diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml index 7e904d1..f87c063 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/k3s.yml @@ -65,7 +65,7 @@ - name: Add label to node object kubernetes.core.k8s: - name: "{{ ansible_facts.nodename }}" + name: "{{ ansible_facts.nodename | lower }}" kind: Node state: patched definition: @@ -75,6 +75,6 @@ kubeconfig: "{{ kubeconfig.path }}" register: patch_result until: - - patch_result.changed is true + - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined retries: "{{ playbook.retries }}" delay: "{{ playbook.delay.medium }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml index ec22bb7..415fe13 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/registry.yml @@ -43,27 +43,6 @@ delay: "{{ playbook.delay.short }}" until: push_result is not failed - # - name: Get all stored container images (=artifacts) - # ansible.builtin.uri: - # url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/search?q=library - # method: GET - # register: registry_artifacts - - # - name: Get source registries of all artifacts - # ansible.builtin.set_fact: - # source_registries: "{{ (source_registries | default([]) + [(item | split('/'))[1]]) | unique | sort }}" - # loop: "{{ registry_artifacts.json.repository | json_query('[*].repository_name') }}" - - # - name: Configure K3s node for private registry - # ansible.builtin.template: - # dest: /etc/rancher/k3s/registries.yaml - # src: registries.j2 - # vars: - # _template: - # data: "{{ source_registries }}" - # hv: - # fqdn: "{{ vapp['metacluster.fqdn'] }}" - module_defaults: ansible.builtin.uri: validate_certs: no diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/preflight/tasks/vapp.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/preflight/tasks/vapp.yml index a83f039..8bb7963 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/preflight/tasks/vapp.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/preflight/tasks/vapp.yml @@ -3,6 +3,7 @@ that: - vapp[item] is defined - (vapp[item] | length) > 0 + quiet: true loop: - deployment.type - guestinfo.dnsserver diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml index ec8c33b..fc72e7d 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/metacluster/tasks/k3s.yml @@ -65,7 +65,7 @@ - name: Add label to node object kubernetes.core.k8s: - name: "{{ ansible_facts.nodename }}" + name: "{{ ansible_facts.nodename | lower }}" kind: Node state: patched definition: @@ -73,8 +73,8 @@ labels: ova.airgappedk8s/moref_id: "{{ moref_id }}" kubeconfig: "{{ kubeconfig.path }}" - register: patch_result + register: k8snode_patch until: - - patch_result.changed is true + - k8snode_patch.result.metadata.labels['ova.airgappedk8s/moref_id'] is defined retries: "{{ playbook.retries }}" delay: "{{ playbook.delay.medium }}" diff --git a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/vapp.yml b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/vapp.yml index 60b942f..a50e71b 100644 --- a/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/vapp.yml +++ b/ansible/roles/firstboot/files/ansible_payload/upgrade/roles/preflight/tasks/vapp.yml @@ -3,6 +3,7 @@ that: - vapp[item] is defined - (vapp[item] | length) > 0 + quiet: true loop: - guestinfo.dnsserver - guestinfo.gateway diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index cbdf557..d7a2925 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -39,6 +39,8 @@ platform: helm_repositories: - name: argo url: https://argoproj.github.io/argo-helm + - name: dex + url: https://charts.dexidp.io - name: gitea-charts url: https://dl.gitea.io/charts/ - name: harbor @@ -54,7 +56,7 @@ components: argo-cd: helm: - version: 5.20.0 # (= ArgoCD v2.6.0) + version: 5.20.1 # (= ArgoCD v2.6.0) chart: argo/argo-cd parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe | @@ -96,6 +98,27 @@ components: # url: https://storage.googleapis.com/capv-templates/v1.25.5/ubuntu-2004-kube-v1.25.5.ova url: https://storage.googleapis.com/capv-images/release/v1.23.5/ubuntu-2004-kube-v1.23.5.ova + dex: + helm: + version: 0.13.0 # (= Dex 2.35.3) + chart: dex/dex + parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' + chart_values: !unsafe | + config: + enablePasswordDB: true + issuer: https://oidc.{{ vapp['metacluster.fqdn'] }} + storage: + type: kubernetes + config: + inCluster: true + ingress: + enabled: true + hosts: + - host: oidc.{{ vapp['metacluster.fqdn'] }} + paths: + - path: / + pathType: Prefix + gitea: helm: version: v7.0.2 # (= Gitea v1.18.3) @@ -235,7 +258,7 @@ dependencies: - filename: npp-prepper url: https://code.spamasaurus.com/api/packages/djpbessems/generic/npp-prepper/v0.4.5/npp-prepper - filename: skopeo - url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0/skopeo + url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.0/skopeo_linux_amd64 - filename: step url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz archive: compressed