Fix/Optimize kustomization template;Simplify dictionary
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
9c6e1ff386
commit
d91acb9c0d
@ -49,7 +49,7 @@
|
||||
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/users/administrator/tokens
|
||||
method: POST
|
||||
user: administrator
|
||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
||||
password: "{{ vapp['metacluster.password'] }}"
|
||||
force_basic_auth: yes
|
||||
body:
|
||||
name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
|
||||
@ -124,7 +124,7 @@
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
git config --local http.sslVerify false
|
||||
git remote set-url origin https://administrator:{{ vapp['guestinfo.rootpw'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
|
||||
git remote set-url origin https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
|
||||
git push
|
||||
chdir: /opt/metacluster/git-repositories/gitops
|
||||
|
||||
|
@ -26,7 +26,7 @@
|
||||
force_basic_auth: yes
|
||||
body:
|
||||
username: admin
|
||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
||||
password: "{{ vapp['metacluster.password'] }}"
|
||||
register: argocd_api_token
|
||||
|
||||
- name: Configure metacluster-gitops repository
|
||||
|
@ -27,7 +27,7 @@
|
||||
skopeo copy \
|
||||
--insecure-policy \
|
||||
--dest-tls-verify=false \
|
||||
--dest-creds admin:{{ vapp['guestinfo.rootpw'] }} \
|
||||
--dest-creds admin:{{ vapp['metacluster.password'] }} \
|
||||
docker-archive:./{{ item | basename }} \
|
||||
docker://registry.{{ vapp['metacluster.fqdn'] }}/library/$( \
|
||||
skopeo list-tags \
|
||||
|
@ -1,7 +1,7 @@
|
||||
- name: Set root password
|
||||
ansible.builtin.user:
|
||||
name: root
|
||||
password: "{{ vapp['guestinfo.rootpw'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
|
||||
password: "{{ vapp['metacluster.password'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
|
||||
generate_ssh_key: yes
|
||||
ssh_key_bits: 2048
|
||||
ssh_key_file: .ssh/id_rsa
|
||||
|
@ -46,7 +46,14 @@
|
||||
dest: /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }}/kustomization.yaml
|
||||
vars:
|
||||
_template:
|
||||
fqdn: "{{ vapp['metacluster.fqdn'] }}"
|
||||
rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
|
||||
script:
|
||||
# Base64 encoded; to avoid variable substitution when clusterctl parses the cluster-template.yml
|
||||
encoded: IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
|
||||
runcmds:
|
||||
- update-ca-certificates
|
||||
- bash /root/network.sh
|
||||
|
||||
- name: Initialize Cluster API management cluster
|
||||
ansible.builtin.shell:
|
||||
|
@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- cluster-template.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- |-
|
||||
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
|
||||
@ -12,7 +13,7 @@ patchesStrategicMerge:
|
||||
spec:
|
||||
kubeadmConfigSpec:
|
||||
clusterConfiguration:
|
||||
imageRepository: registry.<fqdn>/kubeadm
|
||||
imageRepository: registry.{{ _template.fqdn }}/kubeadm
|
||||
- |-
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
@ -23,7 +24,7 @@ patchesStrategicMerge:
|
||||
template:
|
||||
spec:
|
||||
clusterConfiguration:
|
||||
imageRepository: registry.<fqdn>/kubeadm
|
||||
imageRepository: registry.{{ _template.fqdn }}/kubeadm
|
||||
- |-
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||
kind: KubeadmConfigTemplate
|
||||
@ -36,7 +37,7 @@ patchesStrategicMerge:
|
||||
files:
|
||||
- encoding: base64
|
||||
content: |
|
||||
IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
|
||||
{{ _template.script.encoded }}
|
||||
permissions: '0744'
|
||||
- content: |
|
||||
network: {config: disabled}
|
||||
@ -59,7 +60,7 @@ patchesJson6902:
|
||||
value:
|
||||
encoding: base64
|
||||
content: |
|
||||
IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
|
||||
{{ _template.script.encoded }}
|
||||
permissions: '0744'
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/files/-
|
||||
@ -81,21 +82,19 @@ patchesJson6902:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: .*
|
||||
patch: |-
|
||||
{% for cmd in _template.runcmds %}
|
||||
- op: add
|
||||
path: /spec/template/spec/preKubeadmCommands/-
|
||||
value: update-ca-certificates
|
||||
- op: add
|
||||
path: /spec/template/spec/preKubeadmCommands/-
|
||||
value: bash /root/network.sh
|
||||
value: {{ cmd }}
|
||||
{% endfor %}
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1beta1
|
||||
kind: KubeadmControlPlane
|
||||
name: .*
|
||||
patch: |-
|
||||
{% for cmd in _template.runcmds %}
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
||||
value: update-ca-certificates
|
||||
- op: add
|
||||
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
||||
value: bash /root/network.sh
|
||||
path: /spec/template/spec/preKubeadmCommands/-
|
||||
value: {{ cmd }}
|
||||
{% endfor %}
|
||||
|
@ -60,7 +60,7 @@ components:
|
||||
chart_values: !unsafe |
|
||||
configs:
|
||||
secret:
|
||||
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
|
||||
argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
|
||||
server:
|
||||
extraArgs:
|
||||
- --insecure
|
||||
@ -104,7 +104,7 @@ components:
|
||||
gitea:
|
||||
admin:
|
||||
username: administrator
|
||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
||||
password: "{{ vapp['metacluster.password'] }}"
|
||||
email: admin@{{ vapp['metacluster.fqdn'] }}
|
||||
config:
|
||||
server:
|
||||
@ -141,7 +141,7 @@ components:
|
||||
certSource: none
|
||||
enabled: false
|
||||
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
|
||||
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
|
||||
harborAdminPassword: "{{ vapp['metacluster.password'] }}"
|
||||
notary:
|
||||
enabled: false
|
||||
persistence:
|
||||
@ -180,21 +180,21 @@ components:
|
||||
ca:
|
||||
bootstrap:
|
||||
postInitHook: |
|
||||
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
|
||||
echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
|
||||
step ca provisioner add acme \
|
||||
--type ACME \
|
||||
--password-file=~/pwfile \
|
||||
--force-cn
|
||||
rm ~/pwfile
|
||||
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
|
||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
||||
password: "{{ vapp['metacluster.password'] }}"
|
||||
provisioner:
|
||||
name: admin
|
||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
||||
password: "{{ vapp['metacluster.password'] }}"
|
||||
inject:
|
||||
secrets:
|
||||
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
||||
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
||||
ca_password: "{{ vapp['metacluster.password'] | b64encode }}"
|
||||
provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}"
|
||||
service:
|
||||
targetPort: 9000
|
||||
|
||||
|
@ -39,7 +39,7 @@ PropertyCategories:
|
||||
Configurations: '*'
|
||||
UserConfigurable: true
|
||||
|
||||
- Key: guestinfo.rootpw
|
||||
- Key: metacluster.password
|
||||
Type: password(7..)
|
||||
Label: Local root password*
|
||||
Description: ''
|
||||
|
Loading…
Reference in New Issue
Block a user