Move manifest injection to firstboot;Add SealedSecrets;Replace traefik dashboard
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Danny Bessems 2022-07-18 12:09:54 +02:00
parent 9e91bef7b7
commit 193ce9a534
5 changed files with 74 additions and 22 deletions

View File

@ -13,6 +13,27 @@
INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage' INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage'
when: ansible_facts.services['k3s.service'] is undefined when: ansible_facts.services['k3s.service'] is undefined
- name: Configure Traefik dashboard ingress
ansible.builtin.template:
src: ingressroute.j2
dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml
owner: root
group: root
mode: 0600
vars:
name: traefik-dashboard
namespace: kube-system
config: |2
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`ingress.{{ vapp['metacluster.fqdn'] }}`)
services:
- kind: TraefikService
name: api@internal
- name: Ensure API availability - name: Ensure API availability
ansible.utils.cli_parse: ansible.utils.cli_parse:
command: curl -k https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose command: curl -k https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
@ -133,6 +154,25 @@
kubeconfig: "{{ kubeconfig.path }}" kubeconfig: "{{ kubeconfig.path }}"
values: "{{ components.gitea.chart_values }}" values: "{{ components.gitea.chart_values }}"
- name: Configure additional SSH ingress
ansible.builtin.template:
src: ingressroutetcp.j2
dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml
owner: root
group: root
mode: 0600
vars:
name: gitea-ssh
namespace: gitea
config: |2
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 22
- name: Ensure gitea API availability - name: Ensure gitea API availability
ansible.utils.cli_parse: ansible.utils.cli_parse:
# Available from Gitea 1.17.x # Available from Gitea 1.17.x
@ -256,6 +296,10 @@
password: "{{ vapp['guestinfo.rootpw'] }}" password: "{{ vapp['guestinfo.rootpw'] }}"
register: argocd_api_token register: argocd_api_token
# - name: Create umbrella application
# ansible.builtin.template:
#
module_defaults: module_defaults:
ansible.builtin.uri: ansible.builtin.uri:
validate_certs: no validate_certs: no

View File

@ -0,0 +1,7 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ item.name }}
namespace: {{ item.namespace }}
spec:
{{ item.config }}

View File

@ -55,16 +55,16 @@
chdir: /opt/metacluster/container-images chdir: /opt/metacluster/container-images
loop: "{{ (containerimages.results | map(attribute='stdout_lines') | flatten) + dependencies.container_images }}" loop: "{{ (containerimages.results | map(attribute='stdout_lines') | flatten) + dependencies.container_images }}"
- name: Inject manifests # - name: Inject manifests
ansible.builtin.template: # ansible.builtin.template:
src: "{{ item.type }}.j2" # src: "{{ item.type }}.j2"
dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml # dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml
owner: root # owner: root
group: root # group: root
mode: 0600 # mode: 0600
loop: "{{ lookup('ansible.builtin.dict', components) | map(attribute='value.manifests') | list | select('defined') | flatten }}" # loop: "{{ lookup('ansible.builtin.dict', components) | map(attribute='value.manifests') | list | select('defined') | flatten }}"
loop_control: # loop_control:
label: "{{ item.type + '/' + item.name }}" # label: "{{ item.type + '/' + item.name }}"
- name: Compress tarballs - name: Compress tarballs
community.general.archive: community.general.archive:

View File

@ -3,6 +3,10 @@ platform:
k3s: k3s:
version: v1.24.1+k3s1 version: v1.24.1+k3s1
gitops:
# repo_ref: v0.1
repo_ref: HEAD
packaged_components: packaged_components:
- name: traefik - name: traefik
namespace: kube-system namespace: kube-system
@ -14,6 +18,9 @@ platform:
protocol: TCP protocol: TCP
web: web:
redirectTo: websecure redirectTo: websecure
ingressRoute:
dashboard:
enabled: false
helm_repositories: helm_repositories:
- name: longhorn - name: longhorn
@ -86,18 +93,6 @@ components:
type: ClusterIP type: ClusterIP
port: 22 port: 22
clusterIP: clusterIP:
manifests:
- type: ingressroutetcp
name: gitea-ssh
namespace: gitea
config: |2
entryPoints:
- ssh
routes:
- match: HostSNI(`*`)
services:
- name: gitea-ssh
port: 22
argo-cd: argo-cd:
helm: helm:
@ -116,6 +111,12 @@ components:
secret: secret:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}" argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
sealed-secrets:
helm:
version: 2.4.0 # (= SealedSecrets v0.18.1)
chart: sealed-secrets
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
dependencies: dependencies:
ansible_galaxy_collections: ansible_galaxy_collections: