2022-06-26 15:54:19 +00:00
platform :
2022-06-27 07:03:43 +00:00
2022-06-26 15:54:19 +00:00
k3s :
2023-02-07 10:58:44 +00:00
version : v1.26.1+k3s1
2022-06-24 21:44:10 +00:00
2022-07-18 10:09:54 +00:00
gitops :
2022-07-31 16:17:13 +00:00
repository :
uri : https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# revision: v0.1.0
revision : HEAD
2022-07-18 10:09:54 +00:00
2022-07-14 08:33:26 +00:00
packaged_components :
- name : traefik
namespace : kube-system
2022-07-14 09:04:35 +00:00
config : |2
2022-08-23 12:31:53 +00:00
additionalArguments :
2022-08-27 19:10:51 +00:00
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
2022-08-23 12:31:53 +00:00
- "--certificatesResolvers.stepca.acme.email=admin"
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
2022-08-26 09:31:12 +00:00
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
2022-07-15 12:39:33 +00:00
globalArguments : [ ]
2022-08-23 12:31:53 +00:00
ingressRoute :
dashboard :
enabled : false
2022-07-14 08:33:26 +00:00
ports :
ssh :
port : 8022
protocol : TCP
web :
redirectTo : websecure
2022-08-25 10:04:51 +00:00
websecure :
tls :
certResolver : stepca
2023-01-25 10:21:08 +00:00
updateStrategy :
type : Recreate
rollingUpdate : null
2022-07-14 08:33:26 +00:00
2022-06-24 22:50:44 +00:00
helm_repositories :
2022-06-26 19:20:16 +00:00
- name : argo
url : https://argoproj.github.io/argo-helm
2023-02-10 14:12:54 +00:00
- name : dex
url : https://charts.dexidp.io
2022-09-19 11:15:09 +00:00
- name : gitea-charts
url : https://dl.gitea.io/charts/
- name : harbor
url : https://helm.goharbor.io
- name : jetstack
url : https://charts.jetstack.io
- name : longhorn
url : https://charts.longhorn.io
2022-08-22 10:52:47 +00:00
- name : smallstep
url : https://smallstep.github.io/helm-charts/
2022-06-24 22:50:44 +00:00
2022-06-26 15:54:19 +00:00
components :
2022-09-19 11:15:09 +00:00
argo-cd :
2022-06-26 19:20:16 +00:00
helm :
2023-02-13 11:04:32 +00:00
version : 5.20 .3 # (= ArgoCD v2.6.1)
2022-09-19 11:15:09 +00:00
chart : argo/argo-cd
2022-06-27 10:27:11 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values : !unsafe |
2022-09-19 11:15:09 +00:00
configs :
secret :
2023-01-02 20:20:08 +00:00
argocdServerAdminPassword : "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
2022-09-19 11:15:09 +00:00
server :
extraArgs :
- --insecure
2022-07-09 10:35:29 +00:00
ingress :
2022-09-19 11:15:09 +00:00
enabled : true
2022-07-09 10:35:29 +00:00
hosts :
2022-09-19 11:15:09 +00:00
- gitops.{{ vapp['metacluster.fqdn'] }}
cert-manager :
helm :
2023-02-01 09:54:47 +00:00
version : 1.11 .0
2022-09-19 11:15:09 +00:00
chart : jetstack/cert-manager
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# installCRDs: true
2022-06-24 21:44:10 +00:00
2022-11-06 13:21:35 +00:00
clusterapi :
2022-11-08 07:54:33 +00:00
management :
2022-11-06 12:23:14 +00:00
version :
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
2023-02-01 09:54:47 +00:00
base : v1.3.3
2022-11-07 13:06:34 +00:00
# Must match the version referenced at `components.cert-manager.helm.version`
2023-02-01 09:54:47 +00:00
cert_manager : v1.11.0
2023-02-07 10:58:44 +00:00
infrastructure_vsphere : v1.5.2
ipam_incluster : v0.1.0-alpha.2
2022-11-08 07:54:33 +00:00
workload :
version :
2023-02-07 10:58:44 +00:00
calico : v3.25.0
2023-01-18 10:31:26 +00:00
# k8s: v1.25.5
2023-02-01 11:17:53 +00:00
k8s : v1.23.5
2022-11-08 19:17:36 +00:00
node_template :
2023-02-01 09:54:47 +00:00
# Refer to `https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/main/README.md#kubernetes-versions-with-published-ovas` for a list of supported node templates
2023-01-18 10:31:26 +00:00
# url: https://storage.googleapis.com/capv-templates/v1.25.5/ubuntu-2004-kube-v1.25.5.ova
2023-02-01 11:17:53 +00:00
url : https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova
2022-11-06 12:23:14 +00:00
2023-02-10 14:12:54 +00:00
dex :
helm :
version : 0.13 .0 # (= Dex 2.35.3)
chart : dex/dex
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values : !unsafe |
config :
2023-02-13 11:04:32 +00:00
connectors :
- type : ldap
id : ldap
name : "LDAP"
config :
host : {{ vapp['ldap.fqdn'] }}:636
insecureNoSSL : false
insecureSkipVerify : true
bindDN : {{ vapp['ldap.dn'] }}
bindPW : {{ vapp['ldap.password'] }}
usernamePrompt : "Username"
userSearch :
baseDN : OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
filter : "(objectClass=person)"
username : userPrincipalName
idAttr : DN
emailAttr : userPrincipalName
nameAttr : cn
groupSearch :
baseDN : OU=Roles,OU=Groups,DC=bessems,DC=eu
filter : "(objectClass=group)"
userMatchers :
- userAttr : DN
groupAttr : member
nameAttr : cn
2023-02-10 14:12:54 +00:00
enablePasswordDB : true
issuer : https://oidc.{{ vapp['metacluster.fqdn'] }}
storage :
type : kubernetes
config :
inCluster : true
ingress :
enabled : true
hosts :
- host : oidc.{{ vapp['metacluster.fqdn'] }}
paths :
- path : /
pathType : Prefix
2022-06-27 14:32:25 +00:00
gitea :
helm :
2023-02-03 12:11:54 +00:00
version : v7.0.2 # (= Gitea v1.18.3)
2022-06-27 14:32:25 +00:00
chart : gitea-charts/gitea
2022-06-27 20:50:12 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
2022-07-11 07:56:02 +00:00
chart_values : !unsafe |
2022-07-09 10:35:29 +00:00
gitea :
admin :
username : administrator
2023-01-02 20:20:08 +00:00
password : "{{ vapp['metacluster.password'] }}"
2022-07-11 07:24:04 +00:00
email : admin@{{ vapp['metacluster.fqdn'] }}
2022-08-31 10:04:53 +00:00
config :
server :
OFFLINE_MODE : true
PROTOCOL : http
ROOT_URL : https://git.{{ vapp['metacluster.fqdn'] }}/
2022-07-09 10:35:29 +00:00
image :
pullPolicy : IfNotPresent
ingress :
enabled : true
hosts :
2022-07-11 07:24:04 +00:00
- host : git.{{ vapp['metacluster.fqdn'] }}
2022-07-09 10:35:29 +00:00
paths :
- path : /
pathType : Prefix
2022-07-15 12:02:27 +00:00
service :
ssh :
type : ClusterIP
port : 22
clusterIP :
2022-06-27 14:32:25 +00:00
2022-09-19 11:15:09 +00:00
harbor :
2022-06-26 19:20:16 +00:00
helm :
2023-02-07 10:58:44 +00:00
version : 1.11 .0 # (= Harbor v2.7.0)
2022-09-19 11:15:09 +00:00
chart : harbor/harbor
2022-06-27 10:27:11 +00:00
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
2022-07-11 07:56:02 +00:00
chart_values : !unsafe |
2022-09-19 11:15:09 +00:00
expose :
2022-07-10 07:54:41 +00:00
ingress :
2022-09-19 11:15:09 +00:00
annotations : {}
2022-07-10 07:54:41 +00:00
hosts :
2022-09-19 11:15:09 +00:00
core : registry.{{ vapp['metacluster.fqdn'] }}
tls :
certSource : none
enabled : false
externalURL : https://registry.{{ vapp['metacluster.fqdn'] }}
2023-01-02 20:20:08 +00:00
harborAdminPassword : "{{ vapp['metacluster.password'] }}"
2022-09-19 11:15:09 +00:00
notary :
enabled : false
2022-12-04 10:22:17 +00:00
persistence :
persistentVolumeClaim :
registry :
size : 25Gi
2022-09-19 11:15:09 +00:00
2023-01-21 15:12:11 +00:00
kubevip :
2023-01-21 15:22:24 +00:00
# Must match the version referenced at `dependencies.container_images`
2023-01-21 15:12:11 +00:00
version : v0.5.8
2022-09-19 11:15:09 +00:00
longhorn :
helm :
2023-01-05 12:48:47 +00:00
version : 1.4 .0
2022-09-19 11:15:09 +00:00
chart : longhorn/longhorn
parse_logic : cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values : !unsafe |
defaultSettings :
2023-01-03 10:28:32 +00:00
allowNodeDrainWithLastHealthyReplica : true
2022-09-19 11:15:09 +00:00
defaultDataPath : /mnt/blockstorage
defaultReplicaCount : 1
ingress :
enabled : true
host : storage.{{ vapp['metacluster.fqdn'] }}
persistence :
defaultClassReplicaCount : 1
2022-06-24 21:44:10 +00:00
2022-09-19 11:15:09 +00:00
step-certificates :
helm :
2023-01-05 12:48:47 +00:00
version : 1.23 .0
2022-09-19 11:15:09 +00:00
chart : smallstep/step-certificates
parse_logic : helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values : !unsafe |
ca :
bootstrap :
postInitHook : |
2023-01-02 20:20:08 +00:00
echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
2022-09-19 11:15:09 +00:00
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns : ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
2023-01-02 20:20:08 +00:00
password : "{{ vapp['metacluster.password'] }}"
2022-09-19 11:15:09 +00:00
provisioner :
name : admin
2023-01-02 20:20:08 +00:00
password : "{{ vapp['metacluster.password'] }}"
2022-09-19 11:15:09 +00:00
inject :
secrets :
2023-01-02 20:20:08 +00:00
ca_password : "{{ vapp['metacluster.password'] | b64encode }}"
provisioner_password : "{{ vapp['metacluster.password'] | b64encode }}"
2022-09-19 11:15:09 +00:00
service :
targetPort : 9000
2022-06-24 21:44:10 +00:00
dependencies :
ansible_galaxy_collections :
2022-06-29 07:27:03 +00:00
- ansible.posix
2022-06-26 19:20:16 +00:00
- ansible.utils
2022-07-20 06:40:18 +00:00
- community.crypto
2022-06-24 21:44:10 +00:00
- community.general
2022-07-29 09:39:39 +00:00
- community.vmware
2022-06-24 21:44:10 +00:00
- kubernetes.core
2022-08-09 09:57:31 +00:00
container_images :
2023-01-24 09:41:22 +00:00
# This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
- busybox:1
2023-01-21 15:12:11 +00:00
- ghcr.io/kube-vip/kube-vip:v0.5.8
2022-11-12 10:03:22 +00:00
# The following list is generated by running the following commands:
# $ clusterctl init -i vsphere:<version> [...]
2022-11-28 15:22:15 +00:00
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.18.1
2022-11-12 10:03:22 +00:00
- gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0
2022-11-28 15:22:15 +00:00
- quay.io/k8scsi/csi-attacher:v3.0.0
- quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
2022-11-12 10:03:22 +00:00
- quay.io/k8scsi/csi-provisioner:v2.0.0
2022-11-28 15:22:15 +00:00
- quay.io/k8scsi/livenessprobe:v2.1.0
2022-06-30 14:21:19 +00:00
2022-06-24 21:44:10 +00:00
static_binaries :
2022-09-19 11:15:09 +00:00
- filename : clusterctl
2023-02-01 09:54:47 +00:00
url : https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.3/clusterctl-linux-amd64
2022-07-26 14:50:50 +00:00
- filename : govc
url : https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive : compressed
2022-06-25 18:23:27 +00:00
- filename : helm
2022-11-28 15:22:15 +00:00
url : https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
2022-06-25 16:44:43 +00:00
archive : compressed
extra_opts : --strip-components=1
2023-01-03 10:09:51 +00:00
- filename : npp-prepper
url : https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper
2022-07-27 11:33:04 +00:00
- filename : skopeo
2023-02-10 14:12:54 +00:00
url : https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0/skopeo_linux_amd64
2022-08-23 10:37:38 +00:00
- filename : step
2022-11-28 15:22:15 +00:00
url : https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
2022-08-23 10:37:38 +00:00
archive : compressed
extra_opts : --strip-components=2
2022-06-25 18:23:27 +00:00
- filename : yq
2022-11-28 15:22:15 +00:00
url : http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
2022-06-25 06:28:44 +00:00
packages :
2022-08-03 11:53:54 +00:00
apt :
- lvm2
pip :
- jmespath
2022-08-16 13:16:20 +00:00
- kubernetes
2022-09-06 14:37:26 +00:00
- netaddr
2022-08-03 11:53:54 +00:00
- passlib
- pyvmomi