Packer.Images/ansible/vars/metacluster.yml

231 lines
7.1 KiB
YAML
Raw Normal View History

platform:
2022-06-27 07:03:43 +00:00
k3s:
version: v1.24.1+k3s1
2022-06-24 21:44:10 +00:00
gitops:
repository:
uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# revision: v0.1.0
revision: HEAD
packaged_components:
- name: traefik
namespace: kube-system
2022-07-14 09:04:35 +00:00
config: |2
additionalArguments:
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
- "--certificatesResolvers.stepca.acme.email=admin"
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
2022-08-26 09:31:12 +00:00
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
globalArguments: []
ingressRoute:
dashboard:
enabled: false
ports:
ssh:
port: 8022
protocol: TCP
web:
redirectTo: websecure
websecure:
tls:
certResolver: stepca
helm_repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: harbor
url: https://helm.goharbor.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: argo
url: https://argoproj.github.io/argo-helm
2022-07-15 10:14:12 +00:00
- name: sealed-secrets
url: https://bitnami-labs.github.io/sealed-secrets
2022-08-22 10:52:47 +00:00
- name: smallstep
url: https://smallstep.github.io/helm-charts/
components:
longhorn:
helm:
version: 1.3.0
chart: longhorn/longhorn
2022-06-27 10:27:11 +00:00
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-07-09 10:35:29 +00:00
defaultSettings:
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress:
enabled: true
2022-07-11 07:24:04 +00:00
host: storage.{{ vapp['metacluster.fqdn'] }}
2022-07-09 10:35:29 +00:00
persistence:
defaultClassReplicaCount: 1
2022-08-22 12:28:06 +00:00
step-certificates:
2022-08-22 10:52:47 +00:00
helm:
version: 1.18.2+20220324
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
2022-08-25 11:08:35 +00:00
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
2022-08-22 10:52:47 +00:00
inject:
secrets:
2022-08-23 10:37:38 +00:00
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
2022-08-22 10:52:47 +00:00
service:
targetPort: 9000
2022-06-24 21:44:10 +00:00
harbor:
helm:
version: 1.9.1 # (= Harbor v2.5.1)
chart: harbor/harbor
2022-06-27 10:27:11 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
2022-07-09 10:35:29 +00:00
expose:
ingress:
annotations: {}
2022-07-09 10:35:29 +00:00
hosts:
2022-07-11 07:24:04 +00:00
core: registry.{{ vapp['metacluster.fqdn'] }}
tls:
certSource: none
enabled: false
2022-07-11 07:24:04 +00:00
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
2022-07-09 10:35:29 +00:00
notary:
enabled: false
2022-06-24 21:44:10 +00:00
gitea:
helm:
version: v5.0.9 # (= Gitea v1.16.8)
chart: gitea-charts/gitea
2022-06-27 20:50:12 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
config:
offlineMode: true
2022-07-09 10:35:29 +00:00
gitea:
admin:
username: administrator
2022-07-11 07:24:04 +00:00
password: "{{ vapp['guestinfo.rootpw'] }}"
email: admin@{{ vapp['metacluster.fqdn'] }}
2022-07-09 10:35:29 +00:00
image:
pullPolicy: IfNotPresent
ingress:
enabled: true
hosts:
2022-07-11 07:24:04 +00:00
- host: git.{{ vapp['metacluster.fqdn'] }}
2022-07-09 10:35:29 +00:00
paths:
- path: /
pathType: Prefix
service:
ssh:
type: ClusterIP
port: 22
clusterIP:
2022-07-10 08:10:36 +00:00
argo-cd:
helm:
version: 4.9.7 # (= ArgoCD v2.4.2)
chart: argo/argo-cd
2022-06-27 10:27:11 +00:00
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values: !unsafe |
configs:
secret:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
controller:
volumeMounts:
- name: custom-ca-certificates
mountPath: /etc/ssl/certs/root_ca.crt
subPath: root_ca.crt
volumes:
- name: custom-ca-certificates
secret:
defaultMode: 420
secretName: step-certificates-certs
repoServer:
volumeMounts:
- name: custom-ca-certificates
mountPath: /etc/ssl/certs/root_ca.crt
subPath: root_ca.crt
volumes:
- name: custom-ca-certificates
secret:
defaultMode: 420
secretName: step-certificates-certs
server:
extraArgs:
- --insecure
ingress:
enabled: true
hosts:
2022-07-11 07:24:04 +00:00
- gitops.{{ vapp['metacluster.fqdn'] }}
volumeMounts:
- name: custom-ca-certificates
mountPath: /etc/ssl/certs/root_ca.crt
subPath: root_ca.crt
volumes:
- name: custom-ca-certificates
secret:
defaultMode: 420
secretName: step-certificates-certs
2022-06-24 21:44:10 +00:00
sealed-secrets:
helm:
version: 2.4.0 # (= SealedSecrets v0.18.1)
2022-07-18 10:38:55 +00:00
chart: sealed-secrets/sealed-secrets
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-06-24 21:44:10 +00:00
dependencies:
ansible_galaxy_collections:
- ansible.posix
- ansible.utils
- community.crypto
2022-06-24 21:44:10 +00:00
- community.general
- community.vmware
2022-06-24 21:44:10 +00:00
- kubernetes.core
2022-08-09 09:57:31 +00:00
container_images:
- vmware/powerclicore:12.7
2022-06-24 21:44:10 +00:00
static_binaries:
- filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive: compressed
2022-06-25 18:23:27 +00:00
- filename: helm
url: https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz
archive: compressed
extra_opts: --strip-components=1
- filename: skopeo
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.9.1/skopeo
2022-08-23 10:37:38 +00:00
- filename: step
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.21.0/step_linux_0.21.0_amd64.tar.gz
archive: compressed
extra_opts: --strip-components=2
2022-06-25 18:23:27 +00:00
- filename: yq
url: http://github.com/mikefarah/yq/releases/download/v4.25.3/yq_linux_amd64
packages:
2022-08-03 11:53:54 +00:00
apt:
- lvm2
pip:
- jmespath
- kubernetes
2022-08-03 11:53:54 +00:00
- passlib
- pyvmomi