djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Upgrade components
Some checks failed
Container & Helm chart / Linting (push) Successful in 1m31s
Details
Container & Helm chart / Semantic Release (Dry-run) (push) Successful in 2m19s
Details
Container & Helm chart / Kubernetes Bootstrap Appliance (push) Failing after 1s
Details

Browse Source
This commit is contained in:
Danny Bessems 2024-06-07 12:22:53 +10:00
parent 1469ba08d8
commit 75309bdf11
1 changed files with 70 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
ansible/vars/metacluster.yml
View File

@ -56,44 +56,50 @@ components:
argo-cd: argo-cd:
helm: helm:
version: 5.27.4 # (= ArgoCD v2.6.7) version: 6.7.7 # (=ArgoCD v.2.10.5)
chart: argo/argo-cd chart: argo/argo-cd
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe | chart_values: !unsafe |
configs: configs:
cm:
resource.compareoptions: |
ignoreAggregatedRoles: true
resource.customizations.ignoreDifferences.all: |
jsonPointers:
- /spec/conversion/webhook/clientConfig/caBundle
params:
server.insecure: true
secret: secret:
argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}" argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
global:
domain: gitops.{{ vapp['metacluster.fqdn'] | lower }}
server: server:
extraArgs:
- --insecure
ingress: ingress:
enabled: true enabled: true
hosts:
- gitops.{{ vapp['metacluster.fqdn'] }}
cert-manager: cert-manager:
helm: helm:
version: 1.13.1 version: 1.14.4
chart: jetstack/cert-manager chart: jetstack/cert-manager
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe | chart_values: !unsafe |
# installCRDs: true installCRDs: true
clusterapi: clusterapi:
management: management:
version: version:
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url` # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
base: v1.5.1 base: v1.6.3
# Must match the version referenced at `components.cert-manager.helm.version` # Must match the version referenced at `components.cert-manager.helm.version`
cert_manager: v1.13.1 cert_manager: v1.14.4
infrastructure_vsphere: v1.8.1 infrastructure_vsphere: v1.9.2
ipam_incluster: v0.1.0-alpha.3 ipam_incluster: v0.1.0
# Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
cpi_vsphere: v1.27.0 cpi_vsphere: v1.30.1
workload: workload:
version: version:
calico: v3.26.2 calico: v3.27.3
k8s: v1.27.1 k8s: v1.30.1
node_template: node_template:
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova
@ -131,7 +137,7 @@ components:
gitea: gitea:
helm: helm:
version: v7.0.2 # (= Gitea v1.18.3) version: v10.1.3 # (= Gitea v1.21.7)
chart: gitea-charts/gitea chart: gitea-charts/gitea
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
chart_values: !unsafe | chart_values: !unsafe |
@ -149,21 +155,33 @@ components:
admin: admin:
username: administrator username: administrator
password: "{{ vapp['metacluster.password'] }}" password: "{{ vapp['metacluster.password'] }}"
email: admin@{{ vapp['metacluster.fqdn'] }} email: administrator@{{ vapp['metacluster.fqdn'] | lower }}
config: config:
cache:
ADAPTER: memory
server: server:
OFFLINE_MODE: true OFFLINE_MODE: true
PROTOCOL: http PROTOCOL: http
ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/ ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] | lower }}/
session:
PROVIDER: db
image: image:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
ingress: ingress:
enabled: true enabled: true
hosts: hosts:
- host: git.{{ vapp['metacluster.fqdn'] }} - host: git.{{ vapp['metacluster.fqdn'] | lower }}
paths: paths:
- path: / - path: /
pathType: Prefix pathType: Prefix
postgresql:
enabled: true
image:
tag: 16.1.0-debian-11-r25
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
service: service:
ssh: ssh:
type: ClusterIP type: ClusterIP
@ -172,7 +190,7 @@ components:
harbor: harbor:
helm: helm:
version: 1.11.0 # (= Harbor v2.7.0) version: 1.14.1 # (= Harbor v2.10.1)
chart: harbor/harbor chart: harbor/harbor
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe | chart_values: !unsafe |
@ -180,11 +198,11 @@ components:
ingress: ingress:
annotations: {} annotations: {}
hosts: hosts:
core: registry.{{ vapp['metacluster.fqdn'] }} core: registry.{{ vapp['metacluster.fqdn'] | lower }}
tls: tls:
certSource: none certSource: none
enabled: false enabled: false
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }} externalURL: https://registry.{{ vapp['metacluster.fqdn'] | lower }}
harborAdminPassword: "{{ vapp['metacluster.password'] }}" harborAdminPassword: "{{ vapp['metacluster.password'] }}"
notary: notary:
enabled: false enabled: false
@ -229,23 +247,30 @@ components:
kubevip: kubevip:
# Must match the version referenced at `dependencies.container_images` # Must match the version referenced at `dependencies.container_images`
version: v0.5.8 version: v0.6.3
longhorn: longhorn:
helm: helm:
version: 1.4.1 version: 1.5.4
chart: longhorn/longhorn chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag' parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe | chart_values: !unsafe |
defaultSettings: defaultSettings:
allowNodeDrainWithLastHealthyReplica: true concurrentReplicaRebuildPerNodeLimit: 10
defaultDataPath: /mnt/blockstorage defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1 logLevel: Info
nodeDrainPolicy: block-for-eviction-if-contains-last-replica
replicaSoftAntiAffinity: true
priorityClass: system-node-critical
storageOverProvisioningPercentage: 200
storageReservedPercentageForDefaultDisk: 0
ingress: ingress:
enabled: true enabled: true
host: storage.{{ vapp['metacluster.fqdn'] }} host: storage.{{ vapp['metacluster.fqdn'] | lower }}
persistence: longhornManager:
defaultClassReplicaCount: 1 priorityClass: system-node-critical
longhornDriver:
priorityClass: system-node-critical
pinniped: pinniped:
helm: helm:
@ -270,22 +295,14 @@ components:
step-certificates: step-certificates:
helm: helm:
version: 1.23.0 version: 1.25.2 # (= step-ca v0.25.2)
chart: smallstep/step-certificates chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe | chart_values: !unsafe |
ca:
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['metacluster.password'] }}"
provisioner:
name: admin
password: "{{ vapp['metacluster.password'] }}"
inject: inject:
secrets: secrets:
ca_password: "{{ vapp['metacluster.password'] | b64encode }}" ca_password: "{{ vapp['metacluster.password'] | b64encode }}"
provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}" provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}"
service:
targetPort: 9000
dependencies: dependencies:
@ -301,41 +318,43 @@ dependencies:
container_images: container_images:
# This should match the image tag referenced at `platform.packaged_components[.name==traefik].config` # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
- busybox:1 - busybox:1
- ghcr.io/kube-vip/kube-vip:v0.5.8 - ghcr.io/kube-vip/kube-vip:v0.6.3
# The following list is generated by running the following commands: # The following list is generated by running the following commands:
# $ clusterctl init -i vsphere:<version> [...] # $ clusterctl init -i vsphere:<version> [...]
# $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u # $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
- gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.27.0 - gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.27.0
- gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0 - gcr.io/cloud-provider-vsphere/csi/release/driver:v3.1.0
- gcr.io/cloud-provider-vsphere/csi/release/syncer:v2.1.0 - gcr.io/cloud-provider-vsphere/csi/release/syncer:v3.1.0
- quay.io/k8scsi/csi-attacher:v3.0.0 - registry.k8s.io/sig-storage/csi-attacher:v4.3.0
- quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0
- quay.io/k8scsi/csi-provisioner:v2.0.0 - registry.k8s.io/sig-storage/csi-provisioner:v3.5.0
- quay.io/k8scsi/livenessprobe:v2.1.0 - registry.k8s.io/sig-storage/csi-resizer:v1.8.0
- registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2
- registry.k8s.io/sig-storage/livenessprobe:v2.10.0
static_binaries: static_binaries:
- filename: clusterctl - filename: clusterctl
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.5.1/clusterctl-linux-amd64 url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/clusterctl-linux-amd64
- filename: govc - filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz url: https://github.com/vmware/govmomi/releases/download/v0.36.3/govc_Linux_x86_64.tar.gz
archive: compressed archive: compressed
- filename: helm - filename: helm
url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz url: https://get.helm.sh/helm-v3.14.3-linux-amd64.tar.gz
archive: compressed archive: compressed
extra_opts: --strip-components=1 extra_opts: --strip-components=1
- filename: kubectl-slice - filename: kubectl-slice
url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.9/kubectl-slice_linux_x86_64.tar.gz
archive: compressed archive: compressed
- filename: pinniped - filename: pinniped
url: https://github.com/vmware-tanzu/pinniped/releases/download/v0.25.0/pinniped-cli-linux-amd64 url: https://github.com/vmware-tanzu/pinniped/releases/download/v0.25.0/pinniped-cli-linux-amd64
- filename: skopeo - filename: skopeo
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64 url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
- filename: step - filename: step
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.25.2/step_linux_0.25.2_amd64.tar.gz
archive: compressed archive: compressed
extra_opts: --strip-components=2 extra_opts: --strip-components=2
- filename: yq - filename: yq
url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64 url: https://github.com/mikefarah/yq/releases/download/v4.43.1/yq_linux_amd64
packages: packages:
apt: apt: