Packer.Images/ansible/vars/metacluster.yml

371 lines
13 KiB
YAML
Raw Normal View History

platform:
2022-06-27 07:03:43 +00:00
k3s:
version: v1.30.0+k3s1
# version: v1.27.1+k3s1
2022-06-24 21:44:10 +00:00
packaged_components:
- name: traefik
namespace: kube-system
2022-07-14 09:04:35 +00:00
config: |2
additionalArguments:
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
- "--certificatesResolvers.stepca.acme.email=admin"
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
2022-08-26 09:31:12 +00:00
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
globalArguments: []
ingressRoute:
dashboard:
enabled: false
ports:
ssh:
port: 8022
protocol: TCP
web:
redirectTo:
port: websecure
websecure:
tls:
certResolver: stepca
2023-01-25 10:21:08 +00:00
updateStrategy:
type: Recreate
rollingUpdate: null
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: dexidp
url: https://charts.dexidp.io
2022-09-19 11:15:09 +00:00
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
url: https://helm.goharbor.io
- name: jetstack
url: https://charts.jetstack.io
- name: longhorn
url: https://charts.longhorn.io
2023-02-22 16:33:37 +00:00
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
2022-08-22 10:52:47 +00:00
- name: smallstep
url: https://smallstep.github.io/helm-charts/
- name: spamasaurus
url: https://code.spamasaurus.com/api/packages/djpbessems/helm
components:
2022-09-19 11:15:09 +00:00
argo-cd:
helm:
2024-06-07 02:22:53 +00:00
version: 6.7.7 # (=ArgoCD v.2.10.5)
2022-09-19 11:15:09 +00:00
chart: argo/argo-cd
2022-06-27 10:27:11 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-09-19 11:15:09 +00:00
configs:
2024-06-07 02:22:53 +00:00
cm:
resource.compareoptions: |
ignoreAggregatedRoles: true
resource.customizations.ignoreDifferences.all: |
jsonPointers:
- /spec/conversion/webhook/clientConfig/caBundle
params:
server.insecure: true
2022-09-19 11:15:09 +00:00
secret:
argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
2024-06-07 02:22:53 +00:00
global:
domain: gitops.{{ vapp['metacluster.fqdn'] | lower }}
2022-09-19 11:15:09 +00:00
server:
2022-07-09 10:35:29 +00:00
ingress:
2022-09-19 11:15:09 +00:00
enabled: true
cert-manager:
helm:
2024-06-07 02:22:53 +00:00
version: 1.14.4
2022-09-19 11:15:09 +00:00
chart: jetstack/cert-manager
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2024-06-07 02:22:53 +00:00
chart_values: !unsafe |
installCRDs: true
2022-06-24 21:44:10 +00:00
clusterapi:
management:
version:
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
2024-06-07 02:22:53 +00:00
base: v1.6.3
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `components.cert-manager.helm.version`
2024-06-07 02:22:53 +00:00
cert_manager: v1.14.4
infrastructure_vsphere: v1.9.2
ipam_incluster: v0.1.0
2023-03-29 20:01:43 +00:00
# Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
2024-06-07 02:22:53 +00:00
cpi_vsphere: v1.30.1
workload:
version:
2024-06-07 02:22:53 +00:00
calico: v3.27.3
k8s: v1.30.1
2022-11-08 19:17:36 +00:00
node_template:
2024-06-08 11:57:45 +00:00
# url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova
url: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/releases/download/templates%2Fv1.30.0/ubuntu-2204-kube-v1.30.0.ova
dex:
helm:
version: 0.15.3 # (= Dex 2.37.0)
chart: dexidp/dex
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
config:
issuer: https://idps.{{ vapp['metacluster.fqdn'] }}
storage:
type: kubernetes
config:
inCluster: true
staticClients:
- id: pinniped-supervisor
secret: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) }}"
name: Pinniped Supervisor client
redirectURIs:
- https://auth.{{ vapp['metacluster.fqdn'] }}/sso/callback
enablePasswordDB: true
staticPasswords:
- email: user@{{ vapp['metacluster.fqdn'] }}
hash: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
username: user
userID: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) | to_uuid }}"
ingress:
enabled: true
hosts:
- host: idps.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
gitea:
helm:
2024-06-07 02:22:53 +00:00
version: v10.1.3 # (= Gitea v1.21.7)
chart: gitea-charts/gitea
2022-06-27 20:50:12 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
extraVolumes:
- secret:
defaultMode: 420
2023-08-25 14:16:26 +00:00
secretName: step-certificates-certs
name: step-certificates-certs
extraVolumeMounts:
- mountPath: /etc/ssl/certs/ca-chain.crt
name: step-certificates-certs
readOnly: true
subPath: ca_chain.crt
2022-07-09 10:35:29 +00:00
gitea:
admin:
username: administrator
password: "{{ vapp['metacluster.password'] }}"
2024-06-07 02:22:53 +00:00
email: administrator@{{ vapp['metacluster.fqdn'] | lower }}
config:
2024-06-07 02:22:53 +00:00
cache:
ADAPTER: memory
server:
OFFLINE_MODE: true
PROTOCOL: http
2024-06-07 02:22:53 +00:00
ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] | lower }}/
session:
PROVIDER: db
2022-07-09 10:35:29 +00:00
image:
pullPolicy: IfNotPresent
ingress:
enabled: true
hosts:
2024-06-07 02:22:53 +00:00
- host: git.{{ vapp['metacluster.fqdn'] | lower }}
2022-07-09 10:35:29 +00:00
paths:
- path: /
pathType: Prefix
2024-06-07 02:22:53 +00:00
postgresql:
enabled: true
image:
tag: 16.1.0-debian-11-r25
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
2022-09-19 11:15:09 +00:00
harbor:
helm:
2024-06-07 02:22:53 +00:00
version: 1.14.1 # (= Harbor v2.10.1)
2022-09-19 11:15:09 +00:00
chart: harbor/harbor
2022-06-27 10:27:11 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-09-19 11:15:09 +00:00
expose:
ingress:
2022-09-19 11:15:09 +00:00
annotations: {}
hosts:
2024-06-07 02:22:53 +00:00
core: registry.{{ vapp['metacluster.fqdn'] | lower }}
2022-09-19 11:15:09 +00:00
tls:
certSource: none
enabled: false
2024-06-07 02:22:53 +00:00
externalURL: https://registry.{{ vapp['metacluster.fqdn'] | lower }}
harborAdminPassword: "{{ vapp['metacluster.password'] }}"
2022-09-19 11:15:09 +00:00
notary:
enabled: false
2022-12-04 10:22:17 +00:00
persistence:
persistentVolumeClaim:
registry:
size: 25Gi
2022-09-19 11:15:09 +00:00
json-server:
helm:
version: v0.8.4
chart: spamasaurus/json-server
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
ingress:
enabled: true
hosts:
- host: version.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
jsonServer:
image:
repository: code.spamasaurus.com/djpbessems/json-server
seedData:
2023-07-19 20:46:51 +00:00
configInline: {}
sidecar:
targetUrl: version.{{ vapp['metacluster.fqdn'] }}
image:
repository: code.spamasaurus.com/djpbessems/json-server
2023-02-22 20:12:23 +00:00
kube-prometheus-stack:
2023-02-22 16:33:37 +00:00
helm:
version: 45.2.0
2023-02-22 19:47:41 +00:00
chart: prometheus-community/kube-prometheus-stack
2023-02-22 16:33:37 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
alertmanager:
enabled: false
global:
imageRegistry: registry.{{ vapp['metacluster.fqdn'] }}
kubevip:
2023-01-21 15:22:24 +00:00
# Must match the version referenced at `dependencies.container_images`
2024-06-07 02:22:53 +00:00
version: v0.6.3
2022-09-19 11:15:09 +00:00
longhorn:
helm:
2024-06-07 02:22:53 +00:00
version: 1.5.4
2022-09-19 11:15:09 +00:00
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
2024-06-07 02:22:53 +00:00
concurrentReplicaRebuildPerNodeLimit: 10
2022-09-19 11:15:09 +00:00
defaultDataPath: /mnt/blockstorage
2024-06-07 02:22:53 +00:00
logLevel: Info
nodeDrainPolicy: block-for-eviction-if-contains-last-replica
replicaSoftAntiAffinity: true
priorityClass: system-node-critical
storageOverProvisioningPercentage: 200
storageReservedPercentageForDefaultDisk: 0
2022-09-19 11:15:09 +00:00
ingress:
enabled: true
2024-06-07 02:22:53 +00:00
host: storage.{{ vapp['metacluster.fqdn'] | lower }}
longhornManager:
priorityClass: system-node-critical
longhornDriver:
priorityClass: system-node-critical
2022-06-24 21:44:10 +00:00
pinniped:
helm:
2023-10-21 13:37:34 +00:00
version: 1.3.10 # (= Pinniped v0.27.0)
chart: bitnami/pinniped
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
concierge:
enabled: false
supervisor:
service:
public:
type: ClusterIP
local-user-authenticator:
# Must match the appVersion (!=chart version) referenced at `components.pinniped.helm.version`
version: v0.27.0
users:
- username: metauser
2023-10-22 18:28:54 +00:00
password: !unsafe "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
- username: metaguest
2023-10-22 18:28:54 +00:00
password: !unsafe "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
2022-09-19 11:15:09 +00:00
step-certificates:
helm:
2024-06-07 02:22:53 +00:00
version: 1.25.2 # (= step-ca v0.25.2)
2022-09-19 11:15:09 +00:00
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
inject:
secrets:
ca_password: "{{ vapp['metacluster.password'] | b64encode }}"
provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}"
2022-09-19 11:15:09 +00:00
2022-06-24 21:44:10 +00:00
dependencies:
ansible_galaxy_collections:
- ansible.posix
- ansible.utils
- community.crypto
2022-06-24 21:44:10 +00:00
- community.general
- community.vmware
2022-06-24 21:44:10 +00:00
- kubernetes.core
- lvrfrc87.git_acp
2022-06-24 21:44:10 +00:00
2022-08-09 09:57:31 +00:00
container_images:
2023-01-24 09:41:22 +00:00
# This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
- busybox:1
2024-06-07 02:22:53 +00:00
- ghcr.io/kube-vip/kube-vip:v0.6.3
# The following list is generated by running the following commands:
# $ clusterctl init -i vsphere:<version> [...]
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
2023-10-06 11:16:38 +00:00
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.27.0
2024-06-07 02:22:53 +00:00
- gcr.io/cloud-provider-vsphere/csi/release/driver:v3.1.0
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v3.1.0
- registry.k8s.io/sig-storage/csi-attacher:v4.3.0
- registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0
- registry.k8s.io/sig-storage/csi-provisioner:v3.5.0
- registry.k8s.io/sig-storage/csi-resizer:v1.8.0
- registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2
- registry.k8s.io/sig-storage/livenessprobe:v2.10.0
2022-06-24 21:44:10 +00:00
static_binaries:
2022-09-19 11:15:09 +00:00
- filename: clusterctl
2024-06-07 02:22:53 +00:00
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/clusterctl-linux-amd64
- filename: govc
2024-06-07 02:22:53 +00:00
url: https://github.com/vmware/govmomi/releases/download/v0.36.3/govc_Linux_x86_64.tar.gz
archive: compressed
2022-06-25 18:23:27 +00:00
- filename: helm
2024-06-07 02:22:53 +00:00
url: https://get.helm.sh/helm-v3.14.3-linux-amd64.tar.gz
archive: compressed
extra_opts: --strip-components=1
- filename: kubectl-slice
2024-06-07 02:22:53 +00:00
url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.9/kubectl-slice_linux_x86_64.tar.gz
archive: compressed
- filename: pinniped
url: https://github.com/vmware-tanzu/pinniped/releases/download/v0.25.0/pinniped-cli-linux-amd64
- filename: skopeo
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
2022-08-23 10:37:38 +00:00
- filename: step
2024-06-07 02:22:53 +00:00
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.25.2/step_linux_0.25.2_amd64.tar.gz
2022-08-23 10:37:38 +00:00
archive: compressed
extra_opts: --strip-components=2
2022-06-25 18:23:27 +00:00
- filename: yq
2024-06-07 02:22:53 +00:00
url: https://github.com/mikefarah/yq/releases/download/v4.43.1/yq_linux_amd64
packages:
2022-08-03 11:53:54 +00:00
apt:
- lvm2
pip:
- jmespath
- kubernetes
2022-09-06 14:37:26 +00:00
- netaddr
2022-08-03 11:53:54 +00:00
- passlib
- pyvmomi