Add clusterapi prereqs
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Danny Bessems 2022-09-19 13:15:09 +02:00
parent 0bddae0440
commit 7a1b563851
2 changed files with 85 additions and 73 deletions

View File

@ -25,7 +25,7 @@
line: 'PasswordAuthentication yes'
state: absent
loop_control:
label: "{{ '[' + item.regex + '] ' + item.state }}"
label: "{{ '[' + item.line + '] ' + item.state }}"
- name: Create dedicated SSH keypair
community.crypto.openssh_keypair:

View File

@ -34,14 +34,16 @@ platform:
certResolver: stepca
helm_repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: harbor
url: https://helm.goharbor.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: argo
url: https://argoproj.github.io/argo-helm
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
url: https://helm.goharbor.io
- name: jetstack
url: https://charts.jetstack.io
- name: longhorn
url: https://charts.longhorn.io
- name: sealed-secrets
url: https://bitnami-labs.github.io/sealed-secrets
- name: smallstep
@ -49,66 +51,30 @@ platform:
components:
longhorn:
argo-cd:
helm:
version: 1.3.0
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress:
enabled: true
host: storage.{{ vapp['metacluster.fqdn'] }}
persistence:
defaultClassReplicaCount: 1
step-certificates:
helm:
version: 1.18.2+20220324
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
inject:
secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
service:
targetPort: 9000
harbor:
helm:
version: 1.9.1 # (= Harbor v2.5.1)
chart: harbor/harbor
version: 4.9.7 # (= ArgoCD v2.4.2)
chart: argo/argo-cd
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
expose:
configs:
secret:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
server:
extraArgs:
- --insecure
ingress:
annotations: {}
enabled: true
hosts:
core: registry.{{ vapp['metacluster.fqdn'] }}
tls:
certSource: none
enabled: false
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
notary:
enabled: false
- gitops.{{ vapp['metacluster.fqdn'] }}
cert-manager:
helm:
version: 1.9.1
chart: jetstack/cert-manager
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# installCRDs: true
gitea:
helm:
@ -141,22 +107,39 @@ components:
port: 22
clusterIP:
argo-cd:
harbor:
helm:
version: 4.9.7 # (= ArgoCD v2.4.2)
chart: argo/argo-cd
version: 1.9.1 # (= Harbor v2.5.1)
chart: harbor/harbor
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
configs:
secret:
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
server:
extraArgs:
- --insecure
expose:
ingress:
annotations: {}
hosts:
core: registry.{{ vapp['metacluster.fqdn'] }}
tls:
certSource: none
enabled: false
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
notary:
enabled: false
longhorn:
helm:
version: 1.3.0
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
defaultDataPath: /mnt/blockstorage
defaultReplicaCount: 1
ingress:
enabled: true
hosts:
- gitops.{{ vapp['metacluster.fqdn'] }}
host: storage.{{ vapp['metacluster.fqdn'] }}
persistence:
defaultClassReplicaCount: 1
sealed-secrets:
helm:
@ -164,6 +147,33 @@ components:
chart: sealed-secrets/sealed-secrets
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
step-certificates:
helm:
version: 1.18.2+20220324
chart: smallstep/step-certificates
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
chart_values: !unsafe |
ca:
bootstrap:
postInitHook: |
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
step ca provisioner add acme \
--type ACME \
--password-file=~/pwfile \
--force-cn
rm ~/pwfile
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
password: "{{ vapp['guestinfo.rootpw'] }}"
provisioner:
name: admin
password: "{{ vapp['guestinfo.rootpw'] }}"
inject:
secrets:
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
service:
targetPort: 9000
dependencies:
ansible_galaxy_collections:
@ -178,6 +188,8 @@ dependencies:
- vmware/powerclicore:12.7
static_binaries:
- filename: clusterctl
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.2.2/clusterctl-linux-amd64
- filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive: compressed