djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: djpbessems:0310bb9d1a15397ae6a37ae771f3499080679ddb
Branches Tags
djpbessems:master djpbessems:Appliance.AirgappedK8s-1.27.x djpbessems:Appliance.AirgappedK8s-1.26.x djpbessems:Appliance.AirgappedK8s-1.25.x djpbessems:Test_SemRel djpbessems:UbuntuServer22.04 djpbessems:UbuntuServer20.04 djpbessems:Windows10 djpbessems:Server2019 djpbessems:ADDS
djpbessems:K8s_1.25.9-v1.0.0 djpbessems:v1.0.0
...
compare: djpbessems:d86f70a4585c6e6e58e486a28ebf6bf452247779
Branches Tags
djpbessems:Appliance.AirgappedK8s-1.27.x djpbessems:Appliance.AirgappedK8s-1.26.x djpbessems:Appliance.AirgappedK8s-1.25.x djpbessems:Test_SemRel djpbessems:UbuntuServer22.04 djpbessems:UbuntuServer20.04 djpbessems:Windows10 djpbessems:master djpbessems:Server2019 djpbessems:ADDS
djpbessems:K8s_1.25.9-v1.0.0 djpbessems:v1.0.0

2 Commits
0310bb9d1a ... d86f70a458

Author SHA1 Message Date
Danny Bessems
d86f70a458 fix: Remove redundant dictionary key
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-08-23 14:04:39 +02:00
Danny Bessems
436995accc chore: Refactor playbook for idempotency 2023-08-23 14:03:25 +02:00
5 changed files with 71 additions and 41 deletions
Expand all files Collapse all files

10
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
View File

@ -110,8 +110,8 @@
- organization: mc - organization: mc
body: body:
name: GitOps.ClusterAPI name: GitOps.ClusterAPI
# auto_init: true auto_init: true
# default_branch: main default_branch: main
description: ClusterAPI manifests description: ClusterAPI manifests
- organization: mc - organization: mc
body: body:
@ -125,12 +125,6 @@
# auto_init: true # auto_init: true
# default_branch: main # default_branch: main
description: GitOps manifests description: GitOps manifests
- organization: wl
body:
name: GitOps.HelmCharts
# auto_init: true
# default_branch: main
description: Helm charts
loop_control: loop_control:
label: "{{ item.organization ~ '/' ~ item.body.name }}" label: "{{ item.organization ~ '/' ~ item.body.name }}"

8
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/init.yml
View File

@ -63,6 +63,14 @@
ansible.builtin.command: ansible.builtin.command:
cmd: update-ca-certificates cmd: update-ca-certificates
- name: Extract container images (for idempotency purposes)
ansible.builtin.unarchive:
src: /opt/metacluster/container-images/image-tarballs.tgz
dest: /opt/metacluster/container-images
remote_src: no
when:
- lookup('ansible.builtin.fileglob', 'opt/metacluster/container-images/*.tgz') is match('.*image-tarballs.tgz')
- name: Get all stored fully qualified container image names - name: Get all stored fully qualified container image names
ansible.builtin.shell: ansible.builtin.shell:
cmd: >- cmd: >-

60
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
View File

@ -129,6 +129,12 @@
state: directory state: directory
register: capi_clustermanifest register: capi_clustermanifest
- name: Pull existing repository
ansible.builtin.git:
repo: https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git
dest: "{{ capi_clustermanifest.path }}"
version: main
- name: Save workload cluster manifest - name: Save workload cluster manifest
ansible.builtin.copy: ansible.builtin.copy:
dest: "{{ capi_clustermanifest.path }}/new-cluster.yaml" dest: "{{ capi_clustermanifest.path }}/new-cluster.yaml"
@ -173,24 +179,46 @@
prefix: "{{ vapp['guestinfo.prefixlength'] }}" prefix: "{{ vapp['guestinfo.prefixlength'] }}"
gateway: "{{ vapp['guestinfo.gateway'] }}" gateway: "{{ vapp['guestinfo.gateway'] }}"
- name: Initialize/Push git repository - name: Remove working files
ansible.builtin.shell:
cmd: |
git init
git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
git config --global user.name "administrator"
git checkout -b main
git add ./manifests
git commit -m "Upload manifests"
git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git
git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git --all
chdir: "{{ capi_clustermanifest.path }}"
- name: Cleanup tempfolder
ansible.builtin.file: ansible.builtin.file:
path: "{{ capi_clustermanifest.path }}" path: "{{ item }}"
state: absent state: absent
when: capi_clustermanifest.path is defined loop: "{{ query('ansible.builtin.fileglob', capi_clustermanifest.path ~ '/*.yaml') }}"
loop_control:
label: "{{ item | basename }}"
- name: Push git repository
lvrfrc87.git_acp.git_acp:
path: "{{ capi_clustermanifest.path }}"
branch: main
comment: "Upload manifests"
add:
- ./manifests
url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git
environment:
GIT_AUTHOR_NAME: administrator
GIT_AUTHOR_NAME: administrator@{{ vapp['metacluster.fqdn'] }}
GIT_COMMITTER_NAME: administrator
GIT_COMMITTER_NAME: administrator@{{ vapp['metacluster.fqdn'] }}
# - name: Initialize/Push git repository
# ansible.builtin.shell:
# cmd: |
# git init
# git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
# git config --global user.name "administrator"
# git checkout -b main
# git add ./manifests
# git commit -m "Upload manifests"
# git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git
# git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.ClusterAPI.git --all
# chdir: "{{ capi_clustermanifest.path }}"
# - name: Cleanup tempfolder
# ansible.builtin.file:
# path: "{{ capi_clustermanifest.path }}"
# state: absent
# when: capi_clustermanifest.path is defined
- name: Configure Cluster API repository - name: Configure Cluster API repository
ansible.builtin.template: ansible.builtin.template:

1
ansible/vars/metacluster.yml
View File

@ -274,6 +274,7 @@ dependencies:
- community.general - community.general
- community.vmware - community.vmware
- kubernetes.core - kubernetes.core
- lvrfrc87.git_acp
container_images: container_images:
# This should match the image tag referenced at `platform.packaged_components[.name==traefik].config` # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`

33
ansible/vars/workloadcluster.yml
View File

@ -21,23 +21,22 @@ downstream:
defaultDataPath: /mnt/blockstorage defaultDataPath: /mnt/blockstorage
pinniped: pinniped:
helm: version: 1.2.11 # (= Pinniped v0.25.0)
version: 1.2.11 # (= Pinniped v0.25.0) chart: bitnami/pinniped
chart: bitnami/pinniped namespace: pinniped-concierge
namespace: pinniped-concierge parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /' chart_values: !unsafe |
chart_values: !unsafe | supervisor:
supervisor: enabled: false
enabled: false extra_manifests: !unsafe
extra_manifests: !unsafe - src: jwtauthenticator.j2
- src: jwtauthenticator.j2 _template:
_template: name: metacluster-sso
name: metacluster-sso spec: |2
spec: |2 issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso
issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso audience: {{ vapp['workloadcluster.name'] | lower }}
audience: {{ vapp['workloadcluster.name'] | lower }} tls:
tls: certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"
sealed-secrets: sealed-secrets:
version: 2.8.1 # (= Sealed Secrets v0.20.2) version: 2.8.1 # (= Sealed Secrets v0.20.2)