Packer.Images/ansible/vars/metacluster.yml

259 lines
8.8 KiB
YAML
Raw Normal View History

platform:
2022-06-27 07:03:43 +00:00
k3s:
version: v1.26.0+k3s1
2022-06-24 21:44:10 +00:00
gitops:
repository:
uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# revision: v0.1.0
revision: HEAD
packaged_components:
- name: traefik
namespace: kube-system
2022-07-14 09:04:35 +00:00
config: |2
additionalArguments:
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
- "--certificatesResolvers.stepca.acme.email=admin"
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
2022-08-26 09:31:12 +00:00
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
globalArguments: []
ingressRoute:
dashboard:
enabled: false
ports:
ssh:
port: 8022
protocol: TCP
web:
redirectTo: websecure
websecure:
tls:
certResolver: stepca
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
2022-09-19 11:15:09 +00:00
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
url: https://helm.goharbor.io
- name: jetstack
url: https://charts.jetstack.io
- name: longhorn
url: https://charts.longhorn.io
2022-07-15 10:14:12 +00:00
- name: sealed-secrets
url: https://bitnami-labs.github.io/sealed-secrets
2022-08-22 10:52:47 +00:00
- name: smallstep
url: https://smallstep.github.io/helm-charts/
components:
2022-09-19 11:15:09 +00:00
argo-cd:
helm:
# version: 4.9.7 # (= ArgoCD v2.4.2)
version: 5.14.1 # (= ArgoCD v2.5.2)
2022-09-19 11:15:09 +00:00
chart: argo/argo-cd
2022-06-27 10:27:11 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-09-19 11:15:09 +00:00
configs:
secret:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
server:
extraArgs:
- --insecure
2022-07-09 10:35:29 +00:00
ingress:
2022-09-19 11:15:09 +00:00
enabled: true
2022-07-09 10:35:29 +00:00
hosts:
2022-09-19 11:15:09 +00:00
- gitops.{{ vapp['metacluster.fqdn'] }}
cert-manager:
helm:
2022-11-24 09:04:46 +00:00
version: 1.10.1
2022-09-19 11:15:09 +00:00
chart: jetstack/cert-manager
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# installCRDs: true
2022-06-24 21:44:10 +00:00
clusterapi:
management:
version:
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
base: v1.3.1
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `components.cert-manager.helm.version`
2022-11-24 09:04:46 +00:00
cert_manager: v1.10.1
infrastructure_vsphere: v1.5.1
2022-12-04 10:22:17 +00:00
ipam_incluster: v0.1.0-alpha.1
workload:
version:
calico: v3.24.5
k8s: v1.23.5
2022-11-08 19:17:36 +00:00
node_template:
# Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/v1.3.5/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
name: ubuntu-2004-kube-v1.23.5.ova
gitea:
helm:
version: v6.0.3 # (= Gitea v1.17.3)
chart: gitea-charts/gitea
2022-06-27 20:50:12 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-07-09 10:35:29 +00:00
gitea:
admin:
username: administrator
2022-07-11 07:24:04 +00:00
password: "{{ vapp['guestinfo.rootpw'] }}"
email: admin@{{ vapp['metacluster.fqdn'] }}
config:
server:
OFFLINE_MODE: true
PROTOCOL: http
ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/
2022-07-09 10:35:29 +00:00
image:
pullPolicy: IfNotPresent
ingress:
enabled: true
hosts:
2022-07-11 07:24:04 +00:00
- host: git.{{ vapp['metacluster.fqdn'] }}
2022-07-09 10:35:29 +00:00
paths:
- path: /
pathType: Prefix
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
2022-09-19 11:15:09 +00:00
harbor:
helm:
version: 1.10.2 # (= Harbor v2.6.2)
2022-09-19 11:15:09 +00:00
chart: harbor/harbor
2022-06-27 10:27:11 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-09-19 11:15:09 +00:00
expose:
ingress:
2022-09-19 11:15:09 +00:00
annotations: {}
hosts:
2022-09-19 11:15:09 +00:00
core: registry.{{ vapp['metacluster.fqdn'] }}
tls:
certSource: none
enabled: false
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
notary:
enabled: false
2022-12-04 10:22:17 +00:00
persistence:
persistentVolumeClaim:
registry:
size: 25Gi
2022-09-19 11:15:09 +00:00
longhorn:
helm:
version: 1.4.0
2022-09-19 11:15:09 +00:00
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress:
enabled: true
host: storage.{{ vapp['metacluster.fqdn'] }}
persistence:
defaultClassReplicaCount: 1
2022-06-24 21:44:10 +00:00
sealed-secrets:
helm:
2022-12-15 21:17:07 +00:00
# Must match the version referenced within `https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git`
version: 2.7.1 # (= SealedSecrets v0.19.2)
2022-07-18 10:38:55 +00:00
chart: sealed-secrets/sealed-secrets
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-09-19 11:15:09 +00:00
step-certificates:
helm:
version: 1.18.2+20220324
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
inject:
secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
service:
targetPort: 9000
2022-06-24 21:44:10 +00:00
dependencies:
ansible_galaxy_collections:
- ansible.posix
- ansible.utils
- community.crypto
2022-06-24 21:44:10 +00:00
- community.general
- community.vmware
2022-06-24 21:44:10 +00:00
- kubernetes.core
2022-08-09 09:57:31 +00:00
container_images:
# - vmware/powerclicore:12.7
# The following list is generated by running the following commands:
# $ clusterctl init -i vsphere:<version> [...]
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.18.1
- gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0
- quay.io/k8scsi/csi-attacher:v3.0.0
- quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
- quay.io/k8scsi/csi-provisioner:v2.0.0
- quay.io/k8scsi/livenessprobe:v2.1.0
# This seems to be a hardcoded containerd dependency (see '/etc/containerd/config.toml' on a provisioned node)
- k8s.gcr.io/pause:3.6
2022-06-24 21:44:10 +00:00
static_binaries:
2022-09-19 11:15:09 +00:00
- filename: clusterctl
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.1/clusterctl-linux-amd64
- filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive: compressed
2022-06-25 18:23:27 +00:00
- filename: helm
url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
archive: compressed
extra_opts: --strip-components=1
- filename: kubeseal
url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.2/kubeseal-0.19.2-linux-amd64.tar.gz
archive: compressed
- filename: skopeo
2022-11-14 11:37:24 +00:00
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0-dev/skopeo
2022-08-23 10:37:38 +00:00
- filename: step
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
2022-08-23 10:37:38 +00:00
archive: compressed
extra_opts: --strip-components=2
2022-06-25 18:23:27 +00:00
- filename: yq
url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
- filename: npp-prepper
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
packages:
2022-08-03 11:53:54 +00:00
apt:
- lvm2
pip:
- jmespath
- kubernetes
2022-09-06 14:37:26 +00:00
- netaddr
2022-08-03 11:53:54 +00:00
- passlib
- pyvmomi