djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replay upstream changes;Upgrade to latest minor K8s version
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Danny Bessems
2023-05-19 11:38:53 +02:00
parent 1c19708855 fd1c306061
commit e03cd20d65
41 changed files with 957 additions and 442 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
ansible/vars/metacluster.yml
View File

@ -1,13 +1,7 @@
platform:
k3s:
version: v1.25.7+k3s1
gitops:
repository:
uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# revision: v0.1.0
revision: HEAD
version: v1.25.9+k3s1
packaged_components:
- name: traefik
@ -39,8 +33,12 @@ platform:
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: dex
url: https://charts.dexidp.io
- name: authentik
url: https://charts.goauthentik.io
# - name: codecentric
# url: https://codecentric.github.io/helm-charts
# - name: dex
# url: https://charts.dexidp.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
@ -58,7 +56,7 @@ components:
argo-cd:
helm:
version: 5.24.0 # (= ArgoCD v2.6.3)
version: 5.27.4 # (= ArgoCD v2.6.7)
chart: argo/argo-cd
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
@ -73,6 +71,32 @@ components:
hosts:
- gitops.{{ vapp['metacluster.fqdn'] }}
authentik:
helm:
version: 2023.3.1
chart: authentik/authentik
parse_logic: helm template . --set postgresql.enabled=true,redis.enabled=true | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
authentik:
avatars: none
secret_key: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}"
postgresql:
password: "{{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}"
env:
AUTHENTIK_BOOTSTRAP_PASSWORD: "{{ vapp['metacluster.password'] }}"
ingress:
enabled: true
hosts:
- host: auth.{{ vapp['metacluster.fqdn'] }}
paths:
- path: "/"
pathType: Prefix
postgresql:
enabled: true
postgresqlPassword: "{{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}"
redis:
enabled: true
cert-manager:
helm:
version: 1.11.0
@ -85,65 +109,67 @@ components:
management:
version:
# Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
base: v1.3.5
base: v1.4.0
# Must match the version referenced at `components.cert-manager.helm.version`
cert_manager: v1.11.0
infrastructure_vsphere: v1.5.3
infrastructure_vsphere: v1.6.0
ipam_incluster: v0.1.0-alpha.2
# Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
cpi_vsphere: v1.25.2
workload:
version:
calico: v3.25.0
k8s: v1.25.8
k8s: v1.25.9
node_template:
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.25.8.ova
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.25.9.ova
dex:
helm:
version: 0.13.0 # (= Dex 2.35.3)
chart: dex/dex
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
config:
connectors:
- type: ldap
id: ldap
name: "LDAP"
config:
host: "{{ vapp['ldap.fqdn'] }}:636"
insecureNoSSL: false
insecureSkipVerify: true
bindDN: "{{ vapp['ldap.dn'] }}"
bindPW: "{{ vapp['ldap.password'] }}"
# dex:
# helm:
# version: 0.13.0 # (= Dex 2.35.3)
# chart: dex/dex
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# config:
# connectors:
# - type: ldap
# id: ldap
# name: "LDAP"
# config:
# host: "{{ vapp['ldap.fqdn'] }}:636"
# insecureNoSSL: false
# insecureSkipVerify: true
# bindDN: "{{ vapp['ldap.dn'] }}"
# bindPW: "{{ vapp['ldap.password'] }}"
usernamePrompt: "Username"
userSearch:
baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
filter: "(objectClass=person)"
username: userPrincipalName
idAttr: DN
emailAttr: userPrincipalName
nameAttr: cn
# usernamePrompt: "Username"
# userSearch:
# baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
# filter: "(objectClass=person)"
# username: userPrincipalName
# idAttr: DN
# emailAttr: userPrincipalName
# nameAttr: cn
groupSearch:
baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
filter: "(objectClass=group)"
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn
enablePasswordDB: true
issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
storage:
type: kubernetes
config:
inCluster: true
ingress:
enabled: true
hosts:
- host: oidc.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
# groupSearch:
# baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
# filter: "(objectClass=group)"
# userMatchers:
# - userAttr: DN
# groupAttr: member
# nameAttr: cn
# enablePasswordDB: true
# issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
# storage:
# type: kubernetes
# config:
# inCluster: true
# ingress:
# enabled: true
# hosts:
# - host: oidc.{{ vapp['metacluster.fqdn'] }}
# paths:
# - path: /
# pathType: Prefix
gitea:
helm:
@ -199,6 +225,38 @@ components:
registry:
size: 25Gi
# keycloakx:
# helm:
# version: 2.1.1 # (= Keycloak 20.0.3)
# chart: codecentric/keycloakx
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# command:
# - "/opt/keycloak/bin/kc.sh"
# - "start"
# - "--http-enabled=true"
# - "--http-port=8080"
# - "--hostname-strict=false"
# - "--hostname-strict-https=false"
# extraEnv: |
# - name: KEYCLOAK_ADMIN
# value: admin
# - name: KEYCLOAK_ADMIN_PASSWORD
# value: {{ vapp['metacluster.password'] }}
# - name: KC_PROXY
# value: "passthrough"
# - name: JAVA_OPTS_APPEND
# value: >-
# -Djgroups.dns.query={% raw %}{{ include "keycloak.fullname" . }}{% endraw %}-headless
# ingress:
# enabled: true
# rules:
# - host: keycloak.{{ vapp['metacluster.fqdn'] }}
# paths:
# - path: /
# pathType: Prefix
# tls: []
kube-prometheus-stack:
helm:
version: 45.2.0
@ -216,7 +274,7 @@ components:
longhorn:
helm:
version: 1.4.0
version: 1.4.1
chart: longhorn/longhorn
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
@ -276,7 +334,7 @@ dependencies:
static_binaries:
- filename: clusterctl
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.5/clusterctl-linux-amd64
url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-linux-amd64
- filename: govc
url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
archive: compressed
@ -288,7 +346,7 @@ dependencies:
url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
archive: compressed
- filename: skopeo
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.11.1/skopeo_linux_amd64
url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
- filename: step
url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
archive: compressed

27
ansible/vars/workloadcluster.yml Normal file
View File

@ -0,0 +1,27 @@
downstream:
helm_repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: sealed-secrets
url: https://bitnami-labs.github.io/sealed-secrets
helm_charts:
longhorn:
version: 1.4.1
chart: longhorn/longhorn
namespace: longhorn-system
parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
chart_values: !unsafe |
defaultSettings:
createDefaultDiskLabeledNodes: true
defaultDataPath: /mnt/blockstorage
sealed-secrets:
version: 2.8.1 # (= Sealed Secrets v0.20.2)
chart: sealed-secrets/sealed-secrets
namespace: sealed-secrets
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# # Empty