2022-06-26 15:54:19 +00:00
platform :
2022-06-27 07:03:43 +00:00
2022-06-26 15:54:19 +00:00
k3s :
2022-12-30 17:05:30 +00:00
version : v1.26.0+k3s1
2022-06-24 21:44:10 +00:00
2022-07-18 10:09:54 +00:00
gitops :
2022-07-31 16:17:13 +00:00
repository :
uri : https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# revision: v0.1.0
revision : HEAD
2022-07-18 10:09:54 +00:00
2022-07-14 08:33:26 +00:00
packaged_components :
- name : traefik
namespace : kube-system
2022-07-14 09:04:35 +00:00
config : |2
2022-08-23 12:31:53 +00:00
additionalArguments :
2022-08-27 19:10:51 +00:00
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
2022-08-23 12:31:53 +00:00
- "--certificatesResolvers.stepca.acme.email=admin"
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
2022-08-26 09:31:12 +00:00
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
2022-07-15 12:39:33 +00:00
globalArguments : [ ]
2022-08-23 12:31:53 +00:00
ingressRoute :
dashboard :
enabled : false
2022-07-14 08:33:26 +00:00
ports :
ssh :
port : 8022
protocol : TCP
web :
redirectTo : websecure
2022-08-25 10:04:51 +00:00
websecure :
tls :
certResolver : stepca
2022-07-14 08:33:26 +00:00
2022-06-24 22:50:44 +00:00
helm_repositories :
2022-06-26 19:20:16 +00:00
- name : argo
url : https://argoproj.github.io/argo-helm
2022-09-19 11:15:09 +00:00
- name : gitea-charts
url : https://dl.gitea.io/charts/
- name : harbor
url : https://helm.goharbor.io
- name : jetstack
url : https://charts.jetstack.io
- name : longhorn
url : https://charts.longhorn.io
2022-07-15 10:14:12 +00:00
- name : sealed-secrets
url : https://bitnami-labs.github.io/sealed-secrets
2022-08-22 10:52:47 +00:00
- name : smallstep
url : https://smallstep.github.io/helm-charts/
2022-06-24 22:50:44 +00:00
2022-06-26 15:54:19 +00:00
components :
2022-09-19 11:15:09 +00:00
argo-cd :
2022-06-26 19:20:16 +00:00
helm :
2022-11-28 15:22:15 +00:00
# version: 4.9.7 # (= ArgoCD v2.4.2)
version : 5.14 .1 # (= ArgoCD v2.5.2)
2022-09-19 11:15:09 +00:00
chart : argo/argo-cd
2022-06-27 10:27:11 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values : !unsafe |
2022-09-19 11:15:09 +00:00
configs :
secret :
argocdServerAdminPassword : "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
server :
extraArgs :
- --insecure
2022-07-09 10:35:29 +00:00
ingress :
2022-09-19 11:15:09 +00:00
enabled : true
2022-07-09 10:35:29 +00:00
hosts :
2022-09-19 11:15:09 +00:00
- gitops.{{ vapp['metacluster.fqdn'] }}
cert-manager :
helm :
2022-11-24 09:04:46 +00:00
version : 1.10 .1
2022-09-19 11:15:09 +00:00
chart : jetstack/cert-manager
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# installCRDs: true
2022-06-24 21:44:10 +00:00
2022-11-06 13:21:35 +00:00
clusterapi :
2022-11-08 07:54:33 +00:00
management :
2022-11-06 12:23:14 +00:00
version :
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
2022-12-30 17:05:30 +00:00
base : v1.3.1
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `components.cert-manager.helm.version`
2022-11-24 09:04:46 +00:00
cert_manager : v1.10.1
2022-12-30 17:05:30 +00:00
infrastructure_vsphere : v1.5.1
2022-12-04 10:22:17 +00:00
ipam_incluster : v0.1.0-alpha.1
2022-11-08 07:54:33 +00:00
workload :
version :
2022-11-28 09:25:25 +00:00
calico : v3.24.5
2022-11-08 07:54:33 +00:00
k8s : v1.23.5
2022-11-08 19:17:36 +00:00
node_template :
# Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/v1.3.5/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
url : https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
name : ubuntu-2004-kube-v1.23.5.ova
2022-11-06 12:23:14 +00:00
2022-06-27 14:32:25 +00:00
gitea :
helm :
2022-11-28 15:22:15 +00:00
version : v6.0.3 # (= Gitea v1.17.3)
2022-06-27 14:32:25 +00:00
chart : gitea-charts/gitea
2022-06-27 20:50:12 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
2022-07-11 07:56:02 +00:00
chart_values : !unsafe |
2022-07-09 10:35:29 +00:00
gitea :
admin :
username : administrator
2022-07-11 07:24:04 +00:00
password : "{{ vapp['guestinfo.rootpw'] }}"
email : admin@{{ vapp['metacluster.fqdn'] }}
2022-08-31 10:04:53 +00:00
config :
server :
OFFLINE_MODE : true
PROTOCOL : http
ROOT_URL : https://git.{{ vapp['metacluster.fqdn'] }}/
2022-07-09 10:35:29 +00:00
image :
pullPolicy : IfNotPresent
ingress :
enabled : true
hosts :
2022-07-11 07:24:04 +00:00
- host : git.{{ vapp['metacluster.fqdn'] }}
2022-07-09 10:35:29 +00:00
paths :
- path : /
pathType : Prefix
2022-07-15 12:02:27 +00:00
service :
ssh :
type : ClusterIP
port : 22
clusterIP :
2022-06-27 14:32:25 +00:00
2022-09-19 11:15:09 +00:00
harbor :
2022-06-26 19:20:16 +00:00
helm :
2022-11-28 15:22:15 +00:00
version : 1.10 .2 # (= Harbor v2.6.2)
2022-09-19 11:15:09 +00:00
chart : harbor/harbor
2022-06-27 10:27:11 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values : !unsafe |
2022-09-19 11:15:09 +00:00
expose :
2022-07-10 07:54:41 +00:00
ingress :
2022-09-19 11:15:09 +00:00
annotations : {}
2022-07-10 07:54:41 +00:00
hosts :
2022-09-19 11:15:09 +00:00
core : registry.{{ vapp['metacluster.fqdn'] }}
tls :
certSource : none
enabled : false
externalURL : https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword : "{{ vapp['guestinfo.rootpw'] }}"
notary :
enabled : false
2022-12-04 10:22:17 +00:00
persistence :
persistentVolumeClaim :
registry :
size : 25Gi
2022-09-19 11:15:09 +00:00
longhorn :
helm :
2022-12-30 17:05:30 +00:00
version : 1.4 .0
2022-09-19 11:15:09 +00:00
chart : longhorn/longhorn
parse_logic : cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values : !unsafe |
defaultSettings :
defaultDataPath : /mnt/blockstorage
defaultReplicaCount : 1
ingress :
enabled : true
host : storage.{{ vapp['metacluster.fqdn'] }}
persistence :
defaultClassReplicaCount : 1
2022-06-24 21:44:10 +00:00
2022-07-18 10:09:54 +00:00
sealed-secrets :
helm :
2022-12-15 21:17:07 +00:00
# Must match the version referenced within `https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git`
2022-11-28 15:22:15 +00:00
version : 2.7 .1 # (= SealedSecrets v0.19.2)
2022-07-18 10:38:55 +00:00
chart : sealed-secrets/sealed-secrets
2022-07-18 10:09:54 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-09-19 11:15:09 +00:00
step-certificates :
helm :
version : 1.18 .2 +20220324
chart : smallstep/step-certificates
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values : !unsafe |
ca :
bootstrap :
postInitHook : |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns : ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password : "{{ vapp['guestinfo.rootpw'] }}"
provisioner :
name : admin
password : "{{ vapp['guestinfo.rootpw'] }}"
inject :
secrets :
ca_password : "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password : "{{ vapp['guestinfo.rootpw'] | b64encode }}"
service :
targetPort : 9000
2022-06-24 21:44:10 +00:00
dependencies :
ansible_galaxy_collections :
2022-06-29 07:27:03 +00:00
- ansible.posix
2022-06-26 19:20:16 +00:00
- ansible.utils
2022-07-20 06:40:18 +00:00
- community.crypto
2022-06-24 21:44:10 +00:00
- community.general
2022-07-29 09:39:39 +00:00
- community.vmware
2022-06-24 21:44:10 +00:00
- kubernetes.core
2022-08-09 09:57:31 +00:00
container_images :
2022-12-29 11:31:27 +00:00
# - vmware/powerclicore:12.7
2022-11-12 10:03:22 +00:00
# The following list is generated by running the following commands:
# $ clusterctl init -i vsphere:<version> [...]
2022-11-28 15:22:15 +00:00
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.18.1
2022-11-12 10:03:22 +00:00
- gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0
2022-11-28 15:22:15 +00:00
- quay.io/k8scsi/csi-attacher:v3.0.0
- quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
2022-11-12 10:03:22 +00:00
- quay.io/k8scsi/csi-provisioner:v2.0.0
2022-11-28 15:22:15 +00:00
- quay.io/k8scsi/livenessprobe:v2.1.0
2022-12-27 13:00:10 +00:00
# This seems to be a hardcoded containerd dependency (see '/etc/containerd/config.toml' on a provisioned node)
- k8s.gcr.io/pause:3.6
2022-06-30 14:21:19 +00:00
2022-06-24 21:44:10 +00:00
static_binaries :
2022-09-19 11:15:09 +00:00
- filename : clusterctl
2022-12-30 17:05:30 +00:00
url : https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.1/clusterctl-linux-amd64
2022-07-26 14:50:50 +00:00
- filename : govc
url : https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive : compressed
2022-06-25 18:23:27 +00:00
- filename : helm
2022-11-28 15:22:15 +00:00
url : https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
2022-06-25 16:44:43 +00:00
archive : compressed
extra_opts : --strip-components=1
2022-09-03 15:44:44 +00:00
- filename : kubeseal
2022-11-28 15:22:15 +00:00
url : https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.2/kubeseal-0.19.2-linux-amd64.tar.gz
2022-09-03 15:44:44 +00:00
archive : compressed
2022-07-27 11:33:04 +00:00
- filename : skopeo
2022-11-14 11:37:24 +00:00
url : https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0-dev/skopeo
2022-08-23 10:37:38 +00:00
- filename : step
2022-11-28 15:22:15 +00:00
url : https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
2022-08-23 10:37:38 +00:00
archive : compressed
extra_opts : --strip-components=2
2022-06-25 18:23:27 +00:00
- filename : yq
2022-11-28 15:22:15 +00:00
url : http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
2022-12-29 11:31:27 +00:00
- filename : npp-prepper
2022-12-30 17:05:30 +00:00
url : https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
2022-06-25 06:28:44 +00:00
packages :
2022-08-03 11:53:54 +00:00
apt :
- lvm2
pip :
- jmespath
2022-08-16 13:16:20 +00:00
- kubernetes
2022-09-06 14:37:26 +00:00
- netaddr
2022-08-03 11:53:54 +00:00
- passlib
- pyvmomi