Move manifest injection to firstboot;Add SealedSecrets;Replace traefik dashboard

2022-07-18 12:09:54 +02:00
parent 9e91bef7b7
commit 193ce9a534
5 changed files with 74 additions and 22 deletions
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -3,6 +3,10 @@ platform:
  k3s:
    version: v1.24.1+k3s1

+  gitops:
+    # repo_ref: v0.1
+    repo_ref: HEAD
+
  packaged_components:
    - name: traefik
      namespace: kube-system
@ -14,6 +18,9 @@ platform:
                protocol: TCP
              web:
                redirectTo: websecure
+            ingressRoute:
+              dashboard:
+                enabled: false

  helm_repositories:
    - name: longhorn
@ -86,18 +93,6 @@ components:
            type: ClusterIP
            port: 22
            clusterIP:
-    manifests:
-      - type: ingressroutetcp
-        name: gitea-ssh
-        namespace: gitea
-        config: |2
-            entryPoints:
-              - ssh
-            routes:
-            - match: HostSNI(`*`)
-              services:
-              - name: gitea-ssh
-                port: 22

  argo-cd:
    helm:
@ -116,6 +111,12 @@ components:
          secret:
            argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"

+  sealed-secrets:
+    helm:
+      version: 2.4.0  # (= SealedSecrets v0.18.1)
+      chart: sealed-secrets
+      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
+
 dependencies:

  ansible_galaxy_collections: