Move manifest injection to firstboot;Add SealedSecrets;Replace traefik dashboard

2022-07-18 12:09:54 +02:00
parent 9e91bef7b7
commit 193ce9a534
5 changed files with 74 additions and 22 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@@ -13,6 +13,27 @@
        INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage'
      when: ansible_facts.services['k3s.service'] is undefined

+    - name: Configure Traefik dashboard ingress
+      ansible.builtin.template:
+        src: ingressroute.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        name: traefik-dashboard
+        namespace: kube-system
+        config: |2
+            entryPoints:
+            - web
+            - websecure
+            routes:
+            - kind: Rule
+              match: Host(`ingress.{{ vapp['metacluster.fqdn'] }}`)
+              services:
+              - kind: TraefikService
+                name: api@internal
+
    - name: Ensure API availability
      ansible.utils.cli_parse:
        command: curl -k https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
@@ -133,6 +154,25 @@
        kubeconfig: "{{ kubeconfig.path }}"
        values: "{{ components.gitea.chart_values }}"

+    - name: Configure additional SSH ingress
+      ansible.builtin.template:
+        src: ingressroutetcp.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        name: gitea-ssh
+        namespace: gitea
+        config: |2
+            entryPoints:
+              - ssh
+            routes:
+            - match: HostSNI(`*`)
+              services:
+              - name: gitea-ssh
+                port: 22
+
    - name: Ensure gitea API availability
      ansible.utils.cli_parse:
        # Available from Gitea 1.17.x
@@ -256,6 +296,10 @@
          password: "{{ vapp['guestinfo.rootpw'] }}"
      register: argocd_api_token

+    # - name: Create umbrella application
+    #   ansible.builtin.template:
+    #
+
  module_defaults:
    ansible.builtin.uri:
      validate_certs: no