2022-06-26 15:54:19 +00:00
|
|
|
platform:
|
2022-06-27 07:03:43 +00:00
|
|
|
|
2022-06-26 15:54:19 +00:00
|
|
|
k3s:
|
2023-02-07 10:58:44 +00:00
|
|
|
version: v1.26.1+k3s1
|
2022-06-24 21:44:10 +00:00
|
|
|
|
2022-07-18 10:09:54 +00:00
|
|
|
gitops:
|
2022-07-31 16:17:13 +00:00
|
|
|
repository:
|
|
|
|
uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
|
|
|
|
# revision: v0.1.0
|
|
|
|
revision: HEAD
|
2022-07-18 10:09:54 +00:00
|
|
|
|
2022-07-14 08:33:26 +00:00
|
|
|
packaged_components:
|
|
|
|
- name: traefik
|
|
|
|
namespace: kube-system
|
2022-07-14 09:04:35 +00:00
|
|
|
config: |2
|
2022-08-23 12:31:53 +00:00
|
|
|
additionalArguments:
|
2022-08-27 19:10:51 +00:00
|
|
|
- "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
|
2022-08-23 12:31:53 +00:00
|
|
|
- "--certificatesResolvers.stepca.acme.email=admin"
|
|
|
|
- "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
|
|
|
|
- "--certificatesResolvers.stepca.acme.tlsChallenge=true"
|
2022-08-26 09:31:12 +00:00
|
|
|
- "--certificatesresolvers.stepca.acme.certificatesduration=24"
|
2022-07-15 12:39:33 +00:00
|
|
|
globalArguments: []
|
2022-08-23 12:31:53 +00:00
|
|
|
ingressRoute:
|
|
|
|
dashboard:
|
|
|
|
enabled: false
|
2022-07-14 08:33:26 +00:00
|
|
|
ports:
|
|
|
|
ssh:
|
|
|
|
port: 8022
|
|
|
|
protocol: TCP
|
|
|
|
web:
|
|
|
|
redirectTo: websecure
|
2022-08-25 10:04:51 +00:00
|
|
|
websecure:
|
|
|
|
tls:
|
|
|
|
certResolver: stepca
|
2023-01-25 10:21:08 +00:00
|
|
|
updateStrategy:
|
|
|
|
type: Recreate
|
|
|
|
rollingUpdate: null
|
2022-07-14 08:33:26 +00:00
|
|
|
|
2022-06-24 22:50:44 +00:00
|
|
|
helm_repositories:
|
2022-06-26 19:20:16 +00:00
|
|
|
- name: argo
|
|
|
|
url: https://argoproj.github.io/argo-helm
|
2023-02-10 14:12:54 +00:00
|
|
|
- name: dex
|
|
|
|
url: https://charts.dexidp.io
|
2022-09-19 11:15:09 +00:00
|
|
|
- name: gitea-charts
|
|
|
|
url: https://dl.gitea.io/charts/
|
|
|
|
- name: harbor
|
|
|
|
url: https://helm.goharbor.io
|
|
|
|
- name: jetstack
|
|
|
|
url: https://charts.jetstack.io
|
|
|
|
- name: longhorn
|
|
|
|
url: https://charts.longhorn.io
|
2023-02-22 16:33:37 +00:00
|
|
|
- name: prometheus-community
|
|
|
|
url: https://prometheus-community.github.io/helm-charts
|
2022-08-22 10:52:47 +00:00
|
|
|
- name: smallstep
|
|
|
|
url: https://smallstep.github.io/helm-charts/
|
2022-06-24 22:50:44 +00:00
|
|
|
|
2022-06-26 15:54:19 +00:00
|
|
|
components:
|
|
|
|
|
2022-09-19 11:15:09 +00:00
|
|
|
argo-cd:
|
2022-06-26 19:20:16 +00:00
|
|
|
helm:
|
2023-03-03 13:17:45 +00:00
|
|
|
version: 5.24.0 # (= ArgoCD v2.6.3)
|
2022-09-19 11:15:09 +00:00
|
|
|
chart: argo/argo-cd
|
2022-06-27 10:27:11 +00:00
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
2022-07-11 07:56:02 +00:00
|
|
|
chart_values: !unsafe |
|
2022-09-19 11:15:09 +00:00
|
|
|
configs:
|
|
|
|
secret:
|
2023-01-02 20:20:08 +00:00
|
|
|
argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
|
2022-09-19 11:15:09 +00:00
|
|
|
server:
|
|
|
|
extraArgs:
|
|
|
|
- --insecure
|
2022-07-09 10:35:29 +00:00
|
|
|
ingress:
|
2022-09-19 11:15:09 +00:00
|
|
|
enabled: true
|
2022-07-09 10:35:29 +00:00
|
|
|
hosts:
|
2022-09-19 11:15:09 +00:00
|
|
|
- gitops.{{ vapp['metacluster.fqdn'] }}
|
|
|
|
|
|
|
|
cert-manager:
|
|
|
|
helm:
|
2023-02-22 19:49:02 +00:00
|
|
|
version: 1.11.0
|
2022-09-19 11:15:09 +00:00
|
|
|
chart: jetstack/cert-manager
|
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
|
|
|
# chart_values: !unsafe |
|
|
|
|
# installCRDs: true
|
2022-06-24 21:44:10 +00:00
|
|
|
|
2022-11-06 13:21:35 +00:00
|
|
|
clusterapi:
|
2022-11-08 07:54:33 +00:00
|
|
|
management:
|
2022-11-06 12:23:14 +00:00
|
|
|
version:
|
2022-11-07 13:06:34 +00:00
|
|
|
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
|
2023-03-03 13:17:45 +00:00
|
|
|
base: v1.3.5
|
2022-11-07 13:06:34 +00:00
|
|
|
# Must match the version referenced at `components.cert-manager.helm.version`
|
2023-02-22 19:49:02 +00:00
|
|
|
cert_manager: v1.11.0
|
2023-03-03 13:17:45 +00:00
|
|
|
infrastructure_vsphere: v1.5.3
|
2023-02-07 10:58:44 +00:00
|
|
|
ipam_incluster: v0.1.0-alpha.2
|
2022-11-08 07:54:33 +00:00
|
|
|
workload:
|
|
|
|
version:
|
2023-02-07 10:58:44 +00:00
|
|
|
calico: v3.25.0
|
2023-01-18 10:31:26 +00:00
|
|
|
# k8s: v1.25.5
|
2023-03-04 15:06:11 +00:00
|
|
|
k8s: v1.26.2
|
2022-11-08 19:17:36 +00:00
|
|
|
node_template:
|
2023-03-03 13:17:45 +00:00
|
|
|
# url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.23.15.ova
|
2023-03-04 15:06:11 +00:00
|
|
|
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.26.2.ova
|
2022-11-06 12:23:14 +00:00
|
|
|
|
2023-02-10 14:12:54 +00:00
|
|
|
dex:
|
|
|
|
helm:
|
|
|
|
version: 0.13.0 # (= Dex 2.35.3)
|
|
|
|
chart: dex/dex
|
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
|
|
|
chart_values: !unsafe |
|
|
|
|
config:
|
2023-02-13 11:04:32 +00:00
|
|
|
connectors:
|
|
|
|
- type: ldap
|
|
|
|
id: ldap
|
|
|
|
name: "LDAP"
|
|
|
|
config:
|
2023-02-13 12:05:44 +00:00
|
|
|
host: "{{ vapp['ldap.fqdn'] }}:636"
|
2023-02-13 11:04:32 +00:00
|
|
|
insecureNoSSL: false
|
|
|
|
insecureSkipVerify: true
|
2023-02-13 12:05:44 +00:00
|
|
|
bindDN: "{{ vapp['ldap.dn'] }}"
|
|
|
|
bindPW: "{{ vapp['ldap.password'] }}"
|
2023-02-13 11:04:32 +00:00
|
|
|
|
|
|
|
usernamePrompt: "Username"
|
|
|
|
userSearch:
|
|
|
|
baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
|
|
|
|
filter: "(objectClass=person)"
|
|
|
|
username: userPrincipalName
|
|
|
|
idAttr: DN
|
|
|
|
emailAttr: userPrincipalName
|
|
|
|
nameAttr: cn
|
|
|
|
|
|
|
|
groupSearch:
|
|
|
|
baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
|
|
|
|
filter: "(objectClass=group)"
|
|
|
|
userMatchers:
|
|
|
|
- userAttr: DN
|
|
|
|
groupAttr: member
|
|
|
|
nameAttr: cn
|
2023-02-10 14:12:54 +00:00
|
|
|
enablePasswordDB: true
|
|
|
|
issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
|
|
|
|
storage:
|
|
|
|
type: kubernetes
|
|
|
|
config:
|
|
|
|
inCluster: true
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
|
|
|
hosts:
|
|
|
|
- host: oidc.{{ vapp['metacluster.fqdn'] }}
|
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
pathType: Prefix
|
|
|
|
|
2022-06-27 14:32:25 +00:00
|
|
|
gitea:
|
|
|
|
helm:
|
2023-02-03 12:11:54 +00:00
|
|
|
version: v7.0.2 # (= Gitea v1.18.3)
|
2022-06-27 14:32:25 +00:00
|
|
|
chart: gitea-charts/gitea
|
2022-06-27 20:50:12 +00:00
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
|
2022-07-11 07:56:02 +00:00
|
|
|
chart_values: !unsafe |
|
2022-07-09 10:35:29 +00:00
|
|
|
gitea:
|
|
|
|
admin:
|
|
|
|
username: administrator
|
2023-01-02 20:20:08 +00:00
|
|
|
password: "{{ vapp['metacluster.password'] }}"
|
2022-07-11 07:24:04 +00:00
|
|
|
email: admin@{{ vapp['metacluster.fqdn'] }}
|
2022-08-31 10:04:53 +00:00
|
|
|
config:
|
|
|
|
server:
|
|
|
|
OFFLINE_MODE: true
|
|
|
|
PROTOCOL: http
|
|
|
|
ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/
|
2022-07-09 10:35:29 +00:00
|
|
|
image:
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
|
|
|
hosts:
|
2022-07-11 07:24:04 +00:00
|
|
|
- host: git.{{ vapp['metacluster.fqdn'] }}
|
2022-07-09 10:35:29 +00:00
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
pathType: Prefix
|
2022-07-15 12:02:27 +00:00
|
|
|
service:
|
|
|
|
ssh:
|
|
|
|
type: ClusterIP
|
|
|
|
port: 22
|
|
|
|
clusterIP:
|
2022-06-27 14:32:25 +00:00
|
|
|
|
2022-09-19 11:15:09 +00:00
|
|
|
harbor:
|
2022-06-26 19:20:16 +00:00
|
|
|
helm:
|
2023-02-07 10:58:44 +00:00
|
|
|
version: 1.11.0 # (= Harbor v2.7.0)
|
2022-09-19 11:15:09 +00:00
|
|
|
chart: harbor/harbor
|
2022-06-27 10:27:11 +00:00
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
2022-07-11 07:56:02 +00:00
|
|
|
chart_values: !unsafe |
|
2022-09-19 11:15:09 +00:00
|
|
|
expose:
|
2022-07-10 07:54:41 +00:00
|
|
|
ingress:
|
2022-09-19 11:15:09 +00:00
|
|
|
annotations: {}
|
2022-07-10 07:54:41 +00:00
|
|
|
hosts:
|
2022-09-19 11:15:09 +00:00
|
|
|
core: registry.{{ vapp['metacluster.fqdn'] }}
|
|
|
|
tls:
|
|
|
|
certSource: none
|
|
|
|
enabled: false
|
|
|
|
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
|
2023-01-02 20:20:08 +00:00
|
|
|
harborAdminPassword: "{{ vapp['metacluster.password'] }}"
|
2022-09-19 11:15:09 +00:00
|
|
|
notary:
|
|
|
|
enabled: false
|
2022-12-04 10:22:17 +00:00
|
|
|
persistence:
|
|
|
|
persistentVolumeClaim:
|
|
|
|
registry:
|
|
|
|
size: 25Gi
|
2022-09-19 11:15:09 +00:00
|
|
|
|
2023-02-22 20:12:23 +00:00
|
|
|
kube-prometheus-stack:
|
2023-02-22 16:33:37 +00:00
|
|
|
helm:
|
|
|
|
version: 45.2.0
|
2023-02-22 19:47:41 +00:00
|
|
|
chart: prometheus-community/kube-prometheus-stack
|
2023-02-22 16:33:37 +00:00
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
|
|
|
chart_values: !unsafe |
|
|
|
|
alertmanager:
|
|
|
|
enabled: false
|
|
|
|
global:
|
|
|
|
imageRegistry: registry.{{ vapp['metacluster.fqdn'] }}
|
|
|
|
|
2023-01-21 15:12:11 +00:00
|
|
|
kubevip:
|
2023-01-21 15:22:24 +00:00
|
|
|
# Must match the version referenced at `dependencies.container_images`
|
2023-01-21 15:12:11 +00:00
|
|
|
version: v0.5.8
|
|
|
|
|
2022-09-19 11:15:09 +00:00
|
|
|
longhorn:
|
|
|
|
helm:
|
2023-01-05 12:48:47 +00:00
|
|
|
version: 1.4.0
|
2022-09-19 11:15:09 +00:00
|
|
|
chart: longhorn/longhorn
|
|
|
|
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
|
|
|
|
chart_values: !unsafe |
|
|
|
|
defaultSettings:
|
2023-01-03 10:28:32 +00:00
|
|
|
allowNodeDrainWithLastHealthyReplica: true
|
2022-09-19 11:15:09 +00:00
|
|
|
defaultDataPath: /mnt/blockstorage
|
|
|
|
defaultReplicaCount: 1
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
|
|
|
host: storage.{{ vapp['metacluster.fqdn'] }}
|
|
|
|
persistence:
|
|
|
|
defaultClassReplicaCount: 1
|
2022-06-24 21:44:10 +00:00
|
|
|
|
2022-09-19 11:15:09 +00:00
|
|
|
step-certificates:
|
|
|
|
helm:
|
2023-01-05 12:48:47 +00:00
|
|
|
version: 1.23.0
|
2022-09-19 11:15:09 +00:00
|
|
|
chart: smallstep/step-certificates
|
|
|
|
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
|
|
|
|
chart_values: !unsafe |
|
|
|
|
ca:
|
|
|
|
bootstrap:
|
|
|
|
postInitHook: |
|
2023-01-02 20:20:08 +00:00
|
|
|
echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
|
2022-09-19 11:15:09 +00:00
|
|
|
step ca provisioner add acme \
|
|
|
|
--type ACME \
|
|
|
|
--password-file=~/pwfile \
|
|
|
|
--force-cn
|
|
|
|
rm ~/pwfile
|
|
|
|
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
|
2023-01-02 20:20:08 +00:00
|
|
|
password: "{{ vapp['metacluster.password'] }}"
|
2022-09-19 11:15:09 +00:00
|
|
|
provisioner:
|
|
|
|
name: admin
|
2023-01-02 20:20:08 +00:00
|
|
|
password: "{{ vapp['metacluster.password'] }}"
|
2022-09-19 11:15:09 +00:00
|
|
|
inject:
|
|
|
|
secrets:
|
2023-01-02 20:20:08 +00:00
|
|
|
ca_password: "{{ vapp['metacluster.password'] | b64encode }}"
|
|
|
|
provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}"
|
2022-09-19 11:15:09 +00:00
|
|
|
service:
|
|
|
|
targetPort: 9000
|
|
|
|
|
2022-06-24 21:44:10 +00:00
|
|
|
dependencies:
|
|
|
|
|
|
|
|
ansible_galaxy_collections:
|
2022-06-29 07:27:03 +00:00
|
|
|
- ansible.posix
|
2022-06-26 19:20:16 +00:00
|
|
|
- ansible.utils
|
2022-07-20 06:40:18 +00:00
|
|
|
- community.crypto
|
2022-06-24 21:44:10 +00:00
|
|
|
- community.general
|
2022-07-29 09:39:39 +00:00
|
|
|
- community.vmware
|
2022-06-24 21:44:10 +00:00
|
|
|
- kubernetes.core
|
|
|
|
|
2022-08-09 09:57:31 +00:00
|
|
|
container_images:
|
2023-01-24 09:41:22 +00:00
|
|
|
# This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
|
|
|
|
- busybox:1
|
2023-01-21 15:12:11 +00:00
|
|
|
- ghcr.io/kube-vip/kube-vip:v0.5.8
|
2022-11-12 10:03:22 +00:00
|
|
|
# The following list is generated by running the following commands:
|
|
|
|
# $ clusterctl init -i vsphere:<version> [...]
|
2022-11-28 15:22:15 +00:00
|
|
|
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
|
|
|
|
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.18.1
|
2022-11-12 10:03:22 +00:00
|
|
|
- gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0
|
|
|
|
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0
|
2022-11-28 15:22:15 +00:00
|
|
|
- quay.io/k8scsi/csi-attacher:v3.0.0
|
|
|
|
- quay.io/k8scsi/csi-node-driver-registrar:v2.0.1
|
2022-11-12 10:03:22 +00:00
|
|
|
- quay.io/k8scsi/csi-provisioner:v2.0.0
|
2022-11-28 15:22:15 +00:00
|
|
|
- quay.io/k8scsi/livenessprobe:v2.1.0
|
2022-06-30 14:21:19 +00:00
|
|
|
|
2022-06-24 21:44:10 +00:00
|
|
|
static_binaries:
|
2022-09-19 11:15:09 +00:00
|
|
|
- filename: clusterctl
|
2023-03-03 13:17:45 +00:00
|
|
|
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.5/clusterctl-linux-amd64
|
2022-07-26 14:50:50 +00:00
|
|
|
- filename: govc
|
|
|
|
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
|
|
|
|
archive: compressed
|
2022-06-25 18:23:27 +00:00
|
|
|
- filename: helm
|
2022-11-28 15:22:15 +00:00
|
|
|
url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
|
2022-06-25 16:44:43 +00:00
|
|
|
archive: compressed
|
|
|
|
extra_opts: --strip-components=1
|
2023-03-14 13:28:24 +00:00
|
|
|
- filename: kubectl-slice
|
|
|
|
url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
|
2023-03-14 14:43:11 +00:00
|
|
|
# - filename: npp-prepper
|
|
|
|
# url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.5.1/npp-prepper
|
2022-07-27 11:33:04 +00:00
|
|
|
- filename: skopeo
|
2023-02-22 16:33:37 +00:00
|
|
|
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.1/skopeo_linux_amd64
|
2022-08-23 10:37:38 +00:00
|
|
|
- filename: step
|
2022-11-28 15:22:15 +00:00
|
|
|
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
|
2022-08-23 10:37:38 +00:00
|
|
|
archive: compressed
|
|
|
|
extra_opts: --strip-components=2
|
2022-06-25 18:23:27 +00:00
|
|
|
- filename: yq
|
2022-11-28 15:22:15 +00:00
|
|
|
url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
|
2022-06-25 06:28:44 +00:00
|
|
|
|
|
|
|
packages:
|
2022-08-03 11:53:54 +00:00
|
|
|
apt:
|
|
|
|
- lvm2
|
|
|
|
pip:
|
|
|
|
- jmespath
|
2022-08-16 13:16:20 +00:00
|
|
|
- kubernetes
|
2022-09-06 14:37:26 +00:00
|
|
|
- netaddr
|
2022-08-03 11:53:54 +00:00
|
|
|
- passlib
|
|
|
|
- pyvmomi
|