diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 18d8c35..f26674a 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -56,44 +56,50 @@ components: argo-cd: helm: - version: 5.27.4 # (= ArgoCD v2.6.7) + version: 6.7.7 # (=ArgoCD v.2.10.5) chart: argo/argo-cd parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe | configs: + cm: + resource.compareoptions: | + ignoreAggregatedRoles: true + resource.customizations.ignoreDifferences.all: | + jsonPointers: + - /spec/conversion/webhook/clientConfig/caBundle + params: + server.insecure: true secret: argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}" + global: + domain: gitops.{{ vapp['metacluster.fqdn'] | lower }} server: - extraArgs: - - --insecure ingress: enabled: true - hosts: - - gitops.{{ vapp['metacluster.fqdn'] }} cert-manager: helm: - version: 1.13.1 + version: 1.14.4 chart: jetstack/cert-manager parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' - # chart_values: !unsafe | - # installCRDs: true + chart_values: !unsafe | + installCRDs: true clusterapi: management: version: # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url` - base: v1.5.1 + base: v1.6.3 # Must match the version referenced at `components.cert-manager.helm.version` - cert_manager: v1.13.1 - infrastructure_vsphere: v1.8.1 - ipam_incluster: v0.1.0-alpha.3 + cert_manager: v1.14.4 + infrastructure_vsphere: v1.9.2 + ipam_incluster: v0.1.0 # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags - cpi_vsphere: v1.27.0 + cpi_vsphere: v1.30.1 workload: version: - calico: v3.26.2 - k8s: v1.27.1 + calico: v3.27.3 + k8s: v1.30.1 node_template: url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova @@ -131,7 +137,7 @@ components: gitea: helm: - version: v7.0.2 # (= Gitea v1.18.3) + version: v10.1.3 # (= Gitea v1.21.7) chart: gitea-charts/gitea parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/' chart_values: !unsafe | @@ -149,21 +155,33 @@ components: admin: username: administrator password: "{{ vapp['metacluster.password'] }}" - email: admin@{{ vapp['metacluster.fqdn'] }} + email: administrator@{{ vapp['metacluster.fqdn'] | lower }} config: + cache: + ADAPTER: memory server: OFFLINE_MODE: true PROTOCOL: http - ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/ + ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] | lower }}/ + session: + PROVIDER: db image: pullPolicy: IfNotPresent ingress: enabled: true hosts: - - host: git.{{ vapp['metacluster.fqdn'] }} + - host: git.{{ vapp['metacluster.fqdn'] | lower }} paths: - path: / pathType: Prefix + postgresql: + enabled: true + image: + tag: 16.1.0-debian-11-r25 + postgresql-ha: + enabled: false + redis-cluster: + enabled: false service: ssh: type: ClusterIP @@ -172,7 +190,7 @@ components: harbor: helm: - version: 1.11.0 # (= Harbor v2.7.0) + version: 1.14.1 # (= Harbor v2.10.1) chart: harbor/harbor parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe | @@ -180,11 +198,11 @@ components: ingress: annotations: {} hosts: - core: registry.{{ vapp['metacluster.fqdn'] }} + core: registry.{{ vapp['metacluster.fqdn'] | lower }} tls: certSource: none enabled: false - externalURL: https://registry.{{ vapp['metacluster.fqdn'] }} + externalURL: https://registry.{{ vapp['metacluster.fqdn'] | lower }} harborAdminPassword: "{{ vapp['metacluster.password'] }}" notary: enabled: false @@ -229,23 +247,30 @@ components: kubevip: # Must match the version referenced at `dependencies.container_images` - version: v0.5.8 + version: v0.6.3 longhorn: helm: - version: 1.4.1 + version: 1.5.4 chart: longhorn/longhorn parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag' chart_values: !unsafe | defaultSettings: - allowNodeDrainWithLastHealthyReplica: true + concurrentReplicaRebuildPerNodeLimit: 10 defaultDataPath: /mnt/blockstorage - defaultReplicaCount: 1 + logLevel: Info + nodeDrainPolicy: block-for-eviction-if-contains-last-replica + replicaSoftAntiAffinity: true + priorityClass: system-node-critical + storageOverProvisioningPercentage: 200 + storageReservedPercentageForDefaultDisk: 0 ingress: enabled: true - host: storage.{{ vapp['metacluster.fqdn'] }} - persistence: - defaultClassReplicaCount: 1 + host: storage.{{ vapp['metacluster.fqdn'] | lower }} + longhornManager: + priorityClass: system-node-critical + longhornDriver: + priorityClass: system-node-critical pinniped: helm: @@ -270,22 +295,14 @@ components: step-certificates: helm: - version: 1.23.0 + version: 1.25.2 # (= step-ca v0.25.2) chart: smallstep/step-certificates parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u chart_values: !unsafe | - ca: - dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 - password: "{{ vapp['metacluster.password'] }}" - provisioner: - name: admin - password: "{{ vapp['metacluster.password'] }}" inject: secrets: ca_password: "{{ vapp['metacluster.password'] | b64encode }}" provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}" - service: - targetPort: 9000 dependencies: @@ -301,41 +318,43 @@ dependencies: container_images: # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config` - busybox:1 - - ghcr.io/kube-vip/kube-vip:v0.5.8 + - ghcr.io/kube-vip/kube-vip:v0.6.3 # The following list is generated by running the following commands: # $ clusterctl init -i vsphere: [...] # $ clusterctl generate cluster [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u - gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.27.0 - - gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0 - - gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0 - - quay.io/k8scsi/csi-attacher:v3.0.0 - - quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 - - quay.io/k8scsi/csi-provisioner:v2.0.0 - - quay.io/k8scsi/livenessprobe:v2.1.0 + - gcr.io/cloud-provider-vsphere/csi/release/driver:v3.1.0 + - gcr.io/cloud-provider-vsphere/csi/release/syncer:v3.1.0 + - registry.k8s.io/sig-storage/csi-attacher:v4.3.0 + - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0 + - registry.k8s.io/sig-storage/csi-provisioner:v3.5.0 + - registry.k8s.io/sig-storage/csi-resizer:v1.8.0 + - registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2 + - registry.k8s.io/sig-storage/livenessprobe:v2.10.0 static_binaries: - filename: clusterctl - url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.5.1/clusterctl-linux-amd64 + url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/clusterctl-linux-amd64 - filename: govc - url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz + url: https://github.com/vmware/govmomi/releases/download/v0.36.3/govc_Linux_x86_64.tar.gz archive: compressed - filename: helm - url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz + url: https://get.helm.sh/helm-v3.14.3-linux-amd64.tar.gz archive: compressed extra_opts: --strip-components=1 - filename: kubectl-slice - url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz + url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.9/kubectl-slice_linux_x86_64.tar.gz archive: compressed - filename: pinniped url: https://github.com/vmware-tanzu/pinniped/releases/download/v0.25.0/pinniped-cli-linux-amd64 - filename: skopeo url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64 - filename: step - url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz + url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.25.2/step_linux_0.25.2_amd64.tar.gz archive: compressed extra_opts: --strip-components=2 - filename: yq - url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64 + url: https://github.com/mikefarah/yq/releases/download/v4.43.1/yq_linux_amd64 packages: apt: