Enhance Authentik role by adding Helm wait timeout for oauth2-proxy and improving task conditions for admin access and OAuth2 provider upserts. Update README with new variable descriptions and adjust Longhorn deployment tasks to ensure proper rollout before Loki installation, enhancing overall deployment reliability.

2026-05-14 15:52:42 -04:00
parent 5e5c6ef671
commit 4bc8da0225
9 changed files with 57 additions and 11 deletions
--- a/ansible/roles/noble_platform/defaults/main.yml
+++ b/ansible/roles/noble_platform/defaults/main.yml
@@ -11,6 +11,11 @@ noble_platform_kube_prometheus_operator_wait_retries: 60
 noble_platform_kube_prometheus_operator_wait_delay: 5
 # Longhorn PVCs + full stack often need 45-60m; node-exporter DaemonSet can be last at 3/4 until one node catches up.
 noble_platform_kube_prometheus_helm_wait_timeout: 60m
+# Loki SingleBinary + Longhorn PVC: Helm **--wait** can exceed **5m** defaults; raise if Longhorn attach is slow.
+noble_platform_loki_helm_wait_timeout: 30m
+# Before Loki (first Longhorn PVC workload), ensure CSI plugin DaemonSet is fully rolled out (avoids **FailedMount** / backend timeouts).
+noble_platform_wait_longhorn_csi_before_loki: true
+noble_platform_longhorn_csi_rollout_timeout: 15m

 # Decrypt **clusters/noble/secrets/*.yaml** with SOPS and kubectl apply (requires **sops**, **age**, and **age-key.txt**).
 noble_apply_sops_secrets: true
--- a/ansible/roles/noble_platform/tasks/main.yml
+++ b/ansible/roles/noble_platform/tasks/main.yml
@@ -131,6 +131,21 @@
    KUBECONFIG: "{{ noble_kubeconfig }}"
  changed_when: true

+- name: Wait for Longhorn CSI plugin before Loki (PVC attach)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - rollout
+      - status
+      - daemonset/longhorn-csi-plugin
+      - -n
+      - longhorn-system
+      - --timeout={{ noble_platform_longhorn_csi_rollout_timeout }}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  when: noble_platform_wait_longhorn_csi_before_loki | default(true) | bool
+  changed_when: false
+
 - name: Install Loki
  ansible.builtin.command:
    argv:
@@ -147,6 +162,8 @@
      - "{{ noble_repo_root }}/clusters/noble/bootstrap/loki/values.yaml"
      - --force-conflicts
      - --wait
+      - --timeout
+      - "{{ noble_platform_loki_helm_wait_timeout }}"
  environment:
    KUBECONFIG: "{{ noble_kubeconfig }}"
  changed_when: true