djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add clusterapi prereqs
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Danny Bessems 2022-09-19 13:15:09 +02:00
parent 0bddae0440
commit 7a1b563851
2 changed files with 85 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
View File

@ -25,7 +25,7 @@
line: 'PasswordAuthentication yes' line: 'PasswordAuthentication yes'
state: absent state: absent
loop_control: loop_control:
label: "{{ '[' + item.regex + '] ' + item.state }}" label: "{{ '[' + item.line + '] ' + item.state }}"
- name: Create dedicated SSH keypair - name: Create dedicated SSH keypair
community.crypto.openssh_keypair: community.crypto.openssh_keypair:

156
ansible/vars/metacluster.yml
View File

@ -34,14 +34,16 @@ platform:
certResolver: stepca certResolver: stepca
helm_repositories: helm_repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: harbor
url: https://helm.goharbor.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: argo - name: argo
url: https://argoproj.github.io/argo-helm url: https://argoproj.github.io/argo-helm
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
url: https://helm.goharbor.io
- name: jetstack
url: https://charts.jetstack.io
- name: longhorn
url: https://charts.longhorn.io
- name: sealed-secrets - name: sealed-secrets
url: https://bitnami-labs.github.io/sealed-secrets url: https://bitnami-labs.github.io/sealed-secrets
- name: smallstep - name: smallstep
@ -49,66 +51,30 @@ platform:
components: components:
longhorn: argo-cd:
helm: helm:
version: 1.3.0 version: 4.9.7 # (= ArgoCD v2.4.2)
chart: longhorn/longhorn chart: argo/argo-cd
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress:
enabled: true
host: storage.{{ vapp['metacluster.fqdn'] }}
persistence:
defaultClassReplicaCount: 1
step-certificates:
helm:
version: 1.18.2+20220324
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
inject:
secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
service:
targetPort: 9000
harbor:
helm:
version: 1.9.1 # (= Harbor v2.5.1)
chart: harbor/harbor
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe | chart_values: !unsafe |
expose: configs:
secret:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
server:
extraArgs:
- --insecure
ingress: ingress:
annotations: {} enabled: true
hosts: hosts:
core: registry.{{ vapp['metacluster.fqdn'] }} - gitops.{{ vapp['metacluster.fqdn'] }}
tls:
certSource: none cert-manager:
enabled: false helm:
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }} version: 1.9.1
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}" chart: jetstack/cert-manager
notary: parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
enabled: false # chart_values: !unsafe |
# installCRDs: true
gitea: gitea:
helm: helm:
@ -141,22 +107,39 @@ components:
port: 22 port: 22
clusterIP: clusterIP:
argo-cd: harbor:
helm: helm:
version: 4.9.7 # (= ArgoCD v2.4.2) version: 1.9.1 # (= Harbor v2.5.1)
chart: argo/argo-cd chart: harbor/harbor
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe | chart_values: !unsafe |
configs: expose:
secret: ingress:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}" annotations: {}
server: hosts:
extraArgs: core: registry.{{ vapp['metacluster.fqdn'] }}
- --insecure tls:
certSource: none
enabled: false
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
notary:
enabled: false
longhorn:
helm:
version: 1.3.0
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress: ingress:
enabled: true enabled: true
hosts: host: storage.{{ vapp['metacluster.fqdn'] }}
- gitops.{{ vapp['metacluster.fqdn'] }} persistence:
defaultClassReplicaCount: 1
sealed-secrets: sealed-secrets:
helm: helm:
@ -164,6 +147,33 @@ components:
chart: sealed-secrets/sealed-secrets chart: sealed-secrets/sealed-secrets
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
step-certificates:
helm:
version: 1.18.2+20220324
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
inject:
secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
service:
targetPort: 9000
dependencies: dependencies:
ansible_galaxy_collections: ansible_galaxy_collections:
@ -178,6 +188,8 @@ dependencies:
- vmware/powerclicore:12.7 - vmware/powerclicore:12.7
static_binaries: static_binaries:
- filename: clusterctl
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.2.2/clusterctl-linux-amd64
- filename: govc - filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive: compressed archive: compressed