Fix/Optimize kustomization template;Simplify dictionary
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
9c6e1ff386
commit
d91acb9c0d
@ -49,7 +49,7 @@
|
|||||||
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/users/administrator/tokens
|
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/users/administrator/tokens
|
||||||
method: POST
|
method: POST
|
||||||
user: administrator
|
user: administrator
|
||||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
password: "{{ vapp['metacluster.password'] }}"
|
||||||
force_basic_auth: yes
|
force_basic_auth: yes
|
||||||
body:
|
body:
|
||||||
name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
|
name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
|
||||||
@ -124,7 +124,7 @@
|
|||||||
ansible.builtin.shell:
|
ansible.builtin.shell:
|
||||||
cmd: |
|
cmd: |
|
||||||
git config --local http.sslVerify false
|
git config --local http.sslVerify false
|
||||||
git remote set-url origin https://administrator:{{ vapp['guestinfo.rootpw'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
|
git remote set-url origin https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
|
||||||
git push
|
git push
|
||||||
chdir: /opt/metacluster/git-repositories/gitops
|
chdir: /opt/metacluster/git-repositories/gitops
|
||||||
|
|
||||||
|
|||||||
@ -26,7 +26,7 @@
|
|||||||
force_basic_auth: yes
|
force_basic_auth: yes
|
||||||
body:
|
body:
|
||||||
username: admin
|
username: admin
|
||||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
password: "{{ vapp['metacluster.password'] }}"
|
||||||
register: argocd_api_token
|
register: argocd_api_token
|
||||||
|
|
||||||
- name: Configure metacluster-gitops repository
|
- name: Configure metacluster-gitops repository
|
||||||
|
|||||||
@ -27,7 +27,7 @@
|
|||||||
skopeo copy \
|
skopeo copy \
|
||||||
--insecure-policy \
|
--insecure-policy \
|
||||||
--dest-tls-verify=false \
|
--dest-tls-verify=false \
|
||||||
--dest-creds admin:{{ vapp['guestinfo.rootpw'] }} \
|
--dest-creds admin:{{ vapp['metacluster.password'] }} \
|
||||||
docker-archive:./{{ item | basename }} \
|
docker-archive:./{{ item | basename }} \
|
||||||
docker://registry.{{ vapp['metacluster.fqdn'] }}/library/$( \
|
docker://registry.{{ vapp['metacluster.fqdn'] }}/library/$( \
|
||||||
skopeo list-tags \
|
skopeo list-tags \
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
- name: Set root password
|
- name: Set root password
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: root
|
name: root
|
||||||
password: "{{ vapp['guestinfo.rootpw'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
|
password: "{{ vapp['metacluster.password'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
|
||||||
generate_ssh_key: yes
|
generate_ssh_key: yes
|
||||||
ssh_key_bits: 2048
|
ssh_key_bits: 2048
|
||||||
ssh_key_file: .ssh/id_rsa
|
ssh_key_file: .ssh/id_rsa
|
||||||
|
|||||||
@ -46,7 +46,14 @@
|
|||||||
dest: /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }}/kustomization.yaml
|
dest: /opt/metacluster/cluster-api/infrastructure-vsphere/{{ components.clusterapi.management.version.infrastructure_vsphere }}/kustomization.yaml
|
||||||
vars:
|
vars:
|
||||||
_template:
|
_template:
|
||||||
|
fqdn: "{{ vapp['metacluster.fqdn'] }}"
|
||||||
rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
|
rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
|
||||||
|
script:
|
||||||
|
# Base64 encoded; to avoid variable substitution when clusterctl parses the cluster-template.yml
|
||||||
|
encoded: IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
|
||||||
|
runcmds:
|
||||||
|
- update-ca-certificates
|
||||||
|
- bash /root/network.sh
|
||||||
|
|
||||||
- name: Initialize Cluster API management cluster
|
- name: Initialize Cluster API management cluster
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell:
|
||||||
|
|||||||
@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- cluster-template.yaml
|
- cluster-template.yaml
|
||||||
|
|
||||||
patchesStrategicMerge:
|
patchesStrategicMerge:
|
||||||
- |-
|
- |-
|
||||||
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
|
apiVersion: controlplane.cluster.x-k8s.io/v1beta1
|
||||||
@ -12,7 +13,7 @@ patchesStrategicMerge:
|
|||||||
spec:
|
spec:
|
||||||
kubeadmConfigSpec:
|
kubeadmConfigSpec:
|
||||||
clusterConfiguration:
|
clusterConfiguration:
|
||||||
imageRepository: registry.<fqdn>/kubeadm
|
imageRepository: registry.{{ _template.fqdn }}/kubeadm
|
||||||
- |-
|
- |-
|
||||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||||
kind: KubeadmConfigTemplate
|
kind: KubeadmConfigTemplate
|
||||||
@ -23,7 +24,7 @@ patchesStrategicMerge:
|
|||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
clusterConfiguration:
|
clusterConfiguration:
|
||||||
imageRepository: registry.<fqdn>/kubeadm
|
imageRepository: registry.{{ _template.fqdn }}/kubeadm
|
||||||
- |-
|
- |-
|
||||||
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
|
||||||
kind: KubeadmConfigTemplate
|
kind: KubeadmConfigTemplate
|
||||||
@ -36,7 +37,7 @@ patchesStrategicMerge:
|
|||||||
files:
|
files:
|
||||||
- encoding: base64
|
- encoding: base64
|
||||||
content: |
|
content: |
|
||||||
IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
|
{{ _template.script.encoded }}
|
||||||
permissions: '0744'
|
permissions: '0744'
|
||||||
- content: |
|
- content: |
|
||||||
network: {config: disabled}
|
network: {config: disabled}
|
||||||
@ -59,7 +60,7 @@ patchesJson6902:
|
|||||||
value:
|
value:
|
||||||
encoding: base64
|
encoding: base64
|
||||||
content: |
|
content: |
|
||||||
IyEvYmluL2Jhc2gKdm10b29sc2QgLS1jbWQgJ2luZm8tZ2V0IGd1ZXN0aW5mby5vdmZFbnYnID4gL3RtcC9vdmZlbnYKCklQQWRkcmVzcz0kKHNlZCAtbiAncy8uKlByb3BlcnR5IG9lOmtleT0iZ3Vlc3RpbmZvLmludGVyZmFjZS4wLmlwLjAuYWRkcmVzcyIgb2U6dmFsdWU9IlwoW14iXSpcKS4qL1wxL3AnIC90bXAvb3ZmZW52KQpTdWJuZXRNYXNrPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uaW50ZXJmYWNlLjAuaXAuMC5uZXRtYXNrIiBvZTp2YWx1ZT0iXChbXiJdKlwpLiovXDEvcCcgL3RtcC9vdmZlbnYpCkdhdGV3YXk9JChzZWQgLW4gJ3MvLipQcm9wZXJ0eSBvZTprZXk9Imd1ZXN0aW5mby5pbnRlcmZhY2UuMC5yb3V0ZS4wLmdhdGV3YXkiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKRE5TPSQoc2VkIC1uICdzLy4qUHJvcGVydHkgb2U6a2V5PSJndWVzdGluZm8uZG5zLnNlcnZlcnMiIG9lOnZhbHVlPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKTUFDQWRkcmVzcz0kKHNlZCAtbiAncy8uKnZlOkFkYXB0ZXIgdmU6bWFjPSJcKFteIl0qXCkuKi9cMS9wJyAvdG1wL292ZmVudikKCm1hc2syY2lkcigpIHsKICBjPTAKICB4PTAkKCBwcmludGYgJyVvJyAkezEvLy4vIH0gKQoKICB3aGlsZSBbICR4IC1ndCAwIF07IGRvCiAgICBsZXQgYys9JCgoeCUyKSkgJ3g+Pj0xJwogIGRvbmUKCiAgZWNobyAkYwp9CgpQcmVmaXg9JChtYXNrMmNpZHIgJFN1Ym5ldE1hc2spCgpjYXQgPiAvZXRjL25ldHBsYW4vMDEtbmV0Y2ZnLnlhbWwgPDxFT0YKbmV0d29yazoKICB2ZXJzaW9uOiAyCiAgcmVuZGVyZXI6IG5ldHdvcmtkCiAgZXRoZXJuZXRzOgogICAgaWQwOgogICAgICBzZXQtbmFtZTogZXRoMAogICAgICBtYXRjaDoKICAgICAgICBtYWNhZGRyZXNzOiAkTUFDQWRkcmVzcwogICAgICBhZGRyZXNzZXM6CiAgICAgICAgLSAkSVBBZGRyZXNzLyRQcmVmaXgKICAgICAgZ2F0ZXdheTQ6ICRHYXRld2F5CiAgICAgIG5hbWVzZXJ2ZXJzOgogICAgICAgIGFkZHJlc3NlcyA6IFskRE5TXQpFT0YKcm0gL2V0Yy9uZXRwbGFuLzUwKi55YW1sIC1mCgpzdWRvIG5ldHBsYW4gYXBwbHk=
|
{{ _template.script.encoded }}
|
||||||
permissions: '0744'
|
permissions: '0744'
|
||||||
- op: add
|
- op: add
|
||||||
path: /spec/kubeadmConfigSpec/files/-
|
path: /spec/kubeadmConfigSpec/files/-
|
||||||
@ -81,21 +82,19 @@ patchesJson6902:
|
|||||||
kind: KubeadmConfigTemplate
|
kind: KubeadmConfigTemplate
|
||||||
name: .*
|
name: .*
|
||||||
patch: |-
|
patch: |-
|
||||||
|
{% for cmd in _template.runcmds %}
|
||||||
- op: add
|
- op: add
|
||||||
path: /spec/template/spec/preKubeadmCommands/-
|
path: /spec/template/spec/preKubeadmCommands/-
|
||||||
value: update-ca-certificates
|
value: {{ cmd }}
|
||||||
- op: add
|
{% endfor %}
|
||||||
path: /spec/template/spec/preKubeadmCommands/-
|
|
||||||
value: bash /root/network.sh
|
|
||||||
- target:
|
- target:
|
||||||
group: controlplane.cluster.x-k8s.io
|
group: controlplane.cluster.x-k8s.io
|
||||||
version: v1beta1
|
version: v1beta1
|
||||||
kind: KubeadmControlPlane
|
kind: KubeadmControlPlane
|
||||||
name: .*
|
name: .*
|
||||||
patch: |-
|
patch: |-
|
||||||
|
{% for cmd in _template.runcmds %}
|
||||||
- op: add
|
- op: add
|
||||||
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
path: /spec/template/spec/preKubeadmCommands/-
|
||||||
value: update-ca-certificates
|
value: {{ cmd }}
|
||||||
- op: add
|
{% endfor %}
|
||||||
path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
|
|
||||||
value: bash /root/network.sh
|
|
||||||
|
|||||||
@ -60,7 +60,7 @@ components:
|
|||||||
chart_values: !unsafe |
|
chart_values: !unsafe |
|
||||||
configs:
|
configs:
|
||||||
secret:
|
secret:
|
||||||
argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
|
argocdServerAdminPassword: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
|
||||||
server:
|
server:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
- --insecure
|
- --insecure
|
||||||
@ -104,7 +104,7 @@ components:
|
|||||||
gitea:
|
gitea:
|
||||||
admin:
|
admin:
|
||||||
username: administrator
|
username: administrator
|
||||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
password: "{{ vapp['metacluster.password'] }}"
|
||||||
email: admin@{{ vapp['metacluster.fqdn'] }}
|
email: admin@{{ vapp['metacluster.fqdn'] }}
|
||||||
config:
|
config:
|
||||||
server:
|
server:
|
||||||
@ -141,7 +141,7 @@ components:
|
|||||||
certSource: none
|
certSource: none
|
||||||
enabled: false
|
enabled: false
|
||||||
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
|
externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
|
||||||
harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
|
harborAdminPassword: "{{ vapp['metacluster.password'] }}"
|
||||||
notary:
|
notary:
|
||||||
enabled: false
|
enabled: false
|
||||||
persistence:
|
persistence:
|
||||||
@ -180,21 +180,21 @@ components:
|
|||||||
ca:
|
ca:
|
||||||
bootstrap:
|
bootstrap:
|
||||||
postInitHook: |
|
postInitHook: |
|
||||||
echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
|
echo '{{ vapp["metacluster.password"] }}' > ~/pwfile
|
||||||
step ca provisioner add acme \
|
step ca provisioner add acme \
|
||||||
--type ACME \
|
--type ACME \
|
||||||
--password-file=~/pwfile \
|
--password-file=~/pwfile \
|
||||||
--force-cn
|
--force-cn
|
||||||
rm ~/pwfile
|
rm ~/pwfile
|
||||||
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
|
dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
|
||||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
password: "{{ vapp['metacluster.password'] }}"
|
||||||
provisioner:
|
provisioner:
|
||||||
name: admin
|
name: admin
|
||||||
password: "{{ vapp['guestinfo.rootpw'] }}"
|
password: "{{ vapp['metacluster.password'] }}"
|
||||||
inject:
|
inject:
|
||||||
secrets:
|
secrets:
|
||||||
ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
ca_password: "{{ vapp['metacluster.password'] | b64encode }}"
|
||||||
provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
|
provisioner_password: "{{ vapp['metacluster.password'] | b64encode }}"
|
||||||
service:
|
service:
|
||||||
targetPort: 9000
|
targetPort: 9000
|
||||||
|
|
||||||
|
|||||||
@ -39,7 +39,7 @@ PropertyCategories:
|
|||||||
Configurations: '*'
|
Configurations: '*'
|
||||||
UserConfigurable: true
|
UserConfigurable: true
|
||||||
|
|
||||||
- Key: guestinfo.rootpw
|
- Key: metacluster.password
|
||||||
Type: password(7..)
|
Type: password(7..)
|
||||||
Label: Local root password*
|
Label: Local root password*
|
||||||
Description: ''
|
Description: ''
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user