' | b64encode }}"
+        passphrase: "{{ grafana_admin_password | b64encode }}"
+      EOF
+
+- name: installing istio
+  shell: helm upgrade --install istio {{ chart_path }}/istio --namespace istio-system -f /tmp/istio.yaml

kubernetes/ansible/roles/istio/templates/istio.yaml

+gateways:
+  enabled: true
+nodeagent:
+  enabled: true
+  image: node-agent-k8s
+  env:
+    CA_PROVIDER: "Citadel"
+    CA_ADDR: "istio-citadel:8060"
+    VALID_TOKEN: true
+prometheus:
+  enabled: false
+tracing:
+  enabled: true
+kiali:
+  enabled: true
+  prometheusAddr: http://sunbird-monitoring-prometheus.monitoring.svc.cluster.local:9090
+  dashboard:
+    grafanaURL: http://prometheus-operator-grafana.monitoring.svc.cluster.local
+istiocoredns:
+  enabled: true
+global:
+  proxy:
+    accessLogFile: "/dev/stdout"
+    readinessPeriodSeconds: 5
+pilot:
+  env:
+    PILOT_HTTP10: "1"
+
+gateways:
+  istio-ingressgateway:
+    sds:
+      enabled: true
+    type: NodePort
+    externalTrafficPolicy: Local